Queries the compliance evaluation results of resources.
In this example, the compliance evaluation result of the 23642660635396****
resource is queried. The resource is a RAM user. The return result shows that the
resource is evaluated as NON_COMPLIANT
against the cr-7f7d626622af0041****
rule.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | ListResourceEvaluationResults |
The operation that you want to perform. Set the value to ListResourceEvaluationResults. |
ResourceType | String | No | ACS::RAM::User |
The type of resources whose compliance evaluation results you want to query. For more information about how to obtain the type of a resource, see ListDiscoveredResources. |
ResourceId | String | No | 23642660635396**** |
The ID of the resource whose compliance evaluation result you want to query. For more information about how to obtain the ID of a resource, see ListDiscoveredResources. |
ComplianceType | String | No | NON_COMPLIANT |
The compliance evaluation result of the resource. Valid values:
|
NextToken | String | No | IWBjqMYSy0is7zSMGu16**** |
The token that is used to initiate the next request. If the response of the current request is truncated, this token is used to initiate another request and obtain the remaining entries. |
MaxResults | Integer | No | 10 |
The maximum number of entries to return for a single request. Valid values: 1 to 100. |
Region | String | No | global |
The ID of the region in which one or more resources to be queried reside. For example,
the value For more information about how to obtain the ID of the region in which the resource resides, see ListDiscoveredResources. |
For more information about common request parameters, see the Common request parameters section of the Common parameters topic.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 25C89DDB-BB79-487D-88C3-4A561F21EFC4 |
The ID of the request. |
EvaluationResults | Object |
The information about the compliance evaluation results returned. |
|
NextToken | String | IWBjqMYSy0is7zSMGu16**** |
The token that is used to initiate the next request. |
MaxResults | Integer | 10 |
The maximum number of entries returned on each page. |
EvaluationResultList | Array of EvaluationResult |
The details of the compliance evaluation result. |
|
RiskLevel | Integer | 1 |
The risk level of the resources that are not compliant with the rule. Valid values:
|
ComplianceType | String | NON_COMPLIANT |
The compliance evaluation result of the resource. Valid values:
|
ResultRecordedTimestamp | Long | 1624932227595 |
The timestamp when the compliance evaluation result was recorded. Unit: milliseconds. |
Annotation | String | {\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.LoginProfile.MFABindRequired\"} |
The annotation to the resource that is evaluated as non-compliant. The following parameters may be returned:
|
ConfigRuleInvokedTimestamp | Long | 1624932227157 |
The timestamp when the rule was triggered for the compliance evaluation. Unit: milliseconds. |
InvokingEventMessageType | String | ScheduledNotification |
The trigger type of the rule. Valid values:
|
EvaluationResultIdentifier | Object |
The identifying information about the compliance evaluation result. |
|
OrderingTimestamp | Long | 1624932227157 |
The timestamp when the compliance evaluation was performed. Unit: milliseconds. |
EvaluationResultQualifier | Object |
The information about the evaluated resource in the compliance evaluation result. |
|
ConfigRuleArn | String | acs:config::100931896542****:rule/cr-7f7d626622af0041**** |
The Alibaba Cloud Resource Name (ARN) of the rule. |
ResourceType | String | ACS::RAM::User |
The type of resources whose compliance evaluation results were queried. |
ConfigRuleName | String | ram-user-mfa-check |
The name of the rule. |
ResourceId | String | 23642660635396**** |
The ID of the resource whose compliance evaluation result was queried. |
ConfigRuleId | String | cr-7f7d626622af0041**** |
The ID of the rule. |
ResourceName | String | Alice |
The name of the resource. |
RegionId | String | global |
The ID of the region in which your resources reside. |
RemediationEnabled | Boolean | true |
Indicates whether the remediation template is enabled. Valid values:
|
Examples
Sample requests
http(s)://[Endpoint]/?Action=ListResourceEvaluationResults
&ResourceId=23642660635396****
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<ListAggregateResourceEvaluationResultsResponse>
<code>200</code>
<data>
<RequestId>25C89DDB-BB79-487D-88C3-4A561F21EFC4</RequestId>
<EvaluationResults>
<EvaluationResultList>
<ConfigRuleInvokedTimestamp>1624932227157</ConfigRuleInvokedTimestamp>
<ComplianceType>NON_COMPLIANT</ComplianceType>
<ResultRecordedTimestamp>1624932227595</ResultRecordedTimestamp>
<InvokingEventMessageType>ScheduledNotification</InvokingEventMessageType>
<EvaluationResultIdentifier>
<EvaluationResultQualifier>
<ConfigRuleId>cr-7f7d626622af0041****</ConfigRuleId>
<ConfigRuleArn>acs:config::100931896542****:rule/cr-7f7d626622af0041****</ConfigRuleArn>
<ResourceId>23642660635396****</ResourceId>
<ResourceName>rd_member</ResourceName>
<ConfigRuleName>ram-user-mfa-check</ConfigRuleName>
<ResourceType>ACS::RAM::User</ResourceType>
<RegionId>global</RegionId>
</EvaluationResultQualifier>
<OrderingTimestamp>1624932227157</OrderingTimestamp>
</EvaluationResultIdentifier>
<RiskLevel>1</RiskLevel>
<RemediationEnabled>false</RemediationEnabled>
<Annotation>{\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.LoginProfile.MFABindRequired\"}</Annotation>
</EvaluationResultList>
<MaxResults>10</MaxResults>
</EvaluationResults>
</data>
<httpStatusCode>200</httpStatusCode>
<requestId>25C89DDB-BB79-487D-88C3-4A561F21EFC4</requestId>
</ListAggregateResourceEvaluationResultsResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"code" : "200",
"data" : {
"RequestId" : "25C89DDB-BB79-487D-88C3-4A561F21EFC4",
"EvaluationResults" : {
"EvaluationResultList" : [ {
"ConfigRuleInvokedTimestamp" : 1624932227157,
"ComplianceType" : "NON_COMPLIANT",
"ResultRecordedTimestamp" : 1624932227595,
"InvokingEventMessageType" : "ScheduledNotification",
"EvaluationResultIdentifier" : {
"EvaluationResultQualifier" : {
"ConfigRuleId" : "cr-7f7d626622af0041****",
"ConfigRuleArn" : "acs:config::100931896542****:rule/cr-7f7d626622af0041****",
"ResourceId" : "23642660635396****",
"ResourceName" : "rd_member",
"ConfigRuleName" : "ram-user-mfa-check",
"ResourceType" : "ACS::RAM::User",
"RegionId" : "global"
},
"OrderingTimestamp" : 1624932227157
},
"RiskLevel" : 1,
"RemediationEnabled" : false,
"Annotation" : "{\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.LoginProfile.MFABindRequired\"}"
} ],
"MaxResults" : 10
}
},
"httpStatusCode" : "200",
"requestId" : "25C89DDB-BB79-487D-88C3-4A561F21EFC4"
}
Error codes
Http status code | Error code | Error message | Description |
---|---|---|---|
400 | NoPermission | You are not authorized to perform this operation. | The error message returned because you are not authorized to perform the specified operation. |
404 | CloudConfigServiceRoleNotExisted | The CloudConfigServiceRole does not exist. | The error message returned because the AliyunServiceRoleForConfig role does not exist. |
404 | AccountNotExisted | Your account does not exist. | The error message returned because your account does not exist. |
503 | ServiceUnavailable | The request has failed due to a temporary failure of the server. | The error message returned because the service is unavailable. |
For a list of error codes, visit the API Error Center.