Unlock the Power of AI

1 million free tokens

88% Price Reduction

NaNDayNaN:NaN:NaN
Activate Now
Home PageCloud ConfigDeveloper ReferenceAPI ReferenceAPI Reference (2020-09-07)API catalogRulesEvaluatePreConfigRules
Search for Help Content

EvaluatePreConfigRules

Updated at: 2025-01-21 11:45
Product
Community

Executes evaluation rules to evaluate resources.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • For mandatory resource types, indicate with a prefix of * .
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
OperationAccess levelResource typeCondition keyAssociated operation
config:EvaluatePreConfigRuleslist
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
ParameterTypeRequiredDescriptionExample
ResourceEvaluateItemsarray<object>Yes

The resources that you want to evaluate.

objectYes
ResourceLogicalIdstringNo

The logical ID of the resource.

ResourceLogicId-test
ResourceTypestringNo

The type of the resource.

ACS::ECS::Instance
Rulesarray<object>No

The evaluation rules.

objectNo
IdentifierstringNo

The identifier of the evaluation rule.

For more information about how to obtain the identifier of an evaluation rule, see ListManagedRules .

ecs-instance-deletion-protection-enabled
InputParametersstringNo

The input parameters of the evaluation rule.

{}
ResourcePropertiesstringNo

The properties of the resource.

{ "ImageId": "ubuntu_18_04_64_20G_alibase_20190624.vhd", "SecurityGroupId": "sg-bp15ed6xe1yxeycg****", "HostName": "LocalHostName", "RegionId": "cn-hangzhou" }
EnableManagedRulesbooleanNo

Specifies whether to enable the managed rule. Valid values:

  • true: enables the managed rule.
  • false: does not enable the managed rule. This is the default value.
Note
After you create an evaluation rule, a managed rule that has the same settings as the evaluation rule is created. After you create a resource, the managed rule can be used to continuously check the compliance of the resource.
false

For more information about common request parameters, see Common parameters.

Response parameters

ParameterTypeDescriptionExample
ParameterTypeDescriptionExample
object
RequestIdstring

The ID of the request.

129ECF1C-7897-1131-BD0F-4B588AC05400
ResourceEvaluationsarray<object>

The details of the compliance evaluation result.

ResourceEvaluationobject
ResourceLogicalIdstring

The logical ID of the resource.

Note
If the ResourceLogicalId request parameter is left empty, the value of the ResourceLogicalId response parameter is generated based on the value of the ResourceProperties parameter.
ResourceLogicId-test
ResourceTypestring

The type of the resource.

ACS::ECS::Instance
Rulesarray<object>

The evaluation rules.

Ruleobject
Identifierstring

The identifier of the evaluation rule.

ecs-instance-deletion-protection-enabled
ComplianceTypestring

The compliance type of the resource that was evaluated by using the evaluation rule. Valid values:

  • COMPLIANT: The resource was evaluated as compliant.
  • NON_COMPLIANT: The resource was evaluated as incompliant.
  • NOT_APPLICABLE: The evaluation rule does not apply to the resource.
NON_COMPLIANT
Annotationstring

The reason why the resource was evaluated as incompliant.

{\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.DeletionProtection\"}
HelpUrlstring

The URL of the topic that describes how the managed rule remediates the incompliant configurations.

https://example.aliyundoc.com

Examples

Sample success responses

JSONformat

{
  "RequestId": "129ECF1C-7897-1131-BD0F-4B588AC05400",
  "ResourceEvaluations": [
    {
      "ResourceLogicalId": "ResourceLogicId-test",
      "ResourceType": "ACS::ECS::Instance",
      "Rules": [
        {
          "Identifier": "ecs-instance-deletion-protection-enabled",
          "ComplianceType": "NON_COMPLIANT",
          "Annotation": "{\\\"configuration\\\":\\\"false\\\",\\\"desiredValue\\\":\\\"True\\\",\\\"operator\\\":\\\"StringEquals\\\",\\\"property\\\":\\\"$.DeletionProtection\\\"}",
          "HelpUrl": "https://example.aliyundoc.com"
        }
      ]
    }
  ]
}

Error codes

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
Change timeSummary of changesOperation
2023-06-13The internal configuration of the API is changed, but the call is not affectedView Change Details
Previous: ListPreManagedRulesNext: Compliance Package
  • On this page (1)
  • Debugging
  • Authorization information
  • Request parameters
  • Response parameters
  • Examples
  • Error codes
  • Change history
Feedback
phone Contact Us

Chat now with Alibaba Cloud Customer Service to assist you in finding the right products and services to meet your needs.

alicare alicarealicarealicare