Help Center/ Config/ Best Practices/ Creating Alarm Rules for Noncompliant Resources with Cloud Eye
Updated on 2025-01-21 GMT+08:00

Creating Alarm Rules for Noncompliant Resources with Cloud Eye

Cloud Eye enables you to receive alarms when there are noncompliant resources detected by Config. You can query alarms on the Cloud Eye console. You can also configure an SMN topic to enable notification with Cloud Eye.

Applicable Scenario

This example uses the access-keys-rotated rule to see if all IAM users in an account have their access keys rotated within a specified time. Some IAM users may be detected noncompliant as shown in the following picture.

Step 1: Create a Rule.

  1. Log in to the Config Console.
  2. In the navigation pane on the left, choose Resource Compliance.
  3. On the Rules tab, click Add Rule.
  4. On the Basic Configurations page, select access-keys-rotated and click Next.
  5. On the Configure Rule Parameters page, use the default value for Execute Every, select All for Resource Scope, and click Next.
  6. Confirm the configurations and click Submit.

On the Rules tab, you can view the evaluation result of the created rule.

Step 2: Configure an SMN Topic

  1. Log in to the SMN console.
  2. In the navigation pane on the left, choose Topic Management > Topics.
    1. In the upper right corner, click Create Topic.
    2. Configure the Topic Name and Display Name, and click OK.
  3. Add a subscription to the topic.
    1. On the Topics page, click Add Subscription in the Operation column for the created topic.
    2. Select SMS for the Protocol.
    3. Enter one or multiple mobile numbers.
    4. Click OK.
  4. In the navigation pane on the left, select Topic Management > Subscriptions and click Request Confirmation.
  5. Confirm subscription with the added mobile number.

Step 3: Set Alarm Notifications

  1. Log in to the Cloud Eye console and set the region to AP-Singapore.
  2. In the navigation pane on the left, select Alarm Management > Alarm Rules.
  3. On the Alarm Rules page, click Create Alarm Rule.
    1. Configure the Name.
    2. Select Event for Alarm Type.
    3. Select System event for Event Type.
    4. Select Config for Event Source.
    5. Select Configure manually for Method.
    6. Enable Alarm Notification and select the SMN topic created in step 2 for Notification Object. Remain default settings for other parameters.
    7. Select Generated alarm for Trigger Condition.
    8. Click Create.
  4. Check SMN messages or alarms on the Cloud Eye console to see if there are noncompliance resources detected by Config rules you created.