Help Center/ Config/ User Guide/ Resource Compliance/ Built-In Policies/ Cloud Eye/ Alarms Have Been Created for OBS Bucket Policy Changes
Updated on 2025-08-25 GMT+08:00

Alarms Have Been Created for OBS Bucket Policy Changes

Rule Details

Table 1 Rule details

Parameter

Description

Rule Name

alarm-obs-bucket-policy-change

Identifier

Alarms Have Been Created for OBS Bucket Policy Changes

Description

If there are no alarm rules configured for bucket policy changes, the check result is non-compliant.

Tag

ces, obs

Trigger Type

Periodic

Filter Type

Account

Rule Parameters

None

Application Scenarios

You can set alarm rules for key metrics of cloud services. When the conditions in the alarm rule are met, Cloud Eye sends email, or text message, or sends HTTP/HTTPS messages, enabling you to quickly respond to resource changes. For details, see Alarm Overview.

For details about the events supported by Cloud Eye, seeEvents Supported by Event Monitoring. You need to pay special attention to the "setBucketPolicy" and "deleteBucketPolicy" events for OBS. If bucket policies are changed by mistake, services may be interrupted due to data unavailability, or data leakage may occur due to excessive permissions.

Solution

Create related alarm rules.

Rule Logic

  • If there are no alarm rules configured for modifying or deleting OBS bucket policies, this rule is non-compliant.
  • If there are alarm rules configured for modifying or deleting OBS bucket policies, this rule is compliant.