Overview and Benefits
Cloud Config is a specialized service that is used to evaluate resources on the cloud. Cloud Config tracks the changes of your resource configurations. This allows you to monitor your resource changes over time. You can use Cloud Config to configure compliance rules for your Alibaba Cloud resources. Cloud Config applies rules to monitor your resources and sends alerts if non-compliant resources are detected. Cloud Config allows you to configure manual or automatic remediation for non-compliant resources to implement compliance audits.
Cloud Config includes the resources of different regions into a global resource list, which allows you to view the resources in real-time.
Resource Integration Across Regions
Cloud Config provides a list of resources in different regions and allows you to query these resources.
Configuration Changes Linked to Operations
Creates a snapshot of the configurations for every change and tracks the operation that triggered the change. When an issue occurs, you can easily attribute the issue to a specific change.
Protection Pre-Check Based on the Baseline for Classified Protection of Cybersecurity 2.0
Cloud Config provides rules based on the specifications in the Baseline for Classified Protection of Cybersecurity 2.0 and uses the rules to evaluate the compliance of resources. You can enable the Classified Protection precheck feature with one click.
Features
Configuration Center for Cloud Resources
You can view the detailed resource changes in the Cloud Config console. You can also upload these changes to an Object Storage Service (OSS) bucket for further analysis.
View Resources
You can view the resources of different regions in a list and query the configuration details of a specified resource.
Resource Data
You can view the resource changes from the last seven years.
Storage Method
You can save historical configurations as snapshots to a specified storage space on the cloud.
Continuous Compliance Management of Resources on the Cloud
Automatically evaluates the compliance of your resources based on a rules engine and detects potential or ongoing non-compliant configurations. Cloud Config ensures an automatic compliance audit of your cloud infrastructure.
Compliance Rules
You can set compliance requirements as compliance rules. Cloud Config can continuously evaluate whether your Alibaba Cloud resources meet these compliance rules.
Automatic Remediation
You can enable the non-compliance alerting and automatic remediation features to manage the compliance of your cloud resources automatically and continuously.
Compliance Check
You can use Cloud Config to perform compliance checks based on the specifications in the Baseline for Classified Protection of Cybersecurity 2.0 and CIS security standards.
Cross Account Compliance Management
The integration of Cloud Config and Resource Management enables enterprises to evaluate the compliance of resources that belong to multiple Alibaba Cloud accounts.
Compliant Rule Assignment
If you create multiple Alibaba Cloud accounts, you can assign compliance rules to all member accounts using a master account.
Compliance Statistics
You can view the compliance statistics of all member accounts in a centralized manner.
CMDB on the Cloud
You can ship snapshots of resource changes within all accounts to a storage space.
Scenarios
Centralized Management of Resource Configurations
For enterprises that have deployed resources in multiple regions, managing resources across regions cause inconveniences and lower the efficiency of the asset inventory and daily O&M. To address these issues, Cloud Config integrates resources from different regions into a resource list so enterprises can view and query all of their resources in real-time.
Continuous Compliance Management of Cloud Resources
A large number of enterprises have extracted multiple compliance rules from the management of their on-premise resources. These enterprises want to apply the compliance rules to their cloud resources. Compared with on-premise resources, cloud resources require more frequent, flexible, and timely O&M due to their large-scale deployment. Therefore, the enterprises need an automatic, persistent, and efficient compliance management solution to monitor their cloud resources in batches.
Classified Protection Pre-Check
From December 2019, cloud resources must be evaluated based on the rules specified in the Baseline for Classified Protection of Cybersecurity 2.0. Cloud Config provides continuous free pre-check services to help enterprises evaluate and maintain the compliance of their resources.
Cloud Config allows enterprises to set compliance rules based on the specifications of the Baseline for Classified Protection of Cybersecurity 2.0 for their Alibaba Cloud resources. Cloud Config helps enterprises monitor resource changes, evaluates resource compliance, and triggers alerts for non-compliance resources in real-time.
Compliance Management for Multiple Accounts
If an enterprise deploys multiple business lines on the cloud, the enterprise can create multiple Alibaba Cloud accounts to separately manage these business lines. However, the business lines must comply with unified baselines, such as the risk control baseline, security baseline, and compliance baseline. In addition, the business lines must comply with the unified rules of resource management and billing. In this case, centralized compliance management is required for resources that belong to multiple Alibaba Cloud accounts. This way, compliance rules can be distributed to these accounts and the implementation status can be monitored in a centralized manner.
Continuous Change Tracking and Separate Bills
Sometimes, cloud resources are shared by multiple business lines of an enterprise and may be billed to different projects within a billing cycle. The enterprise can tag the resources to identify the correspondence between the business lines and the resource fees for separate billing. However, separate billing is often inaccurate because tag changes are not recorded. Cloud Config tracks and records the history of resource changes, including tag changes. This way, enterprises can solve similar problems by only storing these changes.
Upgraded Support For You
1 on 1 Presale Consultation, 24/7 Technical Support, Faster Response, and More Free Tickets.