API standard and pre-built SDKs in multi-language
The OpenAPI specification of this product (Config/2020-09-07) follows the RPC standard. Alibaba Cloud provides pre-built SDKs for popular programming languages to abstract low-level complexities such as request signing. This enables developers to call APIs using language-specific syntax without dealing with HTTP details directly.
Custom signature
If your specific needs, such as a customized signature, are not supported by the SDK, manually sign requests using the signature mechanism. Note that manual signing requires significant effort (usually about 5 business days). For support, join our DingTalk group (ID: 147535001692).
Before you begin
An Alibaba Cloud account has full administrative privileges. A compromised AccessKey pair exposes all associated resources to unauthorized access, posing a significant security risk. Create a Resource Access Management (RAM) user with API-only access and use RAM policies to apply the principle of least privilege (PoLP). Alibaba Cloud accounts are only used when explicitly required.
To call APIs securely, configure the following:
A RAM user account
An AccessKey pair for the account
Account Groups
|
API |
Title |
Description |
| CreateAggregator | CreateAggregator | A management account or a delegated administrator account in a resource directory can create an account group to centrally manage resources, compliance packages, and rules across multiple member accounts. |
| UpdateAggregator | UpdateAggregator | The management account or delegated administrator account of a resource directory can be used to modify the name and description of an account group. The management account or delegated administrator account can also be used to add or remove members from the account group. |
| DeleteAggregators | DeleteAggregators | The management account or delegated administrator account of a resource directory can delete an account group. |
| ListAggregators | ListAggregators | Queries all account groups within the current management account or delegated administrator account. |
| GetAggregator | GetAggregator | Queries the details of an account group, such as its name, creation time, members, and type. |
Resources
|
API |
Title |
Description |
| Single-account | Single-account | |
| ListDiscoveredResources | ListDiscoveredResources | Queries a list of resources that are aggregated across regions in the current Alibaba Cloud account. |
| GetDiscoveredResource | GetDiscoveredResource | Queries the details of a specific resource. |
| ListResourceRelations | ListResourceRelations | Queries a list of resources that associate with a specific resource. |
| GetResourceConfigurationTimeline | GetResourceConfigurationTimeline | Queries the configuration history of a specified resource. After you enable Cloud Config, the service records all configuration and relationship changes for a resource and compiles them into a configuration history. This history is retained for 10 years by default. |
| GetResourceComplianceTimeline | GetResourceComplianceTimeline | Queries the compliance timeline of a resource. The compliance timeline of a resource indicates the compliance evaluation record of the resource. A compliance timeline includes points and the content on the compliance timeline. |
| ListResourcesByAdvancedSearch | ListResourcesByAdvancedSearch | Obtains resources based on the fields in the resource properties by using a SELECT statement. |
| CreateAdvancedSearchFile | CreateAdvancedSearchFile | Creates a downloadable resource file for the current Alibaba Cloud account. |
| GetAdvancedSearchFile | GetAdvancedSearchFile | Obtains the last resource advanced search file that is generated within the current account. You can call this operation to obtain the URL of the resource advanced search file. |
| GenerateResourceInventory | GenerateResourceInventory | Generates a resource inventory for global resources. |
| GetResourceInventory | GetResourceInventory | Obtains the last resource inventory that is generated within the current Alibaba Cloud account. |
| GetDiscoveredResourceCountsGroupByRegion | GetDiscoveredResourceCountsGroupByRegion | Queries the statistics on resources by region. |
| GetDiscoveredResourceCountsGroupByResourceType | GetDiscoveredResourceCountsGroupByResourceType | Queries the statistics on resources by resource type. |
| GetResourceComplianceGroupByResourceType | GetResourceComplianceGroupByResourceType | Queries compliance evaluation results of resources based on a rule and displays the evaluation results grouped by resource type. |
| GetResourceComplianceGroupByRegion | GetResourceComplianceGroupByRegion | Queries compliance evaluation results of resources based on a rule and displays the evaluation results grouped by region. |
