This topic describes the types of Cloud Config events that ActionTrail records or CloudMonitor monitors and can be published to EventBridge.
Background information
Cloud Config can be used as an event source for the following Alibaba Cloud services:
- File Storage NASServer Load Balancer (SLB)Alibaba Cloud CDNElasticsearchCloud Enterprise NetworkApsaraDB for HBaseApsaraDB RDSContainer Service for Kubernetes (ACK)Elastic Compute Service (ECS)PolarDB for MySQLResource Orchestration Service (ROS)Virtual Private Cloud (VPC)Object Storage Service (OSS)Resource Access Management (RAM)Auto Scaling (ESS)Operation Orchestration Service (OOS)Anti-DDoSAlibaba Cloud DNS (DNS)Key Management Service (KMS)Tair (Redis OSS-Compatible)ApsaraDB for MongoDBPrivateLinkVPN GatewayWeb Application Firewall (WAF)Message Queue for Apache RocketMQResource ManagementTime Series Database (TSDB)
Event types
The following table describes the types of Cloud Config events that can be published to EventBridge.
Event type | Value of the type parameter |
A notification that indicates the configuration of a resource is changed is sent | config:Config:ConfigurationItemChangeNotification |
A notification that indicates a resource is evaluated as non-compliant is sent | config:Config:NonCompliantNotification |
An operation is performed on a resource | config:ActionTrail:AliyunServiceEvent |
An API operation is called | config:ActionTrail:ApiCall |
An operation is performed in a console | config:ActionTrail:ConsoleOperation |
One or more configuration items are changed | config:CloudMonitor:ConfigurationItemChangeNotification |
For more information about the parameters defined in the CloudEvents specification, see Overview.
A notification that indicates the configuration of a resource is changed is sent
The following example shows the event that EventBridge receives when the configuration of a resource is changed:
{
"datacontenttype": "application/json;charset=utf-8",
"data": {
"resourceId":"i-bp1b4ym5yh7ciz96****",
"captureTime":"1637659288000",
"configuration":"{\"ResourceGroupId\":\"\",\"Memory\":1024,\"InstanceChargeType\":\"PostPaid\",\"Cpu\":1,\"OSName\":\"CentOS 7.6 64 bit\",\"InstanceNetworkType\":\"vpc\",\"InnerIpAddress\":{\"IpAddress\":[]},\"ExpiredTime\":\"2099-12-31T15:59Z\",\"ImageId\":\"centos_7_06_64_20G_alibase_20190218.vhd\",\"EipAddress\":{\"AllocationId\":\"\",\"IpAddress\":\"\",\"InternetChargeType\":\"\"},\"Tags\":{\"Tag\":[{\"TagKey\":\"1\",\"TagValue\":\"2\"},{\"TagKey\":\"cost-center\",\"TagValue\":\"202012301217\"},{\"TagKey\":\"d\",\"TagValue\":\"d\"},{\"TagKey\":\"cost-center-haidong\",\"TagValue\":\"1\"},{\"TagKey\":\"05\",\"TagValue\":\"17\"},{\"TagKey\":\"nba\",\"TagValue\":\"yes\"},{\"TagKey\":\"V\",\"TagValue\":\"V\"},{\"TagKey\":\"fff1\",\"TagValue\":\"ff\"},{\"TagKey\":\"fff\",\"TagValue\":\"fff\"}]},\"VlanId\":\"\",\"HostName\":\"test-instance11111name\",\"Status\":\"Stopped\",\"HibernationOptions\":{\"Configured\":false},\"MetadataOptions\":{\"HttpTokens\":\"\",\"HttpEndpoint\":\"\"},\"InstanceId\":\"i-bp1b4ym5yh7ciz96****\",\"StoppedMode\":\"StopCharging\",\"CpuOptions\":{\"ThreadsPerCore\":1,\"Numa\":\"\",\"CoreCount\":1},\"StartTime\":\"2020-11-24T02:42Z\",\"DeletionProtection\":true,\"VpcAttributes\":{\"PrivateIpAddress\":{\"IpAddress\":[\"192.168.XX.XX\"]},\"VpcId\":\"vpc-bp162ot6s0yknn7qj****\",\"VSwitchId\":\"vsw-bp1tuojvtiteqlsh8****\",\"NatIpAddress\":\"\"},\"SecurityGroupIds\":{\"SecurityGroupId\":[\"sg-bp11m8p4hsmegc6d****\"]},\"InternetChargeType\":\"PayByBandwidth\",\"InstanceName\":\"test-instance666666\",\"DeploymentSetId\":\"\",\"InternetMaxBandwidthOut\":10,\"SerialNumber\":\"e8fbd14e-19cd-47c7-b664-b6e60dc30713\",\"OSType\":\"linux\",\"CreationTime\":\"2020-11-24T02:42Z\",\"AutoReleaseTime\":\"\",\"Description\":\"Sleep