Integrate EventBridge and Cloud Config with Operation Center to implement automatic creation of O&M items - CloudOps Orchestration Service

An O&M item refers to an operational issue that requires troubleshooting and fixing. In Operation Center, you can view the details of each O&M item, including its status and related resources. This topic describes how to use the EventBridge and CloudConfig services to implement automatic creation of O&M items in Operation Center.

Terms

EventBridge is a serverless event bus service provided by Alibaba Cloud. EventBridge routes events between applications by using the standard CloudEvents 1.0 protocol and helps you build a loosely coupled and distributed event-driven architecture. For more information, see What is EventBridge?
CloudConfig is a resource auditing service. Cloud Config can help you evaluate a large number of resources and maintain the continuous compliance of your cloud infrastructure. For more information, see What is Cloud Config?

Billing

For information about the billing of EventBridge, see Billing.
For information about the billing of CloudConfig, see Billing.

Prerequisites

EventBridge is activated. For more information, see Activate EventBridge and grant permissions to a RAM user.
CloudConfig is activated. For more information, see Activate Cloud Config.

Process

After you configure the Cloud Config rules, the system sends messages to EventBridge if non-compliant resources are detected. After EventBridge receives messages, a processing program is triggered to call the API operation for creating O&M items. In this case, the automatic creation of O&M items is implemented.

Create an event rule

The following table describes the regions in which EventBridge allows Operation Center to automatically create O&M items.

Region name	Region ID
China (Qingdao)	cn-qingdao
China (Shanghai)	cn-shanghai
China (Beijing)	cn-beijing
China (Zhangjiakou)	cn-zhangjiakou
China (Ulanqab)	cn-wulanchabu
China (Hangzhou)	cn-hangzhou
China (Shenzhen)	cn-shenzhen
China (Hohhot)	cn-huhehaote
China (Heyuan)	cn-heyuan
China (Guangzhou)	cn-guangzhou
China (Chengdu)	cn-chengdu
China (Hong Kong)	cn-hongkong
Japan (Tokyo)	ap-northeast-1
Singapore	ap-southeast-1
Malaysia (Kuala Lumpur)	ap-southeast-3
Indonesia (Jakarta)	ap-southeast-5
US (Silicon Valley)	us-west-1
US (Virginia)	us-east-1
China East 2 Finance	cn-shanghai-finance-1
Thailand (Bangkok)	ap-southeast-7

Procedure

Log on to the EventBridge console.
In the left-side navigation pane, click Event Buses.
In the top navigation bar, select a region.
On the Event Buses page, find the system event bus and click its name default.
In the left-side navigation pane, click Event Rules.
In the left-side navigation pane, click Event Rules. On the page that appears, click Create Rule.

Parameters

In the Create Rule panel, perform the following steps:

In the Configure Basic Info step, enter a rule name in the Name field and a rule description in the Description field. Then, click Next Step.
In the Configure Event Pattern step, set the Event Source Type parameter to Alibaba Cloud Service Event Source and select acs.config from the Event Source drop-down list. Then, enter "type": ["config:CloudMonitor:ConfigurationNonCompliantNotification"], in the Pattern Content field and click Next Step.
Note
This event rule listens to all rules that are enabled in Cloud Config to detect non-compliance events.

In the Configure Targets step, set the Service Type parameter to acs.openapi.oos and the API Version parameter to 2019-06-01. Then, select an API operation from the API Type drop-down list and configure parameters in the API Parameters section. The following table describes the API parameters that you can configure. In this example, an event rule is created to audit non-compliance events.

