Create O&M items through custom EventBridge rules - CloudOps Orchestration Service

If the default rules provided by Alibaba Cloud do not meet your event requirements, and you need to subscribe to additional event types for compliance and security auditing of resources, you can create O&M items automatically through custom EventBridge rules. This enables quick and specific configuration of O&M management features to enhance efficiency. This topic explains how to create O&M items automatically using custom EventBridge rules.

Prerequisites

You have activated EventBridge. For more information, see Activate EventBridge and grant permissions.
You have activated Cloud Config. For more information, see Activate Cloud Config service.

Note

EventBridge and Cloud Config are free for all valid Alibaba Cloud accounts during the public preview period.

Region limitations

EventBridge only supports the automatic creation of O&M items in the operation center for specific regions.

Region name	Region ID
China (Qingdao)	cn-qingdao
China (Shanghai)	cn-shanghai
China (Beijing)	cn-beijing
China (Zhangjiakou)	cn-zhangjiakou
China (Ulanqab)	cn-wulanchabu
China (Hangzhou)	cn-hangzhou
China (Shenzhen)	cn-shenzhen
China (Hohhot)	cn-huhehaote
China (Heyuan)	cn-heyuan
China (Guangzhou)	cn-guangzhou
China (Chengdu)	cn-chengdu
China (Hong Kong)	cn-hongkong
Japan (Tokyo)	ap-northeast-1
Singapore	ap-southeast-1
Malaysia (Kuala Lumpur)	ap-southeast-3
Indonesia (Jakarta)	ap-southeast-5
US (Silicon Valley)	us-west-1
US (Virginia)	us-east-1
China East 2 Finance	cn-shanghai-finance-1
Thailand (Bangkok)	ap-southeast-7

Procedure

Log on to the EventBridge console.
In the left-side navigation pane, click Event Buses.
In the top navigation bar, select a region.
On the Event Buses page, find the system event bus and click its name default.
In the left-side navigation pane, click Event Rules.
In the left-side navigation pane, click Event Rules. On the page that appears, click Create Rule.
On the Create Rule page, complete the relevant parameter configuration.
1. On the Configure Basic Info wizard page, enter the Name and Description of the event bus, then click Next Step.
2. On the Configure Event Pattern wizard page, configure parameters such as event source type and event source, then click Next Step.
3. On the Configure Targets wizard page, configure event target parameters, then click Create.
  For the Service Type, select acs.openapi.oos. The default API Version is 2019-06-01. For the Role Configuration parameter, select a role with OOS OpenAPI permissions. If you do not have this role, click Authorization to quickly create one.
4. After creating the EventBridge rule, you are automatically redirected to the default page, where you can view the newly created EventBridge rules.
  Once the EventBridge rule is successfully created, and the EventBridge detects an event, the automatically created O&M items can be viewed in the Operation Center > O&M Items section of the CloudOps Orchestration Service console.

Example: create O&M items through Cloud Config event rules

After creating a Cloud Config non-compliance event rule in the EventBridge, the EventBridge monitors Cloud Config non-compliance events. When such an event occurs, the system automatically invokes the OOS CreateOpsItem API to create O&M items. The event flow is as follows:

Create a Cloud Config rule.
This example shows how to create a rule using an RDS instance in a multi-zone as a template.
1. Navigate to the Cloud Config > Compliance & Audit > Rules page and click Create Rule.
2. Enter multi-zone in the search box, select rds-multi-az-support, and click Next.
3. Retain the default values for basic properties and click Next.
4. Maintain the default values for the effective scope and click Next.
5. Keep the default values for remediation and click Submit.
View non-compliant resources in the Cloud Config rule list.

Create O&M items through EventBridge rules.

Go to the EventBridge > Event Buses page and select a region from the top menu bar.
Click the default event bus.
In the left-side navigation pane, click Event Rules.
In the left-side navigation pane, click Event Rules. On the page that appears, click Create Rule.

On the Create Rule page, complete the relevant parameter configuration.

On the Configure Basic Information wizard page, enter the Name and Description of the EventBridge, then click Next.

On the Configure Event Pattern wizard page, configure parameters such as event source type and event source, then click Next.

Parameter name	Description	Example value
Event Source Type	Supports two types: Alibaba Cloud Service Event Source and Custom Event Source.	Alibaba Cloud Service Event Source
Event Source	An event source is the source from which events are published to EventBridge.	`acs.config`
Event Type	Select the event type for event filtering.	`config:CloudMonitor:ConfigurationNonCompliantNotification`

Note

This setup listens to all non-compliance rules enabled in Cloud Config.

On the Configure Targets wizard page, set the event target parameters, then click Create.

