EvaluatePreConfigRules - Cloud Config - Alibaba Cloud Documentation Center

Executes evaluation rules to perform compliance pre-checks on resources.

Operation description

For more information about the concepts, operating principles, and integration process of evaluation rules, see Definition and operating principles of evaluation rules.

After you create an evaluation rule, a managed rule with the same settings is created. This managed rule can continuously check the compliance of resources after they are created.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.
API: The API that you can call to perform the action.
Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.
Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.
- For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.
- For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.
Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.
Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

config:EvaluatePreConfigRules

list

*All Resource

*

None

Request parameters

Parameter	Type	Required	Description	Example
ResourceTypeFormat	string	No	The query start token	ros
ResourceEvaluateItems	array<object>	Yes	An array that contains the resources that you want to evaluate.
	array<object>	No	The resources that you want to evaluate.
ResourceLogicalId	string	No	The logical ID of the resource. Note If this parameter is empty, it is generated based on the Base64 value of `ResourceProperties`.	ResourceLogicId-test
ResourceType	string	No	The type of the resource. For information about how to obtain the identifier of an evaluation rule, see ListPreManagedRules. Note The `ResourceType`, `Identifier`, and `ResourceProperties` parameters must be specified at the same time.	ACS::ECS::Instance
Rules	array<object>	No	An array that contains the evaluation rules.
	object	No	The evaluation rules.
Identifier	string	No	The identifier of the rule. For information about how to obtain the identifier of a rule, see ListPreManagedRules. Note The `ResourceType`, `Identifier`, and `ResourceProperties` parameters must be specified at the same time.	ecs-instance-deletion-protection-enabled
InputParameters	string	No	The input parameters of the rule.	{}
ResourceProperties	string	No	The resource configuration items (properties of the resource to be created), such as the specifications, region, name, status, and port or network interface switch status of the resource. Note The `ResourceType`, `Identifier`, and `ResourceProperties` parameters must be specified at the same time.	{"ResourceGroupId":"","Memory":8192,"InstanceChargeType":"PostPaid","Cpu":2}
EnableManagedRules	boolean	No	Specifies whether to enable rule templates. Valid values: true: enables rule templates. false (default): does not enable rule templates.	false

For more information, see Common parameters.

Response elements

Element	Type	Description	Example
	object	None.
RequestId	string	The ID of the request.	129ECF1C-7897-1131-BD0F-4B588AC05400
ResourceEvaluations	array<object>	The array that contains the compliance evaluation results.
	array<object>	The information about the compliance evaluation results returned.
ResourceLogicalId	string	The logical ID of the resource. Note If the request parameter is empty, it is automatically generated based on the Base64 value of `ResourceProperties`.	ResourceLogicId-test
ResourceType	string	The type of the resource.	ACS::ECS::Instance
Rules	array<object>	The evaluation rules.
	object	The evaluation rules.
Identifier	string	The identifier of the rule.	ecs-instance-deletion-protection-enabled
ComplianceType	string	The compliance type of the resource that was evaluated by using the evaluation rule. Valid values: COMPLIANT: The resource is evaluated as compliant. NON_COMPLIANT: The resource is evaluated as non-compliant. NOT_APPLICABLE: The rule does not apply to the resource.	NON_COMPLIANT
Annotation	string	The reason why the resource was evaluated as incompliant.	{\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.DeletionProtection\"}
HelpUrl	string	The URL of the topic that describes how the managed rule remediates the non-compliant configurations.	https://example.aliyundoc.com

For more information, see Common parameters.

Examples

Success response

JSON format

{
  "RequestId": "129ECF1C-7897-1131-BD0F-4B588AC05400",
  "ResourceEvaluations": [
    {
      "ResourceLogicalId": "ResourceLogicId-test",
      "ResourceType": "ACS::ECS::Instance",
      "Rules": [
        {
          "Identifier": "ecs-instance-deletion-protection-enabled",
          "ComplianceType": "NON_COMPLIANT",
          "Annotation": "{\\\"configuration\\\":\\\"false\\\",\\\"desiredValue\\\":\\\"True\\\",\\\"operator\\\":\\\"StringEquals\\\",\\\"property\\\":\\\"$.DeletionProtection\\\"}",
          "HelpUrl": "https://example.aliyundoc.com"
        }
      ]
    }
  ]
}

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.