Queries the compliance evaluation results of resources based on rules.

In this example, the cr-cac56457e0d900d3**** rule is used. The returned result indicates that the i-hp3e4kvhzqn2s11t**** resource is evaluated as NON_COMPLIANT by using the rule and the resource is an Elastic Compute Service (ECS) instance.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ListConfigRuleEvaluationResults

The operation that you want to perform. Set the value to ListConfigRuleEvaluationResults.

ComplianceType String No NON_COMPLIANT

The compliance evaluation result of the resources. Valid values:

  • COMPLIANT: The resources are evaluated as compliant.
  • NON_COMPLIANT: The resources are evaluated as incompliant.
  • NOT_APPLICABLE: The rule does not apply to your resources.
  • INSUFFICIENT_DATA: No resource data is available.
  • IGNORED: The resource is ignored during compliance evaluation.
NextToken String No IWBjqMYSy0is7zSMGu16****

The token that you want to use to initiate the current request. If the response of the previous request is truncated, you can use this token to initiate another request and obtain the remaining entries.

MaxResults Integer No 10

The maximum number of entries to return for a single request. Valid values: 1 to 100.

ConfigRuleId String No cr-cac56457e0d900d3****

The ID of the rule.

You can call the ListConfigRules operation to obtain the rule ID.

CompliancePackId String No cp-f1e3326622af00cb****

The ID of the compliance package.

For more information about how to obtain the ID of a compliance package, see ListCompliancePacks.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
RequestId String 2A4A33BD-8186-4D60-91B9-42174EED75B5

The ID of the request.

EvaluationResults Object

The compliance evaluation results returned.

NextToken String IWBjqMYSy0is7zSMGu16****

The token that was used to initiate the next request.

MaxResults Integer 10

The maximum number of entries returned on each page.

EvaluationResultList Array of EvaluationResult

The details of the compliance evaluation result.

RiskLevel Integer 1

The risk level of the resources that do not comply with the rule. Valid values:

  • 1: high risk level
  • 2: medium risk level
  • 3: low risk level
ComplianceType String NON_COMPLIANT

The compliance evaluation result of the resources. Valid values:

  • COMPLIANT: The resources are evaluated as compliant.
  • NON_COMPLIANT: The resources are evaluated as incompliant.
  • NOT_APPLICABLE: The rule does not apply to your resources.
  • INSUFFICIENT_DATA: No resource data is available.
  • IGNORED: The resource is ignored during compliance evaluation.
ResultRecordedTimestamp Long 1622802307150

The timestamp when the compliance evaluation result was recorded. Unit: milliseconds.

Annotation String {\"configuration\":\"\",\"desiredValue\":\"\",\"operator\":\"IsNotStringEmpty\",\"property\":\"$.KeyPairName\",\"reason\":\"No property contains.\"}

The annotation to the resource that is evaluated as incompliant. The following section describes the parameters that can be returned:

  • configuration: the current resource configuration that is evaluated as incompliant by using the rule.
  • desiredValue: the expected resource configuration that is evaluated as compliant by using the rule.
  • operator: the operator that is used to compare the current configuration with the expected configuration of the resource.
  • property: the JSON path of the current configuration in the resource property struct.
  • reason: the reason why the resource is evaluated as incompliant.
ConfigRuleInvokedTimestamp Long 1622802307081

The timestamp when the rule was triggered for the compliance evaluation. Unit: milliseconds.

InvokingEventMessageType String ConfigurationItemChangeNotification

The trigger type of the rule. Valid values:

  • ConfigurationItemChangeNotification: The managed rule is triggered by configuration changes.
  • ScheduledNotification: The managed rule is periodically triggered.
EvaluationResultIdentifier Object

The identifying information about the compliance evaluation result.

OrderingTimestamp Long 1622802307081

The timestamp when the compliance evaluation was performed. Unit: milliseconds.

EvaluationResultQualifier Object

The information about the evaluated resource in the compliance evaluation result.

ResourceOwnerId Long 120886317861****

The ID of the Alibaba Cloud account to which the resources belong.

ConfigRuleArn String acs:config::120886317861****:rule/cr-cac56457e0d900d3****

The Alibaba Cloud Resource Name (ARN) of the rule.

ResourceType String ACS::ECS::Instance

The type of the resource.

ConfigRuleName String ecs-cpu-min-count-limit

The name of the monitoring rule.

ResourceId String i-hp3e4kvhzqn2s11t****

The ID of the resource.

ConfigRuleId String cr-cac56457e0d900d3****

The ID of the rule.

ResourceName String iZuf6j91r34rnwawoox****

The name of the resource.

RegionId String cn-hangzhou

The ID of the region where the resource resides.

CompliancePackId String cp-bcc33457e0d900d5****

The ID of the compliance package to which the rule belongs.

