获取所有可用的治理检测评估项的信息,包括名称、ID、描述、阶段、资源明细元数据和修复指引。
调试
您可以在OpenAPI Explorer中直接运行该接口,免去您计算签名的困扰。运行成功后,OpenAPI Explorer可以自动生成SDK代码示例。
调试
授权信息
|
操作 |
访问级别 |
资源类型 |
条件关键字 |
关联操作 |
|
governance:ListEvaluationMetadata |
get |
*全部资源
|
无 | 无 |
请求参数
|
名称 |
类型 |
必填 |
描述 |
示例值 |
| RegionId |
string |
否 |
地域 ID。 |
cn-hangzhou |
| Language |
string |
否 |
语言类型。治理检测定义将以此语言返回。取值:
|
zh |
| LensCode |
string |
否 |
专项检测代码。取值:
|
ack |
| TopicCode |
string |
否 |
治理专题 code |
ResourceUtilization |
| EvaluationDomain |
string |
否 |
返回参数
|
名称 |
类型 |
描述 |
示例值 |
|
object |
返回结果。 |
||
| EvaluationMetadata |
array<object> |
治理检测定义元数据。 |
|
|
array<object> |
治理检测定义元数据。 |
||
| Metadata |
array<object> |
特定元数据类型下的元数据对象列表。 |
|
|
array<object> |
特定元数据类型下的元数据对象列表。 |
||
| Category |
string |
检测项所属的支柱。 |
Security |
| Description |
string |
检测项描述。 |
If you use an AccessKey pair of an Alibaba Cloud account, you have full permissions that cannot be restricted by conditions such as source IP address or access time. Once leaked, the risk is extremely high. If an AccessKey pair exists for the Alibaba Cloud account, it is considered non-compliant. |
| DisplayName |
string |
显示名称。 |
An AccessKey pair is enabled for the Alibaba Cloud account. |
| Id |
string |
元数据随机 ID。 |
pxgtda**** |
| RecommendationLevel |
string |
检测项推荐治理等级。 |
High |
| RemediationMetadata |
object |
修复元数据。 |
|
| Remediation |
array<object> |
修复项。 |
|
|
array<object> |
修复项。 |
||
| Actions |
array<object> |
修复动作。 |
|
|
array<object> |
修复动作。 |
||
| Classification |
string |
修复方式类别。 说明
仅当 |
UnusedAccessKeyInRamUser |
| CostDescription |
string |
修复花费。 |
You are not charged for this operation. |
| Description |
string |
修复描述。 说明
仅当 |
A RAM user has both console logon and an AccessKey pair enabled, but the AccessKey pair has never been used. |
| Guidance |
array<object> |
修复内容。 |
|
|
object |
修复内容。 |
||
| ButtonName |
string |
修复步骤按钮显示名称。 |
Manual fix |
| ButtonRef |
string |
修复步骤按钮跳转链接。 |
https://ram.console.alibabacloud.com/users |
| Content |
string |
修复步骤内容。 |
You must replace the AccessKey pair of your Alibaba Cloud account. To do so, perform the following steps:1. Log on to the RAM console. In the left-side navigation pane, choose Identities > Users. On the Users page, click Create User.2. On the Create User page, enter a logon name and select OpenAPI Access for the Access Mode parameter.3. After the RAM user is created, save the AccessKey pair. Then, find the user that you created on the Users page and click Add Permissions in the Actions column. In the Grant Permission panel, find the AdministratorAccess policy and attach it to the RAM user.4. In a program, replace the AccessKey pair of the Alibaba Cloud account with the AccessKey pair of the RAM user created in the previous step and check whether the program runs as expected in the test environment.5. If the program runs as expected, publish the program to the production environment and disable the previous AccessKey pair of your Alibaba Cloud account. Then, check whether the program runs as expected.6. If the program runs as expected, delete the disabled AccessKey pair after the specified period of time, such as 90 days. |
| Title |
string |
修复步骤标题。 |
Scenario 3: AccessKey pair that is used within the last 90 days |
| Notice |
string |
修复注意事项。 |
This governance item enables the Best Practices for AccessKey and Permission Governance compliance package in Cloud Config to check the settings and usage of AccessKey pairs, Alibaba Cloud accounts, and RAM users. |
| Suggestion |
string |
修复建议。 说明
仅当 |
Console logon is enabled for the RAM user and the RAM user owns an AccessKey pair, while the AccessKey pair has never been used by the RAM user. We recommend that you disable the AccessKey pair for 90 days. If no related issue occurs during this period, you can delete the AccessKey pair. |
| RemediationType |
string |
修复类型。取值:
|
Manual |
| ResourceMetadata |
object |
检测项的资源元数据。 |
|
