Help Center/ Config/ Best Practices/ Creating Alarm Rules for Noncompliant Resources with Cloud Eye

Updated on 2025-01-21 GMT+08:00

View PDF

Creating Alarm Rules for Noncompliant Resources with Cloud Eye

Cloud Eye enables you to receive alarms when there are noncompliant resources detected by Config. You can query alarms on the Cloud Eye console. You can also configure an SMN topic to enable notification with Cloud Eye.

Applicable Scenario

This example uses the access-keys-rotated rule to see if all IAM users in an account have their access keys rotated within a specified time. Some IAM users may be detected noncompliant as shown in the following picture.

Step 1: Create a Rule.

Log in to the Config Console.
In the navigation pane on the left, choose Resource Compliance.
On the Rules tab, click Add Rule.
On the Basic Configurations page, select access-keys-rotated and click Next.
On the Configure Rule Parameters page, use the default value for Execute Every, select All for Resource Scope, and click Next.
Confirm the configurations and click Submit.

On the Rules tab, you can view the evaluation result of the created rule.

Step 2: Configure an SMN Topic

Log in to the SMN console.
In the navigation pane on the left, choose Topic Management > Topics.
1. In the upper right corner, click Create Topic.
2. Configure the Topic Name and Display Name, and click OK.
Add a subscription to the topic.
1. On the Topics page, click Add Subscription in the Operation column for the created topic.
2. Select SMS for the Protocol.
3. Enter one or multiple mobile numbers.
4. Click OK.
In the navigation pane on the left, select Topic Management > Subscriptions and click Request Confirmation.
Confirm subscription with the added mobile number.

Step 3: Set Alarm Notifications

Log in to the Cloud Eye console and set the region to AP-Singapore.
In the navigation pane on the left, select Alarm Management > Alarm Rules.
On the Alarm Rules page, click Create Alarm Rule.
1. Configure the Name.
2. Select Event for Alarm Type.
3. Select System event for Event Type.
4. Select Config for Event Source.
5. Select Configure manually for Method.
6. Enable Alarm Notification and select the SMN topic created in step 2 for Notification Object. Remain default settings for other parameters.
7. Select Generated alarm for Trigger Condition.
8. Click Create.
Check SMN messages or alarms on the Cloud Eye console to see if there are noncompliance resources detected by Config rules you created.

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot