vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity

Config UMN 0816 Version

Browse Source 
Reviewed-by: Rumpler, Mihály <mihaly.rumpler@t-systems.com>
Co-authored-by: Wei, Hongmin <weihongmin1@huawei.com>
Co-committed-by: Wei, Hongmin <weihongmin1@huawei.com>
This commit is contained in:
Wei, Hongmin 2024-10-01 04:43:48 +00:00 committed by zuul
parent e2ec058149
commit 1c932a8714
20 changed files with 446 additions and 330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

270
docs/config/umn/ALL_META.TXT.json
View File

File diff suppressed because it is too large Load Diff

138
docs/config/umn/CLASS.TXT.json
View File

File diff suppressed because it is too large Load Diff

BIN
docs/config/umn/en-us_image_0000001925024776.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.5 KiB

267
docs/config/umn/rms_01_0017.html
View File

File diff suppressed because it is too large Load Diff

4
docs/config/umn/rms_01_0100.html
View File

@ -2,7 +2,7 @@
<h1 class="topictitle1">What Is Config?</h1>
<div id="body1602664047320"><div class="section" id="rms_01_0100__section364963433716"><h4 class="sectiontitle">Description</h4><p id="rms_01_0100__p11170957101616">Config allows you to search for, record, and continuously evaluate your resource configurations to make sure that your resources are in expected status.</p>
<div class="notice" id="rms_01_0100__note1679695114542"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="rms_01_0100__p17797651185417">To get full functionality of Config, you need to enable the resource recorder. If the resource recorder is disabled, you may fail to update your resource data or accurately evaluate your resources with rules. For details about how to enable and configure the resource recorder, see <a href="rms_04_0200.html">Configuring the Resource Recorder</a>.</p>
<div class="notice" id="rms_01_0100__note1679695114542"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="rms_01_0100__p17797651185417">To get full functionality of Config, you need to enable the resource recorder. If the resource recorder is disabled, you may fail to update your resource data or accurately evaluate your resources with rules. For details about how to enable and configure the resource recorder, see <a href="rms_04_0200.html">Configuring the Resource Recorder</a></p>
</div></div>
</div>
<div class="section" id="rms_01_0100__section2063114283"><h4 class="sectiontitle">Architecture</h4><p id="rms_01_0100__p21061037588">Config provides you with resource information, such as resource inventory, details, relationships, and change records. It stores your resource data every 24 hours and notifications of your resource changes every 6 hours. It will also notify you when a change is made to your resources. In addition, it enables you to use Config rules to evaluate your resources.</p>
@ -10,7 +10,7 @@
</div>
<div class="section" id="rms_01_0100__section133551224143919"><h4 class="sectiontitle">Access Methods</h4><p id="rms_01_0100__p535502443915">You can use either of the following methods to access Config.</p>
<ul id="rms_01_0100__ul1335582410390"><li id="rms_01_0100__li135532414394"><strong id="rms_01_0100__b1414611461315">Management Console</strong><p id="rms_01_0100__p14355142423914">The console is a web-based UI, where you can perform operations easily. Log in to the management console, click <span><img id="rms_01_0100__image1091010415566" src="en-us_image_0000001524289093.png"></span> in the upper left corner, and choose <strong id="rms_01_0100__b1328441514818">Management &amp; Deployment</strong> &gt; <strong id="rms_01_0100__b6910204105612">Config</strong>.</p>
</li><li id="rms_01_0100__li5355172418398"><strong id="rms_01_0100__b7617181921319">Application Programming Interfaces (APIs)</strong><p id="rms_01_0100__p1935522403918">To integrate Config into a third-party system for secondary development, you need to access the service by calling APIs. For details, see <em id="rms_01_0100__i19827201175313">Config API Reference</em>.</p>
</li><li id="rms_01_0100__li5355172418398"><strong id="rms_01_0100__b7617181921319">Application Programming Interfaces (APIs)</strong><p id="rms_01_0100__p1935522403918">To integrate Config into a third-party system for secondary development, you need to access the service by calling APIs. For details, see <em id="rms_01_0100__i11819125285111">Config API Reference</em>.</p>
</li></ul>
</div>
</div>

2
docs/config/umn/rms_01_0200.html
View File

@ -9,7 +9,7 @@
</div>
<div class="section" id="rms_01_0200__section15168204614274"><h4 class="sectiontitle">Resource Change Records</h4><p id="rms_01_0200__p1645591714362">Resource change records contain resource changes in a specific period of time.</p>
<p id="rms_01_0200__p773817227367">A record will be generated if there is a change to resource relationships or attributes.</p>
<p id="rms_01_0200__p211715115814">Resource attributes are key and value pairs that describe the characteristics of your resources. For example, a resource attribute can be the number of CPU cores of an ECS, the capacity of an EVS disk, or the password strength of an IAM user. For more details, see <a href="rms_08_0100.html#rms_08_0100__section1077795954511">How Can I Obtain Resource Attributes Reported to Config?</a></p>
<p id="rms_01_0200__p211715115814">Resource attributes are key and value pairs that describe the characteristics of your resources. For example, a resource attribute can be the number of CPU cores of an ECS, the capacity of an EVS disk, or the password strength of an IAM user. For more details, see <a href="rms_08_0100.html#rms_08_0100__section1077795954511">How Can I Obtain Resource Attributes Reported to Config?</a>.</p>
</div>
<div class="section" id="rms_01_0200__section2080184213117"><h4 class="sectiontitle">Resource Recorder</h4><p id="rms_01_0200__p12324461256">The resource recorder tracks changes to your cloud resources that are supported by Config. What changes are tracked depends on what a service reports to Config.</p>
<p id="rms_01_0200__p19684122654713">If you have enabled the resource recorder and specified an OBS bucket and an SMN topic when you configure the resource recorder, Config will notify you if there is a change (creation, modification, deletion, relationship change) to the resources within the monitoring scope and periodically store your notifications and resource snapshots.</p>

