Relationships with Other Services
The following describes the relationships between Config and other services.
|
Service |
Description |
Function |
Related Operation |
|---|---|---|---|
|
SMN |
You can specify an SMN topic when you enable the resource recorder.
NOTE:
If you have configured an OBS bucket and you do not need notifications for resource changes, you do not need to configure an SMN topic. |
You will receive a notification if a change is made to your resource. |
|
|
OBS |
You can specify an OBS bucket when you enable the resource recorder.
NOTE:
If you have configured an SMN topic and you do not need an OBS bucket for resource dump, you do not need to configure an OBS bucket. |
If you have configured an SMN topic and an OBS bucket, the resource recorder stores resource change notifications into the specified OBS bucket every 6 hours. |
|
|
The resource recorder stores your resource snapshots into the specified OBS bucket every 24 hours. |
|||
|
IAM |
You need to assign Config related permissions when you configure the resource recorder. |
The Quick granting mode grants Config the permissions to send resource change notifications with an SMN topic and store data into an OBS bucket. For more refined permission control, use custom authorization. |
|
|
When creating a conformance package, you can use IAM for custom authorization. |
If you decide to not use custom authorization when creating a conformance package, Config will be automatically assigned an agency that contains required RFS permissions. You can also create a custom agency with IAM. The agency must contain required permissions for RFS to create, modify, and delete rules in a conformance package. |
||
|
You can use IAM to control user access to Config. |
You can assign users system-defined or custom policies through IAM to decide which operations they can perform on Config. |
||
|
CTS |
CTS records operations on Config. |
CTS helps you record operations on Config for later query, audit, and backtrack. |
|
|
FunctionGraph |
You can use FunctionGraph to create a custom policy to evaluate resource compliance. |
To create a custom rule, you need to use FunctionGraph. Each custom rule is associated with a Function Graph function. Config reports events to the function. The function collects rule parameters and resource attributes from the events; evaluates whether your resources comply with the rule; and returns evaluation results using Open APIs of Config. |
|
|
You can use a FunctionGraph function to remediate noncompliant resources. |
Each remediation configuration of a rule can be associated with a FunctionGraph function. The function contains the logic for remediating noncompliant resources. |
- |
|
|
Resource Formation Service (RFS) |
To create, update, and delete rules in a conformance package, an RFS resource stack is required. |
A conformance package is a collection of rules. The rules in a conformance package are created, updated, and deleted through an RFS resource stack. |
|
|
You can use an RFS private template to remediate noncompliant resources. |
Each remediation configuration of a rule can be associated with an RFS private template. The template contains the logic for remediating noncompliant resources. |
- |
|
|
Resource Access Manager (RAM) |
When adding a custom organization rule, you need to share your FunctionGraph functions with your organization members through RAM. |
A custom policy of a rule is a function developed and published with FunctionGraph. When deploying a custom rule across an organization, you need to share the function with the organization members through RAM. |
|
|
Organizations |
An organization administrator or a delegated Config administrator can create rules, conformance packages, and resource aggregators in a unified manner and deploy them to all member accounts that are in the normal state in the organization. |
After Config is enabled as a trusted service through Organizations, it is able to access the information about organization units and members and use related capabilities at an organization level. |
|
|
Cloud Eye |
Certain Config events can be reported to and related alarm rules can be configured with Cloud Eye for service monitoring. |
Cloud Eye can provide data about operations on Config. Related alarms can also be configured. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
