CreateCompliancePack - API Reference| Alibaba Cloud Documentation Center

Each ordinary account can create up to five compliance packages.

In the example of this topic, the ClassifiedProtectionPreCheck compliance package that contains the eip-bandwidth-limit managed rule is created.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	CreateCompliancePack	The operation that you want to perform. Set the value to CreateCompliancePack.
CompliancePackTemplateId	String	No	ct-5f26ff4e06a300c4****	The ID of the compliance package template based on which you want to create a compliance package. For more information about how to obtain the ID of a compliance package template, see ListCompliancePackTemplates.
CompliancePackName	String	Yes	ClassifiedProtectionPreCheck	The name of the compliance package.
Description	String	Yes	The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency.	The description of the compliance package.
RiskLevel	Integer	Yes	1	The risk level of the resources that are not compliant with the rules in the compliance package. Valid values: 1: high risk level 2: medium risk level 3: low risk level
ConfigRules	Array	Yes		The rules to be enabled in the compliance package.
ManagedRuleIdentifier	String	No	eip-bandwidth-limit	The identifier of the managed rule. Cloud Config automatically enables the managed rule based on the specified identifier and adds the rule to the compliance package. You need only to set one of the `ManagedRuleIdentifier` and `ConfigRuleId` parameters. If you set both parameters, Cloud Config adds a rule based on the value of the `ConfigRuleId` parameter. For more information about how to obtain the identifier of a managed rule, see ListCompliancePackTemplates.
ConfigRuleName	String	No	eip-bandwidth-limit	The name of the rule.
ConfigRuleParameters	Array	No		The input parameter settings of the rule.
ParameterName	String	No	bandwidth	The name of the input parameter. You must set both of the `ParameterName` and `ParameterValue` parameters or neither of them. If the managed rule has an input parameter but no default value is specified, you must set this parameter. For more information about how to obtain the name of an input parameter for a managed rule, see ListCompliancePackTemplates.
ParameterValue	String	No	10	The expected value of the input parameter. You must set both of the `ParameterName` and `ParameterValue` parameters or neither of them. If the managed rule has an input parameter but no default value is specified, you must set this parameter. For more information about how to obtain the expected value of an input parameter for a managed rule, see ListCompliancePackTemplates.
ConfigRuleId	String	No	cr-e918626622af000f****	The ID of the rule. If you set this parameter, Cloud Config adds the rule that is identified by the specified ID to the compliance package. You need only to set one of the `ManagedRuleIdentifier` and `ConfigRuleId` parameters. If you set both parameters, Cloud Config adds a rule based on the value of the `ConfigRuleId` parameter. For more information about how to obtain the ID of a rule, see ListConfigRules.
Description	String	No	If an EIP is attached to each ECS or NAT instance and the status of the EIP is active, the configuration is considered compliant.	The description of the rule.
RiskLevel	Integer	No	1	The risk level of the resources that are not compliant with the rule. Valid values: 1: high risk level 2: medium risk level 3: low risk level
ClientToken	String	No	1594295238-f9361358-5843-4294-8d30-b5183fac****	The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that the value is unique among different requests. The `ClientToken` value can contain only ASCII characters and cannot exceed 64 characters in length.

For more information about common request parameters, see the "Common request parameters" section of the Common parameters topic.

Response parameters


Parameter	Type	Example	Description
CompliancePackId	String	cp-a8a8626622af0082****	The ID of the compliance package.
RequestId	String	6EC7AED1-172F-42AE-9C12-295BC2ADB751	The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateCompliancePack
&CompliancePackTemplateId=ct-5f26ff4e06a300c4****
&CompliancePackName=ClassifiedProtectionPreCheck
&Description=The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency. 
&RiskLevel=1
&ConfigRules=[{"ManagedRuleIdentifier":"eip-bandwidth-limit"]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateCompliancePackResponse>
    <CompliancePackId>cp-a8a8626622af0082****</CompliancePackId>
    <RequestId>6EC7AED1-172F-42AE-9C12-295BC2ADB751</RequestId>
</CreateCompliancePackResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "CompliancePackId" : "cp-a8a8626622af0082****",
  "RequestId" : "6EC7AED1-172F-42AE-9C12-295BC2ADB751"
}

Error codes


Http status code	Error code	Error message	Description
400	CompliancePackExceedMaxCount	The maximum number of compliance pack is exceeded.	The error message returned because the number of existing compliance packages reaches five.
400	Invalid.ConfigRules.Empty	You must specify ConfigRules.	The error message returned because no rule is specified for the compliance package.
400	Invalid.ConfigRules.Value	The specified ConfigRules is invalid.	The error message returned because the specified input parameter of the rule in the compliance package is invalid.
400	ConfigRuleExceedMaxRuleCount	The maximum number of config rules is exceeded.	The error message returned because the number of existing rules reaches the upper limit.
400	Invalid.CompliancePackName.Empty	You must specify CompliancePackName.	The error message returned because no name is specified for the compliance package.
400	Invalid.CompliancePackName.Value	The specified CompliancePackName is invalid.	The error message returned because the format of the specified compliance package name is invalid.
400	Invalid.CompliancePackTemplateId.Value	The specified CompliancePackTemplateId does not exist.	The error message returned because the specified compliance package template ID does not exist.
400	CompliancePackExists	The compliance pack already exists.	The error message returned because the specified compliance package name already exists.
404	AccountNotExisted	Your account does not exist.	The error message returned because your account does not exist.
503	ServiceUnavailable	The request has failed due to a temporary failure of the server.	The error message returned because the service is unavailable.

For a list of error codes, visit the API Error Center.