37
docs/config/umn/rms_01_0300.html
View File

@ -1,7 +1,7 @@
<a name="rms_01_0300"></a><a name="rms_01_0300"></a>
<h1 class="topictitle1">Function Overview</h1>
<div id="body1605067066674"><p id="rms_01_0300__p18865101925318"><a href="#rms_01_0300__table3706721152520">Table 1</a> lists the common functions of Config.</p>
<div id="body1605067066674"><p id="rms_01_0300__p18865101925318"><a href="#rms_01_0300__table3706721152520">Table 1</a> lists common functions of Config.</p>
<p id="rms_01_0300__p115241649181614">To better understand Config functions, you can learn <a href="rms_01_0200.html">basic concepts</a> first.</p>
<div class="tablenoborder"><a name="rms_01_0300__table3706721152520"></a><a name="table3706721152520"></a><table cellpadding="4" cellspacing="0" summary="" id="rms_01_0300__table3706721152520" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Common functions</caption><thead align="left"><tr id="rms_01_0300__row11707122113254"><th align="left" class="cellrowborder" valign="top" width="18.790000000000003%" id="mcps1.3.3.2.4.1.1"><p id="rms_01_0300__p177071721162518">Category</p>
@ -49,47 +49,44 @@
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p13860010103910">You can view change records of a resource.</p>
</td>
</tr>
<tr id="rms_01_0300__row978817467559"><td class="cellrowborder" rowspan="8" valign="top" width="18.790000000000003%" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p12363181114561">Resource Compliance</p>
<tr id="rms_01_0300__row17552729162610"><td class="cellrowborder" rowspan="7" valign="top" width="18.790000000000003%" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p15885534202616">Resource compliance</p>
</td>
<td class="cellrowborder" valign="top" width="20.09%" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p7363151119560">Adding a rule</p>
<td class="cellrowborder" valign="top" width="20.09%" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p20885113432610">Adding a rule</p>
</td>
<td class="cellrowborder" valign="top" width="61.12%" headers="mcps1.3.3.2.4.1.3 "><p id="rms_01_0300__p123631611195616">You can use rules to evaluate resource compliance. You can select a custom or predefined policy and configure other related parameters when creating a rule.</p>
<td class="cellrowborder" valign="top" width="61.12%" headers="mcps1.3.3.2.4.1.3 "><p id="rms_01_0300__p98850342266">You can add a rule to evaluate resource compliance. To add a rule, you need to set a policy and other related parameters.</p>
</td>
</tr>
<tr id="rms_01_0300__row1992324818551"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p23631111145620">Evaluating resource compliance</p>
<tr id="rms_01_0300__row1655272942616"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p48851034162615">Evaluating resources</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p0363141165617">You can click <strong id="rms_01_0300__b184059205159">Evaluate</strong> in the <strong id="rms_01_0300__b1640612071515">Operation</strong> column to start the evaluation.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p1288563412611">You can click <strong id="rms_01_0300__b1068650170">Evaluate</strong> in the <strong id="rms_01_0300__b1027819713">Operation</strong> column for a rule to evaluate the resources that are within the monitoring scope of the rule.</p>
</td>
</tr>
<tr id="rms_01_0300__row19300551195512"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p18363811155612">Disabling a rule</p>
<tr id="rms_01_0300__row355320294264"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p3885143419263">Disabling a rule</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p10363101165617">You click <strong id="rms_01_0300__b7211032169">Disable</strong> in the <strong id="rms_01_0300__b1521113141615">Operation</strong> column to disable a rule.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p58851034112613">You click <strong id="rms_01_0300__b133587168">Disable</strong> in the <strong id="rms_01_0300__b1758102006">Operation</strong> column to disable a rule.</p>
</td>
</tr>
<tr id="rms_01_0300__row1287213114816"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p87973161182">Enabling a rule</p>
<tr id="rms_01_0300__row16553182911267"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p58867347266">Enabling a rule</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p7797816882">If you want to use a disabled rule, you can enable it.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p288683442613">If you want to use a disabled rule, you can enable it.</p>
</td>
</tr>
<tr id="rms_01_0300__row11156753185511"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p83641711155613">Modifying a rule</p>
<tr id="rms_01_0300__row8553122992616"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p488633462613">Modifying a rule</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p133645119569">If a rule does not meet your needs, you can change its configurations as needed.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p188861334152610">If a rule does not meet your needs, you can change its configurations as needed.</p>
</td>
</tr>
<tr id="rms_01_0300__row41641711102015"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p128721672014">Deleting a rule</p>
<tr id="rms_01_0300__row65541229192620"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p988615342261">Deleting a rule</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p142871416152016">You can delete a rule which is no longer needed.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p178861134192620">You can delete a rule which is no longer needed.</p>
</td>
</tr>
<tr id="rms_01_0300__row1958125316311"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p1659125316312">Noncompliant resources</p>
<tr id="rms_01_0300__row12554152917268"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p19886163472610">Noncompliant resources</p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p9592533315">You can view and export information about all noncompliant resources.</p>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p118866340264">You can view and export noncompliant resources.</p>
</td>
</tr>
<tr id="rms_01_0300__row10204755115515"><td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.1 "> </td>
<td class="cellrowborder" valign="top" headers="mcps1.3.3.2.4.1.2 "> </td>
</tr>
<tr id="rms_01_0300__row1930212211029"><td class="cellrowborder" rowspan="4" valign="top" width="18.790000000000003%" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p34583114447">Resource Recorder</p>
<tr id="rms_01_0300__row1930212211029"><td class="cellrowborder" rowspan="4" valign="top" width="18.790000000000003%" headers="mcps1.3.3.2.4.1.1 "><p id="rms_01_0300__p34583114447">Resource recorder</p>
</td>
<td class="cellrowborder" valign="top" width="20.09%" headers="mcps1.3.3.2.4.1.2 "><p id="rms_01_0300__p785811073911">Enabling the resource recorder</p>
</td>

2
docs/config/umn/rms_01_0600.html
View File

@ -7,7 +7,7 @@
<div class="section" id="rms_01_0600__section645501102611"><h4 class="sectiontitle">System-Defined Permissions for Config</h4><p id="rms_01_0600__p236764573019">By default, new IAM users do not have permissions. You need to add a user to one or more groups and attach policies to the user groups. Users in a group inherit permissions from the group, so that they can perform operations on cloud services based on the permissions.</p>
<p id="rms_01_0600__p066952414319">Config is a global service. You do not need to repeat Config authorization for different regions or switch regions for accessing Config.</p>
<p id="rms_01_0600__p105339478511">A user with Config read-only permissions can view all resources on the <strong id="rms_01_0600__b1754584610217">Resource List</strong> page.</p>
<p id="rms_01_0600__p10201944124219">Policy: A type of fine-grained authorization method that defines permissions required to perform operations on specific cloud resources under certain conditions. Authorization using policies is more flexible and help you implement least privilege. Most policies define permissions based on APIs. API actions are the minimum granularity of permissions. For API actions supported by Config, see the <strong id="rms_01_0600__b1550252067">Permissions Policies and Supported Actions</strong> section in <em id="rms_01_0600__i1843197896">Config API Reference</em>. For details about fine-grained permissions and their dependencies for Config, see <a href="#rms_01_0600__section1491005953113">Fine-Grained Permissions for Config</a>.</p>
<p id="rms_01_0600__p10201944124219">Policy: A type of fine-grained authorization method that defines permissions required to perform operations on specific cloud resources under certain conditions. Authorization using policies is more flexible and help you implement least privilege. Most policies define permissions based on APIs. API actions are the minimum granularity of permissions. For API actions supported by Config, see the <strong id="rms_01_0600__b2117124064418">Permissions Policies and Supported Actions</strong> section in <em id="rms_01_0600__i8286656124414">Config API Reference</em>. For details about fine-grained permissions and their dependencies for Config, see <a href="#rms_01_0600__section1491005953113">Fine-Grained Permissions for Config</a>.</p>
<p id="rms_01_0600__p596020141510"><a href="#rms_01_0600__table298132619114">Table 1</a> lists all the system-defined permissions supported by Config.</p>
<div class="tablenoborder"><a name="rms_01_0600__table298132619114"></a><a name="table298132619114"></a><table cellpadding="4" cellspacing="0" summary="" id="rms_01_0600__table298132619114" frame="border" border="1" rules="all"><caption><b>Table 1 </b>System-defined permissions supported by Config.</caption><thead align="left"><tr id="rms_01_0600__row799152613118"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.4.7.2.4.1.1"><p id="rms_01_0600__p15994261711">Policy</p>

