DocsICP FilingConsole
官方文档
首页

ListConfigRules

更新时间:
复制 MD 格式
产品详情
我的收藏

Queries the rules for the current account.

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

The table below describes the authorization required to call this API. You can define it in a Resource Access Management (RAM) policy. The table's columns are detailed below:

  • Action: The actions can be used in the Action element of RAM permission policy statements to grant permissions to perform the operation.

  • API: The API that you can call to perform the action.

  • Access level: The predefined level of access granted for each API. Valid values: create, list, get, update, and delete.

  • Resource type: The type of the resource that supports authorization to perform the action. It indicates if the action supports resource-level permission. The specified resource must be compatible with the action. Otherwise, the policy will be ineffective.

    • For APIs with resource-level permissions, required resource types are marked with an asterisk (*). Specify the corresponding Alibaba Cloud Resource Name (ARN) in the Resource element of the policy.

    • For APIs without resource-level permissions, it is shown as All Resources. Use an asterisk (*) in the Resource element of the policy.

  • Condition key: The condition keys defined by the service. The key allows for granular control, applying to either actions alone or actions associated with specific resources. In addition to service-specific condition keys, Alibaba Cloud provides a set of common condition keys applicable across all RAM-supported services.

  • Dependent action: The dependent actions required to run the action. To complete the action, the RAM user or the RAM role must have the permissions to perform all dependent actions.

Action

Access level

Resource type

Condition key

Dependent action

config:ListConfigRules

get

*All Resource

*

 None None

Request parameters

Parameter

Type

Required

Description

Example
ConfigRuleState

string

No

The status of the rule. Valid values:

  • ACTIVE: The rule is active.

  • EVALUATING: The rule is being evaluated.

  • INACTIVE: The rule is inactive.

ACTIVE
ComplianceType

string

No

The compliance evaluation result of the rule. Valid values:

  • COMPLIANT: The rule is compliant.

  • NON_COMPLIANT: The rule is non-compliant.

  • NOT_APPLICABLE: The rule is not applicable.

  • INSUFFICIENT_DATA: No data is available.

COMPLIANT
RiskLevel

integer

No

The risk level of the rule. Valid values:

  • 1: High risk.

  • 2: Medium risk.

  • 3: Low risk.

1
PageNumber

integer

No

The page number. Pages start from page 1.

1
PageSize

integer

No

The number of entries to return on each page. Valid values: 1 to 100.

20
MultiAccount

boolean

No

This parameter is scheduled to be deprecated at 00:00:00 on June 30, 2021. The API of the account group feature that is used to replace this parameter will be available at 00:00:00 on May 30, 2021. If you are using this parameter, we recommend that you switch to the API of the account group feature after 00:00:00 on May 30, 2021. For more information about account groups, see Account groups.

true
MemberId

integer

No

This parameter is scheduled to be deprecated at 00:00:00 on June 30, 2021. The API of the account group feature that is used to replace this parameter will be available at 00:00:00 on May 30, 2021. If you are using this parameter, we recommend that you switch to the API of the account group feature after 00:00:00 on May 30, 2021. For more information about account groups, see Account groups.

123456789
ConfigRuleName

string

No

The name of the rule.

OSS合规管理最佳实践-OSS存储空间ACL禁止公共读访问
CompliancePackId

string

No

The ID of the compliance package to which the rule belongs.

cp-8d5c6457e0d9002a****

Response elements

Element

Type

Description

Example

object

N/A

ConfigRules

object

The list of rules.

ConfigRuleList

array<object>

The list of rules.

array<object>

N/A

AccountId

integer

The ID of the Alibaba Cloud account to which the rule belongs.

987654321
AutomationType

string

The type of the remediation template. The value is LC.

Note

LC: Logic Composer.

LC
Compliance

object

The compliance statistics of the rule.

ComplianceType

string

The compliance evaluation result of the rule. Valid values:

  • COMPLIANT: The rule is compliant.

  • NON_COMPLIANT: The rule is non-compliant.