| Multi-account | Multi-account | |
| ListAggregateDiscoveredResources | ListAggregateDiscoveredResources | Queries the resources in a specified account group. |
| GetAggregateDiscoveredResource | GetAggregateDiscoveredResource | Queries the details of a specific resource in an account group. |
| ListAggregateResourceRelations | ListAggregateResourceRelations | Queries a list of the resources of a specific resource in an account group. |
| GetAggregateResourceConfigurationTimeline | GetAggregateResourceConfigurationTimeline | Queries the configuration timeline of a resource in an account group. |
| GetAggregateResourceComplianceTimeline | GetAggregateResourceComplianceTimeline | Queries the compliance timeline of a resource in an account group. |
| ListAggregateResourcesByAdvancedSearch | ListAggregateResourcesByAdvancedSearch | Obtains resources in a specific account group based on the fields in the resource properties by using a SELECT statement. |
| CreateAggregateAdvancedSearchFile | CreateAggregateAdvancedSearchFile | Creates a downloadable resource file for an account group. |
| GetAggregateAdvancedSearchFile | GetAggregateAdvancedSearchFile | Obtains the most recently generated resource advanced search file within a specific account group. |
| GenerateAggregateResourceInventory | GenerateAggregateResourceInventory | Generates a downloadable inventory for global resources in an account group. |
| GetAggregateResourceInventory | GetAggregateResourceInventory | Obtains the last resource inventory that is generated on the Global Resources page within the current account group. |
| GetAggregateResourceCountsGroupByRegion | GetAggregateResourceCountsGroupByRegion | Queries the statistics on the resources in an account group by region. |
| GetAggregateResourceCountsGroupByResourceType | GetAggregateResourceCountsGroupByResourceType | Queries the statistics on the resources in an account group by resource type. |
| GetAggregateResourceComplianceGroupByRegion | GetAggregateResourceComplianceGroupByRegion | Queries the evaluation results grouped by resource type for an account group rule. |
| GetAggregateResourceComplianceGroupByResourceType | GetAggregateResourceComplianceGroupByResourceType | Queries the evaluation results grouped by resource type for an account group rule. |
| GetSupportedResourceRelationConfig | GetSupportedResourceRelationConfig | Queries the resource relationships supported by a resource type. |
| ListSupportedProducts | ListSupportedProducts | Queries the cloud services and resource types that are supported by Cloud Config. |
Rules
|
API |
Title |
Description |
| Single-account | Single-account | |
| CreateConfigRule | CreateConfigRule | Creates a rule for the current account. |
| UpdateConfigRule | UpdateConfigRule | Modifies the description, input parameters, and risk level of a rule. |
| ListConfigRules | ListConfigRules | Queries a list of rules. |
| GetConfigRule | GetConfigRule | Queries the details of a rule. |
| ListConfigRuleEvaluationResults | ListConfigRuleEvaluationResults | Queries the evaluation results of resources based on rules. |
| ListResourceEvaluationResults | ListResourceEvaluationResults | Queries the evaluation results for a resource based on a rule. |
| DeleteConfigRules | DeleteConfigRules | Deletes rules. |
| DeactiveConfigRules | DeactiveConfigRules | Disables a rule. After a rule is disabled, the resource in the rule is no longer evaluated. The compliance evaluation results before the rule is disabled are still displayed. |
| ActiveConfigRules | ActiveConfigRules | Enables a rule in Cloud Config. After a rule is enabled, Cloud Config automatically evaluates the compliance of a resource based on the trigger mechanism of the rule. |
| StartConfigRuleEvaluation | StartConfigRuleEvaluation | Re-evaluates the compliance of resources based on a rule or based on all rules in a compliance package. |
| IgnoreEvaluationResults | IgnoreEvaluationResults | Ignores the evaluation results of a rule for specific resources. You can also set a time period to ignore the rule. When the ignore period expires, the system automatically resumes displaying the evaluation results of the rule for the resources. |
| RevertEvaluationResults | RevertEvaluationResults | Re-evaluates resources that are evaluated based on a rule after the evaluation results on some resources of an ignored rule are resumed. |
| GenerateConfigRulesReport | GenerateConfigRulesReport | Generates a compliance evaluation report for a rule. |
| GetConfigRulesReport | GetConfigRulesReport | Downloads the compliance evaluation report in the Excel format to your on-premises machine. This allows you to assign tasks and modify incompliant resource configurations. |
