Updated on 2025-07-30 GMT+08:00

Using Config to Audit DEW

You can use Config to quickly create a group of DEW compliance rules to evaluate whether your resources meet compliance requirements. After compliance rules are created, multiple mechanisms can be used to trigger rule evaluation. You can check the evaluation results to learn about the compliance status of resources. For details, see Resource Compliance.

Preset DEW Policies Supported by Config

Table 1 Predefined policies

Policy

Triggered By

Object

Key Status Check

Configuration changes

kms.keys

Key Rotation Has Been Enabled

Configuration changes

kms.keys

CSMS Secrets Are Rotated

Configuration changes

csms.secrets

CSMS Secrets Have Enabled Automatic Rotation

Configuration changes

csms.secrets

CSMS Secrets Have Been Configured with Specified KMS Keys

Configuration changes

csms.secrets

CSMS Secrets Have Been Rotated Within the Specified Period

Triggered periodically

csms.secrets

Configuring DEW Audit Using Config

  1. Log in to the DEW console.
  2. Click in the upper left corner and choose Management & Governance > Config.
  3. In the navigation pane on the left, choose Resource Conformance.
  4. In the displayed Rules tab, click Add Rule. Set the basic information on the displayed Basic Configurations page.

    1. Policy Type: Select Built-in policy.
    2. Built-in Policy: Click the text box, choose Tag > kms or csms, and select the policy to be audited.
    Figure 1 Adding an audit rule

  5. Click Next. On the displayed page, set Trigger Type and Execute Every.
  6. Click Next, confirm the information, and click Submit.
  7. You can view the added compliance rule in the rule list. Click the rule name to access its details page, on which you can view the compliance evaluation result.