You can deliver resource change logs and resource non-compliance events as messages to a specified Message Service (MNS) topic in Cloud Config. You can also specify the push method and content of the topic.

Prerequisites

MNS is activated. For more information, see Activate MNS and authorize RAM users to access MNS.

Use an ordinary account

If you use an ordinary account, you can specify an MNS topic to receive the resource data of the current account.

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, choose Settings > Delivery Channels.
  3. On the Delivery Settings page, click Deliver Data to Message Service
  4. On the Deliver Data to Message Service tab, turn on MNS Settings.
  5. Configure the parameters to deliver resource data.

    The following table describes the parameters.

    Parameter Description
    Select Acceptable Content
    The type of the resource data that you want to deliver to the MNS topic. Valid values:
    • Historical Configuration Changes: resource change logs. Cloud Config delivers resource change logs to the MNS topic when the configurations of resources change.
    • Non-compliance Events: resource non-compliance events. If a resource is evaluated as incompliant, Cloud Config delivers the resource non-compliance event to the MNS topic.
    MNS Topic Source The source of the MNS topic.
    • If you select Create a topic in the account, specify a topic name.
    • If you select Select an existing topic from the account, select an existing topic from the Topic Name drop-down list.
    Topic name The name of the MNS topic. The topic name must be unique in the account in the specified region.
    MNS Region The region where the MNS topic resides.
    Maximum Message Size (Byte) The maximum length of the message body that can be received by the topic. Unit: bytes. Valid values: 1024 to 65536. Default value: 65536.
    Note We recommend that you set this parameter to a value greater than or equal to 8192. Otherwise, the message delivery may fail due to the length limit.
    Enable Logging Specifies whether to store the operation logs of the MNS topic in the associated Log Service Logstore. Operation logs are generated when messages are received, forwarded, and deleted.
    Minimum Risk Level of the Events to Subscribe The lowest risk level of the events to which you want to subscribe. Valid values:
    • All Risk Levels
    • High Risk
    • Medium Risk
    • Low Risk

    For example, if you select Medium Risk, Cloud Config delivers non-compliance events at the Medium Risk and High Risk levels. Non-compliance events at the Low Risk level are ignored.

    Events of Specified Resource Type The types of the resources whose events to which you want to subscribe. Valid values:
    • All Supported Resource Types: subscribes to the events of all supported types of resources. If a new service is integrated with Cloud Config, the resource type of the service is automatically added to the monitoring scope.
    • Custom Resource Types: subscribes to the events of the specified types of resources.
    Recipient Address for Large Files
    The Object Storage Service (OSS) bucket that is used to receive the large messages that Cloud Config delivers to the MNS topic.
    • If you configure this parameter, a message that Cloud Config delivers to the MNS topic is automatically transferred to the specified OSS bucket when the message size exceeds 64 KB.
    • If you leave this parameter empty, the excess part of a message that Cloud Config delivers to the MNS topic is automatically discarded when the message size exceeds 64 KB.
    Note The Region and Account parameters are automatically configured based on the settings in the Content and Recipient Address section. You need to only select a bucket.
  6. Click OK.

Use a management account

If you use a management account, you can specify an MNS topic to receive the resource data of the management account and member accounts of the relevant resource directory. Only management accounts are authorized to configure the delivery settings of resource data. No member accounts have the relevant permissions.
Note If you have used the management account to specify a member account as the delegated administrator account, the delegated administrator account can also be used to configure the delivery settings. For more information about how to add a delegated administrator account, see Add a delegated administrator account.
  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, choose Settings > Delivery Channels.
  3. On the Delivery Settings page, click Deliver Data to Message Service
  4. On the Deliver Data to Message Service tab, click MNS Settings.
  5. Configure the parameters to deliver resource data.
    You can create an MNS topic in the management account, or select an existing MNS topic that belongs to the management account or a member account. The specified MNS topic receives the resource data of the management account and member accounts of the relevant resource directory.
    • To deliver resource data to a topic that belongs to the management account, select Create a topic in the account or Select an existing topic from the account, and then configure the parameters. The following table describes the parameters.
      Parameter Description
      Select Acceptable Content
      The type of the resource data that you want to deliver to the MNS topic. Valid values:
      • Historical Configuration Changes: resource change logs. Cloud Config delivers resource change logs to the MNS topic when the configurations of resources change.
      • Non-compliance Events: resource non-compliance events. If a resource is evaluated as incompliant, Cloud Config delivers the resource non-compliance event to the MNS topic.
      MNS Topic Source The source of the MNS topic.
      • If you select Create a topic in the account, specify a topic name.
      • If you select Select an existing topic from the account, select an existing topic from the Topic Name drop-down list.
      Topic name The name of the MNS topic. The topic name must be unique in the management account in the specified region.
      MNS Region The region where the MNS topic resides.
      Maximum Message Size (Byte) The maximum length of the message body that can be received by the topic. Unit: bytes. Valid values: 1024 to 65536. Default value: 65536.
      Note We recommend that you set this parameter to a value greater than or equal to 8192. Otherwise, the message delivery may fail due to the length limit.
      Enable Logging Specifies whether to store the operation logs of the MNS topic in the associated Log Service Logstore. Operation logs are generated when messages are received, forwarded, and deleted.
      Minimum Risk Level of the Events to Subscribe The lowest risk level of the events to which you want to subscribe. Valid values:
      • All Risk Levels
      • High Risk
      • Medium Risk
      • Low Risk

