All Products
Search

This Product

    Cloud Config:Check the resource compliance of an Alibaba Cloud account

    Document Center

    Cloud Config:Check the resource compliance of an Alibaba Cloud account

    Last Updated:Sep 15, 2023

    You can use Cloud Config to check the compliance of resources that belong to an Alibaba Cloud account, and deliver non-compliant resources to Simple Log Service for query and analysis.

    Prerequisites

    • You are using an independent Alibaba Cloud account that is not added to a resource directory by a management account.

    • Cloud Config is activated. For more information, see Activate Cloud Config.

    • Simple Log Service is activated. When you use Simple Log Service for the first time, you must log on to the Simple Log Service console and activate the service as prompted. For more information, see What is Simple Log Service?

    Step 1: View the resource list

    You can view your resources that reside in different regions in a list.

    1. Log on to the Cloud Config console.

    2. In the left-side navigation pane, choose Resources > Global Resources.

    Step 2: Create a compliance package

    If you want to check the compliance of resources, you can create multiple rules in a compliance package.

    1. In the left-side navigation pane, choose Compliance & Audit > Compliance Package.

    2. On the Compliance Package page, click Create Package.

    3. In the Select Template (Optional) step, find a compliance package template, click the image.png icon, and then click Next.

    4. In the Set Basic Properties step, set the name of the compliance package and keep the default values for other parameters. Then, click Next.

    5. In the Select Rules step, select one or more rules from the compliance package template and click Next.

    6. In the Set Rule Parameters step, set the parameters for the rules and click OK.

    Step 3: View the compliance evaluation results

    You can view the evaluation results of the rules in the compliance package and remediate the non-compliant resources. For more information about remediation settings, see Overview.

    1. In the left-side navigation pane, choose Compliance & Audit > Compliance Package.

    2. On the Compliance Package page, click the ID of the compliance package.

      • On the Rule Result tab, you can view the non-compliant resources of each rule.

      • On the Resource Result tab, you can view the rule that each resource violates.

    Step 4: Deliver resource non-compliance events to Simple Log Service

    Note

    Cloud Config supports multiple delivery channels. In this example, Simple Log Service is used.

    After you configure the delivery of resource non-compliance events to a specified Logstore of Simple Log Service, you can query and analyze all resource logs in the Logstore within a specified period of time. For more information, see Query and analyze logs.

    1. On the Deliveries page, click Create Delivery in the upper-left corner.

    2. On the Create Delivery page, configure the parameters about the delivery of resource non-compliance events to Simple Log Service.

      Set the Channel Type parameter to Log Service, the Content parameter to Noncompliance Resource Events, and the Logstore Source parameter to Create a new log item in this account. Set the Delivery Name, Project Region, Project Name, and Logstore Name parameters based on your business requirements. Keep all default resource types.

    3. Click OK.

      Note

      For information about the example files in the JSON format, see Example of resource non-compliance events.