Creating a Conformance Package
Scenarios
A conformance package is a collection of compliance rules. The conformance package is compliance-scenario-based. You can use a sample or custom template to create a conformance package.
After a conformance package is created, your resources are evaluated against the rules of the package. Evaluations will continue to be initiated each time the package is triggered. You can also trigger evaluation for a single rule in the rule list page.
Constraints and Limitation
- Up to 50 conformance packages (including organization conformance packages) and 500 rules can be created in an account.
- To create or update a conformance package, you need to enable the resource recorder. For details, see Configuring the Resource Recorder.
Procedure
- Log in to the management console.
- Click
in the upper left corner. Under Management & Governance, click Config. - On the left navigation pane, choose Conformance Package.
- Click Create Conformance Package.
Figure 1 Creating conformance packages
- On the Select Template page, select a sample template, upload a local template, or enter an OBS template URL, and click Next.
- Sample template: templates provided by Config. You can select a sample template from the dropdown list.
For details about the rules contained in each sample template, see conformance package sample template.
- Local template: templates uploaded locally. You can create a custom template and upload the template.
Both the template file and content formats must be JSON. That is, the file name extension must be .tf.json. For details, see custom conformance packages.
- OBS bucket: URLs of the OBS buckets where custom conformance package templates are stored. If your local template file exceeds 50 KB, upload it to an OBS bucket and enter the OBS URL when you need to select a package template.
The OBS URL specifies the location of an object stored in an OBS bucket. To obtain an OBS URL on the OBS console, you need to locate the object and choose More > Copy Object URL in the Operation column on the Objects page.
Figure 2 Selecting a conformance package template
- Sample template: templates provided by Config. You can select a sample template from the dropdown list.
- On the details page that is displayed, enter a package name, select quick authorization or custom authorization, set the parameters required, and click Next.
Figure 3 Detailed information
Table 1 Package parameters Parameter
Description
Name
Conformance package name. A conformance package name is customized and must be unique.
The name can contain letters, numbers, underscores (_), and hyphens (-) and cannot exceed 64 characters.
Authorization
The authorization is to grant RFS required permissions to create, update, and delete individual rules, and allow the stacks of RFS to create and delete rules in a conformance package.
- Quick authorization: This option creates an agency named rms_conformance_pack_agency for you to create, update, or delete rules, and to create or delete a conformance package.
- Custom authorization: You can create an agency and perform custom authorization through IAM. The agency must contain required permissions for a compliance package to work properly. This agency must contain the permissions for RFS to create, update, or delete rules. For details about how to create an agency, see Creating an Agency (by a Delegating Party).
Parameters
Parameters of a conformance package are consistent with rules in the package. For details, see Built-in Policies.
- On the confirm information page, confirm configuration and click OK.
Figure 4 Confirming configurations
After a conformance package is created or updated, an evaluation will be automatically triggered.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