4
docs/config/umn/rms_01_1100.html
View File

@ -42,9 +42,9 @@
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.2.3.1.2 "><p id="rms_01_1100__p18701142511513">4,000</p>
</td>
</tr>
<tr id="rms_01_1100__row10328111111511"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.2.3.1.1 "><p id="rms_01_1100__p3701225201517">Retention period of resource configuration information</p>
<tr id="rms_01_1100__row10328111111511"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.2.3.1.1 "><p id="rms_01_1100__p3701225201517">The default retention period for resource configurations</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.2.3.1.2 "><p id="rms_01_1100__p1701152551511">7 years</p>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.3.2.2.3.1.2 "><p id="rms_01_1100__p1701152551511">7 years (2,557 days)</p>
</td>
</tr>
</tbody>

4
docs/config/umn/rms_03_0200.html
View File

@ -3,12 +3,12 @@
<h1 class="topictitle1">Viewing Resource Relationships</h1>
<div id="body8662426"><div class="section" id="rms_03_0200__section33911943185513"><h4 class="sectiontitle">Scenarios</h4><p id="rms_03_0200__p5966162241113">Config allows you to view resource relationships. A resource relationship may be described as that an EVS disk is attached to an ECS or an ECS is deployed in a VPC. Config only provides relationships of supported resources. For more details, see <a href="rms_01_0018.html">Relationships with Supported Resources</a>.</p>
</div>
<div class="section" id="rms_03_0200__section052633112561"><h4 class="sectiontitle">Procedure</h4><ol id="rms_03_0200__ol329241315215"><li id="rms_03_0200__li029331311216"><span>Log in to the management console.</span></li><li id="rms_03_0200__li1793515163215"><span>Click <span><img id="rms_03_0200__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_03_0200__rms_03_0102_b17226618104220">Management &amp; Deployment</strong>, click <strong id="rms_03_0200__rms_03_0102_b174231242256">Config</strong>.</span></li><li id="rms_03_0200__li538815189216"><span>On the <strong id="rms_03_0200__b8890185262420">Resource List</strong> page, click the name of a target resource.</span></li><li id="rms_03_0200__li288714195214"><span>Click the <strong id="rms_03_0200__b11257536111715">Associated Resources</strong> tab.</span><p><p id="rms_03_0200__p196611649115316">Hover over the name of an associated resource to view resource information and resource relationships.</p>
<div class="section" id="rms_03_0200__section052633112561"><h4 class="sectiontitle">Procedure</h4><ol id="rms_03_0200__ol329241315215"><li id="rms_03_0200__li029331311216"><span>Log in to the management console.</span></li><li id="rms_03_0200__li1793515163215"><span>Click <span><img id="rms_03_0200__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_03_0200__rms_03_0102_b17226618104220">Management &amp; Deployment</strong>, click <strong id="rms_03_0200__rms_03_0102_b174231242256">Config</strong>.</span></li><li id="rms_03_0200__li538815189216"><span>On the <strong id="rms_03_0200__b8890185262420">Resource List</strong> page, click the name of a target resource.</span></li><li id="rms_03_0200__li288714195214"><span>Click the <strong id="rms_03_0200__b8981173410262">Associated Resources</strong> tab.</span><p><p id="rms_03_0200__p196611649115316">Hover over the name of an associated resource to view resource information and resource relationships.</p>
<p id="rms_03_0200__p13961711201810">For each service, you can filter resources by resource ID or resource name.</p>
<div class="fignone" id="rms_03_0200__fig135128499915"><span class="figcap"><b>Figure 1 </b>Viewing associated resources</span><br><span><img id="rms_03_0200__image65152492911" src="en-us_image_0000001925023084.png"></span></div>
</p></li></ol>
</div>
<div class="note" id="rms_03_0200__en-us_topic_0285045100_note20657611194512"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_03_0200__p685619488205">On the <strong id="rms_03_0200__b9970440163213">Associated Resources</strong> tab, you can click the name of an associated resource to view related information of this resource.</p>
<div class="note" id="rms_03_0200__en-us_topic_0285045100_note20657611194512"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_03_0200__p685619488205">On the <strong id="rms_03_0200__b881771012277">Associated Resources</strong> tab, you can click the name of an associated resource to view related information of this resource.</p>
</div></div>
</div>
<div>

