DocsICP FilingConsole
官方文档
首页

Configure template remediation

更新时间:
复制 MD 格式
产品详情
我的收藏

If a managed rule supports template remediation, you can select a preset remediation template to fix non-compliant resources through Operation Orchestration Service (OOS). When a resource is evaluated as Non-compliant, execute the remediation to make it compliant.

Limits

Only some managed rules support template remediation. Supported rules are listed in Managed rules.

Background

This example uses the required-tags managed rule to show how to configure and run template remediation.

The required-tags managed rule checks whether a resource has all specified tags. For example, if all ECS instances must have the tag Project:A, use the required-tags rule to monitor them. ECS instances without this tag are evaluated as Non-compliant. You can then run a remediation to add the required tag to all non-compliant instances.

Procedure

  1. Log on to the Cloud Config console.

  2. Optional. In the upper-left corner, select an account group.

    This operation is required only if you are using a management account of a resource directory. Otherwise, you do not need to perform the operation.

  3. In the left-side navigation pane, choose Compliance & Audit > Rules.

  4. On the Rules page, click Create Rule.

  5. On the Select Create Method page, select Based on managed rule, select required-tags from the list, and then click Next.

  6. On the Set Basic Properties page, set Key to Project and Expected Value to A. Keep the defaults for other parameters, then click Next.

  7. On the Set Effective Scope page, select ECS instance as the resource type, leave the other parameters unchanged, and click Next.

  8. On the Remediation Settings page, turn on the Set Correction switch, select Template Remediation, set Invoke Type to Manual Remediation, and select Add tags to specified resources as the Remediation Template. Click Submit.

    Important

    • Automatic remediation modifies non-compliant resources based on preset parameters and may disrupt your business. Invoke Type is set to Manual Remediation by default. We recommend keeping this setting.

    • If you are sure the remediation will not affect your business, set Invoke Type to Automatic Remediation. Cloud Config then automatically remediates non-compliant resources.

  9. Trigger the remediation.

    1. On the Rules page, find the rule and click Remediation Detail in the Remediation Template column.

    2. On the Remediation Detail tab, click Perform Manual Correction next to Remediation Detail.

      The Execution Result List section displays remediation results and failure reasons.

Previous:Remediation overviewNext:Configure custom remediation