Updated on 2024-10-28 GMT+08:00

Creating a Conformance Package

Scenarios

A conformance package is a collection of compliance rules. The conformance package is compliance-scenario-based. You can use a sample or custom template to create a conformance package.

After a conformance package is created, the first evaluation using rules in the package will be automatically triggered. More evaluations will be triggered based on the specified trigger type of each rule. You can also manually trigger a rule for resource evaluation.

Constraints and Limitation

  • Up to 50 conformance packages (including organization conformance packages) and 500 rules can be created in an account.
  • To create or modify a conformance package, the resource recorder must be enabled. If the resource recorder is disabled, you can only view or delete conformance packages. For details, see Configuring the Resource Recorder.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner. Under Management & Governance, click Config.
  3. On the left navigation pane, choose Conformance Package.
  4. Click Create Conformance Package.

    Figure 1 Creating conformance packages

  5. On the Select Template page, select a sample template, upload a local template, or enter an OBS URL, and click Next.

    • Sample template: templates provided by Config. You can select a sample template from the dropdown list.

      For details about the rules contained in each sample template, see conformance package sample template.

    • Local template: Templates uploaded locally. You can create a custom template and upload the template.

      The template must be a JSON file (with the name extension: .tf.json). For details, see custom conformance packages.

    • OBS bucket: The location of the OBS bucket that stores the custom conformance package template. If your local template file exceeds 50 KB, upload it to an OBS bucket and enter the OBS URL when you need to select a package template.

      The OBS URL specifies the location of an object stored in an OBS bucket. To obtain an OBS URL on the OBS console, you need to locate the object and choose More > Copy Object URL in the Operation column on the Objects page.

    Figure 2 Selecting a conformance package template

  6. On the Configure Detailed Information page, configure required parameters and click Next.

    Figure 3 Detailed information
    Table 1 Package parameters

    Parameter

    Description

    Name

    Conformance package name. A conformance package name is customized and must be unique.

    The name can contain letters, numbers, underscores (_), and hyphens (-) and cannot exceed 64 characters.

    (Optional) Authorization

    Agency authorization is used. If you decide to not use custom authorization, Config will be automatically assigned an agency that contains required RFS permissions. You can also create a custom agency with IAM. The agency must contain required permissions for RFS to create, modify, and delete rules in a conformance package. For details about how to create an agency, see Creating an Agency (by a Delegating Party).

    Parameters

    Parameters of a conformance package are consistent with rules in the package. For details, see Built-in Policies.

  7. On the confirm information page, confirm configuration and click OK.

    Figure 4 Confirming configurations

    After a conformance package is created or updated, an evaluation will be automatically triggered.