2
docs/config/umn/rms_04_0100.html
View File

@ -6,7 +6,7 @@
<ul id="rms_04_0100__ul1910412528515"><li id="rms_04_0100__li51041526510">Notifies you using the specified SMN topic if your resources are created, modified, or deleted.</li><li id="rms_04_0100__li154411558519">Notifies you using the specified SMN topic if there is a change to your resource relationships.</li><li id="rms_04_0100__li876314355382">Stores notifications of your resource changes every 6 hours if you have configured an OBS bucket and an SMN topic.</li><li id="rms_04_0100__li331535914516">Stores resource snapshots every 24 hours if you have configured an OBS bucket.</li></ul>
<p id="rms_04_0100__en-us_topic_0285045107_p16265145917613">For details about resources supported by the resource recorder, see <a href="rms_01_0017.html">Supported Resources</a>.</p>
</div>
<div class="section" id="rms_04_0100__section81802025111"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="rms_04_0100__ul560611718117"><li id="rms_04_0100__li960613172115">When enabling and configuring the resource recorder, you must configure <strong id="rms_04_0100__b344614404462"><a href="rms_04_0200.html#rms_04_0200__li9992111220134">Topic</a></strong> or <strong id="rms_04_0100__b17447454717"><a href="rms_04_0200.html#rms_04_0200__li1379015271396">Resource Dump</a></strong>. To enable the resource recorder, you must configure either an SMN topic or an OBS bucket.</li><li id="rms_04_0100__li8837171919113">To receive notifications of resource changes with the configured SMN topic, you not only have to create the topic, but also add subscription endpoints and request subscription confirmations for the topic. For details, see <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/topic_management/creating_a_topic.html" target="_blank" rel="noopener noreferrer">Creating a Topic</a>, <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/adding_a_subscription.html" target="_blank" rel="noopener noreferrer">Adding a Subscription</a>, and <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/requesting_subscription_confirmation.html" target="_blank" rel="noopener noreferrer">Requesting Subscription Confirmation</a>.</li><li id="rms_04_0100__li1918413015146">The resource recorder only updates data for the resources within the monitoring scope.</li><li id="rms_04_0100__li796413301312">The resource recorder retains your resource information for seven years (2,557 days).</li><li id="rms_04_0100__li4979112733811">There is a delay in synchronizing resource data to Config. The delay varies depending on services. If the resource recorder is enabled, Config will update related data for resources that are included in the monitoring scope within 24 hours. If the resource recorder is disabled, Config will not update resource data.</li></ul>
<div class="section" id="rms_04_0100__section81802025111"><h4 class="sectiontitle">Notes and Constraints</h4><ul id="rms_04_0100__ul560611718117"><li id="rms_04_0100__li960613172115">When enabling and configuring the resource recorder, you must configure <strong id="rms_04_0100__b344614404462"><a href="rms_04_0200.html#rms_04_0200__li9992111220134">Topic</a></strong> or <strong id="rms_04_0100__b17447454717"><a href="rms_04_0200.html#rms_04_0200__li1379015271396">Resource Dump</a></strong>. To enable the resource recorder, you must configure either an SMN topic or an OBS bucket.</li><li id="rms_04_0100__li8837171919113">To receive notifications of resource changes with the configured SMN topic, you not only have to create the topic, but also add subscription endpoints and request subscription confirmations for the topic. For details, see <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/topic_management/creating_a_topic.html" target="_blank" rel="noopener noreferrer">Creating a Topic</a>, <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/adding_a_subscription.html" target="_blank" rel="noopener noreferrer">Adding a Subscription</a>, and <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/requesting_subscription_confirmation.html" target="_blank" rel="noopener noreferrer">Requesting Subscription Confirmation</a>.</li><li id="rms_04_0100__li1918413015146">The resource recorder only updates data for the resources within the monitoring scope.</li><li id="rms_04_0100__li112620556421">By default, the resource configuration information is stored for seven years (2,557 days).</li><li id="rms_04_0100__li4979112733811">There is a delay in synchronizing resource data to Config. The delay varies depending on services. If the resource recorder is enabled, Config will update related data for resources that are included in the monitoring scope within 24 hours. If the resource recorder is disabled, Config will not update resource data.</li></ul>
<div class="notice" id="rms_04_0100__note1679695114542"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="rms_04_0100__p17797651185417">To get full functionality of Config, you need to enable the resource recorder. If the resource recorder is disabled, you may fail to update your resource data or accurately evaluate your resources with rules.</p>
</div></div>
</div>

