Config
Config
All results for "
" in this service
All results for "
" in this service
What's New
Service Overview
Config Infographics
What Is Config?
Function Overview
Billing
Permissions
Basic Concepts
Relationships with Other Services
Constraints and Limitations
Getting Started
Enabling the Resource Recorder
Filtering Resources
Evaluating Resource Compliance
User Guide
Resource List
Viewing Resources
Querying All Resources
Querying Details About a Resource
Filtering Resources
Exporting the Resource List
Viewing Resource Compliance Data
Viewing Resource Relationships
Viewing Resource Changes
Resource Recorder
Overview
Configuring the Resource Recorder
Batch Configuring the Resource Recorder
Notifications
Storing Resource Snapshots
Storing Resource Change Notifications
Resource Compliance
Overview
Rules
Adding a Rule with a Predefined Policy
Adding a Custom Rule
Viewing a Rule
Triggering a Rule
Editing a Rule
Example Custom Rules
Example Functions (Python)
Events
Organization Rules
Adding a Predefined Organization Rule
Creating a Custom Organization Rule
Viewing an Organization Rule
Modifying an Organization Rule
Deleting an Organization Rule
Example Custom Organization Rules
Example Functions (Python)
Events
Viewing Noncompliant Resources
Compliance Rule Concepts
Policy
Rule
Evaluation Results
Built-In Policies
Predefined Policy List
General Policies
Resource Names Meet Regular Expression Requirements
Resources Have All the Specified Tags Attached
Resources Have One of the Specified Tags Attached
Tag Prefixes and Suffixes Check
Resources Have at Least One Tags Attached
Resource Tag Check
Resources Are in Specified Enterprise Projects
Resources Are in Specified Regions
Resource Type Check by Specifying Allowed Resource Types
Resource Type Check by Specifying Unallowed Resource Types
API Gateway
Dedicated API Gateways Have an Authorization Type Set
Dedicated API Gateways Have Logging Enabled
Dedicated API Gateways Use SSL certificates
CodeArts Deploy
Clusters Are Available
Project Parameter Encryption Check
MapReduce Service
MRS Clusters Have Specified Security Groups Attached
MRS Clusters Are in Specified VPSs
MRS Clusters Have Kerberos Enabled
MRS Clusters Support Multi-AZ Deployment
MRS Clusters Do Not Have EIPs Attached
MRS Clusters Have KMS Encryption Enabled
NAT Gateway
Private NAT Private Gateways Are in Specified VPCs
VPC Endpoint
VPC Endpoint Check for Specified Services
Web Application Firewall
WAF Instances Have Protection Policies Attached
WAF Protection Policies Are Not Empty
WAF Instances Have Domain Name Protection Enabled
WAF Policies Have Geolocation Access Control Enabled
WAF Instances Have Block Policies Attached
Elastic Load Balance
Load Balancers Do Not Have EIPs Attached
ELB Listeners Have Specified Security Policies Added
ELB Listeners Are Configured with HTTPS
Weight Check for Backend Servers
HTTPS Redirection Check
Single-AZ Load Balancer Check
Elastic IP
Bandwidth Check
Idle Elastic IP Check
Elastic IPs Are Used Within a Given Period of Time
Auto Scaling
Priority Policy Check
AS Groups Are Associated with an Elastic Load Balancer that Uses Health Check
Multi-AZ Deployment Has Been Configured
IPv6 Bandwidth Check
AS Groups Are in Specified VPCs
Scalable File Service Turbo (SFS Turbo)
SFS Turbo File Systems Have KMS Encryption Enabled
SFS Turbo Systems Are Associated with Backup Vaults
Backup Time Check
Elastic Cloud Server
Flavor Check
Image Check
Image Check by Tag
Security Group Check by ID
VPC Check by ID
ECSs Have Key Pairs Attached
ECSs Cannot Be Accessed Through Public Networks
An ECS Does Not Have Multiple EIPs Attached
Idle ECS Check
ECSs Have IAM Agencies Attached
Image Check by Name
ECSs Have Backup Vaults Attached
Backup Time Check
ECSs Have HSS Agents Attached
Distributed Cache Service
DCS Memcached Instances Support SSL
DCS Memcached Instances Are in a Specified VPC
DCS Memcached Instances Do Not Have EIPs Attached
Access Mode Check
DCS Redis Instances Support SSL
Cross-AZ Deployment Check
DCS Redis Instances Are in the Specified VPC
DCS Redis Instances Do Not Have EIPs Attached
Access Mode Check
FunctionGraph
Concurrency Check
Functions Are in the Specified VPC
Public Access Check
Basic Configuration Check
FunctionGraph Functions Have Log Collection Enabled
Content Delivery Network (CDN)
CDN Domains Use HTTPS Certificates
Origin Protocol Policy Check
TLS Version Check
Certificate Source Check
Config
The Resource Recorder Is Enabled
Data Warehouse Service
KMS Encryption Check
DWS Clusters Have Enabled Audit Log Dumps
