ListConfigRules - Cloud Config - Alibaba Cloud Documentation Center

Queries rules in Cloud Config.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters


Parameter	Type	Required	Example	Description
Action	String	Yes	ListConfigRules	The operation that you want to perform. Set the value to ListConfigRules.
ConfigRuleState	String	No	ACTIVE	The status of the rule. Valid values: ACTIVE: The rule is enabled. EVALUATING: The rule is triggered and is being used to monitor resource configurations. INACTIVE: The rule is disabled.
ComplianceType	String	No	COMPLIANT	The compliance evaluation result of the resources. Valid values: COMPLIANT: The resources are evaluated as compliant. NON_COMPLIANT: The resources are evaluated as non-compliant. NOT_APPLICABLE: The rule does not apply to the resources. INSUFFICIENT_DATA: The resource data is insufficient.
RiskLevel	Integer	No	1	The risk level of the resources that are not compliant with the rule. Valid values: 1: high risk level 2: medium risk level 3: low risk level
PageNumber	Integer	Yes	1	The number of the page to return. Pages start from page 1.
PageSize	Integer	Yes	20	The number of entries to return on each page. Valid values: 1 to 100.
MultiAccount	Boolean	No	true	This parameter is unavailable since 00:00:00 on June 30, 2021. Account group-related operations are provided as an alternative after 00:00:00 on May 30, 2021. If you are using this parameter, we recommend that you switch to account group-related operations after 00:00:00 on May 30, 2021. For information about account groups, see Overview.
MemberId	Long	No	123456789	This parameter is unavailable since 00:00:00 on June 30, 2021. Account group-related operations are provided as an alternative after 00:00:00 on May 30, 2021. If you are using this parameter, we recommend that you switch to account group-related operations after 00:00:00 on May 30, 2021. For information about account groups, see Overview.
ConfigRuleName	String	No	BestPracticesForOSS - oss-bucket-public-read-prohibited	The name of the monitoring rule.
CompliancePackId	String	No	cp-8d5c6457e0d9002a****	The ID of the compliance package to which the rule belongs.