23
docs/config/umn/rms_04_0200.html
View File

@ -15,27 +15,32 @@
<ul id="rms_04_0200__ul177908271191"><li id="rms_04_0200__li17901227096"><strong id="rms_04_0200__b8217145871619">Select an OBS bucket from the current account</strong>:<p id="rms_04_0200__p177909271693">Select <strong id="rms_04_0200__b442519541627">Your bucket</strong> and then select a bucket from the drop-down list to store resource change notifications and resource snapshots. If you need to store the notifications and snapshots to a specific folder in the OBS bucket, enter the folder name after you select a bucket. If there are no OBS buckets in the current account, create one first. For details, see <a href="https://docs.otc.t-systems.com/object-storage-service/umn/obs_console_operation_guide/managing_buckets/creating_a_bucket.html" target="_blank" rel="noopener noreferrer">Creating a Bucket</a>.</p>
</li><li id="rms_04_0200__li11790172717918"><strong id="rms_04_0200__b779513182918">Select an OBS bucket from another account</strong>:<p id="rms_04_0200__p1779018271891">Select <strong id="rms_04_0200__b1847861010411">Other users' bucket</strong> and then configure <strong id="rms_04_0200__b144351315417">Region ID</strong> and <strong id="rms_04_0200__b1155411164411">Bucket Name</strong>. If you need to store the notifications and snapshots to a specific folder in the OBS bucket, enter the folder name after you select a bucket. If you select a bucket from another account, you need required permissions granted by the account. For details, see <a href="#rms_04_0200__section95911732882">Cross-Account Authorization</a>.</p>
</li></ul>
<div class="note" id="rms_04_0200__note1279052718918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_04_0200__p137916271498">After you specify an OBS bucket from the current or another account, Config will write an empty file named <strong id="rms_04_0200__b528045618179">ConfigWritabilityCheckFile</strong> to the OBS bucket to verify whether resources can be written to the OBS bucket. If an error is reported, you can resolve related issues based on <a href="rms_08_0100.html#rms_08_0100__section1356812297234">Why Is an Error Reported When Data Is Dumped to the OBS Bucket After the Resource Recorder Is Enabled?</a>.</p>
<div class="note" id="rms_04_0200__note1279052718918"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_04_0200__p137916271498">After you specify an OBS bucket from the current or another account, Config will write an empty file named <strong id="rms_04_0200__b528045618179">ConfigWritabilityCheckFile</strong> to the OBS bucket to verify whether resources can be written to the OBS bucket. If an error is reported, you can address the error based on <a href="rms_08_0100.html#rms_08_0100__section1356812297234">Why Is an Error Reported When Data Is Dumped to the OBS Bucket After the Resource Recorder Is Enabled?</a>.</p>
</div></div>
<div class="fignone" id="rms_04_0200__fig16471035181114"><span class="figcap"><b>Figure 3 </b>Configuring an OBS bucket</span><br><span><img id="rms_04_0200__image1264863511113" src="en-us_image_0000001952304017.png"></span></div>
</p></li><li id="rms_04_0200__li171551635444"><span>Specify a data retention period.</span><p><p id="rms_04_0200__p11110305441">Select <strong id="rms_04_0200__b1491763311205">Seven years (2,557 days)</strong> or select <strong id="rms_04_0200__b124468479203">A custom period</strong> and enter a retention period from 30 days to 2,557 days.</p>
<div class="note" id="rms_04_0200__note3849183219117"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_04_0200__p14849123271111">The data retention period only applies to resource configuration data and snapshots reserved by Config. It will not affect your data storage with SMN or OBS.</p>
<p id="rms_04_0200__p186801714171419">Config will delete data that has been reserved for a longer time than the specified retention period.</p>
</div></div>
<div class="fignone" id="rms_04_0200__fig1978415610113"><span class="figcap"><b>Figure 4 </b>Configuring a data retention period</span><br><span><img id="rms_04_0200__image678505617116" src="en-us_image_0000001925024776.png"></span></div>
</p></li><li id="rms_04_0200__li9992111220134"><a name="rms_04_0200__li9992111220134"></a><a name="li9992111220134"></a><span>(Optional) Configure an SMN topic.</span><p><p id="rms_04_0200__p2992101211135">Toggle on <strong id="rms_04_0200__b10240124051911">Topic</strong>, then select a region and an SMN topic for receiving notifications of resource changes. </p>
<ul id="rms_04_0200__ul899361215138"><li id="rms_04_0200__li8993141211135"> <strong id="rms_04_0200__b137191455182010">Select a topic from the current account</strong>:<p id="rms_04_0200__p12993112131319">Select <strong id="rms_04_0200__b1177218209619">Your topic</strong>, then select a region and an SMN topic. If there are no SMN topics available, create one first. For details, see <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/topic_management/creating_a_topic.html" target="_blank" rel="noopener noreferrer">Creating a Topic</a>.</p>
</li><li id="rms_04_0200__li13993312191314"><strong id="rms_04_0200__b1154517641612">Select a topic from another account</strong>:<p id="rms_04_0200__p5993141215139">Select Topic under other account, then enter a topic URN. For more details about topic URN, see <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/overview/concepts.html#urn" target="_blank" rel="noopener noreferrer">Concepts</a> If you select a topic from another account, you need required permissions granted by the account. For details, see <a href="#rms_04_0200__section95911732882">Cross-Account Authorization</a>.</p>
</li><li id="rms_04_0200__li13993312191314"><strong id="rms_04_0200__b1154517641612">Select a topic from another account</strong>:<p id="rms_04_0200__p5993141215139">Select Topic under other account, then enter a topic URN. For more details about topic URN, see <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/overview/concepts.html#urn" target="_blank" rel="noopener noreferrer">Concepts</a>. If you select a topic from another account, you need required permissions granted by the account. For details, see <a href="#rms_04_0200__section95911732882">Cross-Account Authorization</a>.</p>
</li></ul>
<div class="note" id="rms_04_0200__note299381214135"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_04_0200__p119931612101318">To send notifications with an SMN topic, you not only need to create the topic, but also need to <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/adding_a_subscription.html" target="_blank" rel="noopener noreferrer">add subscriptions</a> and <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/requesting_subscription_confirmation.html" target="_blank" rel="noopener noreferrer">request subscription confirmations</a>. </p>
<div class="note" id="rms_04_0200__note299381214135"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_04_0200__p119931612101318">To send notifications with an SMN topic, you not only need to create the topic, but also <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/adding_a_subscription.html" target="_blank" rel="noopener noreferrer">add subscriptions</a> and <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/subscription_management/requesting_subscription_confirmation.html" target="_blank" rel="noopener noreferrer">request subscription confirmations</a>. </p>
</div></div>
<div class="fignone" id="rms_04_0200__fig17541734171215"><span class="figcap"><b>Figure 4 </b>Configuring an SMN topic</span><br><span><img id="rms_04_0200__image1557344125" src="en-us_image_0000001924866316.png"></span></div>
</p></li><li id="rms_04_0200__li27911227097"><span>Grant permissions.</span><p><ul id="rms_04_0200__ul12791427693"><li id="rms_04_0200__li1079118274911"><strong id="rms_04_0200__b20944440122615">Quick granting</strong>: This option will automatically create an agency named <strong id="rms_04_0200__b1194424052615">rms_tracker_agency</strong> to grant the required permissions for the resource recorder to work properly. The agency contains permissions for writing data into an OBS bucket. The agency created by <strong id="rms_04_0200__b88788413293">quick granting</strong> doesn't contain KMS permissions, and the resource recorder is unable to store resource change notifications and snapshots to an OBS bucket that is encrypted using KMS. If you need to use an encrypted bucket, you can add the <strong id="rms_04_0200__b1595711217308">KMS Administrator</strong> permission to the agency or use custom authorization. For details, see <a href="#rms_04_0200__section1414618337911">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</a>.<p id="rms_04_0200__p1379769548">For details about how to add permissions in an agency, see <a href="https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/agencies/deleting_or_modifying_agencies.html" target="_blank" rel="noopener noreferrer">Deleting or Modifying Agencies</a>.</p>
</li><li id="rms_04_0200__li479172713917"><strong id="rms_04_0200__b25721932172818">Custom granting</strong>: You can create an agency using IAM to customize authorization for Config. The agency must include either the permissions for sending notifications using an SMN topic or the permissions for writing data into an OBS bucket. To store resource changes and snapshots to an OBS bucket that is encrypted using KMS, you need the <strong id="rms_04_0200__b2092310275294">KMS Administrator</strong> permission. For details, see <a href="#rms_04_0200__section1414618337911">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</a>. For details about how to create an agency, see <a href="https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/agencies/cloud_service_delegation.html" target="_blank" rel="noopener noreferrer">Cloud Service Agency</a>.<div class="fignone" id="rms_04_0200__fig1693285601211"><span class="figcap"><b>Figure 5 </b>Grant Permissions</span><br><span><img id="rms_04_0200__image1933205661211" src="en-us_image_0000001952145493.png"></span></div>
<div class="fignone" id="rms_04_0200__fig17541734171215"><span class="figcap"><b>Figure 5 </b>Configuring an SMN topic</span><br><span><img id="rms_04_0200__image1557344125" src="en-us_image_0000001924866316.png"></span></div>
