You can use Cloud Config to check the compliance of resources that belong to an Alibaba Cloud account, and deliver non-compliant resources to Simple Log Service for query and analysis.
Prerequisites
You are using an independent Alibaba Cloud account that is not added to a resource directory by a management account.
Cloud Config is activated. For more information, see Activate Cloud Config.
Simple Log Service is activated. When you use Simple Log Service for the first time, you must log on to the Simple Log Service console and activate the service as prompted. For more information, see What is Simple Log Service?
Step 1: View the resource list
You can view your resources that reside in different regions in a list.
Log on to the Cloud Config console.
In the left-side navigation pane, choose
.
Step 2: Create a compliance package
If you want to check the compliance of resources, you can create multiple rules in a compliance package.
In the left-side navigation pane, choose
.On the Compliance Package page, click Create Package.
In the Select Template (Optional) step, find a compliance package template, click the
icon, and then click Next.
In the Set Basic Properties step, set the name of the compliance package and keep the default values for other parameters. Then, click Next.
In the Select Rules step, select one or more rules from the compliance package template and click Next.
In the Set Rule Parameters step, set the parameters for the rules and click OK.
Step 3: View the compliance evaluation results
You can view the evaluation results of the rules in the compliance package and remediate the non-compliant resources. For more information about remediation settings, see Overview.
In the left-side navigation pane, choose
.On the Compliance Package page, click the ID of the compliance package.
On the Rule Result tab, you can view the non-compliant resources of each rule.
On the Resource Result tab, you can view the rule that each resource violates.
Step 4: Deliver resource non-compliance events to Simple Log Service
Cloud Config supports multiple delivery channels. In this example, Simple Log Service is used.
After you configure the delivery of resource non-compliance events to a specified Logstore of Simple Log Service, you can query and analyze all resource logs in the Logstore within a specified period of time. For more information, see Query and analyze logs.
On the Deliveries page, click Create Delivery in the upper-left corner.
On the Create Delivery page, configure the parameters about the delivery of resource non-compliance events to Simple Log Service.
Set the Channel Type parameter to Log Service, the Content parameter to Noncompliance Resource Events, and the Logstore Source parameter to Create a new log item in this account. Set the Delivery Name, Project Region, Project Name, and Logstore Name parameters based on your business requirements. Keep all default resource types.
Click OK.
NoteFor information about the example files in the JSON format, see Example of resource non-compliance events.