Response parameters


Parameter	Type	Example	Description
RequestId	String	8195B664-9565-4685-89AC-8B5F04B44B92	The ID of the request.
ConfigRules	Object		The returned result of the request.
ConfigRuleList	Array of ConfigRule		The information about the rules.
CompliancePackId	String	cp-8d5c6457e0d9002a****	The ID of the compliance package to which the rule belongs.
RiskLevel	Integer	1	The risk level of the resources that are not compliant with the rule. Valid values: 1: high risk level 2: medium risk level 3: low risk level
SourceOwner	String	ALIYUN	The method that is used to create the rule. Valid values: CUSTOM_FC: The rule is a custom rule. ALIYUN: The rule is created based on a managed rule of Alibaba Cloud.
AccountId	Long	987654321	The ID of the Alibaba Cloud account that owns the rule.
ConfigRuleState	String	ACTIVE	The status of the rule. Valid values: ACTIVE: The rule is enabled. EVALUATING: The rule is triggered and is being used to monitor resource configurations. INACTIVE: The rule is disabled.
Compliance	Object		The statistics about the compliance evaluation results based on the rule.
ComplianceType	String	COMPLIANT	The compliance evaluation result of the resources. Valid values: COMPLIANT: The resources are evaluated as compliant. NON_COMPLIANT: The resources are evaluated as non-compliant. NOT_APPLICABLE: The rule does not apply to the resources. INSUFFICIENT_DATA: The resource data is insufficient.
Count	Integer	161	The number of resources with the specified compliance evaluation result.
SourceIdentifier	String	oss-bucket-public-read-prohibited	The identifier of the rule. If the rule was created based on a managed rule, the value of this parameter is the name of the managed rule. If the rule is a custom rule, the value of this parameter is the Alibaba Cloud Resource Name (ARN) of the relevant function in Function Compute.
ConfigRuleArn	String	acs:config::120886317861**:rule/cr-8d5c6457e0d9002a**	The ARN of the rule.
Description	String	If the ACL policy of the OSS bucket denies read access from the Internet, the configuration is considered compliant.	The description of the rule.
CreateBy	Object		The information about how the rule is created.
CompliancePackId	String	cp-8d5c6457e0d9002a****	The ID of the compliance package.
CompliancePackName	String	BestPracticesForOSS	The name of the compliance package.
AutomationType	String	LC	The type of the remediation template. The value is fixed to LC. Note LC stands for Logic Composer.
ConfigRuleName	String	BestPracticesForOSS - oss-bucket-public-read-prohibited	The name of the rule.
ConfigRuleId	String	cr-8d5c6457e0d9002a****	The ID of the rule.
Tags	Array of tag		The tags.
Key	String	Key1	The key of the tag.
Value	String	Value1	The value of the tag.
PageNumber	Integer	1	The page number of the returned page. Pages start from page 1.
PageSize	Integer	20	The number of entries returned per page. Valid values: 1 to 100.
TotalCount	Long	1	The total number of rules.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ListConfigRules
&PageNumber=1
&PageSize=20
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ListConfigRulesResponse>
    <RequestId>8195B664-9565-4685-89AC-8B5F04B44B92</RequestId>
    <ConfigRules>
        <TotalCount>1</TotalCount>
        <PageSize>20</PageSize>
        <PageNumber>1</PageNumber>
        <ConfigRuleList>
            <CompliancePackId>cp-8d5c6457e0d9002a****</CompliancePackId>
            <ConfigRuleId>cr-8d5c6457e0d9002a****</ConfigRuleId>
            <AccountId>987654321</AccountId>
            <Description>If the ACL policy of the OSS bucket denies read access from the Internet, the configuration is considered compliant. </Description>
            <Compliance>
                <ComplianceType>COMPLIANT</ComplianceType>
                <Count>161</Count>
            </Compliance>
            <ConfigRuleArn>acs:config::120886317861****:rule/cr-8d5c6457e0d9002a****</ConfigRuleArn>
            <SourceOwner>ALIYUN</SourceOwner>
            <SourceIdentifier>oss-bucket-public-read-prohibited</SourceIdentifier>
            <CreateBy>
                <CompliancePackId>cp-8d5c6457e0d9002a628b</CompliancePackId>
                <CompliancePackName>BestPracticesForOSS</CompliancePackName>
                <CreatorId>1208863178612953</CreatorId>
            </CreateBy>
            <ConfigRuleName>BestPracticesForOSS - oss-bucket-public-read-prohibited</ConfigRuleName>
            <RiskLevel>1</RiskLevel>
            <ConfigRuleState>ACTIVE</ConfigRuleState>
        </ConfigRuleList>
    </ConfigRules>
</ListConfigRulesResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "8195B664-9565-4685-89AC-8B5F04B44B92",
  "ConfigRules" : {
    "TotalCount" : 1,
    "PageSize" : 20,
    "PageNumber" : 1,
    "ConfigRuleList" : [ {
      "CompliancePackId" : "cp-8d5c6457e0d9002a****",
      "ConfigRuleId" : "cr-8d5c6457e0d9002a****",
      "AccountId" : "987654321",
      "Description" : "If the ACL policy of the OSS bucket denies read access from the Internet, the configuration is considered compliant.",
      "Compliance" : {
        "ComplianceType" : "COMPLIANT",
        "Count" : 161
      },
      "ConfigRuleArn" : "acs:config::120886317861****:rule/cr-8d5c6457e0d9002a****",
      "SourceOwner" : "ALIYUN",
      "SourceIdentifier" : "oss-bucket-public-read-prohibited",
      "CreateBy" : {
        "CompliancePackId" : "cp-8d5c6457e0d9002a628b",
        "CompliancePackName" : "BestPracticesForOSS",
        "CreatorId" : "1208863178612953"
      },
      "ConfigRuleName" : "BestPracticesForOSS - oss-bucket-public-read-prohibited",
      "RiskLevel" : 1,
      "ConfigRuleState" : "ACTIVE"
    } ]
  }
}

Error code


HTTP status code	Error code	Error message	Description
400	NoPermission	You are not authorized to perform this operation.	The error message returned because you you do not have the permissions to perform the specified operation.
404	AccountNotExisted	Your account does not exist.	The error message returned because your account does not exist.
503	ServiceUnavailable	The request has failed due to a temporary failure of the server.	The error message returned because the service is unavailable.

For a list of error codes, see Service error codes.