The event target parameters are configured as follows:

Parameter	Description	Parameter value
Service Type	Select the event target type.	`acs.openapi.oos`
API Version	Keep the default API version.	`2019-06-01`
API Type	Select `CreateOpsItem` to create O&M items.	`CreateOpsItem`
API Parameters	Configure the relevant parameters for the `CreateOpsItem` API.	For more information, see API parameter configuration details.
Role Configuration	Configure a role with OOS CreateOpsItem OpenAPI permissions. Note If you do not have this role, click Authorize To Create A New Role to quickly create a role.	None

For example, to audit non-compliance event messages, this assists in configuring EventBridge rules more effectively.

Expand to view: Audit non-compliance event message

{
    "datacontenttype": "application/json;charset=utf-8",
    "aliyunaccountid": "15634*******22",
    "data": {
        "annotation": "{\"configuration\":\"\",\"desiredValue\":\"i-bp*******z0tptjbgu\",\"operator\":\"Contains\",\"property\":\"$.Propertys[*].InstanceId\",\"reason\":\"FeaturePath not exist\"}",
        "accountId": 15634*******22,
        "riskLevel": "Warning",
        "requestId": "f9bce983-1460-4b83-ac81-724b*******3a",
        "dataType": "NonCompliantNotification",
        "eventName": "NonCompliant",
        "evaluationResultIdentifier": {
            "orderingTimestamp": 1726747626751,
            "evaluationResultQualifier": {
                "resourceId": "i-bp*******z0tptjbgu",
                "configRuleName": "ecs-instance-running-process-check",
                "sourceIdentifier": "ecs-instance-running-process-check",
                "configRuleId": "cr-8315e6183e*******b1",
                "configRuleArn": "acs:config::15634*******22:rule/cr-8315e6183*******b1",
                "captureTime": 1726747626751,
                "regionId": "cn-hangzhou",
                "resourceName": "ESS-asg-asg-bp1efisbt64zu16lebhm",
                "resourceArn": "acs:ecs:cn-hangzhou:15634*******22:instance/i-bp*******z0tptjbgu",
                "resourceGroupId": "rg-acfmzmhzoaad5oq",
                "resourceOwnerId": 15634*******22,
                "resourceType": "ACS::ECS::Instance"
            }
        },
        "eventType": "ResourceCompliance",
        "invokingEventMessageType": "ScheduledNotification",
        "notificationCreationTime": 1726749483808,
        "complianceType": "NON_COMPLIANT"
    },
    "subject": "acs:config:cn-hangzhou:1563457855438522:instance/i-bp*******z0tptjbgu",
    "aliyunoriginalaccountid": "15634*******22",
    "source": "acs.config",
    "type": "config:CloudMonitor:ConfigurationNonCompliantNotification",
    "aliyunpublishtime": "2024-09-19T12:38:18.889Z",
    "specversion": "1.0",
    "aliyuneventbusname": "default",
    "id": "315C0C75DB4E0B4CBA0DA*******AF6EB802C92E7-CMS",
    "time": "2024-09-19T12:38:04.000Z",
    "aliyunregionid": "cn-hangzhou"
}

API parameter configuration details

Field	Type	Description	Example value
RegionId	Partial event	The region where the O&M item is created.	$.aliyunregionid
Title	Partial event	The title of the O&M item.	$.data.evaluationResultIdentifier.evaluationResultQualifier.configRuleName
Description	Partial event	The description of the O&M item.	$.data.evaluationResultIdentifier.evaluationResultQualifier.configRuleId
Severity	Static field	The severity level. Valid values: Critical, High, Medium, and Low. You can configure this parameter based on your business requirements.	Medium
Source	Partial event	The source of the O&M item.	$.source
Category	Static field	The category of the O&M item. Valid values: Availability, Cost, Performance, Recovery, and Security.	Availability
Priority	Static field	The priority of the O&M item. Valid values: 1 to 5. The value 1 indicates the highest priority.	3
DedupString	Partial event	The deduplication string. Non-compliance events for the same resource in the same rule will not create duplicate O&M items.	$.data.evaluationResultIdentifier.evaluationResultQualifier.configRuleName
Resources	Template	The list of resource ARNs associated with the O&M item.	Specify the resources by using a variable `{ "resourceArn":"$.data.evaluationResultIdentifier.evaluationResultQualifier.resourceArn" }` Specify the resources by using a template `["${resourceArn}"]`
Solutions	Template	The solutions.	Specify the resources by using a variable `{ "document_url": "$.data.evaluationResultIdentifier.evaluationResultQualifier.helpUrls" }` Specify the resources by using a template `[{ "priority": 1, "type": "url", "url": "${document_url}", "description": "You can refer to the solution document for O&M processing." }]`

Visit the CloudOps Orchestration Service > Operation Center > O&M Items tab to see the automatically generated O&M items for non-compliant resources.