Example of a resource non-compliance event-Cloud Config(CloudConfig)-阿里云帮助中心

Cloud Config can send resource non-compliance events to Simple Message Queue (formerly MNS).

Content example

In this example, a non-compliance event is generated for the ECS instance test_Instance in the China (Beijing) region. This event is delivered to Simple Message Queue (formerly MNS). The instance belongs to the Alibaba Cloud account 120886317861**** in single-account mode.

{
    "annotation": "{\"configuration\":\"classic\",\"desiredValue\":\"vpc\",\"operator\":\"StringEquals\",\"property\":\"$.InstanceNetworkType\"}",
    "riskLevel": "Warning",
    "dataType": "NonCompliantNotification",
    "evaluationResultIdentifier": {
        "orderingTimestamp": 1630907917476,
        "evaluationResultQualifier": {
            "resourceId": "i-2ze1qff61suafi71****",
            "configRuleName": "ECS instances must use VPCs",
            "configRuleId": "cr-b9046457e0d9003f****",
            "captureTime": 1630907917476,
            "resourceName": "test_Instance",
            "configRuleArn": "acs:config::120886317861****:rule/cr-b9046457e0d9003f****",
            "regionId": "cn-beijing",
            "resourceOwnerId": 120886317861****,
            "resourceType": "ACS::ECS::Instance"
        }
    },
    "eventType": "ResourceCompliance",
    "invokingEventMessageType": "Manual",
    "complianceType": "NON_COMPLIANT",
    "accountId": 120886317861****,
    "requestId": "a13f5505-427d-41ef-ab2e-606394abb9a8",
    "eventName": "NonCompliant",
    "notificationCreationTime": 1630907919929
}

Parameters

The following table describes the main parameters in a resource non-compliance event delivered to Simple Message Queue (formerly MNS).

Parameter	Description
annotation	Details about why the resource is non-compliant.
riskLevel	The risk level of the rule. Valid values: `Info`: Low risk. `Warning`: Medium risk. `Critical`: High risk.
dataType	The type of content delivered to Simple Message Queue (formerly MNS). Valid values: `ConfigurationItemChangeNotification`: Resource configuration history. `NonCompliantNotification`: Resource non-compliance event.
evaluationResultIdentifier	The resource compliance evaluation details, including the evaluation time and related information.
orderingTimestamp	The timestamp of the resource compliance evaluation.
evaluationResultQualifier	The resource compliance evaluation qualifier, including the resource ID, resource name, resource type, rule name, and rule ID.
eventType	The event type. Valid values: `ResourceChange`: Resource configuration history event. `ResourceCompliance`: Resource non-compliance event.
invokingEventMessageType	The trigger mechanism of the rule. Valid values: `ScheduledNotification`: Triggered periodically. `ConfigurationItemChangeNotification`: Triggered by a configuration item change. `Manual`: Triggered manually.
complianceType	The compliance type. The value is `NON_COMPLIANT`.
accountId	The ID of the account to which the resource belongs. Cloud Config supports the following types of accounts: Ordinary account: An ordinary account is an independent Alibaba Cloud account that is not included in a resource directory by a management account. Management account: A management account is an Alibaba Cloud account that enables a resource directory and manages all member accounts. Member account: A member account is an Alibaba Cloud account in a resource directory. Single-account mode: the ID of an Alibaba Cloud account that is not added to a resource directory by a management account. Multi-account mode: the ID of a management account or member account.
eventName	The event name. The value `NonCompliant` indicates a resource non-compliance event.
notificationCreationTime	The timestamp when the notification was created.