  • NOT_APPLICABLE: The rule is not applicable.

  • INSUFFICIENT_DATA: No data is available.

COMPLIANT
Count

integer

The number of resources that have the specified compliance evaluation result.

161
CompliancePackId

string

The ID of the compliance package to which the rule belongs.

cp-8d5c6457e0d9002a****
ConfigRuleArn

string

The ARN of the rule.

acs:config::120886317861****:rule/cr-8d5c6457e0d9002a****
ConfigRuleId

string

The rule ID.

cr-8d5c6457e0d9002a****
ConfigRuleName

string

The name of the rule.

OSS合规管理最佳实践-OSS存储空间ACL禁止公共读访问
ConfigRuleState

string

The status of the rule. Valid values:

  • ACTIVE: The rule is active.

  • EVALUATING: The rule is being evaluated.

  • INACTIVE: The rule is inactive.

ACTIVE
CreateBy

object

The information about the creator of the rule.

CompliancePackId

string

The ID of the compliance package.

cp-8d5c6457e0d9002a****
CompliancePackName

string

The name of the compliance package.

OSS合规管理最佳实践
Description

string

The description of the rule.

OSS存储空间的ACL策略禁止公共读访问,视为“合规”。
RiskLevel

integer

The risk level of the rule. Valid values:

  • 1: High risk.

  • 2: Medium risk.

  • 3: Low risk.

1
SourceIdentifier

string

The identifier of the rule.

  • If the rule is a managed rule, the value of this parameter is the name of the managed rule.

  • If the rule is a custom rule, the value of this parameter is the ARN of the function.

oss-bucket-public-read-prohibited
SourceOwner

string

The owner of the rule. Valid values:

  • CUSTOM_FC: a custom rule.

  • ALIYUN: a managed rule.

ALIYUN
Tags

array<object>

The tags of the rule.

object

The tag of the rule.

Key

string

The tag key.

Key1
Value

string

The tag value.

Value1
PageNumber

integer

The page number. Pages start from page 1.

1
PageSize

integer

The number of entries returned per page. Valid values: 1 to 100.

20
TotalCount

integer

The total number of rules.

1
RequestId

string

The request ID.

8195B664-9565-4685-89AC-8B5F04B44B92

Examples

Success response

JSON format

{
  "ConfigRules": {
    "ConfigRuleList": [
      {
        "AccountId": 987654321,
        "AutomationType": "LC",
        "Compliance": {
          "ComplianceType": "COMPLIANT",
          "Count": 161
        },
        "CompliancePackId": "cp-8d5c6457e0d9002a****",
        "ConfigRuleArn": "acs:config::120886317861****:rule/cr-8d5c6457e0d9002a****",
        "ConfigRuleId": "cr-8d5c6457e0d9002a****",
        "ConfigRuleName": "OSS合规管理最佳实践-OSS存储空间ACL禁止公共读访问",
        "ConfigRuleState": "ACTIVE",
        "CreateBy": {
          "CompliancePackId": "cp-8d5c6457e0d9002a****",
          "CompliancePackName": "OSS合规管理最佳实践"
        },
        "Description": "OSS存储空间的ACL策略禁止公共读访问,视为“合规”。",
        "RiskLevel": 1,
        "SourceIdentifier": "oss-bucket-public-read-prohibited",
        "SourceOwner": "ALIYUN",
        "Tags": [
          {
            "Key": "Key1",
            "Value": "Value1"
          }
        ]
      }
    ],
    "PageNumber": 1,
    "PageSize": 20,
    "TotalCount": 1
  },
  "RequestId": "8195B664-9565-4685-89AC-8B5F04B44B92"
}

Error codes

HTTP status code

Error code

Error message

Description
400 NoPermission You are not authorized to perform this operation. You are not authorized to perform this operation.
404 AccountNotExisted Your account does not exist.
503 ServiceUnavailable The request has failed due to a temporary failure of the server. The request has failed due to a temporary failure of the server.

See for a complete list.

Release notes

See Release Notes for a complete list.