Check resource compliance for a single account

Prerequisites

• Your Alibaba Cloud account is not part of a resource directory.

• Cloud Config is activated. Activate Cloud Config.

• An ECS instance is created. Create an instance.

• Simple Log Service is activated. Activate Simple Log Service.

  Important

  Activating Simple Log Service is free. Charges apply when Cloud Config delivers resource data to Simple Log Service and when you query and analyze logs. Billing overview.

Step 1: View your resource inventory

ECS instances you create appear on the Global Resources page in Cloud Config.

1. Log on to the Cloud Config console.

2. On the Global Resources page, find your resource. Click Global Resources in the left navigation bar. Use the filters (Filter by Resource ID, Select Resource Type, Select Region, Resource Status) to locate your ECS instance.

Step 2: Create a compliance package

Use the default rules in the BestPracticesForECS compliance package template to check ECS instance compliance.

1. In the left-side navigation pane, choose Compliance & Audit > Compliance Package.

2. On the Compliance Package page, click Create Package in the upper-left corner.

3. On the Select Template (Optional) page, click the icon in the upper-right corner of the BestPracticesForECS compliance package template, and then click Next.

4. On the Set Basic Properties page, enter a compliance package name, keep the defaults, and click Next.

5. On the Select rules page, all rules in the BestPracticesForECS template are selected by default. Click Next.

To add rules, click Add More Rules, select rules from the Rule Template or Existing Rules List tab, and click OK.

6. On the Set Rule Parameters page, configure rule parameters as needed, and click OK.

Step 3: View compliance evaluation results

View evaluation results for your ECS instances and remediate non-compliant configurations.

1. In the left-side navigation pane, choose Compliance & Audit > Compliance Package.

2. On the Compliance Package page, find the compliance package you created in Step 2 and click its ID.

3. On the compliance package details page, click Download Report. In the Download Compliance Report dialog box, click OK.

   An Excel compliance report is downloaded.

4. Open the compliance report. On the Non-compliant Resources tab, filter by ECS instance ID and follow the Remediation Suggestions column to fix non-compliant configurations.

Step 4: Deliver non-compliance events to SLS

Deliver resource non-compliance events to a Simple Log Service Logstore for query and analysis.

1. On the Deliveries page, click Create Delivery in the upper-left corner.

2. On the Create Delivery page, enter a Delivery Name. Set Channel Type to Log Service, set Content to Non-compliance Events, and set Logstore Source to Create a new log item in this account.. Select a Project Region and enter a Project Name and a Logstore Name. Keep the default resource type to include all types.

3. Click OK.

   Cloud Config automatically creates a project and a Logstore in the Simple Log Service console and delivers non-compliance events to this Logstore.

   Important

   Charges apply when Cloud Config delivers resource data to Simple Log Service and when you use query and analysis features. To stop charges, you can delete the project in the Simple Log Service console, which invalidates the delivery and stops further data delivery. Manage projects.

4. View, query, and analyze the delivered non-compliance events.

   1. On the Deliveries page, click the ID of the delivery you created.

   2. On the delivery details page, find Logstore Name in the Extended Information section and click the Logstore name to open it in the Simple Log Service console.

   3. In the Error dialog box, click Close. This error code IndexConfigNotExist indicates that indexing is not enabled for the Logstore.

      Note

      Logstores created from Cloud Config do not have indexing enabled by default.

   4. Enable indexing for the Logstore.

      Create indexes.

   5. Query and analyze the logs in the Logstore.

      Query and analysis quick start.

      Note

      JSON format example: Resource non-compliance event sample.