IgnoreDate String 2022-06-01

The date from which the system automatically re-evaluates the ignored incompliant resources.

Note If the value of this parameter is left empty, the system does not automatically re-evaluate the ignored incompliant resources. You must re-evaluate the ignored incompliant resources.
RemediationEnabled Boolean false

Indicates whether the remediation template is enabled. Valid values:

  • true: The remediation template is enabled.
  • false: The remediation template is disabled.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ListConfigRuleEvaluationResults
&ConfigRuleId=cr-cac56457e0d900d3****
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ListConfigRuleEvaluationResultsResponse>
    <RequestId>2A4A33BD-8186-4D60-91B9-42174EED75B5</RequestId>
    <EvaluationResults>
        <NextToken>IWBjqMYSy0is7zSMGu16****</NextToken>
        <MaxResults>10</MaxResults>
        <EvaluationResultList>
            <RiskLevel>1</RiskLevel>
            <ComplianceType>NON_COMPLIANT</ComplianceType>
            <ResultRecordedTimestamp>1622802307150</ResultRecordedTimestamp>
            <Annotation>{\"configuration\":\"\",\"desiredValue\":\"\",\"operator\":\"IsNotStringEmpty\",\"property\":\"$.KeyPairName\",\"reason\":\"No property contains.\"}</Annotation>
            <ConfigRuleInvokedTimestamp>1622802307081</ConfigRuleInvokedTimestamp>
            <InvokingEventMessageType>ConfigurationItemChangeNotification</InvokingEventMessageType>
            <EvaluationResultIdentifier>
                <OrderingTimestamp>1622802307081</OrderingTimestamp>
                <EvaluationResultQualifier>
                    <ConfigRuleArn>acs:config::120886317861****:rule/cr-cac56457e0d900d3****</ConfigRuleArn>
                    <ResourceType>ACS::ECS::Instance</ResourceType>
                    <ConfigRuleName>ecs-cpu-min-count-limit</ConfigRuleName>
                    <ResourceId>i-hp3e4kvhzqn2s11t****</ResourceId>
                    <ConfigRuleId>cr-cac56457e0d900d3****</ConfigRuleId>
                    <ResourceName>iZuf6j91r34rnwawoox****</ResourceName>
                    <RegionId>cn-hangzhou</RegionId>
                    <CompliancePackId>cp-bcc33457e0d900d5****</CompliancePackId>
                </EvaluationResultQualifier>
            </EvaluationResultIdentifier>
            <RemediationEnabled>false</RemediationEnabled>
        </EvaluationResultList>
    </EvaluationResults>
</ListConfigRuleEvaluationResultsResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "2A4A33BD-8186-4D60-91B9-42174EED75B5",
  "EvaluationResults" : {
    "NextToken" : "IWBjqMYSy0is7zSMGu16****",
    "MaxResults" : 10,
    "EvaluationResultList" : [ {
      "RiskLevel" : 1,
      "ComplianceType" : "NON_COMPLIANT",
      "ResultRecordedTimestamp" : 1622802307150,
      "Annotation" : "{\\\"configuration\\\":\\\"\\\",\\\"desiredValue\\\":\\\"\\\",\\\"operator\\\":\\\"IsNotStringEmpty\\\",\\\"property\\\":\\\"$.KeyPairName\\\",\\\"reason\\\":\\\"No property contains.\\\"}",
      "ConfigRuleInvokedTimestamp" : 1622802307081,
      "InvokingEventMessageType" : "ConfigurationItemChangeNotification",
      "EvaluationResultIdentifier" : {
        "OrderingTimestamp" : 1622802307081,
        "EvaluationResultQualifier" : {
          "ConfigRuleArn" : "acs:config::120886317861****:rule/cr-cac56457e0d900d3****",
          "ResourceType" : "ACS::ECS::Instance",
          "ConfigRuleName": "ecs-cpu-min-count-limit",
          "ResourceId" : "i-hp3e4kvhzqn2s11t****",
          "ConfigRuleId" : "cr-cac56457e0d900d3****",
          "ResourceName" : "iZuf6j91r34rnwawoox****",
          "RegionId" : "cn-hangzhou",
          "CompliancePackId" : "cp-bcc33457e0d900d5****"
        }
      },
      "RemediationEnabled" : false
    } ]
  }
}

Error codes

HttpCode Error code Error message Description
400 NoPermission You are not authorized to perform this operation. The error message returned because you are not authorized to perform the specified operation.
404 CloudConfigServiceRoleNotExisted The CloudConfigServiceRole does not exist. The error message returned because the AliyunServiceRoleForConfig role does not exist.
404 AccountNotExisted Your account does not exist. The error message returned because the account does not exist.
503 ServiceUnavailable The request has failed due to a temporary failure of the server. The error message returned because the service is unavailable.

For a list of error codes, visit the API Error Center.