All Products
Search
Document Center

Cloud Config:ListConfigRules

Last Updated:Jan 17, 2025

Queries the rules of the current account.

Operation description

This topic provides an example on how to query the rules of the current account. The response shows that the current account has a total of one rule and three evaluated resources. The resources are evaluated as compliant.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • For mandatory resource types, indicate with a prefix of * .
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
config:ListConfigRuleslist
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ResourceTypesstringNo

The type of the resources to be evaluated based on the rule.

ACS::ECS::Instance
PageSizeintegerNo

The number of entries per page.

Valid values: 1 to 100. A minimum of 1 entry can be returned per page. Default value: 10.

10
CompliancePackIdstringNo

The compliance package ID.

For more information about how to obtain the ID of a compliance package, see ListCompliancePacks .

Note You must configure either the CompliancePackId or ConfigRuleId parameter.
cp-fe416457e0d90022****
ComplianceTypestringNo

The compliance evaluation result of the rule. Valid values:

  • COMPLIANT: The resources are evaluated as compliant.
  • NON_COMPLIANT: The resources are evaluated as non-compliant.
  • NOT_APPLICABLE: The rule does not apply to the resources.
  • INSUFFICIENT_DATA: No resource data is available.
COMPLIANT
PageNumberintegerNo

The page number.

Page numbers start from 1. Default value: 1.

1
KeywordstringNo

The query keyword.

You can perform a fuzzy search by rule ID, rule name, rule description, or managed rule ID.

ecs
ConfigRuleStatestringNo

The status of the rule. Valid values:

  • ACTIVE: The rule is enabled.
  • DELETING: The rule is being deleted.
  • EVALUATING: The rule is being used to evaluate resource configurations.
  • INACTIVE: The rule is disabled.
ACTIVE
ConfigRuleNamestringNo

The name of the rule.

test-rule-name
RiskLevelintegerNo

The risk level of the resources that are not compliant with the rule. Valid values:

  • 1: high
  • 2: medium
  • 3: low
1
Tagarray<object>No

The tags of the resource.

You can add up to 20 tags to a resource.

objectNo

The tags of the resource.

You can add up to 20 tags to a resource.

KeystringNo

The tag key.

The tag key cannot be an empty string. The tag key can be up to 64 characters in length and cannot start with acs: or aliyun. It cannot contain http:// or https://.

You can specify at most 20 tag keys.

key-1
ValuestringNo

The value of tag N to add to the resource. You can specify up to 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-). The tag value must start with a letter but cannot start with aliyun or acs:. The tag value cannot contain http:// or https://.

value-1

Response parameters

ParameterTypeDescriptionExample
object
RequestIdstring

The request ID.

AC3A7E12-72E6-5CC9-A5C1-D8D8919829A7
ConfigRulesobject

The information about the rules.

ConfigRuleListarray<object>

The details of the rule.

ConfigRuleobject

The rule list.

RiskLevelinteger

The risk level of the resources that do not comply with the rule. Valid values:

  • 1: high.
  • 2: medium.
  • 3: low.
1
SourceOwnerstring

The type of the rule. Valid values:

  • CUSTOM_FC: a custom rule.
  • ALIYUN: a managed rule.
ALIYUN
AccountIdlong

The ID of the account to which the rule belongs.

100931896542****
ConfigRuleStatestring

The status of the rule. Valid values:

  • ACTIVE: The rule is enabled.
  • DELETING: The rule is being deleted.
  • EVALUATING: The rule is being used to evaluate resource configurations.
  • INACTIVE: The rule is disabled.
ACTIVE
Complianceobject

The compliance aggregation result of the rule.

ComplianceTypestring

The compliance evaluation result of the rule. Valid values:

  • COMPLIANT: The resources are evaluated as compliant.
  • NON_COMPLIANT: The resources are evaluated as non-compliant.
  • NOT_APPLICABLE: The rule does not apply to the resources.
  • INSUFFICIENT_DATA: No resource data is available.
COMPLIANT
Countinteger

The number of resources that are evaluated based on the rule.

2
SourceIdentifierstring

The identifier of the rule.

  • If the rule is a managed rule, the value of this parameter is the identifier of the managed rule.
  • If the rule is a custom rule, the value of this parameter is the Alibaba Cloud Resource Name (ARN) of the rule.
eip-bandwidth-limit
ConfigRuleArnstring

The ARN of the rule.

acs:config::100931896542****:rule/cr-fdc8626622af00f9****
Descriptionstring

The description of the rule.

The description of the test rule.
CreateByobject

The information about the creation of the rule.

CompliancePackIdstring

The compliance package ID.

cp-fdc8626622af00f9****
CompliancePackNamestring

The name of the compliance package.

test-pack-name
AutomationTypestring

The type of the remediation template. Only OOS is returned, which indicates CloudOps Orchestration Service.

OOS
ConfigRuleNamestring

The name of the rule.

test-rule-name
ConfigRuleIdstring

The rule ID.

cr-fdc8626622af00f9****
Tagsarray<object>

The tags of the rule.

tagobject

The tags of the rule.

Keystring

The tag key of the rule.

env
Valuestring

The tag value of the rule.

prod
ResourceTypesScopestring

The types of resources evaluated by the rule. Multiple resource types are separated with commas (,).

ACS::EIP::EipAddress
PageSizeinteger

The number of entries per page.

10
PageNumberinteger

The page number.

1
TotalCountlong

The total number of rules.

1

Examples

Sample success responses

JSONformat

{
  "RequestId": "AC3A7E12-72E6-5CC9-A5C1-D8D8919829A7",
  "ConfigRules": {
    "ConfigRuleList": [
      {
        "RiskLevel": 1,
        "SourceOwner": "ALIYUN",
        "AccountId": 0,
        "ConfigRuleState": "ACTIVE",
        "Compliance": {
          "ComplianceType": "COMPLIANT",
          "Count": 2
        },
        "SourceIdentifier": "eip-bandwidth-limit",
        "ConfigRuleArn": "acs:config::100931896542****:rule/cr-fdc8626622af00f9****",
        "Description": "The description of the test rule.",
        "CreateBy": {
          "CompliancePackId": "cp-fdc8626622af00f9****",
          "CompliancePackName": "test-pack-name"
        },
        "AutomationType": "OOS",
        "ConfigRuleName": "test-rule-name",
        "ConfigRuleId": "cr-fdc8626622af00f9****",
        "Tags": [
          {
            "Key": "env",
            "Value": "prod"
          }
        ],
        "ResourceTypesScope": "ACS::EIP::EipAddress"
      }
    ],
    "PageSize": 10,
    "PageNumber": 1,
    "TotalCount": 1
  }
}

Error codes

HTTP status codeError codeError messageDescription
400NoPermissionYou are not authorized to perform this operation.You are not authorized to perform this operation.
400Invalid.AggregatorId.ValueThe specified AggregatorId is invalid.The specified aggregator ID does not exist or you are not authorized to use the aggregator.
404AccountNotExistedYour account does not exist.-
503ServiceUnavailableThe request has failed due to a temporary failure of the server.The request has failed due to a temporary failure of the server.

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-06-04The Error code has changed. The response structure of the API has changedView Change Details