DWS Clusters Have Enabled Automated Snapshots
DWS Clusters Use SSL
DWS Clusters Do Not Have EIPs Attached
O&M Time Window Check
DWS Clusters Are in Specified VPCs
Data Replication Service
Network Type Check for DR Tasks
Network Type Check for Migration Tasks
Network Type Check for Synchronization Tasks
Data Encryption Workshop
Key Status Check
Key Rotation Has Been Enabled
CSMS Secrets Are Rotated
Identity and Access Management
Key Rotation Check
IAM Policies Do Not Allow Blocked Actions on KMS Keys
Each User Group Has at Least One User
Password Strength Check
Unintended Policy Check
Admin Permissions Check
Custom Policies Do Not Allow All Actions for a Service
The Root User Does Not Have Available Access Keys
Access Mode Check
Access Key Check
IAM Users Are in Specified User Groups
Last Login Check
Multi-Factor Authentication Check
A User Does Not have Multiple Active Access Keys
MFA Has Been Enabled for Console Login
The Root User Has MFA Enabled
All IAM Policies Are in Use
All IAM Roles Are in Use
Login Protection Check
IAM Agencies Contain Specified Policies
The Admin User Group Only Contains the Root User
Document Database Service
SSL Has Been Enabled
Instance Type Check
DDS Instances Do Not Have EPIs Attached
DDS Instances Do Not Have Unallowed Ports Enabled
DDS Instance Version Check
DDS Instances Are in the Specified VPC
Simple Message Notification
Log Reporting to LTS Has Been Enabled
Virtual Private Cloud
Idle ACL Check
Default Security Group Check
VPCs Have Enabled Flow Logs
Port Check
Inbound Traffic Can Only Access Specified Ports
SSH Check
Access Control Check for Non-whitelisted Ports
A Security Group is Attached to Elastic Network Interfaces
Virtual Private Network
Connection State Check
Cloud Eye
Alarm Rules Are Enabled
Alarm Rules Have Been Configured for Key Disablement and Deletion
Alarm=s Have Been Created for OBS Bucket Policy Changes
Specified Resources Have Certain Metric Attached
Alarm Rule Configurations Check
Alarms Have Been Created for VPC Changes
Cloud Container Engine
CCE Clusters Are Supported for Maintenance
Oldest Supported Version Check
CCE Clusters Do Not Have EIPs Attached
Flavor Check
CCE Clusters Are in Specified VPCs
Cloud Trace Service
CTS Trackers Have Traces Encrypted
CTS Trackers Have Trace Transfer to LTS Enabled
CTS Trackers Have Been Created for the Specified OBS Bucket
Trace File Verification Is Enabled
At Least One Tracker Is Enabled
There Are CTS Trackers In the Specified Regions
CTS Trackers Comply with Security Best Practices
Relational Database Service
Error Log Collection Is Enabled for RDS Instances
Error Log Collection Is Enabled for RDS Instances
RDS Instances Support Slow Query Logs
Single-AZ Cluster Check
RDS Instances Do Not Have EIPs Attached
RDS Instances Use KMS Encryption
RDS Instances Are in the Specified VPC
Both Error Logs and Slow Query Logs Are Collected for RDS Instances
Flavor Check
RDS Instances Have SSL Enabled
RDS Instance Port Check
Version Check for RDS Instance Engines
RDS Instances Have Audit Log Enabled
GaussDB
GaussDB Instances Are in the Specified VPC
Audit Log Collection Is Enabled
Automated Backup Is Enabled
Error Log Collection Is Enabled
Slow Query Log Collection Is Enabled
GaussDB Instances Do Not Have EIPs Attached
Cross-AZ Deployment Check
Data Transmission Encryption Is Enabled
GaussDB (for MySQL)
Slow Query Log Collection Is Enabled
Error Log Collection Is Enabled
Backup Is Enabled
Audit Log Collection is Enabled
Data Transmission Encryption Is Enabled
Cross-AZ Deployment Check
GaussDB (for MySQL) Instances Do Not Have EIPs Attached
GaussDB (for MySQL) Instances Are in Specified VPCs
GeminiDB
GeminiDB Instances Have the Slow Log Enabled
GeminiDB Instances Have Error Log Collection Enabled
GeminiDB Instances Have Disk Encryption Enabled
GeminiDB Instances Have Backup Enabled
Single-AZ Instance Check
Cloud Search Service
CSS Clusters Have the Security Mode Enabled
The Snapshot Function Is Enabled for CSS Clusters
Disk Encryption Is Enabled for CSS Clusters
HTTPS Access Is Enabled for CSS Clusters
CSS Clusters Are in Specified VPCs
Single-AZ CSS Cluster Check
A CSS Cluster Has at Least Two Instances
CSS Clusters Are Not Publicly Accessible
CSS Clusters Support the Security Mode
A CSS Cluster Has an Access Control Whitelist Configured
A CSS Cluster Has Kibana Access Control Enabled
Elastic Volume Service
EVS Disk Type Check
Disks Are Used Within the Specified Time
Idle EVS Disk Check
EVS Disks Are Encrypted
Disk Encryption Are Enabled
EVS Disks Have Backup Vaults Attached