| ResourcePropertyMetadata |
array<object> |
资源属性元数据。 |
|
|
object |
资源属性元数据。 |
||
| DisplayName |
string |
属性显示名称。 |
Last time the AccessKey pair was used |
| PropertyName |
string |
资源属性名称。 |
AkLastUsedTime |
| PropertyType |
string |
资源属性类型。 |
String |
| Scope |
string |
检测项所属范围。取值:
|
Account |
| Stage |
string |
检测项所处状态。取值:
|
Released |
| TopicCode |
string |
所属治理专题 code |
ResourceUtilization |
| Type |
string |
元数据类型。取值:
|
Metric |
| RequestId |
string |
请求 ID。 |
16B208DD-86BD-5E7D-AC93-FFD44B6FBDF1 |
示例
正常返回示例
JSON格式
{
"EvaluationMetadata": [
{
"Metadata": [
{
"Category": "Security",
"Description": "If you use an AccessKey pair of an Alibaba Cloud account, you have full permissions that cannot be restricted by conditions such as source IP address or access time. Once leaked, the risk is extremely high. If an AccessKey pair exists for the Alibaba Cloud account, it is considered non-compliant.",
"DisplayName": "An AccessKey pair is enabled for the Alibaba Cloud account.",
"Id": "pxgtda****",
"RecommendationLevel": "High",
"RemediationMetadata": {
"Remediation": [
{
"Actions": [
{
"Classification": "UnusedAccessKeyInRamUser",
"CostDescription": "You are not charged for this operation.",
"Description": "A RAM user has both console logon and an AccessKey pair enabled, but the AccessKey pair has never been used.",
"Guidance": [
{
"ButtonName": "Manual fix",
"ButtonRef": "https://ram.console.alibabacloud.com/users",
"Content": "You must replace the AccessKey pair of your Alibaba Cloud account. To do so, perform the following steps:1. Log on to the RAM console. In the left-side navigation pane, choose Identities > Users. On the Users page, click Create User.2. On the Create User page, enter a logon name and select OpenAPI Access for the Access Mode parameter.3. After the RAM user is created, save the AccessKey pair. Then, find the user that you created on the Users page and click Add Permissions in the Actions column. In the Grant Permission panel, find the AdministratorAccess policy and attach it to the RAM user.4. In a program, replace the AccessKey pair of the Alibaba Cloud account with the AccessKey pair of the RAM user created in the previous step and check whether the program runs as expected in the test environment.5. If the program runs as expected, publish the program to the production environment and disable the previous AccessKey pair of your Alibaba Cloud account. Then, check whether the program runs as expected.6. If the program runs as expected, delete the disabled AccessKey pair after the specified period of time, such as 90 days.",
"Title": "Scenario 3: AccessKey pair that is used within the last 90 days"
}
],
"Notice": "This governance item enables the Best Practices for AccessKey and Permission Governance compliance package in Cloud Config to check the settings and usage of AccessKey pairs, Alibaba Cloud accounts, and RAM users.",
"Suggestion": "Console logon is enabled for the RAM user and the RAM user owns an AccessKey pair, while the AccessKey pair has never been used by the RAM user. We recommend that you disable the AccessKey pair for 90 days. If no related issue occurs during this period, you can delete the AccessKey pair."
}
],
"RemediationType": "Manual"
}
]
},
"ResourceMetadata": {
"ResourcePropertyMetadata": [
{
"DisplayName": "Last time the AccessKey pair was used",
"PropertyName": "AkLastUsedTime",
"PropertyType": "String"
}
]
},
"Scope": "Account",
"Stage": "Released",
"TopicCode": "ResourceUtilization"
}
],
"Type": "Metric"
}
],
"RequestId": "16B208DD-86BD-5E7D-AC93-FFD44B6FBDF1"
}
错误码
|
HTTP status code |
错误码 |
错误信息 |
描述 |
|---|---|---|---|
| 500 | InternalError | A system error occurred. | 系统错误。 |
| 404 | InvalidEnterpriseRealName.NotFound | The specified account has not passed enterprise real name verification. Please complete the verification for the account first. | 当前账号未进行企业实名认证,请您先完成企业实名认证。 |
访问错误中心查看更多错误码。
变更历史
更多信息,参考变更详情。