| GetConfigRuleSummaryByRiskLevel | GetConfigRuleSummaryByRiskLevel | Queries the compliance summary based on the risk level of a rule. |
| GetResourceComplianceByConfigRule | GetResourceComplianceByConfigRule | Queries the compliance summary based on the compliance evaluation result of a rule. |
| GetComplianceSummary | GetComplianceSummary | Queries the compliance summary for the current account. |
| ListConfigRuleEvaluationStatistics | ListConfigRuleEvaluationStatistics | Queries the statistics of compliance evaluation results of the current Alibaba Cloud account. |
| Multi-account | Multi-account | |
| CreateAggregateConfigRule | CreateAggregateConfigRule | Creates a rule for an account group. |
| UpdateAggregateConfigRule | UpdateAggregateConfigRule | Modifies the description, input parameters, and risk level of a rule in a specific account group. |
| ListAggregateConfigRules | ListAggregateConfigRules | Queries the rules in a specified account group. |
| GetAggregateConfigRule | GetAggregateConfigRule | Queries the details of a rule in an account group. |
| ListAggregateConfigRuleEvaluationResults | ListAggregateConfigRuleEvaluationResults | Queries the evaluation results of resources from the rule dimension within a specified account group. |
| ListAggregateResourceEvaluationResults | ListAggregateResourceEvaluationResults | Queries the rule evaluation results for resources in a specified account group. |
| DeleteAggregateConfigRules | DeleteAggregateConfigRules | Deletes one or more rules from an account group. You can delete a rule in the Cloud Config console. After you delete the rule, the configurations of the rule are deleted. |
| DeactiveAggregateConfigRules | DeactiveAggregateConfigRules | Disables one or more rules in an account group. After a rule is disabled, the resource in the rule is no longer evaluated. The compliance evaluation results before the rule is disabled are still displayed. |
| ActiveAggregateConfigRules | ActiveAggregateConfigRules | Enables one or more rules in an account group. After a rule is enabled, the rule continues to automatically evaluate resources based on the trigger mechanism. |
| StartAggregateConfigRuleEvaluation | StartAggregateConfigRuleEvaluation | Re-evaluates the compliance of resources based on a rule or based on all rules in a compliance package in a specific account group. |
| IgnoreAggregateEvaluationResults | IgnoreAggregateEvaluationResults | Ignores the evaluation results of some resources in an account group based on a specific rule. You can also specify a time period for ignoring the evaluation results. After the period elapses, the evaluation results of the resources based on the rule are automatically displayed. |
| RevertAggregateEvaluationResults | RevertAggregateEvaluationResults | Re-evaluates resources that are evaluated based on a rule after the evaluation results on some resources of an ignored rule in an account group are resumed. |
| GenerateAggregateConfigRulesReport | GenerateAggregateConfigRulesReport | Generates a compliance evaluation report for the rules in a specified account group. |
| GetAggregateConfigRulesReport | GetAggregateConfigRulesReport | Downloads the compliance evaluation report in the Excel format to your on-premises machine. This allows you to assign tasks and modify incompliant resource configurations. |
| GetAggregateConfigRuleSummaryByRiskLevel | GetAggregateConfigRuleSummaryByRiskLevel | Queries the summary of compliance evaluation results by rule risk level in an account group. |
| GetAggregateResourceComplianceByConfigRule | GetAggregateResourceComplianceByConfigRule | Queries compliance evaluation results based on the rules in a compliance package in an account group. |
| GetAggregateComplianceSummary | GetAggregateComplianceSummary | Queries the compliance summary for a specified account group. |
| ListAggregateConfigRuleEvaluationStatistics | ListAggregateConfigRuleEvaluationStatistics | Queries the statistics of compliance evaluation results of an account group. |
| CopyConfigRules | CopyConfigRules | Replicates rules. |
| ListManagedRules | ListManagedRules | Queries a list of managed rules supported by Cloud Config. |
| GetManagedRule | GetManagedRule | Queries the details of a specific managed rule. |
| PutEvaluations | PutEvaluations | Submits the evaluation results of a rule from Function Compute. |
| ListPreManagedRules | ListPreManagedRules | Queries a list of evaluation rules supported by Cloud Config. |
| EvaluatePreConfigRules | EvaluatePreConfigRules | Executes evaluation rules to perform compliance pre-checks on resources. |
Compliance Package
|
API |
Title |
Description |
| Single-account | Single-account | |