Backup Time Check
Cloud Certificate Manager
Expiration Check for Private CAs
Expiration Check for Private Certificates
Private Root CAs Are Disabled
Distributed Message Service for Kafka
Kafka Instances Have SSL Enabled for Access over Private Networks
Kafka Instances Have Enabled SSL for Access over Public Networks
DMS Kafka Instances Are Not Publicly Accessible
Distributed Message Service for RabbitMQ
RabbitMQ Instances Have SSL Enabled
Distributed Message Service for RocketMQ
RocketMQ Instances Have SSL Enabled
Organizations
Accounts Have Been Added to Organizations
Cloud Firewall
CFW Instances Have Protection Policies Attached
Cloud Backup and Recovery
Backup Encryption Check
Backup Policy Execution Frequency Check
Minimum Retention Days of CBR Vault
Object Storage Service
OBS Bucket Policies Do Not Allow Blacklisted Actions
OBS Bucket Policies Only Allow Access from the Specified Objects
Permission Boundary Check
OBS Bucket Policies Do Not Allow Public Read Access
OBS Bucket Policies Do Not Allow Public Write Access
OBS Buckets Do Not Allow HTTP Requests
Image Management Service (IMS)
Private Images Have Encryption Enabled
Bare Metal Server (BMS)
BMSs Have Key Pair Login Enabled
Event Monitoring
Conformance Packages
Overview
Conformance Packages
Creating a Conformance Package
Viewing Conformance Packages and Compliance Data
Modifying a Conformance Package
Deleting a Conformance Package
Organization Conformance Packages
Creating an Organization Conformance Package
Viewing an Organization Conformance Package
Modifying an Organization Conformance Package
Deleting an Organization Conformance Package
Custom Conformance Packages
Conformance Package Templates
Overview
Conformance Package for Classified Protection of Cybersecurity Level 3 (2.0)
Conformance Package for the Financial Industry
Conformance Package for Network Security
Conformance Package for Identity and Access Management
Conformance Package for Cloud Eye
Conformance Package for Compute Services
Conformance Package for ECS
Conformance Package for ELB
Conformance Package for Management and Regulatory Services
Conformance Package for RDS
Conformance Package for AS
Conformance Package for CTS
Conformance Package for AI and Machine Learning
Conformance Package for Autopilot
Conformance Package for Enabling Public Access
Conformance Package for Logging and Monitoring
Conformance Package for Idle Asset Management
Conformance Package for Architecture Reliability
Conformance Package for Hong Kong Monetary Authority of China Requirements
Conformance Package for ENISA Requirements
Conformance Package for SWIFT CSP
Conformance Package for Germany Cloud Computing Compliance Criteria Catalogue
Conformance Package for PCI DSS
Conformance Package for Healthcare Industry
Best Practices of Network and Data Security
Conformance Package for Landing Zone
Architecture Security Best Practices
Best Practices for Network and Content Delivery Service Operations
Best Practices for Idle Asset Management
Multi-AZ Deployment Best Practices
Resource Stability Best Practices
Best Practices for API Gateway
Best Practices for Cloud Container Engine
Best Practices for Content Delivery Network
Best Practices for FunctionGraph
Best Practices for GaussDB
Best Practices for GeminiDB
Best Practices for MapReduce Service
Best Practices for NIST Requirements
Best Practices for Singapore Financial Industry
Best Practices for Secure Identity and Compliance Operations
Advanced Queries
Overview
Restrictions
Creating a Custom Query
Viewing a Query
Modifying a Custom Query
Deleting a Query
Resource Aggregation
Overview
Restrictions
Creating a Resource Aggregator
Viewing Resource Aggregators
Editing an Aggregator
Deleting a Resource Aggregator
Viewing Aggregated Rules
Viewing Aggregated Resources
Authorizing an Aggregator Account
Advanced Queries
Cloud Trace Service
Supported Config Operations
Querying Real-Time Traces
Appendix
Supported Services and Regions
Relationships with Supported Resources
Supported Services and Resources
Notification Models
Resource Change Notification Model
Resource Relationship Change Notification Model
Resource Snapshot Storage Notification Model
Notification Model of Resource Change Notification Storage
Storage Models
Resource Snapshot Storage Model
Storage Model of Resource Change Notifications
ResourceQL Syntax
Overview
Syntax
Functions
API Reference
Before You Start
API Overview
Calling APIs
Making an API Request
Authentication
Response
APIs
Resource Query
Querying Resources of a Specific Type
Listing Cloud Services