</p></li><li id="rms_04_0200__li27911227097"><span>Grant permissions.</span><p><ul id="rms_04_0200__ul12791427693"><li id="rms_04_0200__li1079118274911"><strong id="rms_04_0200__b20944440122615">Quick granting</strong>: This option will automatically create an agency named <strong id="rms_04_0200__b1194424052615">rms_tracker_agency</strong> to grant the required permissions for the resource recorder to work properly. The agency contains permissions for writing data into an OBS bucket. The agency created by <strong id="rms_04_0200__b88788413293">quick granting</strong> doesn't contain KMS permissions, so the resource recorder is unable to store resource change notifications and snapshots to an OBS bucket that is encrypted using KMS. If you need to use an encrypted bucket, you can add required <strong id="rms_04_0200__b1595711217308">KMS Administrator</strong> permissions to the agency or use custom authorization. For details, see <a href="#rms_04_0200__section1414618337911">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</a>.<p id="rms_04_0200__p1379769548">For details about how to add permissions in an agency, see <a href="https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/agencies/deleting_or_modifying_agencies.html" target="_blank" rel="noopener noreferrer">Deleting or Modifying Agencies</a>.</p>
</li><li id="rms_04_0200__li479172713917"><strong id="rms_04_0200__b25721932172818">Custom granting</strong>: You can create an agency using IAM to customize authorization for Config. The agency must include either the permissions for sending notifications using an SMN topic or the permissions for writing data into an OBS bucket. To store resource changes and snapshots to an OBS bucket that is encrypted using KMS, you need the required <strong id="rms_04_0200__b2092310275294">KMS Administrator</strong> permissions. For details, see <a href="#rms_04_0200__section1414618337911">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</a>. For details about how to create an agency, see <a href="https://docs.otc.t-systems.com/identity-access-management/umn/user_guide/agencies/cloud_service_delegation.html" target="_blank" rel="noopener noreferrer">Cloud Service Agency</a>.<div class="fignone" id="rms_04_0200__fig1693285601211"><span class="figcap"><b>Figure 6 </b>Grant Permissions</span><br><span><img id="rms_04_0200__image1933205661211" src="en-us_image_0000001952145493.png"></span></div>
</li></ul>
</p></li><li id="rms_04_0200__li195453162316"><span>Click <strong id="rms_04_0200__b24631444123311">Save</strong>.</span></li><li id="rms_04_0200__li446212320264"><span>In the displayed dialog box, click <strong id="rms_04_0200__b182883573331">Yes</strong>.</span></li></ol>
</div>
<div class="section" id="rms_04_0200__section19816174054918"><a name="rms_04_0200__section19816174054918"></a><a name="section19816174054918"></a><h4 class="sectiontitle">Modifying the Resource Recorder</h4><p id="rms_04_0200__p617914421267">You can modify the resource recorder at any time.</p>
<ol id="rms_04_0200__ol128410407490"><li id="rms_04_0200__li178402040194915"><span>In the navigation pane on the left, choose <strong id="rms_04_0200__b5226133215534">Resource Recorder</strong>.</span></li><li id="rms_04_0200__li19840940184915"><span>Click <strong id="rms_04_0200__b181961051125320">Modify Resource Recorder</strong>.</span><p><div class="fignone" id="rms_04_0200__fig63362223135"><span class="figcap"><b>Figure 6 </b>Modify Resource Recorder</span><br><span><img id="rms_04_0200__image1333817224134" src="en-us_image_0000001952305721.png"></span></div>
<ol id="rms_04_0200__ol128410407490"><li id="rms_04_0200__li178402040194915"><span>In the navigation pane on the left, choose <strong id="rms_04_0200__b5226133215534">Resource Recorder</strong>.</span></li><li id="rms_04_0200__li19840940184915"><span>Click <strong id="rms_04_0200__b181961051125320">Modify Resource Recorder</strong>.</span><p><div class="fignone" id="rms_04_0200__fig63362223135"><span class="figcap"><b>Figure 7 </b>Modify Resource Recorder</span><br><span><img id="rms_04_0200__image1333817224134" src="en-us_image_0000001952305721.png"></span></div>
</p></li><li id="rms_04_0200__li1716882014514"><span>Modify configurations.</span></li><li id="rms_04_0200__li818024017514"><span>Click <strong id="rms_04_0200__b14608911104315">Save</strong>.</span></li><li id="rms_04_0200__li195665172293"><span>In the displayed dialog box, click <strong id="rms_04_0200__b916164512442">Yes</strong>.</span></li></ol>
</div>
<div class="section" id="rms_04_0200__section189334613020"><a name="rms_04_0200__section189334613020"></a><a name="section189334613020"></a><h4 class="sectiontitle">Disabling the Resource Recorder</h4><p id="rms_04_0200__p1966120121301">You can disable the resource recorder at any time.</p>
<ol id="rms_04_0200__ol17661112153018"><li id="rms_04_0200__li15662812203011"><span>In the navigation pane on the left, choose <strong id="rms_04_0200__b697103519354">Resource Recorder</strong>.</span></li><li id="rms_04_0200__li16621412133017"><span>Toggle off the resource recorder.</span></li><li id="rms_04_0200__li1666271253013"><span>In the displayed dialog box, click <strong id="rms_04_0200__b1981412558612">OK</strong>.</span><p><div class="fignone" id="rms_04_0200__fig9719125241311"><span class="figcap"><b>Figure 7 </b>Disabling the resource recorder</span><br><span><img id="rms_04_0200__image1972075241319" src="en-us_image_0000001924867128.png"></span></div>
<ol id="rms_04_0200__ol17661112153018"><li id="rms_04_0200__li15662812203011"><span>In the navigation pane on the left, choose <strong id="rms_04_0200__b697103519354">Resource Recorder</strong>.</span></li><li id="rms_04_0200__li16621412133017"><span>Toggle off the resource recorder.</span></li><li id="rms_04_0200__li1666271253013"><span>In the displayed dialog box, click <strong id="rms_04_0200__b1981412558612">OK</strong>.</span><p><div class="fignone" id="rms_04_0200__fig9719125241311"><span class="figcap"><b>Figure 8 </b>Disabling the resource recorder</span><br><span><img id="rms_04_0200__image1972075241319" src="en-us_image_0000001924867128.png"></span></div>
</p></li></ol>
</div>
<div class="section" id="rms_04_0200__section95911732882"><a name="rms_04_0200__section95911732882"></a><a name="section95911732882"></a><h4 class="sectiontitle">Cross-Account Authorization</h4><ul id="rms_04_0200__ul115161644175010"><li id="rms_04_0200__li4516174475016"><strong id="rms_04_0200__b15960122312138">Granting SMN topic permissions to another account</strong><ol id="rms_04_0200__ol37925574490"><li id="rms_04_0200__li1679215720498">Log in to the management console with the authorizing account and go to the SMN console.</li><li id="rms_04_0200__li13224429114719">Attach related SMN permissions to target accounts based on <a href="https://docs.otc.t-systems.com/simple-message-notification/umn/topic_management/configuring_topic_policies/index.html" target="_blank" rel="noopener noreferrer">Configuring Topic Policies</a>.</li></ol>
@ -67,7 +72,7 @@
<div class="section" id="rms_04_0200__section1414618337911"><a name="rms_04_0200__section1414618337911"></a><a name="section1414618337911"></a><h4 class="sectiontitle">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</h4><ul id="rms_04_0200__ul21461933894"><li id="rms_04_0200__li1745211105714"><strong id="rms_04_0200__b199356389547">Using an OBS bucket that is encrypted with a default key of SSE-KMS</strong><p id="rms_04_0200__p54528110571">If you need to store resource change notifications and snapshots to an OBS bucket encrypted using a default key of SSE-KMS, you need to add the <strong id="rms_04_0200__b17935450135514">KMS Administrator</strong> permission to the agency assigned to the resource recorder.</p>
</li><li id="rms_04_0200__li1680112215712"><strong id="rms_04_0200__b132919472557">Using an OBS bucket that is encrypted with a custom key of SSE-KMS</strong><p id="rms_04_0200__p1965131804310">If you need to store resource change notifications and snapshots to an OBS bucket that is encrypted using a custom key of SSE-KMS, you need to add the <strong id="rms_04_0200__b177132925712">KMS Administrator</strong> permission to the agency assigned to the resource recorder.</p>
<p id="rms_04_0200__p180110215719">If you need to store resource change notifications and snapshots to an OBS bucket that is from another account, and that is encrypted using a custom key of SSE-KMS, you need to add the <strong id="rms_04_0200__b101000199367">KMS Administrator</strong> permission to the agency assigned to the resource recorder, and set the cross-account permission for the key at the same time. The procedure is as follows:</p>
<ol id="rms_04_0200__ol20507114945712"><li id="rms_04_0200__li86851234195913">Log in to the management console and go to the <strong id="rms_04_0200__b677775920328">Key Management Service</strong> console.</li><li id="rms_04_0200__li1762664011614">In the <strong id="rms_04_0200__b046313211714">Custom Keys</strong> tab, click the alias of a target key to go to its details page and create a grant on it.</li><li id="rms_04_0200__li1914127032">Grant the account the permission for using the key based on <a href="https://docs.otc.t-systems.com/key-management-service/umn/user_guide/key_management/managing_a_grant/creating_a_grant.html" target="_blank" rel="noopener noreferrer">Creating a Grant</a>.<ul id="rms_04_0200__ul6939481895"><li id="rms_04_0200__li25880242417">Enter the ID of the account to be authorized for <strong id="rms_04_0200__b1821122751219">Grantee</strong>.</li><li id="rms_04_0200__li433018115129">Select <strong id="rms_04_0200__b885915141613">Create Data Key</strong>, <strong id="rms_04_0200__b3623112845215">Describe Key</strong>, and <strong id="rms_04_0200__b8888151795318">Decrypt Data Key</strong> for <strong id="rms_04_0200__b389309536">Granted Operations</strong>.</li></ul>
<ol id="rms_04_0200__ol20507114945712"><li id="rms_04_0200__li86851234195913">Log in to the management console and go to the <strong id="rms_04_0200__b677775920328">Key Management Service</strong> console.</li><li id="rms_04_0200__li1762664011614">In the <strong id="rms_04_0200__b046313211714">Custom Keys</strong> tab, click the alias of a target key to go to its details page and create a grant on it.</li><li id="rms_04_0200__li1914127032">Grant the account the permissions for using the key based on <a href="https://docs.otc.t-systems.com/key-management-service/umn/user_guide/key_management/managing_a_grant/creating_a_grant.html" target="_blank" rel="noopener noreferrer">Creating a Grant</a>.<ul id="rms_04_0200__ul6939481895"><li id="rms_04_0200__li25880242417">Enter the ID of the account to be authorized for <strong id="rms_04_0200__b1821122751219">Grantee</strong>.</li><li id="rms_04_0200__li433018115129">Select <strong id="rms_04_0200__b885915141613">Create Data Key</strong>, <strong id="rms_04_0200__b3623112845215">Describe Key</strong>, and <strong id="rms_04_0200__b8888151795318">Decrypt Data Key</strong> for <strong id="rms_04_0200__b389309536">Granted Operations</strong>.</li></ul>
</li></ol>
</li></ul>
</div>

