Modifies the configurations of a compliance package in an account group.

The sample request in this topic shows you how to change the expected value of the input parameter for the eip-bandwidth-limit managed rule to 20. This managed rule is included in the cp-fdc8626622af00f9**** compliance package in the ca-f632626622af0079**** account group.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes UpdateAggregateCompliancePack

The operation that you want to perform. Set the value to UpdateAggregateCompliancePack.

CompliancePackId String Yes cp-fdc8626622af00f9****

The ID of the compliance package.

For more information about how to obtain the ID of a compliance package, see ListAggregateCompliancePacks.

Description String No The compliance package continuously monitors your resources to check whether the resources are compliant with MLPS 2.0 Level 3. This allows you to perform self-service prechecks and handle resource non-compliance to pass the formal compliance evaluation with efficiency.

The description of the compliance package.

For more information about how to obtain the description of a compliance package, see ListCompliancePacks.

RiskLevel Integer No 1

The risk level of the resources that are not compliant with the rules in the compliance package. Valid values:

  • 1: high risk level
  • 2: medium risk level
  • 3: low risk level
ConfigRules Array No

The rules in the compliance package.

If you leave this parameter empty, the rules in the compliance package remain unchanged. If you set this parameter, Cloud Config replaces the existing rules in the compliance package with the specified rules.

ManagedRuleIdentifier String No eip-bandwidth-limit

The identifier of the managed rule. Cloud Config automatically enables the managed rule based on the specified identifier and adds the rule to the compliance package.

You need only to set one of the ManagedRuleIdentifier and ConfigRuleId parameters. If you set both parameters, Cloud Config adds a rule based on the value of the ConfigRuleId parameter. For more information about how to obtain the identifier of a managed rule, see ListCompliancePackTemplates.

ConfigRuleParameters Array No

The input parameter settings of the rule.

ParameterName String No bandwidth

The name of the input parameter.

You must set both of the ParameterName and ParameterValue parameters or neither of them. If the managed rule has an input parameter but no default value is specified, you must set this parameter. For more information about how to obtain the name of an input parameter for a managed rule, see ListCompliancePackTemplates.

ParameterValue String No 20

The expected value of the input parameter.

You must set both of the ParameterName and ParameterValue parameters or neither of them. If the managed rule has an input parameter but no default value is specified, you must set this parameter. For more information about how to obtain the expected value of an input parameter for a managed rule, see ListCompliancePackTemplates.

ConfigRuleId String No cr-e918626622af000f****

The ID of the rule. If you set this parameter, Cloud Config adds the rule that is identified by the specified ID to the compliance package.

You need only to set one of the ManagedRuleIdentifier and ConfigRuleId parameters. If you set both parameters, Cloud Config adds a rule based on the value of the ConfigRuleId parameter. For more information about how to obtain the ID of a rule, see ListAggregateConfigRules.

ConfigRuleName String No eip-attached

The name of the rule.

Description String No If an EIP is attached to each ECS or NAT instance and the status of the EIP is active, the configuration is considered compliant.

The description of the rule.

RiskLevel Integer No 1

The risk level of the resources that are not compliant with the rule. Valid values:

  • 1: high risk level
  • 2: medium risk level
  • 3: low risk level
ClientToken String No 1594295238-f9361358-5843-4294-8d30-b5183fac****

The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the value is unique among different requests. The value of this parameter can contain only ASCII characters and cannot exceed 64 characters in length.

AggregatorId String Yes ca-f632626622af0079****

The ID of the account group.

For more information about how to obtain the ID of an account group, see ListAggregators.

CompliancePackName String No ClassifiedProtectionPreCheck

The name of the compliance package.

For more information about how to obtain the name of a compliance package, see ListAggregateCompliancePacks.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
CompliancePackId String ca-f632626622af0079****

The ID of the compliance package.

RequestId String 6EC7AED1-172F-42AE-9C12-295BC2ADB751

The ID of the request.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateAggregateCompliancePack
&CompliancePackId=cp-fdc8626622af00f9****
&ConfigRules=[{"ManagedRuleIdentifier":"eip-bandwidth-limit","ConfigRuleParameters":[{"ParameterName":"bandwidth","ParameterValue":"20"}]
&AggregatorId=ca-f632626622af0079****
&<Common request parameters>

Sample success responses

XML format 

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateAggregateCompliancePackResponse>
    <CompliancePackId>ca-f632626622af0079****</CompliancePackId>
    <RequestId>6EC7AED1-172F-42AE-9C12-295BC2ADB751</RequestId>
</UpdateAggregateCompliancePackResponse>

JSON format 

HTTP/1.1 200 OK
Content-Type:application/json

{
  "CompliancePackId" : "ca-f632626622af0079****",
  "RequestId" : "6EC7AED1-172F-42AE-9C12-295BC2ADB751"
}

Error codes

HTTP status code Error code Error message Description
400 Invalid.AggregatorId.Value The specified AggregatorId is invalid. The error message returned because the specified account group ID does not exist or you are not authorized to use the account group.
400 Invalid.CompliancePackId.Value The specified CompliancePackId does not exist. The error message returned because the specified compliance package ID does not exist.
400 CompliancePackExceedMaxCount The maximum number of compliance pack is exceeded. The error message returned because the number of existing compliance packages reaches five.
400 Invalid.ConfigRules.Empty You must specify ConfigRules. The error message returned because no rule is specified for the compliance package.
400 Invalid.ConfigRules.Value The specified ConfigRules is invalid. The error message returned because the specified input parameter of the rule in the compliance package is invalid.
400 ConfigRuleExceedMaxRuleCount The maximum number of config rules is exceeded. The error message returned because the number of existing rules reaches the upper limit.
400 CompliancePackAlreadyPending The compliance pack has a pending operation and cannot be updated. The error message returned because the compliance package is not in the Normal state and its configurations cannot be updated.
400 CompliancePackExists The compliance pack already exists. The error message returned because the specified compliance package name already exists.
403 AggregatorMemberNoPermission The aggregator member is not authorized to perform the operation. The error message returned because you are using a member account and you are not authorized to perform the specified operation.
404 AccountNotExisted Your account does not exist. The error message returned because your account does not exist.
503 ServiceUnavailable The request has failed due to a temporary failure of the server. The error message returned because the service is unavailable.

For a list of error codes, visit the API Error Center.