| CreateCompliancePack | CreateCompliancePack | Creates a compliance package for the current account. |
| UpdateCompliancePack | UpdateCompliancePack | Modifies the configurations of a specific compliance package in the current account. |
| ListCompliancePacks | ListCompliancePacks | Lists the compliance packs for the current account. |
| GetCompliancePack | GetCompliancePack | Queries the details of a compliance package. |
| DeleteCompliancePacks | DeleteCompliancePacks | Deletes one or more compliance packages. |
| GenerateCompliancePackReport | GenerateCompliancePackReport | Generates a compliance evaluation report based on a compliance package. |
| GetCompliancePackReport | GetCompliancePackReport | Queries the compliance evaluation report that is generated based on a compliance package. |
| GetConfigRuleComplianceByPack | GetConfigRuleComplianceByPack | Queries the compliance statistics for rules in a specified compliance package. |
| GetResourceComplianceByPack | GetResourceComplianceByPack | Queries the compliance results for resources in a compliance package. |
| AttachConfigRuleToCompliancePack | AttachConfigRuleToCompliancePack | Adds one or more rules to a compliance package. |
| DetachConfigRuleToCompliancePack | DetachConfigRuleToCompliancePack | This operation detaches one or more rules from a compliance package. |
| Multi-account | Multi-account | |
| CreateAggregateCompliancePack | CreateAggregateCompliancePack | Creates a compliance package for an account group. |
| UpdateAggregateCompliancePack | UpdateAggregateCompliancePack | Modifies the configurations of a compliance package in an account group. |
| ListAggregateCompliancePacks | ListAggregateCompliancePacks | Queries the compliance packs in a specified account group. |
| GetAggregateCompliancePack | GetAggregateCompliancePack | Queries the details of a compliance package in an account group. |
| DeleteAggregateCompliancePacks | DeleteAggregateCompliancePacks | Deletes the compliance packages of an account group. |
| GenerateAggregateCompliancePackReport | GenerateAggregateCompliancePackReport | Generates an assessment report for a specified compliance package in a specified account group. |
| GetAggregateCompliancePackReport | GetAggregateCompliancePackReport | Queries the compliance evaluation report that is generated based on a compliance package of an account group. |
| GetAggregateResourceComplianceByPack | GetAggregateResourceComplianceByPack | Queries the compliance statistics for resources in a specified compliance package within a specified account group. |
| GetAggregateConfigRuleComplianceByPack | GetAggregateConfigRuleComplianceByPack | Queries the compliance results of rules in a specified compliance pack within a specified account group. |
| GetAggregateAccountComplianceByPack | GetAggregateAccountComplianceByPack | Queries the compliance evaluation results of member accounts for which a compliance package takes effect in an account group. |
| AttachAggregateConfigRuleToCompliancePack | AttachAggregateConfigRuleToCompliancePack | Adds one or more rules in an account group to a compliance package. |
| DetachAggregateConfigRuleToCompliancePack | DetachAggregateConfigRuleToCompliancePack | Removes one or more rules in an account group from a compliance package. |
| CopyCompliancePacks | CopyCompliancePacks | Replicates compliance packages. |
| ListCompliancePackTemplates | ListCompliancePackTemplates | Queries the details of all compliance pack templates provided by CloudConfig. |
Remediation templates
|
API |
Title |
Description |
| Single-account | Single-account | |
| CreateRemediation | CreateRemediation | Creates a remediation template for a rule. |
| UpdateRemediation | UpdateRemediation | Updates a remediation template for a rule. |
| ListRemediations | ListRemediations | Queries the information about the execution of remediation templates. |
| DeleteRemediations | DeleteRemediations | Deletes one or more configured remediation templates that are associated with a rule. |
| StartRemediation | StartRemediation | Performs a remediation operation based on a rule. |
| ListRemediationExecutions | ListRemediationExecutions | Queries the remediation records of a rule. |
| DescribeRemediation | DescribeRemediation | This topic provides an example on how to query the details of a remediation configuration whose ID is crr-f381cf0c1c2f004e\\*\\*\\*\\*. |
| Multi-account | Multi-account | |
| CreateAggregateRemediation | CreateAggregateRemediation | Creates a remediation template for a rule in an account group. |
| UpdateAggregateRemediation | UpdateAggregateRemediation | Modifies a remediation template for a rule in an account group. |