Olympiad\",\"InstanceTypeFamily\":\"ecs.xn4\",\"DedicatedInstanceAttribute\":{\"Tenancy\":\"\",\"Affinity\":\"\"},\"PublicIpAddress\":{\"IpAddress\":[]},\"GPUSpec\":\"\",\"NetworkInterfaces\":{\"NetworkInterface\":[{\"Type\":\"Primary\",\"PrimaryIpAddress\":\"192.168.XX.XX\",\"MacAddress\":\"00:16:3f:00:XX:XX\",\"NetworkInterfaceId\":\"eni-bp15hr53jws8jqza****\",\"PrivateIpSets\":{\"PrivateIpSet\":[{\"PrivateIpAddress\":\"192.168.XX.XX\",\"Primary\":true}]}}]},\"SpotPriceLimit\":0.0,\"SaleCycle\":\"\",\"DeviceAvailable\":true,\"InstanceType\":\"ecs.xn4.small\",\"OSNameEn\":\"CentOS 7.6 64 bit\",\"SpotStrategy\":\"NoSpot\",\"IoOptimized\":true,\"ZoneId\":\"cn-hangzhou-b\",\"ClusterId\":\"\",\"EcsCapacityReservation****\":{\"CapacityReservationPreference\":\"\",\"CapacityReservationId\":\"\"},\"DedicatedHostAttribute\":{\"DedicatedHostId\":\"\",\"DedicatedHostName\":\"\",\"DedicatedHostClusterId\":\"\"},\"GPUAmount\":0,\"OperationLocks\":{\"LockReason\":[]},\"InternetMaxBandwidthIn\":100,\"Recyclable\":false,\"RegionId\":\"cn-hangzhou\",\"CreditSpecification\":\"\"}",
"availabilityZone":"cn-hangzhou-b",
"requestId":"d641cac9-b079-4c68-bead-bd7d687e****",
"resourceGroupId":"rg-acfmw3ty5y7****",
"arn":"acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96****",
"relationship":"[{\"regionId\":\"cn-hangzhou\",\"relationType\":\"Contains\",\"resourceId\":\"eni-bp15hr53jws8jqza****\",\"resourceType\":\"ACS::ECS::NetworkInterface\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAssociatedIn\",\"resourceId\":\"sg-bp11m8p4hsmegc6d****\",\"resourceType\":\"ACS::ECS::SecurityGroup\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vpc-bp162ot6s0yknn7qj****\",\"resourceType\":\"ACS::VPC::VPC\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsContained\",\"resourceId\":\"vsw-bp1tuojvtiteqlsh8****\",\"resourceType\":\"ACS::VPC::VSwitch\"},{\"regionId\":\"cn-hangzhou\",\"relationType\":\"IsAttachedTo\",\"resourceId\":\"d-bp1egkvbrif67h8n****\",\"resourceType\":\"ACS::ECS::Disk\"}]",
"configurationDiff":"{\"InstanceName\":[\"test-instance222345\",\"test-instance666666\"]}",
"resourceEventType":"MODIFY",
"resourceCreateTime":"1606185720000",
"dataType":"ConfigurationItemChangeNotification",
"resourceName":"test-instance666666",
"tags":"{\"1\":[\"2\"],\"d\":[\"d\"],\"fff1\":[\"ff\"],\"05\":[\"17\"],\"V\":[\"V\"],\"fff\":[\"fff\"],\"cost-center-haidong\":[\"1\"],\"nba\":[\"yes\"],\"cost-center\":[\"202012301217\"]}",
"accountId":"120886317861****",
"relationshipDiff":"{\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}}",
"resourceStatus":"Stopped",
"regionId":"cn-hangzhou",
"configAggregators":"",
"logtime":1637659293,
"resourceType":"ACS::ECS::Instance"
},
"id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
"source": "acs.config",
"specversion": "1.0",
"subject": "acs.config:cn-hangzhou:123456789098****:215672",
"time": "2020-11-19T21:04:41+08:00",
"type": "config:Config:ConfigurationItemChangeNotification",
"aliyunaccountid": "123456789098****",
"aliyunpublishtime": "2020-11-19T21:04:42Z",
"aliyuneventbusname": "default",
"aliyunregionid": "cn-hangzhou",
"aliyunpublishaddr": "172.25.XX.XX"
}The following table describes the fields in the data parameter.
