A managed rule is a piece of logical judgment code that is stored in a rule function of Function Compute. You can create a rule based on a managed rule provided by Cloud Config to audit associated resources.
Procedure
Log on to the Cloud Config console.
Optional. In the upper-left corner, select an account group.
This operation is required only if you are using a management account of a resource directory. Otherwise, you do not need to perform the operation.
In the left-side navigation pane, choose .
-
On the Rules page, click Create Rule.
-
On the Select Create Method page, select Based on managed rule, choose a rule from the list, and then click Next.
NoteFor more information about the rule templates that are supported by Cloud Config, see Rule template list.
-
On the Set Basic Properties page, set the rule name, parameters, risk level, and trigger, and enter a description. Then, click Next.
-
On the Set Effective Scope page, set the resource type and click Next.
You can also configure the Excluded Resource IDs, Effective for the designated resource groups, Effective for designated regions, and Effective for designated tags parameters to narrow down the scope of applicable resources.
-
On the Set Correction page, click Submit.
You can enable Settings Remediation and configure template remediation or custom remediation for the rule. For more information about remediation, see Overview of remediation settings.