Queries the details of a specific compliance package.
Operation description
This topic provides an example of how to query the details of the compliance package cp-fdc8626622af00f9****. The response indicates that the compliance package is named MLPS 2.0 Level 3 Pre-check Compliance Package, its status is ACTIVE, and the risk level of its rules is 1 (high risk).
Try it now
Test
RAM authorization
|
Action |
Access level |
Resource type |
Condition key |
Dependent action |
|
config:GetCompliancePack |
get |
*CompliancePack
|
None | None |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| CompliancePackId |
string |
Yes |
The compliance package ID. For more information about how to obtain the compliance package ID, see ListCompliancePacks. |
cp-a8a8626622af0082**** |
Tag
deprecated
|
array<object> |
No |
The tags of the resource. This parameter is deprecated and takes no effect if it is specified. You can add up to 20 tags. |
|
|
object |
No |
The tags of the resource. You can add up to 20 tags. |
||
| Key |
string |
No |
The tag key of the resource. The tag key cannot be an empty string. The tag key can be up to 64 characters in length. It cannot start with You can specify up to 20 tag keys at a time. |
key-1 |
| Value |
string |
No |
The tag value of the resource. The tag value can be an empty string or a string of up to 128 characters in length. It cannot start with Each tag key must have a corresponding tag value. You can specify up to 20 tag values at a time. |
value-1 |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
None. |
||
| RequestId |
string |
The request ID. |
6EC7AED1-172F-42AE-9C12-295BC2ADB751 |
| CompliancePack |
object |
The information about the compliance package. |
|
| Status |
string |
The status of the compliance package. Valid values:
|
ACTIVE |
| CompliancePackId |
string |
The compliance package ID. |
cp-a8a8626622af0082**** |
| RiskLevel |
integer |
The risk level of the compliance package. Valid values:
|
1 |
| Description |
string |
The description of the compliance package. |
基于等保2.0三级标准,提供持续检测合规性的建议模板,帮助您提前自检并修复问题,以便快速通过正式检测。 |
| ConfigRules |
array<object> |
The list of rules in the compliance package. |
|
|
object |
None. |
||
| ManagedRuleIdentifier |
string |
The identifier of the rule template. |
eip-bandwidth-limit |
| ConfigRuleName |
string |
The name of the rule. |
弹性IP实例带宽满足最低要求 |
| ConfigRuleId |
string |
The rule ID. |
cr-a260626622af0005**** |
| ConfigRuleParameters |
array<object> |
The information about the rule parameters. |
|
|
object |
None. |
||
| Required |
boolean |
Indicates whether the parameter is required for the rule. Valid values:
|
true |
| ParameterName |
string |
The name of the rule parameter. |
bandwidth |
| ParameterValue |
string |
The value of the rule parameter. |
10 |
| Description |
string |
The description of the rule. |
弹性IP实例可用带宽大于等于指定参数值,视为“合规”。默认值:10 MB。 |
| RiskLevel |
integer |
The risk level of the rule. Valid values:
|
1 |
| ResourceTypesScope |
string |
The types of resources that are evaluated by the rule. Separate multiple resource types with commas (,). |
ACS::EIP::EipAddress |
| TemplateContent |
string |
The template information for the compliance package. The rule list in the template does not include user-defined function rules. You can use this template to quickly create the same compliance package for other accounts or account groups. |