Field | Type | Example | Description |
resourceId | String | i-bp1b4ym5yh7ciz96**** | The ID of the resource. |
captureTime | String | 1637659288000 | The time when the change was captured. |
configuration | String | | The resource configuration. The value is a JSON string. |
availabilityZone | String | cn-hangzhou-b | The zone in which the resource resides. |
requestId | String | d641cac9-b079-4c68-bead-bd7d687e**** | The ID of the request. |
resourceGroupId | String | rg-acfmw3ty5y7**** | The ID of the resource group. |
arn | String | acs:ecs:cn-hangzhou:120886317861****:instance/i-bp1b4ym5yh7ciz96**** | The name of the resource group. |
relationship | String | | The relationships between the resource and the related resources. The value is a JSON string. |
configurationDiff | String | | The changes in the configuration. The value is a JSON string. |
resourceEventType | String | MODIFY | The type of the resource event. |
resourceCreateTime | String | 1606185720000 | The time when the resource was created. |
dataType | String | ConfigurationItemChangeNotification | The type of data. |
resourceName | String | test-instance666666 | The name of the resource. |
tags | String | | The tags of the resource. The value is a JSON string. |
accountId | String | 120886317861**** | The ID of the Alibaba Cloud account to which the resource belongs. |
relationshipDiff | String | {\"relationship_diff\":{\"relationship_add\":[],\"relationship_delete\":[]}} | The changes in the relationships. The value is a JSON string. |
resourceStatus | String | Stopped | The status of the resource. |
regionId | String | cn-hangzhou | The ID of the region in which the resource resides. |
configAggregators | String | N/A | Indicates whether aggregation is enabled. |
logtime | Number | 1637659293 | The time when logs are generated. |
resourceType | String | ACS::ECS::Instance | The type of the resource. |
A notification that indicates a resource is evaluated as non-compliant is sent
The following example shows the event that EventBridge receives when a resource is evaluated as non-compliant:
{
"datacontenttype": "application/json;charset=utf-8",
"data": {
"annotation":"{\"configuration\":\"[{\\\"Type\\\":\\\"ecs\\\",\\\"ServerId\\\":\\\"i-bp18fnpdsieogla2****\\\",\\\"Port\\\":443,\\\"Weight\\\":0}]\",\"operator\":\"IsEmpty\",\"property\":\"$.data[?(@.Weight==0)]\"}",
"riskLevel":"Critical",
"dataType":"NonCompliantNotification",
"evaluationResultIdentifier":"{\"orderingTimestamp\":1637657187979,\"evaluationResultQualifier\":{\"resourceId\":\"lb-bp1pcf5uglae1016r****\",\"configRuleName\":\"slb_backendserver_weight_check\",\"configRuleId\":\"cr-aa5e626622af00c5****\",\"captureTime\":1637657187979,\"resourceName\":\"lb-bp1pcf5uglae1016raewv\",\"configRuleArn\":\"acs:config::100931896542****:rule/cr-aa5e626622af00c5bc65\",\"regionId\":\"cn-hangzhou\",\"resourceOwnerId\":100931896542****,\"resourceType\":\"ACS::SLB::LoadBalancer\"}}"
"eventType":"ResourceCompliance",
"invokingEventMessageType":"Manual",
"configRuleInvokedTimestamp":1637657187979,
"complianceType":"NON_COMPLIANT",
"accountId":100931896542****,
"requestId":"96dc838e-708d-4429-aa1b-121d1fee****",
"resultRecordedTimestamp":1637658505230,
"eventName":"NonCompliant",
"notificationCreationTime":1637658505710
},
"id": "45ef4dewdwe1-7c35-447a-bd93-fab****",
"source": "acs.config",
"specversion": "1.0",
"subject": "acs.config:cn-hangzhou:123456789098****:215672",
"time": "2020-11-19T21:04:41+08:00",
"type": "config:Config:NonCompliantNotification",
"aliyunaccountid": "123456789098****",
"aliyunpublishtime": "2020-11-19T21:04:42Z",
"aliyuneventbusname": "default",
"aliyunregionid": "cn-hangzhou",
"aliyunpublishaddr": "172.25.XX.XX"
}The following table describes the fields in the data parameter.
Field | Type | Example | Description |
annotation | String | | The annotation. The value is a JSON string. |
riskLevel | String | Critical | The risk level. |
dataType | String | NonCompliantNotification | The type of data. |
evaluationResultIdentifier | String | | The evaluation result identifier. The value is a JSON string. |
eventType | String | ResourceCompliance | The type of the event. |
invokingEventMessageType | String | Manual | The mode in which the event was invoked. |
configRuleInvokedTimestamp | Number | 1637657187979 | The timestamp when a configured rule was invoked. |
complianceType | String | NON_COMPLIANT | The compliance evaluation result. |
accountId | String | 100931896542**** | The ID of the Alibaba Cloud account to which the resource belongs. |
requestId | String | 96dc838e-708d-4429-aa1b-121d1fee**** | The ID of the request. |
resultRecordedTimestamp | Number | 1637658505230 | The timestamp when the result was recorded. |
eventName | String | NonCompliant | The name of the event. |
notificationCreationTime | Number | 1637658505710 | The time when the notification event was created. |