Example

{
    "datacontenttype": "application/json;charset=utf-8",
    "aliyunaccountid": "15634*******22",
    "data": {
        "annotation": "{\"configuration\":\"\",\"desiredValue\":\"i-bp*******z0tptjbgu\",\"operator\":\"Contains\",\"property\":\"$.Propertys[*].InstanceId\",\"reason\":\"FeaturePath not exist\"}",
        "accountId": 15634*******22,
        "riskLevel": "Warning",
        "requestId": "f9bce983-1460-4b83-ac81-724b*******3a",
        "dataType": "NonCompliantNotification",
        "eventName": "NonCompliant",
        "evaluationResultIdentifier": {
            "orderingTimestamp": 1726747626751,
            "evaluationResultQualifier": {
                "resourceId": "i-bp*******z0tptjbgu",
                "configRuleName": "ecs-instance-running-process-check",
                "sourceIdentifier": "ecs-instance-running-process-check",
                "configRuleId": "cr-8315e6183e*******b1",
                "configRuleArn": "acs:config::15634*******22:rule/cr-8315e6183*******b1",
                "captureTime": 1726747626751,
                "regionId": "cn-hangzhou",
                "resourceName": "ESS-asg-asg-bp1efisbt64zu16lebhm",
                "resourceArn": "acs:ecs:cn-hangzhou:15634*******22:instance/i-bp*******z0tptjbgu",
                "resourceGroupId": "rg-acfmzmhzoaad5oq",
                "resourceOwnerId": 15634*******22,
                "resourceType": "ACS::ECS::Instance"
            }
        },
        "eventType": "ResourceCompliance",
        "invokingEventMessageType": "ScheduledNotification",
        "notificationCreationTime": 1726749483808,
        "complianceType": "NON_COMPLIANT"
    },
    "subject": "acs:config:cn-hangzhou:1563457855438522:instance/i-bp*******z0tptjbgu",
    "aliyunoriginalaccountid": "15634*******22",
    "source": "acs.config",
    "type": "config:CloudMonitor:ConfigurationNonCompliantNotification",
    "aliyunpublishtime": "2024-09-19T12:38:18.889Z",
    "specversion": "1.0",
    "aliyuneventbusname": "default",
    "id": "315C0C75DB4E0B4CBA0DA*******AF6EB802C92E7-CMS",
    "time": "2024-09-19T12:38:04.000Z",
    "aliyunregionid": "cn-hangzhou"
}

Parameter	Type	Description	Example
RegionId	Partial event	The ID of the region in which Operation Center creates an O&M item.	$.aliyunregionid
Title	Partial event	The name of the O&M item.	$.data.evaluationResultIdentifier.evaluationResultQualifier.configRuleName
Description	Partial event	The description of the O&M item.	$.data.evaluationResultIdentifier.evaluationResultQualifier.configRuleId
Severity	Fixed value	The severity level. Valid values: Critical, High, Medium, and Low. You can configure this parameter based on your business requirements.	Medium
Source	Partial event	The source based on which the O&M item is created.	$.source
Category	Fixed value	The category of the O&M item. Valid values: Availability, Cost, Performance, Recovery, and Security.	Availability
Priority	Fixed value	The priority of the O&M item. Valid values: 1 to 5. The value 1 indicates the highest priority.	3
DedupString	Partial event	The system does not repeatedly create O&M items for non-compliance events of the same resource based on the same rule.	$.data.evaluationResultIdentifier.evaluationResultQualifier.configRuleName
Resources	Template	The Alibaba Cloud Resource Names (ARNs) of the associated resources.	Specify the resources by using a variable `{ "resourceArn":"$.data.evaluationResultIdentifier.evaluationResultQualifier.resourceArn" }` Specify the resources by using a template `["${resourceArn}"]`
Solutions	Template	The solutions.	Specify the resources by using a variable `{ "document_url": "$.data.evaluationResultIdentifier.evaluationResultQualifier.helpUrls" }` Specify the resources by using a template `[{ "priority": 1, "type": "url", "url": "${document_url}", "description": "You can refer to the solution document for O&M processing." }]`

Select a RAM role that has the permissions to call the CreateOpsitem operation of CloudOps Orchestration Service (OOS). If the RAM role does not exist, click Authorization to grant the required permissions to a RAM role.

Create a Cloud Config rule

You can use one of the following methods to create a Cloud Config rule.

Method	Description
Create a rule based on a managed rule	Cloud Config allows you to quickly create rules based on managed rules for network security, data security, account security, and resource management.
Create a custom rule based on conditions	You can create a custom rule in a flexible manner by specifying the resource characteristic, operator, and expected value.
Create a custom rule based on Function Compute	If you want to use custom functions to check the values of specific metrics, such as the number of CPU cores, you can create a custom rule based on Function Compute.

In this example, a rule is created based on a managed rule to check whether an ApsaraDB RDS instance is of the multi-zone architecture.

Log on to the Cloud Config console. In the left-side navigation pane, choose Compliance & Audit > Rules. On the Rules page, click Create Rule.
In the Select Create Method step, enter multi-zone in the search box, select a rule that checks whether an ApsaraDB RDS instance is of the multi-zone architecture, and then click Next.
In the Set Basic Properties step, use the default values for the parameters and click Next.
In the Set Effective Scope step, use the default values for the parameters and click Next.
In the Set Remediation step, use the default value for the parameter and click Submit.

View the effect

Log on to the Cloud Config console. In the left-side navigation pane, choose Compliance & Audit > Rules. View non-compliant resources.
Log on to the CloudOps Orchestration Service console. In the left-side navigation pane, click Operation Center. On the Operation Center page, click the O&M Items tab. On the O&M Items tab, you can view the O&M items that are automatically created for non-compliant resources.