{ "configRuleTemplates": [ { "configRuleName": "自定义条件规则示例", "scope": { "complianceResourceTypes": [ "ACS::ECS::Instance" ] }, "description": "", "source": { "owner": "CUSTOM_CONFIGURATION", "identifier": "acs-config-configuration", "sourceDetails": [ { "messageType": "ScheduledNotification", "maximumExecutionFrequency": "Twelve_Hours" }, { "messageType": "ConfigurationItemChangeNotification" } ], "conditions": "{\"ComplianceConditions\":\"{\\\"operator\\\":\\\"and\\\",\\\"children\\\":[{\\\"operator\\\":\\\"GreaterOrEquals\\\",\\\"featurePath\\\":\\\"$.Cpu\\\",\\\"featureSource\\\":\\\"CONFIGURATION\\\",\\\"desired\\\":\\\"2\\\"}]}\"}" }, "inputParameters": {} }, { "configRuleName": "OSS存储空间Referer在指定的防盗链白名单中", "scope": { "complianceResourceTypes": [ "ACS::OSS::Bucket" ] }, "description": "OSS存储空间开启防盗链并且Referer在指定白名单中,视为“合规”。", "source": { "owner": "ALIYUN", "identifier": "oss-bucket-referer-limit", "sourceDetails": [ { "messageType": "ConfigurationItemChangeNotification" } ] }, "inputParameters": { "allowEmptyReferer": "true", "allowReferers": "http://www.aliyun.com" } } ] } |
| CompliancePackName |
string |
The name of the compliance package. |
等保三级预检合规包 |
| AccountId |
integer |
The ID of the Alibaba Cloud account to which the compliance package belongs. |
100931896542**** |
| CompliancePackTemplateId |
string |
The ID of the compliance package template. |
ct-5f26ff4e06a300c4**** |
| CreateTimestamp |
integer |
The timestamp when the compliance package was created. Unit: milliseconds. |
1624245766000 |
| Scope |
object |
The evaluation scope. |
|
| ExcludeRegionIdsScope |
string |
The IDs of the regions from which resources are excluded. Separate multiple region IDs with commas (,). |
cn-hangzhou |
| ResourceIdsScope |
string |
The compliance package is effective only for resources with the specified IDs. Separate multiple resource IDs with commas (,). |
eip-8vbf3x310fn56ijfd**** |
| ExcludeResourceGroupIdsScope |
string |
The compliance package is not effective for the resources in the resource groups with the specified IDs. Separate multiple resource group IDs with commas (,). |
rg-aekzc7r7rhx**** |
| TagKeyScope |
string |
The compliance package is effective only for the resources that have the specified tag key. |
ECS |
| TagsScope |
array<object> |
The tag scope. |
|
|
object |
The tag scope. |
||
| TagKey |
string |
The tag key. |
key-1 |
| TagValue |
string |
The tag value. |
value-1 |
| ExcludeTagsScope |
array<object> |
The excluded tag scope. |
|
|
object |
The excluded tag scope. |
||
| TagKey |
string |
The tag key. |
key-2 |
| TagValue |
string |
The tag value. |
value-2 |
| TagValueScope |
string |
The compliance package is effective only for the resources that have the specified tag key-value pair. |
test |
| RegionIdsScope |
string |
The compliance package is effective only for resources in the specified regions. |
cn-hangzhou |
| ExcludeResourceIdsScope |
string |
The compliance package is not effective for the resources with the specified IDs. The resources are not evaluated. |
eip-8vbf3x310fn56ijfd**** |
| ResourceGroupIdsScope |
string |
The compliance package is effective only for the resources in the resource groups with the specified IDs. |
rg-aekzc7r7rhx**** |
| Tags |
array<object> |
