Function Overview
Table 1 lists common functions of Config.
To better understand Config functions, you can learn basic concepts first.
|
Category |
Function |
Description |
|---|---|---|
|
Resource list |
Querying all resources |
You can view all resource information, including the resource name, region, service, resource type, and enterprise project, from the current account. |
|
Querying details about a resource |
You can query resource details, such as the resource name, creation time, and specifications. |
|
|
Filtering resources |
You can set a filter criterion (resource name, resource ID, tag, or enterprise project) to quickly find out specific resources. |
|
|
Exporting resource information |
You can export the information about required resources in an EXCEL file. |
|
|
Viewing resource compliance data |
You can view compliance data of a resource. |
|
|
Viewing relationships of a resource |
You can view relationships of a resource. |
|
|
Viewing change records of a resource |
You can view change records of a resource. |
|
|
Resource compliance |
Adding a rule |
You can use rules to evaluate resource compliance. You can select a custom or predefined policy and configure other related parameters when creating a rule. |
|
Evaluating resource compliance |
You can click Evaluate in the Operation column to start the evaluation. |
|
|
Disabling a rule |
You click Disable in the Operation column to disable a rule. |
|
|
Enabling a rule |
If you want to use a disabled rule, you can enable it. |
|
|
Modifying a rule |
If a rule does not meet your needs, you can change its configurations as needed. |
|
|
Deleting a rule |
You can delete a rule which is no longer needed. |
|
|
Noncompliant resources |
You can view and export information about all noncompliant resources. |
|
|
Organization rules |
If you are an organization administrator or a delegated administrator of Config, you can add organization rules, and these rules will apply to all member accounts that are in the normal state in your organization. |
|
|
Remediation |
You can remediate noncompliant resources to ensure compliance. You can use both managed and custom remediation actions. |
|
|
Resource recorder |
Enabling the resource recorder |
You can track resource changes only after the resource recorder is enabled. |
|
Configuring the resource recorder |
You can set the monitoring scope, select an SMN topic, and configure the data storage path (OBS bucket). Then you need to grant permissions to the resource recorder for using SMN to send notifications and storing resource snapshots in the OBS bucket. |
|
|
Modifying the resource recorder |
You can modify resource recorder configurations, such as the monitoring scope, resource dump, data retention period, SMN topic, and permissions. |
|
|
Disabling the resource recorder |
You can disable the resource recorder at any time. |
|
|
Advanced Queries |
Running an advanced query |
You can use ResourceQL to query current configurations of your resources. |
|
Creating a query |
You can add custom queries, so that you can directly run them later. |
|
|
Viewing a query |
You can view the name, description, and SQL statement of a query. |
|
|
Modifying a query |
If a custom query cannot meet your requirements, you can modify its name, description, and query statement. |
|
|
Deleting a query |
If a custom query is no longer needed, you can delete it. |
|
|
Resource Aggregation |
Creating a resource aggregator |
You can use resource aggregators to aggregate resource configurations and compliance data from multiple accounts or an organization. |
|
Viewing resource aggregators |
You can view created resource aggregators and their details. |
|
|
Editing a resource aggregator |
You can edit source accounts in a resource aggregator. |
|
|
Deleting a resource aggregator |
If a resource aggregator is no longer used, you can delete it. |
|
|
Viewing aggregated rules |
You can view all aggregated rules and their conformance data. |
|
|
Viewing aggregated resources |
You can view all resources aggregated by the resource aggregator. |
|
|
Authorizing an aggregator account |
An aggregator account needs authorization from source accounts to collect resource configuration and compliance data from these accounts |
|
|
Applying advanced queries to aggregators |
Resource aggregation supports advanced queries. You can use ResourceQL to query configuration states of resources from one or more source accounts. |
|
|
Conformance package |
Creating conformance packages |
You can use example or custom templates to create and manage rules. |
|
Viewing conformance packages |
You can view the conformance package list and details of each conformance package. |
|
|
Deleting conformance packages |
You can delete conformance packages as needed. Rules included in a conformance package will be deleted automatically if the conformance package is deleted. |
|
|
Organization conformance packages |
If you are an organization administrator or a delegated administrator of Config, you can add organization conformance packages and deploy these packages to all member accounts that are in the normal state in your organization. |
|
|
CTS |
Supported CTS operations |
CTS records operations on Config for later query, audit, and backtrack. |
|
Viewing tracing logs |
You can view or export Config operation records of the last seven days on CTS console. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
