Cloud Config:Definition and execution of evaluation rules

The evaluation logic of evaluation rules is the same as the evaluation logic of rule templates. When you configure an evaluation rule, you must specify the resource configuration items that you want to evaluate and the evaluation conditions. The following bullet points describe the core elements of an evaluation rule:

• Resource configuration items specify the properties of a resource, such as the resource specifications, region, name, status, port, and network interface controller (NIC) status.

• The conditions of an evaluation rule are the logical code that is used to evaluate whether a resource is compliant. For example, if the deletion protection feature is enabled for each Elastic Compute Service (ECS) instance, the evaluation result is Compliant. If the deletion protection feature is disabled for an ECS instance, the evaluation result is Non-compliant.

• The evaluation result for a resource is the same as the compliance result for the resource.

The following figure shows how an evaluation rule evaluates a resource:

Procedure:

1. Parse a resource and query the type and properties of the resource.

2. Call the ListPreManagedRules operation to query all the evaluation rules that are supported by the resource.

3. Select an evaluation rule and call the EvaluatePreConfigRules operation to send an evaluation request.

   You can enable the rule templates feature.

   • If you enable the rule template feature, the rule template that corresponds to the evaluation rule is enabled. The rule templates can continuously check the compliance of your resource. You can modify, delete, disable, or enable the rule template in the Cloud Config console.

   • After you disable the rule template feature, you can only evaluate the resource.

4. Obtain the evaluation result.

   You can remediate a non-compliant resource and re-evaluate the resource.

This section describes how to use Resource Orchestration Service (ROS) to integrate an evaluation rule. After you create an ROS template and configure parameters, you can obtain the type and properties of a resource. Before you deploy the resource, you can use an evaluation rule to perform a compliance check on the resource, as shown in the following figure.