| ListAggregateRemediations | ListAggregateRemediations | Queries a list of remediation templates for a rule in an account group. |
| DeleteAggregateRemediations | DeleteAggregateRemediations | Deletes one or more remediation templates from a rule in an account group. |
| StartAggregateRemediation | StartAggregateRemediation | Performs a remediation operation by using a rule in an account group. |
| ListAggregateRemediationExecutions | ListAggregateRemediationExecutions | Queries the remediation records of a rule in an account group. |
| ListRemediationTemplates | ListRemediationTemplates | Queries a list of remediation templates for a managed rule. |
| GetRemediationTemplate | GetRemediationTemplate | Queries the details of an automatic remediation template. |
Deliveries
|
API |
Title |
Description |
| Single-account | Single-account | |
| CreateConfigDeliveryChannel | CreateConfigDeliveryChannel | Creates a delivery channel to deliver resource data to Simple Log Service (SLS), Object Storage Service (OSS), or Simple Message Queue (formerly MNS). |
| UpdateConfigDeliveryChannel | UpdateConfigDeliveryChannel | This operation modifies a delivery channel for the current account. |
| DeleteConfigDeliveryChannel | DeleteConfigDeliveryChannel | Deletes a delivery channel. |
| ListConfigDeliveryChannels | ListConfigDeliveryChannels | Queries a list of delivery channels. |
| GetConfigDeliveryChannel | GetConfigDeliveryChannel | Queries the information about a delivery channel. |
| Multi-account | Multi-account | |
| CreateAggregateConfigDeliveryChannel | CreateAggregateConfigDeliveryChannel | Creates a delivery channel for an account group. |
| UpdateAggregateConfigDeliveryChannel | UpdateAggregateConfigDeliveryChannel | Modifies a delivery channel in an account group. |
| DeleteAggregateConfigDeliveryChannel | DeleteAggregateConfigDeliveryChannel | Deletes a delivery channel from an account group. |
| ListAggregateConfigDeliveryChannels | ListAggregateConfigDeliveryChannels | Queries the information about all delivery channels in an account group. |
| GetAggregateConfigDeliveryChannel | GetAggregateConfigDeliveryChannel | Queries the information about a delivery channel in an account group. |
Tags
|
API |
Title |
Description |
| ListTagResources | ListTagResources | Queries the tags that are added to a resource in Cloud Config. |
| TagResources | TagResources | Adds tags to a rule, an account group, and a compliance package of Cloud Config. |
| UntagResources | UntagResources | Removes tags from a resource in Cloud Config. |
Service integration
|
API |
Title |
Description |
| GetIntegratedServiceStatus | GetIntegratedServiceStatus | Queries the integration status of a specific cloud service. |
| UpdateIntegratedServiceStatus | UpdateIntegratedServiceStatus | Enables or disables the integration of a cloud service. |
| ListIntegratedService | ListIntegratedService | Queries a list of cloud services that are integrated with Cloud Config and the status of each cloud service. |
Service settings
|
API |
Title |
Description |
| GetConfigurationRecorder | GetConfigurationRecorder | Queries the activation status and resource monitoring scope of Cloud Config for the current account. |
| StartConfigurationRecorder | StartConfigurationRecorder | Enables Cloud Config to monitor the resources of your Alibaba Cloud account. |
| UpdateConfigurationRecorder | UpdateConfigurationRecorder | Modifies the resource monitoring scope of the current account. |
| StopConfigurationRecorder | StopConfigurationRecorder | Deactivates Cloud Config. |
Others
|
API |
Title |
Description |
| DryRunConfigRule | DryRunConfigRule | This API performs a dry run on rules for proactive compliance pre-checks. |
| DescribeDiscoveredResourceBatch | DescribeDiscoveredResourceBatch | This operation retrieves the details of multiple resources in a batch. |
| DescribeIntegratedServiceStatus | DescribeIntegratedServiceStatus | Queries the authorization status of an integrated cloud service. |
| GetResourceConfigurationSample | GetResourceConfigurationSample | This operation obtains configuration samples for a specified resource type. |
| GetResourceTypeProperties | GetResourceTypeProperties | This operation retrieves the property descriptions for a specified resource type. |
| ListAggregateRecommendManagedRules | ListAggregateRecommendManagedRules | This operation retrieves the list of recommended managed rules for an account group. |
| ListConfigRuleOperators | ListConfigRuleOperators | Lists the operators available for Cloud Config rules. |
| ListRecommendManagedRules | ListRecommendManagedRules | This operation obtains a list of recommended managed rules. |
| StartConfigRuleEvaluationByResource | StartConfigRuleEvaluationByResource | Starts a re-evaluation of a single resource. |