      For example, if you select Medium Risk, Cloud Config delivers non-compliance events at the Medium Risk and High Risk levels. Non-compliance events at the Low Risk level are ignored.

      Events of Specified Resource Type The types of the resources whose events to which you want to subscribe. Valid values:
      • All Supported Resource Types: subscribes to the events of all supported types of resources. If a new service is integrated with Cloud Config, the resource type of the service is automatically added to the monitoring scope.
      • Custom Resource Types: subscribes to the events of the specified types of resources.
      Recipient Address for Large Files
      The Object Storage Service (OSS) bucket that is used to receive the large messages that Cloud Config delivers to the MNS topic.
      • If you configure this parameter, a message that Cloud Config delivers to the MNS topic is automatically transferred to the specified OSS bucket when the message size exceeds 64 KB.
      • If you leave this parameter empty, the excess part of a message that Cloud Config delivers to the MNS topic is automatically discarded when the message size exceeds 64 KB.
      Note The Region and Account parameters are automatically configured based on the settings in the Content and Recipient Address section. You need to only select a bucket.
    • To deliver resource data to a topic that belongs to a member account, select Select an existing topic from other enterprise management accounts or delegated accounts, and then configure the parameters. Before you configure the parameters, make sure that the member account has an available topic. The following table describes the parameters.
      Parameter Description
      Select Acceptable Content
      The type of the resource data that you want to deliver to the MNS topic. Valid values:
      • Historical Configuration Changes: resource change logs. Cloud Config delivers resource change logs to the MNS topic when the configurations of resources change.
      • Non-compliance Events: resource non-compliance events. If a resource is evaluated as incompliant, Cloud Config delivers the resource non-compliance event to the MNS topic.
      The ARN of the topic that belongs to the destination account The Alibaba Cloud Resource Name (ARN) of the topic within the member account. The ARN consists of the following information: the ID of the region where the topic resides, the ID of the member account, and the name of the topic. You can select the region from the Region drop-down list, the member account from the Member Accounts drop-down list, and the topic from the Topic Name drop-down list.
      The role ARN that belongs to the destination account The ARN of the role to be assumed by the member account. The ARN consists of the following information: the ID of the member account and the service-linked role for Cloud Config. You can select the member account from the drop-down list and use the default service-linked role.
      Minimum Risk Level of the Events to Subscribe The lowest risk level of the events to which you want to subscribe. Valid values:
      • All Risk Levels
      • High Risk
      • Medium Risk
      • Low Risk

      For example, if you select Medium Risk, Cloud Config delivers non-compliance events at the Medium Risk and High Risk levels. Non-compliance events at the Low Risk level are ignored.

      Events of Specified Resource Type The types of the resources whose events you want to subscribe to. Valid values:
      • All Supported Resource Types: subscribes to the events of all supported types of resources. If a new service is integrated with Cloud Config, the resource type of the service is automatically added to the monitoring scope.
      • Custom Resource Types: subscribes to the events of the specified types of resources.
      Recipient Address for Large Files
      The Object Storage Service (OSS) bucket that is used to receive the large messages that Cloud Config delivers to the MNS topic.
      • If you configure this parameter, a message that Cloud Config delivers to the MNS topic is automatically transferred to the specified OSS bucket when the message size exceeds 64 KB.
      • If you leave this parameter empty, the excess part of a message that Cloud Config delivers to the MNS topic is automatically discarded when the message size exceeds 64 KB.
      Note The Region and Account parameters are automatically configured based on the settings in the Content and Recipient Address section. You need to only select a bucket.
  6. Click OK.
  7. In the This modification will automatically take effect in all member accounts in the current account Group. Please confirm the modification message, click OK.

What to do next

After resource data is sent to the specified topic, you can log on to the MNS console to specify the push method and content of the topic. For more information, see Publish a message.

For information about the sample resource change logs and resource non-compliance events in the JSON format, see Examples of resource change logs and Example of resource non-compliance events.