2
docs/config/umn/rms_05_0100.html
View File

@ -1,7 +1,7 @@
<a name="rms_05_0100"></a><a name="rms_05_0100"></a>
<h1 class="topictitle1">Adding a Rule with a Predefined Policy</h1>
<div id="body8662426"><div class="section" id="rms_05_0100__section173424462018"><h4 class="sectiontitle">Scenarios</h4><p id="rms_05_0100__en-us_topic_0285045111_p8060118">You can create a rule to evaluate your resource compliance. When you create a rule, you can select a built-in policy or custom policy, specify a monitoring scope, and specify the trigger type. Evaluation results are provided for you to check compliance data.</p>
<div id="body8662426"><div class="section" id="rms_05_0100__section173424462018"><h4 class="sectiontitle">Scenarios</h4><p id="rms_05_0100__en-us_topic_0285045111_p8060118">You can create a rule to evaluate your resource compliance. When creating a rule, you can select a built-in policy or custom policy, specify a monitoring scope, and specify the <a href="rms_05_0200.html">trigger type</a>. Evaluation results are provided for you to check compliance data.</p>
<p id="rms_05_0100__p1430192711016">This section describes how to add predefined rules.</p>
</div>
<div class="section" id="rms_05_0100__section124376529207"><h4 class="sectiontitle">Constraints and Limitations</h4><ul id="rms_05_0100__ul28002025112617"><li id="rms_05_0100__li128004258266">You can add up to 500 rules in an account.</li></ul>

