Creates a compliance package.

Each ordinary account can create up to five compliance packages.

In the example of this topic, the ClassifiedProtectionPreCheck compliance package that contains the eip-bandwidth-limit managed rule is created.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes CreateCompliancePack

The operation that you want to perform. Set the value to CreateCompliancePack.

CompliancePackTemplateId String No ct-5f26ff4e06a300c4****

The ID of the compliance package template based on which you want to create a compliance package.

For more information about how to obtain the ID of a compliance package template, see ListCompliancePackTemplates.

CompliancePackName String Yes ClassifiedProtectionPreCheck

The name of the compliance package.

Description String Yes The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency.

The description of the compliance package.

RiskLevel Integer Yes 1

The risk level of the resources that are not compliant with the rules in the compliance package. Valid values:

  • 1: high risk level
  • 2: medium risk level
  • 3: low risk level
ConfigRules Array Yes

The rules to be enabled in the compliance package.

ManagedRuleIdentifier String No eip-bandwidth-limit

The identifier of the managed rule. Cloud Config automatically enables the managed rule based on the specified identifier and adds the rule to the compliance package.

You need only to set one of the ManagedRuleIdentifier and ConfigRuleId parameters. If you set both parameters, Cloud Config adds a rule based on the value of the ConfigRuleId parameter. For more information about how to obtain the identifier of a managed rule, see ListCompliancePackTemplates.

ConfigRuleName String No eip-bandwidth-limit

The name of the rule.

ConfigRuleParameters Array No

The input parameter settings of the rule.

ParameterName String No bandwidth

The name of the input parameter.

You must set both of the ParameterName and ParameterValue parameters or neither of them. If the managed rule has an input parameter but no default value is specified, you must set this parameter. For more information about how to obtain the name of an input parameter for a managed rule, see ListCompliancePackTemplates.

ParameterValue String No 10

The expected value of the input parameter.

You must set both of the ParameterName and ParameterValue parameters or neither of them. If the managed rule has an input parameter but no default value is specified, you must set this parameter. For more information about how to obtain the expected value of an input parameter for a managed rule, see ListCompliancePackTemplates.

ConfigRuleId String No cr-e918626622af000f****

The ID of the rule. If you set this parameter, Cloud Config adds the rule that is identified by the specified ID to the compliance package.

You need only to set one of the ManagedRuleIdentifier and ConfigRuleId parameters. If you set both parameters, Cloud Config adds a rule based on the value of the ConfigRuleId parameter. For more information about how to obtain the ID of a rule, see ListConfigRules.

Description String No If an EIP is attached to each ECS or NAT instance and the status of the EIP is active, the configuration is considered compliant.

The description of the rule.

RiskLevel Integer No 1

The risk level of the resources that are not compliant with the rule. Valid values:

  • 1: high risk level
  • 2: medium risk level
  • 3: low risk level
ClientToken String No 1594295238-f9361358-5843-4294-8d30-b5183fac****

The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that the value is unique among different requests. The ClientToken value can contain only ASCII characters and cannot exceed 64 characters in length.

For more information about common request parameters, see the "Common request parameters" section of the Common parameters topic.

Response parameters

Parameter Type Example Description
CompliancePackId String cp-a8a8626622af0082****

The ID of the compliance package.

RequestId String 6EC7AED1-172F-42AE-9C12-295BC2ADB751

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=CreateCompliancePack
&CompliancePackTemplateId=ct-5f26ff4e06a300c4****
&CompliancePackName=ClassifiedProtectionPreCheck
&Description=The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency. 
&RiskLevel=1
&ConfigRules=[{"ManagedRuleIdentifier":"eip-bandwidth-limit"]
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<CreateCompliancePackResponse>
    <CompliancePackId>cp-a8a8626622af0082****</CompliancePackId>
    <RequestId>6EC7AED1-172F-42AE-9C12-295BC2ADB751</RequestId>
</CreateCompliancePackResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "CompliancePackId" : "cp-a8a8626622af0082****",
  "RequestId" : "6EC7AED1-172F-42AE-9C12-295BC2ADB751"
}

Error codes

Http status code Error code Error message Description
400 CompliancePackExceedMaxCount The maximum number of compliance pack is exceeded. The error message returned because the number of existing compliance packages reaches five.
400 Invalid.ConfigRules.Empty You must specify ConfigRules. The error message returned because no rule is specified for the compliance package.
400 Invalid.ConfigRules.Value The specified ConfigRules is invalid. The error message returned because the specified input parameter of the rule in the compliance package is invalid.
400 ConfigRuleExceedMaxRuleCount The maximum number of config rules is exceeded. The error message returned because the number of existing rules reaches the upper limit.
400 Invalid.CompliancePackName.Empty You must specify CompliancePackName. The error message returned because no name is specified for the compliance package.
400 Invalid.CompliancePackName.Value The specified CompliancePackName is invalid. The error message returned because the format of the specified compliance package name is invalid.
400 Invalid.CompliancePackTemplateId.Value The specified CompliancePackTemplateId does not exist. The error message returned because the specified compliance package template ID does not exist.
400 CompliancePackExists The compliance pack already exists. The error message returned because the specified compliance package name already exists.
404 AccountNotExisted Your account does not exist. The error message returned because your account does not exist.
503 ServiceUnavailable The request has failed due to a temporary failure of the server. The error message returned because the service is unavailable.

For a list of error codes, visit the API Error Center.