All Products
Search
Document Center

Cloud Config:Use CloudMonitor to trigger alert notifications for non-compliance events

最終更新日:Apr 23, 2024

If the configuration of a resource is evaluated as non-compliant, Cloud Config automatically delivers a non-compliance event to CloudMonitor. You can view the non-compliance event in the CloudMonitor console. You can also use the event alert feature of CloudMonitor to trigger an alert notification for the non-compliance event.

Scenarios

In this example, a rule of the high-risk level is created in the Cloud Config console based on the ecs-instance-deletion-protection-enabled managed rule. Cloud Config automatically evaluates all Elastic Compute Service (ECS) instances within your Alibaba Cloud account. Specific ECS instances are evaluated as non-compliant.

Step 1: Create a rule

  1. Log on to the Cloud Config console.

  2. In the left-side navigation pane, choose Compliance & Audit > Rules.

  3. On the Rules page, click Create Rule.

  4. In the Select Create Method step, select Based on managed rule, search for and select the ecs-instance-deletion-protection-enabled managed rule, and then click Next.

  5. In the Set Basic Properties step, use default values for the Rule Name, Parameter Settings, Risk Level, Trigger, and Description parameters. Then, click Next.

  6. In the Set Effective Scope step, use the default resource type and click Next.

  7. In the Set Remediation step, click Submit.

    In the Compliance Result of Related Resources section on the Result tab, view the evaluation results of ECS instances against the rule.

Step 2: Set an alert rule

In this example, alert notifications are sent to the specified alert contacts by using emails.

  1. Create an alert contact.

    1. Log on to the CloudMonitor console.

    2. In the left-side navigation pane, choose Alerts > Alert Contacts.

    3. On the Alert Contacts tab, click Create Alert Contact.

    4. In the Set Alert Contact panel, enter the name and email address of the alert contact.

      Note

      For more information about how to send alert notifications by using DingTalk, Lark, Wecom, and Slack, see the Create an alert contact section of the "Create an alert contact or alert contact group" topic.

    5. Confirm the parameter settings and click OK.

    6. Activate the email address of the alert contact.

      By default, the email address of the alert contact is in the Pending Activation state. After the alert contact receives an email that contains the activation link, the alert contact must activate the email address within 24 hours. Otherwise, the alert contact cannot receive alert notifications. After the email address is activated, you can view the email address in the alert contact list.

  2. Create an alert contact group.

    1. On the Alert Contacts page, click the Alert Contact Group tab.

    2. On the Alert Contact Group tab, click Create Alert Contact Group.

    3. In the Create Alert Contact Group panel, enter a name for the alert contact group and add alert contacts to the alert contact group.

    4. Click Confirm.

  3. Create an event subscription policy.

    After Cloud Config delivers all non-compliance events to CloudMonitor, you can create an event subscription policy based on your business requirements to receive alert notifications for non-compliance events in emails.

    1. In the left-side navigation pane, choose Event Center > Event Subscription.

    2. On the Subscription Policy tab, click Create Subscription Policy.

    3. On the Create Subscription Policy page, configure the following parameters:

      • Basic information: Enter a name for the subscription policy.

      • Alert Subscription: Set the Subscription Type parameter to System events. In the Subscription Scope section, set the Products parameter to CloudConfig, the Event Type parameter to Notifications, the Event name parameter to ConfigurationNonCompliantNotification, and the Event Level parameter to Notification (Info). Enter one or more keywords in the Event Content field or leave this parameter empty. Leave the Application grouping and Event Resources parameters empty.

        Note
        • For more information about the system events supported by Cloud Config, see the events listed on the CloudConfig page.

        • The information that you enter in the Event Content field is used to match the events. For example, if you enter Critical in the Event Content field, only rules whose Risk Level is High in Cloud Config are matched. You can leave this parameter empty or enter one or more keywords based on your business requirements.

      • Combined noise reduction: Use the default settings.

      • Notification: Select the alert contact group that you created in Step 2 from the Notification Configuration drop-down list. Use the default settings for the Custom notification method parameter.

        Note
        • For more information about how to create a notification configuration, see the Create a notification configuration policy section of the "Manage notification configurations" topic.

        • CloudMonitor automatically sends alert notifications based on the notification methods for the alert contacts in the specified alert contact group and the corresponding alert levels in the custom notification method.

      • Push and Integration: No configuration is required.

    4. Click Submit.

References