A rule is a piece of logical judgment code that is stored in a rule function of Function
Compute. You can create a rule based on a managed rule that is provided by Cloud Config
to audit associated resources.
Background information
Before you create a rule, you must familiarize yourself with the definition of rules
and how rules work. For more information, see Rule definition and implementation.
Cloud Config allows you to manage the following two types of rules:
- Managed rules
A managed rule is a rule function that Cloud Config creates in Function Compute. If
you want to create a rule based on a managed rule, you can directly select the managed
rule in the Cloud Config console. For more information about the managed rules that
Cloud Config provides, see Managed rules.
- Custom rules
A custom rule is created based on a rule function that you create in Function Compute.
To create a rule based on a rule function, you must create the rule function in Function
Compute and enter the Alibaba Cloud Resource Name (ARN) of the rule function in the
Cloud Config console. For more information about the code and input parameters of
a custom rule function, see Custom rule functions.
Use an ordinary account
If you use an ordinary account, you can create rules based on managed rules only for
your account.
- Log on to the Cloud Config console.
- In the left-side navigation pane, click Rules.
- On the Rules page, click Create Rule.
- On the Create Rule page, search for a managed rule based on the rule name, tag, evaluation logic, or
risk level.
- Click Apply Rule.
- In the Properties step, set the Rule Name, Risk Level, and Description parameters. Then, click Next.
The Rule Name, Risk Level, and Trigger Type parameters have default values. You can
change the values of the Rule Name and Risk Level parameters.
- In the Assess Resource Scope step, keep the default resource type and click Next.
- In the Parameters step, click Next.
If the managed rule has an input parameter, you must set an expected value for the
input parameter.
- In the Modify step, click Next.
- In the Preview and Save step, check the configurations and click Submit.
- Verify that the rule is created.
- Click View Details. On the page that appears, you can view the rule details on the Rule Details, Result, and Correction Details tabs.
- Click Return to Rule List. In the Rules list, you can view the status of the created rule in the Status column. In normal
cases, the rule is in the Active state.
Use a management account
If you use a management account, you can create rules based on managed rules for your
account and member accounts in the relevant resource directory.
- Log on to the Cloud Config console.
- In the left-side navigation pane, click Rules.
- On the Rules page, click the required account group tab.
- On the account group tab, click Create Rule.
- On the Create Rule page, search for a managed rule based on the rule name, tag, evaluation logic, or
risk level.
- Click Apply Rule.
- In the Properties step, set the Rule Name, Risk Level, and Description parameters. Then, click Next.
The Rule Name, Risk Level, and Trigger Type parameters have default values. You can
change the values of the Rule Name and Risk Level parameters.
- In the Assess Resource Scope step, keep the default resource type and click Next.
- In the Parameters step, click Next.
If the managed rule has an input parameter, you must set an expected value for the
input parameter.
- In the Modify step, click Next.
- In the Preview and Save step, check the configurations and click Submit.
- Verify that the rule is created.
- Click View Details. On the page that appears, you can view the rule details on the Rule Details, Result, and Correction Details tabs.
- Click Return to Rule List. In the Rules list, you can view the status of the created rule in the Status column. In normal
cases, the rule is in the Active state.