This topic provides an example of resource non-compliance events that are delivered to Log Service for storage. The following sections describe the content of the example and the parameters involved.
Example
For example, you use an ordinary account whose ID is
120886317861****
and you have an Object Storage Service (OSS) bucket named test_bucket
in the China (Beijing) region. The non-compliance events of the resource are delivered
to Log Service. The following code shows a sample event:accountId:120886317861****
annotation:{"configuration":"public-read","desiredValue":"read","operator":"NotStringContains","property":"$.AccessControlList.Grant"}
compliancePackId:null
complianceType:NON_COMPLIANT
configAggregatorId:null
configRuleInvokedTimestamp:1630481784685
dataType:NonCompliantNotification
evaluationResultIdentifier:{"orderingTimestamp":1630481784685,"evaluationResultQualifier":{"resourceId":"test_bucket","configRuleName":"oss-bucket-public-read-prohibited","configRuleId":"cr-2d736457e0d90044****","captureTime":1630481784685,"resourceName":"test_bucket","configRuleArn":"acs:config::120886317861****:rule/cr-2d736457e0d90044****","regionId":"cn-beijing","resourceOwnerId":120886317861****,"resourceType":"ACS::OSS::Bucket"}}
eventName:NonCompliant
eventType:ResourceCompliance
invokingEventMessageType:Manual
notificationCreationTime:1630481787932
requestId:62e70b45-1171-4648-8db0-233d18f6adb5
resultRecordedTimestamp:1630481784781
resultToken:null
riskLevel:Critical
Parameters
The following table describes the parameters involved in resource non-compliance events
that are delivered to Log Service.
Parameter | Description |
---|---|
accountId |
The ID of the account to which the resource belongs. Cloud Config supports the following
types of accounts:
|
annotation | The description of the non-compliant configuration. |
compliancePackId | The ID of the compliance package. If the rule triggered does not belong to a compliance
package, the value is null .
|
complianceType | The compliance evaluation result. The value is fixed to NON_COMPLIANT .
|
configAggregators | The information about the account group, including the ID of the management account
that created the account group and the ID of the account group. The value varies with
the type of the account to which the resource belongs.
|
configRuleInvokedTimestamp | The timestamp when the rule was triggered. |
dataType | The type of the log received by Log Service. Valid values:
|
evaluationResultIdentifier | The information about the compliance evaluation result. |
eventName | The name of the event. The value is fixed to NonCompliant .
|
eventType | The type of the event. Valid values:
|
invokingEventMessageType | The trigger type of the rule. Valid values:
|
notificationCreationTime | The timestamp when the log was generated. |
resultRecordedTimestamp | The timestamp when the compliance evaluation result was recorded. |
riskLevel | The risk level of the resource based on the rule triggered. Valid values:
|