Modifies the description, input parameters, and risk level of a rule in a specific account group.
Operation description
This topic provides an example on how to change the risk level of the rule cr-4e3d626622af0080**** in an account group ca-a4e5626622af0079**** to 3, which indicates low risk level.
Debugging
Authorization information
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| ConfigRuleId | string | Yes | The ID of the rule. For more information about how to query the ID of a rule, see ListAggregateConfigRules . | cr-4e3d626622af0080**** |
| Description | string | No | The description of the rule. | |
| InputParameters | object | No | The input parameters of the rule. | {"tag1Key":"ECS","tag1Value":"test"} |
| MaximumExecutionFrequency | string | No | The intervals at which the rule is triggered. Valid values:
Note
This parameter is required if the ConfigRuleTriggerTypes parameter is set to ScheduledNotification.
| One_Hour |
| ResourceTypesScope | array | No | The type of the resource to be evaluated by the rule. Separate multiple resource types with commas (,). | |
| string | No | ACS::ECS::Instance | ||
| RiskLevel | integer | No | The risk level of the resources that are not compliant with the rule. Valid values:
| 3 |
| ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the value, but you must make sure that it is unique among different requests. The token can contain only ASCII characters and cannot exceed 64 characters in length. | 1594295238-f9361358-5843-4294-8d30-b5183fac**** |
| RegionIdsScope | string | No | The IDs of the regions to which the rule applies. Separate multiple region IDs with commas (,). Note
This parameter applies only to a managed rule.
| cn-hangzhou |
| ExcludeResourceIdsScope | string | No | The IDs of the resources excluded from the compliance evaluations performed by the rule. Separate multiple resource IDs with commas (,). Note
This parameter applies only to a managed rule.
| lb-t4nbowvtbkss7t326**** |
| ConfigRuleTriggerTypes | string | No | The trigger type of the rule. Valid values:
Note
This parameter applies only to a custom rule.
| ConfigurationItemChangeNotification |
| AggregatorId | string | Yes | The ID of the account group. For more information about how to query the ID of an account group, see ListAggregators . | ca-a4e5626622af0079**** |
| ResourceGroupIdsScope | string | No | The IDs of the resource groups to which the rule applies. Separate multiple resource group IDs with commas (,). Note
This parameter applies only to a managed rule.
| rg-aekzc7r7rhx**** |
| TagKeyScope | string | No | The tag key used to filter resources. The rule applies only to the resources with the specified tag key. Note
This parameter applies only to a managed rule. You must configure the TagKeyScope and TagValueScope parameters at the same time.
| ECS |
| TagValueScope | string | No | The tag value used to filter resources. The rule applies only to the resources that use the specified tag value. Note
This parameter applies only to a managed rule. You must configure the TagKeyScope and TagValueScope parameters at the same time.
| test |
| ConfigRuleName | string | No | The name of the rule. For more information about how to query the name of a rule, see ListAggregateConfigRules . | |
| TagKeyLogicScope | string | No | The logical relationship among the tag keys if you specify multiple tag keys for the
| AND |
| FolderIdsScope | string | No | The IDs of the resource directories to which the rule applies, which means that the resources within member accounts in the resource directories are evaluated based on the rule. Note
| fd-ZtHsRH**** |
| ExcludeFolderIdsScope | string | No | The IDs of the resource directories to which the rule does not apply, which means that the resources within member accounts in the resource directories are not evaluated based on the rule. Separate multiple resource directory IDs with commas (,). Note
| fd-pWmkqZ**** |
| ExcludeAccountIdsScope | string | No | The IDs of the member accounts to which the rule does not apply, which means that the resources within the member accounts are not evaluated based on the rule. Separate multiple member account IDs with commas (,). Note
This parameter applies only to a managed rule.
| 120886317861**** |
For more information about common request parameters, see Common parameters.
Response parameters
Examples
Sample success responses
JSONformat
{
"ConfigRuleId": "cr-4e3d626622af0080****",
"RequestId": "6EC7AED1-172F-42AE-9C12-295BC2ADB751"
}Error codes
| HTTP status code | Error code | Error message | Description |
|---|---|---|---|
| 400 | ExceedMaxRuleCount | The maximum number of rules is exceeded. | The maximum number of rules is exceeded. |
| 400 | ConfigRuleNotExists | The ConfigRule does not exist. | The rule does not exist. |
| 400 | ConfigRuleExists | The ConfigRule already exists. | The config rule already exists. |
| 400 | Invalid.AggregatorId.Value | The specified AggregatorId is invalid. | The specified aggregator ID does not exist or you are not authorized to use the aggregator. |
| 403 | AggregatorMemberNoPermission | The aggregator member is not authorized to perform the operation. | The aggregator member is not authorized to perform the operation. |
| 404 | AccountNotExisted | Your account does not exist. | The specified account does not exist. |
| 503 | ServiceUnavailable | The request has failed due to a temporary failure of the server. | The request has failed due to a temporary failure of the server. |
For a list of error codes, visit the Service error codes.
Change history
| Change time | Summary of changes | Operation |
|---|