Cloud Config

A configuration audit service that tracks and audits configurations of your Alibaba Cloud resources, helping you achieve the compliance of resource configurations. (The public preview of Cloud Config is available until April 1, 2020.)

Cloud Config monitors and tracks the changes to your resource configurations, presenting you with an overview of the changes over time. Cloud Config allows you to set compliance rules for the configurations of your Alibaba Cloud resources. Cloud Config applies the rules to check the configurations and sends alerts when non-compliant configurations are detected. For non-compliant configurations, you can choose manual or automatic correction. In this way, you can achieve continuous compliance of your resource configurations.

Benefits

One View for All Regions
Displays an integrated view of resources across all regions to allow for easy resource searching.
Configuration Changes Linked to Operations
Creates a snapshot of the configurations for every change and tracks the operation that triggered the change. When an issue occurs, you can easily attribute the issue to a specific change.
Continuous Compliance Management
Tracks your configuration changes and performs automatic checks for compliance, as well as automates the compliance review process.

Features

List of Resources

Provides a list for you to search and manage resources across various regions, eliminating the need to check different regions for resources.

List and Statistics

Provides you with an overview and list of statistics, which shows resources across different regions.

Search and Management

Allows you to easily search for resources and open the resource console by using one click.

Tracking of Resource Configurations

Allows you to view the detailed changes of resource configurations in the Cloud Config console, and upload these changes to an Object Storage Service (OSS) bucket for further analysis.

Configuration Timeline

Provides a configuration timeline that tracks configuration changes that are made after you activate the Cloud Config service.

Tracking of Operations

Allows you to track operations by using ActionTrail. You can view the information of operations related to a configuration change, including the user who sends the request, the time of the request, the API operations, and other details. This feature allows you to identify the cause of any issue that may occur.

Configuration Compliance Audit

Automatically checks your resource configurations based on a rule engine and detects noncompliant configurations when and after they are applied to your system. In this way, it ensures automatic compliance audit of your resource configurations.

Default Rules and Custom Rules

Delivers a "Compliance as Code" service. The Cloud Config service uses Function Compute as the rule editor and executor. You can use the default rules provided by this service or use Function Compute to create custom rules.

Compliance Evaluation

Rule-based checks can be scheduled or triggered in response to configuration changes for evaluating the compliance of configurations. You can view the results of individual resources or specific rules in the console. Additionally, the console also provides some statistical views for you to analyze the results.

Auto Correction of Noncompliant Configurations

By integrating the AutoMation service, you can enable auto-correction to automatically correct noncompliant configurations when they are detected and ensure the compliance of all configurations.

Configuration Compliance Audit for Enterprises

Provides you with a composite view that allows you to view the configurations of resources owned by multiple accounts. Instead of logging on to each account to check the compliance of the configurations of its managed resources, you can log on to the enterprise account and view the compliance of all resource configurations.

Subscription to Notifications

You can subscribe to notifications to ensure that you are alerted when noncompliant changes are made to configurations. You can also send your configuration change history and rule execution results to your specified OSS bucket.

Scenarios

Centralized Management of Resource Configurations

Cloud Config aggregates the resource list of each area, so that you can search and locate resources efficiently. It records the details of each resource configuration change to improve the efficiency of your resource management across regions.

Configuration Compliance Audit

Typically, when a resource configuration change is made, you need to ensure that the change is compliant. When a noncompliant change is made, you must quickly locate the change, determine its potential risks, and rectify any issues. Oftentimes, having large number of resources will require many configuration changes on a daily basis. In this case, manual compliance checks are not feasible. Cloud Config can help you achieve continuous and autonomous supervision of IT configuration compliance on the cloud.

Fault Detection and Retrospective Troubleshooting

Based on the resource configuration change history and corresponding operation history files derived from Cloud Config, you can quickly locate faults and repair them, and subsequently implement fault analysis and plan improvement.