Querying a Resource
Listing Resources Recorded by the Resource Recorder
Querying how many resources are recorded by the resource recorder
Querying resource tags recorded by the resource recorder
Querying resource overview recorded by the resource recorder
Querying a specific resource recorded by the resource recorder
Querying All Resources Under Your Account
Querying a Resource Under Your Account
Querying Resource Tags
Querying the Number of Resources
Querying a Resource Summary
Resource Recorder
Querying the Resource Recorder
Deleting the Resource Recorder
Creating or Modifying the Resource Recorder
Resource Relationships
Querying Resource Relationships
Querying Details About Resource Relationships
Resource Change Records
Querying Change Records of a Resource
Compliance
Querying All Built-in Policies
Querying a Built-in Policy
Adding a Rule
Querying All Rules
Modifying a Rule
Querying a Rule
Deleting a Rule
Enabling a Rule
Disabling a Rule
Running a Resource Compliance Evaluation
Querying the Evaluation Status of a Rule
Querying the Compliance Results of a Resource
Querying All Compliance Results of Resources Evaluated by a Rule
Querying All Compliance Results of Resources Under a User
Updating the Compliance Result
Creating an Organization Rule
Querying Organization Rules
Querying a Specific Organization Rule
Deleting an Organization Rule
Updating an Organization Rule
Querying Statuses of Organization Rules
Querying Details About the Rule Statuses of Each Member Account in an Organization
Setting up or Updating Remediation Configurations
Querying Remediation Configurations
Deleting Remediation Configurations
Batch Creating Remediation Exceptions
Batch Deleting Remediation Exceptions
Querying Remediation Exceptions
Starting Remediation
Querying Remediation Results
Collect Remediation Results
Region Management
Querying Regions Visible to You
Advanced Queries
Running Advanced Queries
Creating an Advanced Query
Listing Advanced Queries
Querying an Advanced Query
Updating an Advanced Query
Deleting an Advanced Query
Querying Schemas
Resource Aggregators
Creating a Resource Aggregator
Querying Resource Aggregators
Querying a Specific Resource Aggregator
Querying the Status of a Specific Resource Aggregator Account
Updating a Resource Aggregator
Deleting a Resource Aggregator
Authorizing a Resource Aggregator Account
Querying Authorized Resource Aggregators Accounts
Deleting Authorization for a Resource Aggregator Account
Querying All Pending Aggregation Requests
Deleting Pending Authorization Requests
Querying the Number of Resources of a Resource Aggregator Account
Querying Resources of a Resource Aggregator Account
Querying Details About a Specific Resource in a Source Account
Performing an Advanced Query on a Specific Aggregator
Querying the Compliance Summary of One or More Source Accounts in an Aggregator
Querying Aggregated Rules
Querying Compliance Results of Aggregated Resources
Querying Details About a Specified Aggregated Rule
Conformance Packages
Querying Conformance Packages
Creating a Conformance Package
Querying a Conformance Package
Deleting a Conformance Package
Updating Conformance Packages
Querying the Compliance Results of Conformance Packages
Querying the Compliance Results of Rules in a Conformance Package
Querying the Details about Compliance Results of Resources Evaluated by Rules in a Conformance Package
Querying Scores of Conformance Packages
Querying Built-in Conformance Package Templates
Querying a Built-in Conformance Package Template
Creating organization conformance packages.
List organization conformance packages.
View organization conformance packages.
Delete organization conformance packages.
Updating Organization Conformance Packages
View deployment status of organization conformance packages.
View deployment status of an organization conformance package.
Resource Tags
Querying Resources
Querying Resource Statistics
Batch Adding Resource Tags
Batch Deleting Resource Tags
Querying Resource Tags
Querying Resource Tags by Project
Permissions Policies and Supported Actions
Permissions Policies and Supported Actions
Resource Query
Resource Recorder
Compliance
Advanced Queries
Resource Aggregation
Conformance Packages
Resource Tag
Appendixes
Error Codes
Supported Services and Resource Types
Obtaining an Account ID
Status Codes
Obtaining a Project ID
Change History
SDK Reference
SDK Overview
FAQs
Resource List
Resource Compliance
Resource Recorder
General Reference
Glossary
Service Level Agreement
White Papers
Endpoints
Permissions