ListResourceEvaluationResults - Cloud Config - Alibaba Cloud Documentation Center

Queries the compliance evaluation results of resources.

Operation description

In this example, the compliance evaluation result of the 23642660635396**** resource is queried and the resource is a RAM user. The returned result indicates that the resource is evaluated as NON_COMPLIANT by using the cr-7f7d626622af0041**** rule.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
ResourceType	string	No	The type of the resource. For more information about how to query the type of a resource, see ListDiscoveredResources .	ACS::RAM::User
ResourceId	string	No	The ID of the resource. For more information about how to obtain the ID of a resource, see ListDiscoveredResources .	23642660635396****
ComplianceType	string	No	The compliance evaluation result of the resource. Valid values: COMPLIANT: The resource is evaluated as compliant. NON_COMPLIANT: The resource is evaluated as non-compliant. NOT_APPLICABLE: The rule does not apply to the resources. INSUFFICIENT_DATA: No data is available. IGNORED: The resource is ignored during compliance evaluation.	NON_COMPLIANT
NextToken	string	No	The token that you want to use to initiate the current request. If the response of the previous request is truncated, you can use this token to initiate another request and obtain the remaining entries.``	IWBjqMYSy0is7zSMGu16****
MaxResults	integer	No	The maximum number of entries to return in a request. Valid values: 1 to 100.	10
Region	string	No	The ID of the region where one or more resources you want to query reside. For example, the value `global` indicates global regions and the value `cn-hangzhou` indicates the China (Hangzhou) region. For more information about how to obtain the ID of the region where a resource resides, see ListDiscoveredResources .	global

For more information about common request parameters, see Common parameters.

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request.	25C89DDB-BB79-487D-88C3-4A561F21EFC4
EvaluationResults	object	The information about the compliance evaluation results returned.
NextToken	string	The token that was used to initiate the next request.	IWBjqMYSy0is7zSMGu16****
MaxResults	integer	The maximum number of entries to return for a single request.	10
EvaluationResultList	array<object>	The details of the compliance evaluation result.
	object
RiskLevel	integer	The risk level of the resources that do not comply with the rule. Valid values: 1: high risk level 2: medium risk level 3: low risk level	1
ComplianceType	string	The compliance evaluation result of the resources. Valid values: COMPLIANT: The resources are evaluated as compliant. NON_COMPLIANT: The resources are evaluated as incompliant. NOT_APPLICABLE: The rule does not apply to your resources. INSUFFICIENT_DATA: No resource data is available. IGNORED: The resource is ignored during compliance evaluation.	NON_COMPLIANT
ResultRecordedTimestamp	long	The timestamp when the compliance evaluation result was recorded. Unit: milliseconds.	1624932227595
Annotation	string	The annotation to the resource that is evaluated as incompliant. The following section describes the parameters that can be returned: `configuration`: the current resource configuration that is evaluated as incompliant by using the rule. `desiredValue`: the expected resource configuration that is evaluated as compliant by using the rule. `operator`: the operator that is used to compare the current configuration with the expected configuration of the resource. `property`: the JSON path of the current configuration in the resource property struct. `reason`: the reason why the resource is evaluated as incompliant.	{\"configuration\":\"false\",\"desiredValue\":\"True\",\"operator\":\"StringEquals\",\"property\":\"$.LoginProfile.MFABindRequired\"}
ConfigRuleInvokedTimestamp	long	The timestamp when the rule was triggered for the compliance evaluation. Unit: milliseconds.	1624932227157
InvokingEventMessageType	string	The trigger type of the managed rule. Valid values: ConfigurationItemChangeNotification: The managed rule is triggered by configuration changes. ScheduledNotification: The managed rule is periodically triggered.	ScheduledNotification
EvaluationResultIdentifier	object	The identifying information about the compliance evaluation result.
OrderingTimestamp	long	The timestamp when the compliance evaluation was performed. Unit: milliseconds.	1624932227157
EvaluationResultQualifier	object	The information about the evaluated resource returned in the compliance evaluation result.
ConfigRuleArn	string	The Alibaba Cloud Resource Name (ARN) of the rule.	acs:config::100931896542**:rule/cr-7f7d626622af0041**
ResourceType	string	The type of the resource.	ACS::RAM::User
ConfigRuleName	string	The name of the monitoring rule.	test-rule-name
ResourceId	string	The ID of the resource.	23642660635396****
ConfigRuleId	string	The ID of the rule.	cr-7f7d626622af0041****
ResourceName	string	The name of the resource.	Alice
RegionId	string	The ID of the region where your resources reside.	global
IgnoreDate	string	The date from which the system automatically re-evaluates the ignored incompliant resources. Note If the value of this parameter is left empty, the system does not automatically re-evaluate the ignored incompliant resources. You must re-evaluate the ignored incompliant resources.	2022-06-01
RemediationEnabled	boolean	Indicates whether the remediation template is enabled. Valid values: true: The remediation template is enabled. false: The remediation template is disabled.	true

Examples

Sample success responses

JSONformat

{
  "RequestId": "25C89DDB-BB79-487D-88C3-4A561F21EFC4",
  "EvaluationResults": {
    "NextToken": "IWBjqMYSy0is7zSMGu16****",
    "MaxResults": 10,
    "EvaluationResultList": [
      {
        "RiskLevel": 1,
        "ComplianceType": "NON_COMPLIANT",
        "ResultRecordedTimestamp": 1624932227595,
        "Annotation": "{\\\"configuration\\\":\\\"false\\\",\\\"desiredValue\\\":\\\"True\\\",\\\"operator\\\":\\\"StringEquals\\\",\\\"property\\\":\\\"$.LoginProfile.MFABindRequired\\\"}",
        "ConfigRuleInvokedTimestamp": 1624932227157,
        "InvokingEventMessageType": "ScheduledNotification",
        "EvaluationResultIdentifier": {
          "OrderingTimestamp": 1624932227157,
          "EvaluationResultQualifier": {
            "ConfigRuleArn": "acs:config::100931896542****:rule/cr-7f7d626622af0041****",
            "ResourceType": "ACS::RAM::User",
            "ConfigRuleName": "test-rule-name",
            "ResourceId": "23642660635396****",
            "ConfigRuleId": "cr-7f7d626622af0041****",
            "ResourceName": "Alice",
            "RegionId": "global",
            "IgnoreDate": "2022-06-01"
          }
        },
        "RemediationEnabled": true
      }
    ]
  }
}

Error codes

HTTP status code	Error code	Error message	Description
400	NoPermission	You are not authorized to perform this operation.	You are not authorized to perform this operation.
404	CloudConfigServiceRoleNotExisted	The CloudConfigServiceRole does not exist.	The CloudConfig service role does not exist.
404	AccountNotExisted	Your account does not exist.	The specified account does not exist.
503	ServiceUnavailable	The request has failed due to a temporary failure of the server.	The request has failed due to a temporary failure of the server.

For a list of error codes, visit the Service error codes.