The resource tags. |
|
|
object |
The resource tags. |
||
| TagKey |
string |
The tag key. |
key-1 |
| TagValue |
string |
The tag value. |
value-1 |
Examples
Success response
JSON format
{
"RequestId": "6EC7AED1-172F-42AE-9C12-295BC2ADB751",
"CompliancePack": {
"Status": "ACTIVE",
"CompliancePackId": "cp-a8a8626622af0082****",
"RiskLevel": 1,
"Description": "基于等保2.0三级标准,提供持续检测合规性的建议模板,帮助您提前自检并修复问题,以便快速通过正式检测。",
"ConfigRules": [
{
"ManagedRuleIdentifier": "eip-bandwidth-limit",
"ConfigRuleName": "弹性IP实例带宽满足最低要求",
"ConfigRuleId": "cr-a260626622af0005****",
"ConfigRuleParameters": [
{
"Required": true,
"ParameterName": "bandwidth",
"ParameterValue": "10"
}
],
"Description": "弹性IP实例可用带宽大于等于指定参数值,视为“合规”。默认值:10 MB。",
"RiskLevel": 1,
"ResourceTypesScope": "ACS::EIP::EipAddress"
}
],
"TemplateContent": "{\n \"configRuleTemplates\": [\n {\n \"configRuleName\": \"自定义条件规则示例\",\n \"scope\": {\n \"complianceResourceTypes\": [\n \"ACS::ECS::Instance\"\n ]\n },\n \"description\": \"\",\n \"source\": {\n \"owner\": \"CUSTOM_CONFIGURATION\",\n \"identifier\": \"acs-config-configuration\",\n \"sourceDetails\": [\n {\n \"messageType\": \"ScheduledNotification\",\n \"maximumExecutionFrequency\": \"Twelve_Hours\"\n },\n {\n \"messageType\": \"ConfigurationItemChangeNotification\"\n }\n ],\n \"conditions\": \"{\\\"ComplianceConditions\\\":\\\"{\\\\\\\"operator\\\\\\\":\\\\\\\"and\\\\\\\",\\\\\\\"children\\\\\\\":[{\\\\\\\"operator\\\\\\\":\\\\\\\"GreaterOrEquals\\\\\\\",\\\\\\\"featurePath\\\\\\\":\\\\\\\"$.Cpu\\\\\\\",\\\\\\\"featureSource\\\\\\\":\\\\\\\"CONFIGURATION\\\\\\\",\\\\\\\"desired\\\\\\\":\\\\\\\"2\\\\\\\"}]}\\\"}\"\n },\n \"inputParameters\": {}\n },\n {\n \"configRuleName\": \"OSS存储空间Referer在指定的防盗链白名单中\",\n \"scope\": {\n \"complianceResourceTypes\": [\n \"ACS::OSS::Bucket\"\n ]\n },\n \"description\": \"OSS存储空间开启防盗链并且Referer在指定白名单中,视为“合规”。\",\n \"source\": {\n \"owner\": \"ALIYUN\",\n \"identifier\": \"oss-bucket-referer-limit\",\n \"sourceDetails\": [\n {\n \"messageType\": \"ConfigurationItemChangeNotification\"\n }\n ]\n },\n \"inputParameters\": {\n \"allowEmptyReferer\": \"true\",\n \"allowReferers\": \"http://www.aliyun.com\"\n }\n }\n ]\n}",
"CompliancePackName": "等保三级预检合规包",
"AccountId": 0,
"CompliancePackTemplateId": "ct-5f26ff4e06a300c4****",
"CreateTimestamp": 1624245766000,
"Scope": {
"ExcludeRegionIdsScope": "cn-hangzhou",
"ResourceIdsScope": "eip-8vbf3x310fn56ijfd****\n",
"ExcludeResourceGroupIdsScope": "rg-aekzc7r7rhx****",
"TagKeyScope": "ECS",
"TagsScope": [
{
"TagKey": "key-1",
"TagValue": "value-1"
}
],
"ExcludeTagsScope": [
{
"TagKey": "key-2",
"TagValue": "value-2"
}
],
"TagValueScope": "test",
"RegionIdsScope": "cn-hangzhou",
"ExcludeResourceIdsScope": "eip-8vbf3x310fn56ijfd****",
"ResourceGroupIdsScope": "rg-aekzc7r7rhx****"
},
"Tags": [
{
"TagKey": "key-1",
"TagValue": "value-1"
}
]
}
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
|---|---|---|---|
| 400 | Invalid.CompliancePackId.Value | The specified CompliancePackId does not exist. | The specified compliance pack ID does not exist. |
| 404 | AccountNotExisted | Your account does not exist. | |
| 503 | ServiceUnavailable | The request has failed due to a temporary failure of the server. | The request has failed due to a temporary failure of the server. |
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.