All Products
Search

This Product

    Cloud Config:Example of resource non-compliance events

    Document Center

    Cloud Config:Example of resource non-compliance events

    Last Updated:Sep 06, 2023

    This topic provides an example of resource non-compliance events that are delivered to Simple Log Service for storage. The following sections describe the content of the example and the parameters involved.

    Example

    In single-account mode, you use an Alibaba Cloud account whose ID is 120886317861**** and you have an Object Storage Service (OSS) bucket named test_bucket in the China (Beijing) region. The non-compliance events of the resource are delivered to Simple Log Service. The following code shows a sample event:

    accountId:120886317861****
annotation:{"configuration":"public-read","desiredValue":"read","operator":"NotStringContains","property":"$.AccessControlList.Grant"}
complianceType:NON_COMPLIANT
dataType:NonCompliantNotification
evaluationResultIdentifier:{"orderingTimestamp":1630481784685,"evaluationResultQualifier":{"resourceId":"test_bucket","configRuleName":"oss-bucket-public-read-prohibited","configRuleId":"cr-2d736457e0d90044****","captureTime":1630481784685,"resourceName":"test_bucket","configRuleArn":"acs:config::120886317861****:rule/cr-2d736457e0d90044****","regionId":"cn-beijing","resourceOwnerId":120886317861****,"resourceType":"ACS::OSS::Bucket"}}
eventName:NonCompliant
eventType:ResourceCompliance
invokingEventMessageType:Manual
notificationCreationTime:1630481787932
requestId:62e70b45-1171-4648-8db0-233d18f6adb5
riskLevel:Critical

    Parameters

    The following table describes the parameters involved in resource non-compliance events that are delivered to Simple Log Service.

    Parameter

    Description

    accountId

    The ID of the account to which the resource belongs. The account ID depends on the account mode.

    • Single-account mode: Enter the ID of an independent Alibaba Cloud account that is not added to a resource directory by using a management account.

    • Multi-account mode: Enter a management account ID or a member account ID.

    annotation

    The description of the non-compliant configuration.

    complianceType

    The compliance evaluation result. Set the value to NON_COMPLIANT.

    dataType

    The type of the log received by Simple Log Service. Valid values:

    • ConfigurationItemChangeNotification: resource change log

    • NonCompliantNotification: resource non-compliance event

    evaluationResultIdentifier

    The information about the compliance evaluation result.

    eventName

    The name of the event. Set the value to NonCompliant.

    eventType

    The type of the event. Valid values:

    • ResourceChange: resource change event

    • ResourceCompliance: resource non-compliance event

    invokingEventMessageType

    The trigger type of the rule. Valid values:

    • ScheduledNotification: The rule is periodically triggered.

    • ConfigurationItemChangeNotification: The rule is triggered by configuration changes.

    • Manual: The rule is manually triggered.

    notificationCreationTime

    The timestamp when the message was generated.

    riskLevel

    The risk level of the resources that are not compliant with the rule. Valid values:

    • Info: low risk

    • Warning: medium risk

    • Critical: high risk