You can deliver scheduled resource snapshots and resource change logs to an Object Storage Service (OSS) bucket. After resource data is delivered to the specified bucket, you can view and download the JSON files that contain the delivered data.

Prerequisites

OSS is activated. For more information, see Activate OSS.

Background information

To achieve a balance between storage costs and scenario-specific requirements, we recommend that you select Standard for the Storage Class parameter when you create an OSS bucket. If you need to only store data that is infrequently accessed (once or twice each month) for a long period of time, we recommend that you select IA for the Storage Class parameter when you create an OSS bucket. For more information, see Create buckets.

Use an ordinary account

If you use an ordinary account, you can specify an OSS bucket to store the resource data of the current account.

  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, choose Delivery Services > Deliver Logs to OSS.
  3. On the Deliver Logs to OSS page, turn on OSS Settings.
  4. Set the parameters to specify an OSS bucket to store resource data.
    The following table describes the parameters.
    Parameter Description
    Select Acceptable Content The type of resource data to be delivered to the OSS bucket. Valid values:
    • Scheduled Snapshots: scheduled resource snapshots. Cloud Config delivers resource snapshots to the OSS bucket at 00:00:00 and 12:00:00 every day.
    • Historical Configuration Changes: resource change logs. Cloud Config delivers resource change logs to the OSS bucket when the configurations of resources change.
    Region The region in which the OSS bucket resides.
    Bucket The name of the OSS bucket. The bucket name must be unique.
    • If you select Create bucket, specify a bucket name.
    • If you select Select buckets, select an existing bucket from the Bucket drop-down list.
    Server-side Encryption Specifies whether and how to encrypt objects in the OSS bucket. This parameter must be set if you select Create bucket.
    Valid values:
    • No
    • AES256
    • KMS
  5. Click OK.

Use a management account

If you use a management account, you can specify an OSS bucket to store the resource data of the management account and member accounts of the relevant resource directory. The bucket must belong to the management account or a member account. Only management accounts are authorized to configure the delivery settings of resource data. No member accounts have the relevant permissions.
Note If you have used the management account to specify a member account as the delegated administrator account, the delegated administrator account can also be used to configure the delivery settings. For more information about how to add a delegated administrator account, see Add a delegated administrator account.
  1. Log on to the Cloud Config console.
  2. In the left-side navigation pane, choose Delivery Services > Deliver Logs to OSS.
  3. On the Deliver Logs to OSS page, turn on OSS Settings.
  4. Set the parameters to specify an OSS bucket to store resource data.
    You can create an OSS bucket within the management account, or select an existing OSS bucket that belongs to the management account or a member account. The OSS bucket stores the resource data of the management account and member accounts of the relevant resource directory.
    • To deliver resource data to an OSS bucket that belongs to the management account, select Create bucket or Select buckets, and then set the parameters. The following table describes the parameters.
      Parameter Description
      Select Acceptable Content The type of resource data to be delivered to the OSS bucket. Valid values:
      • Scheduled Snapshots: scheduled resource snapshots. Cloud Config delivers resource snapshots to the OSS bucket at 00:00:00 and 12:00:00 every day.
      • Historical Configuration Changes: resource change logs. Cloud Config delivers resource change logs to the OSS bucket when the configurations of resources change.
      Region The region in which the OSS bucket resides.
      Bucket The name of the OSS bucket. The bucket name must be unique.
      • If you select Create bucket, specify a bucket name.
      • If you select Select buckets, select an existing bucket from the Bucket drop-down list.
      Server-side Encryption Specifies whether and how to encrypt objects in the OSS bucket. This parameter must be set if you select Create bucket.
      Valid values:
      • No
      • AES256
      • KMS
    • To deliver resource data to an OSS bucket that belongs to a member account, select Select Buckets from Other Enterprise Management Accounts, and then set the parameters. Before you set the parameters, make sure that the member account has an available bucket. The following table describes the parameters.
      Parameter Description
      Select Acceptable Content The type of resource data to be delivered to the OSS bucket. Valid values:
      • Scheduled Snapshots: scheduled resource snapshots. Cloud Config delivers resource snapshots to the OSS bucket at 00:00:00 and 12:00:00 every day.
      • Historical Configuration Changes: resource change logs. Cloud Config delivers resource change logs to the OSS bucket when the configurations of resources change.
      The ARN of the bucket that belongs to the destination account The Alibaba Cloud Resource Name (ARN) of the bucket within the member account. The ARN consists of the following information: the ID of the region in which the bucket resides, the ID of the member account, and the name of the bucket. You can select the region from the Region drop-down list, the member account from the Member Accounts drop-down list, and the bucket from the Bucket drop-down list.
      The role ARN that belongs to the destination account The ARN of the role to be assumed by the member account. The ARN consists of the following information: the ID of the member account and the service-linked role for Cloud Config. You can select the member account from the drop-down list and use the default service-linked role.
  5. Click OK.
  6. In the The changes will apply to all member accounts in the organization. Are you sure you want to apply the changes? message, click OK.

What to do next

After resource data is delivered to the specified bucket, you can view and download the JSON files that contain the delivered data on the Files page of the bucket in the OSS console. For information about the sample scheduled resource snapshots and resource change logs in the JSON format, see Example of scheduled resource snapshots and Examples of resource change logs.

The path of each JSON file is in the format of /ACSLogs/Account ID/Config/Region ID/yyyy/mm/dd/.