Creating a Conformance Package
Scenarios
A conformance package is a collection of compliance rules. The conformance package is compliance-scenario-based. You can use a sample or custom template to create a conformance package.
After a conformance package is created, the first evaluation using rules in the package will be automatically triggered. More evaluations will be triggered based on the specified trigger type of each rule. You can also manually trigger a rule for resource evaluation.
Constraints and Limitation
- Up to 50 conformance packages (including organization conformance packages) and 500 rules can be created in an account.
- To create or modify a conformance package, the resource recorder must be enabled. If the resource recorder is disabled, you can only view or delete conformance packages. For details, see Configuring the Resource Recorder.
Procedure
- Log in to the management console.
- Click
in the upper left corner. Under Management & Governance, click Config. - On the left navigation pane, choose Conformance Package.
- Click Create Conformance Package.
Figure 1 Creating conformance packages
- On the Select Template page, select a sample template, upload a local template, or enter an OBS URL, and click Next.
- Sample template: templates provided by Config. You can select a sample template from the dropdown list.
For details about the rules contained in each sample template, see conformance package sample template.
- Local template: Templates uploaded locally. You can create a custom template and upload the template.
The template must be a JSON file (with the name extension: .tf.json). For details, see custom conformance packages.
- OBS bucket: The location of the OBS bucket that stores the custom conformance package template. If your local template file exceeds 50 KB, upload it to an OBS bucket and enter the OBS URL when you need to select a package template.
The OBS URL specifies the location of an object stored in an OBS bucket. To obtain an OBS URL on the OBS console, you need to locate the object and choose More > Copy Object URL in the Operation column on the Objects page.
Figure 2 Selecting a conformance package template
- Sample template: templates provided by Config. You can select a sample template from the dropdown list.
- On the Configure Detailed Information page, configure required parameters and click Next.
Figure 3 Detailed information
Table 1 Package parameters Parameter
Description
Name
Conformance package name. A conformance package name is customized and must be unique.
The name can contain letters, numbers, underscores (_), and hyphens (-) and cannot exceed 64 characters.
(Optional) Authorization
Agency authorization is used. If you decide to not use custom authorization, Config will be automatically assigned an agency that contains required RFS permissions. You can also create a custom agency with IAM. The agency must contain required permissions for RFS to create, modify, and delete rules in a conformance package. For details about how to create an agency, see Creating an Agency (by a Delegating Party).
Parameters
Parameters of a conformance package are consistent with rules in the package. For details, see Built-in Policies.
- On the confirm information page, confirm configuration and click OK.
Figure 4 Confirming configurations
After a conformance package is created or updated, an evaluation will be automatically triggered.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