6
docs/config/umn/rms_05_0300.html
View File

@ -15,13 +15,13 @@
</div>
<div class="section" id="rms_05_0300__section1495815469407"><a name="rms_05_0300__section1495815469407"></a><a name="section1495815469407"></a><h4 class="sectiontitle">Modifying a Rule</h4><ol id="rms_05_0300__ol17888104312211"><li id="rms_05_0300__li3865163043814"><span>Log in to the management console.</span></li><li id="rms_05_0300__li122918100391"><span>Click <span><img id="rms_05_0300__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711_2" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_05_0300__rms_03_0102_b17226618104220_2">Management &amp; Deployment</strong>, click <strong id="rms_05_0300__rms_03_0102_b174231242256_2">Config</strong>.</span></li><li id="rms_05_0300__li9833155192115"><span>In the navigation pane on the left, choose <strong id="rms_05_0300__rms_05_0100_b178071349194015_2">Resource Compliance</strong>.</span></li><li id="rms_05_0300__li9833351102116"><span>On the <strong id="rms_05_0300__b33858103915">Rules</strong> tab, locate a target rule and click <strong id="rms_05_0300__b163917823912">More</strong> &gt; <strong id="rms_05_0300__b3730125915391">Modify</strong> in the <strong id="rms_05_0300__b339188143914">Operation</strong> column.</span><p><div class="fignone" id="rms_05_0300__fig1549364131913"><span class="figcap"><b>Figure 3 </b>Modifying a rule</span><br><span><img id="rms_05_0300__image24936414197" src="en-us_image_0000001924870980.png"></span></div>
</p></li><li id="rms_05_0300__li18331251172115"><span>On <strong id="rms_05_0300__b9645853105317">Basic Configurations</strong> page, modify the rule description and click <strong id="rms_05_0300__b07216551546">Next</strong>.</span></li><li id="rms_05_0300__li75569319328"><span>On the <strong id="rms_05_0300__b21313544912">Configure Rule Parameters</strong> page, configure required parameters and click <strong id="rms_05_0300__b181443518491">Next</strong>.</span><p><p id="rms_05_0300__p168859175378">The configuration items that you can modify vary for different policies.</p>
<ul id="rms_05_0300__ul4101102034113"><li id="rms_05_0300__li2101120144118"><strong id="rms_05_0300__b13532104118249">Filter Type</strong>: Can be modified when <strong id="rms_05_0300__b1366916852518">Trigger Type</strong> is set to <strong id="rms_05_0300__b145112382515">Configuration change</strong></li><li id="rms_05_0300__li14413132413414"><strong id="rms_05_0300__b1958712912515">Resource Scope</strong>: Can be modified when <strong id="rms_05_0300__b10588429162513">Trigger Type</strong> is set to <strong id="rms_05_0300__b3589629152519">Configuration change</strong></li><li id="rms_05_0300__li12366123464115"><strong id="rms_05_0300__b81095570281">Filter Scope</strong>: Can be modified when <strong id="rms_05_0300__b13109857142814">Trigger Type</strong> is set to <strong id="rms_05_0300__b101092579286">Configuration change</strong>.</li><li id="rms_05_0300__li1555810114212"><strong id="rms_05_0300__b51321222103019">Execute Every</strong>: Can be modified when <strong id="rms_05_0300__b21321622173019">Trigger Type</strong> is set to <strong id="rms_05_0300__b1313222223014">Periodic execution</strong>.</li><li id="rms_05_0300__li126091711164313"><strong id="rms_05_0300__b1673793113336">Configure Rule Parameters</strong>: For a rule created with a predefined policy, you can only modify the values of parameters for <strong id="rms_05_0300__b1626803412354">Configure Rule Parameters</strong>. For a custom rule, you can add, delete, and modify parameters.</li></ul>
<ul id="rms_05_0300__ul4101102034113"><li id="rms_05_0300__li2101120144118"><strong id="rms_05_0300__b13532104118249">Filter Type</strong>: Can be modified when <strong id="rms_05_0300__b1366916852518">Trigger Type</strong> is set to <strong id="rms_05_0300__b145112382515">Configuration change</strong></li><li id="rms_05_0300__li14413132413414"><strong id="rms_05_0300__b1958712912515">Resource Scope</strong>: Can be modified when <strong id="rms_05_0300__b10588429162513">Trigger Type</strong> is set to <strong id="rms_05_0300__b3589629152519">Configuration change</strong></li><li id="rms_05_0300__li12366123464115"><strong id="rms_05_0300__b81095570281">Filter Scope</strong>: Can be modified when <strong id="rms_05_0300__b13109857142814">Trigger Type</strong> is set to <strong id="rms_05_0300__b101092579286">Configuration change</strong>.</li><li id="rms_05_0300__li1555810114212"><strong id="rms_05_0300__b51321222103019">Execute Every</strong>: Can be modified when <strong id="rms_05_0300__b21321622173019">Trigger Type</strong> is set to <strong id="rms_05_0300__b1313222223014">Periodic execution</strong>.</li><li id="rms_05_0300__li126091711164313"><strong id="rms_05_0300__b1673793113336">Configure Rule Parameters</strong>: For a rule created with a predefined policy, you can only modify the values of parameters for <strong id="rms_05_0300__b1626803412354">Configure Rule Parameters</strong>. For a custom rule, you can add, delete, and modify related parameters.</li></ul>
</p></li><li id="rms_05_0300__li136270405324"><span>Confirm the modifications and click <strong id="rms_05_0300__b1199805193615">Submit.</strong></span><p><div class="note" id="rms_05_0300__note13147125602711"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_05_0300__p0147175692711">After a rule is modified, it will be automatically triggered.</p>
</div></div>
</p></li></ol>
</div>
<div class="section" id="rms_05_0300__section8960746204018"><a name="rms_05_0300__section8960746204018"></a><a name="section8960746204018"></a><h4 class="sectiontitle">Deleting a Rule</h4><p id="rms_05_0300__p985344819334">Before deleting a rule, you need to disable the rule.</p>
<ol id="rms_05_0300__ol2085413488335"><li id="rms_05_0300__li685404814335"><span>Log in to the management console.</span></li><li id="rms_05_0300__li204414369431"><span>Click <span><img id="rms_05_0300__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711_3" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_05_0300__rms_03_0102_b17226618104220_3">Management &amp; Deployment</strong>, click <strong id="rms_05_0300__rms_03_0102_b174231242256_3">Config</strong>.</span></li><li id="rms_05_0300__li595155413434"><span>In the navigation pane on the left, choose <strong id="rms_05_0300__rms_05_0100_b178071349194015_3">Resource Compliance</strong>.</span></li><li id="rms_05_0300__li16854548173316"><span>On the <strong id="rms_05_0300__b68861315512">Rules</strong> tab, locate a target rule and click <strong id="rms_05_0300__b388619385517">More</strong> &gt; <strong id="rms_05_0300__b1886133185516">Delete</strong> in the <strong id="rms_05_0300__b9886103185518">Operation</strong> column.</span><p><div class="fignone" id="rms_05_0300__fig911993071913"><span class="figcap"><b>Figure 4 </b>Deleting a rule</span><br><span><img id="rms_05_0300__image111191530141918" src="en-us_image_0000001952150149.png"></span></div>
<div class="section" id="rms_05_0300__section8960746204018"><a name="rms_05_0300__section8960746204018"></a><a name="section8960746204018"></a><h4 class="sectiontitle">Deleting a Rule</h4><p id="rms_05_0300__p985344819334">To delete a rule, you need to disable the rule first.</p>
<ol id="rms_05_0300__ol2085413488335"><li id="rms_05_0300__li685404814335"><span>Log in to the management console.</span></li><li id="rms_05_0300__li204414369431"><span>Click <span><img id="rms_05_0300__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711_3" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_05_0300__rms_03_0102_b17226618104220_3">Management &amp; Deployment</strong>, click <strong id="rms_05_0300__rms_03_0102_b174231242256_3">Config</strong>.</span></li><li id="rms_05_0300__li595155413434"><span>In the navigation pane on the left, choose <strong id="rms_05_0300__rms_05_0100_b178071349194015_3">Resource Compliance</strong>.</span></li><li id="rms_05_0300__li16854548173316"><span>On the <strong id="rms_05_0300__b10344113011810">Rules</strong> tab, locate a target rule and click <strong id="rms_05_0300__b53441330189">More</strong> &gt; <strong id="rms_05_0300__b16345730685">Delete</strong> in the <strong id="rms_05_0300__b1534603017816">Operation</strong> column.</span><p><div class="fignone" id="rms_05_0300__fig911993071913"><span class="figcap"><b>Figure 4 </b>Deleting a rule</span><br><span><img id="rms_05_0300__image111191530141918" src="en-us_image_0000001952150149.png"></span></div>
</p></li><li id="rms_05_0300__li310105023412"><span>Click <strong id="rms_05_0300__b2694123934212">OK</strong>.</span></li></ol>
</div>
</div>

3
docs/config/umn/rms_05_0404.html
View File

@ -14,7 +14,8 @@
<p id="rms_05_0404__rms_05_0100_p1254217333515">For details about how to enable and configure the resource recorder, see <a href="rms_04_0200.html">Configuring the Resource Recorder</a>.</p>
</div></div>
</div>
<div class="section" id="rms_05_0404__section14111111694611"><a name="rms_05_0404__section14111111694611"></a><a name="section14111111694611"></a><h4 class="sectiontitle">Creating a Function with FunctionGraph</h4><ol id="rms_05_0404__ol131041349104913"><li id="rms_05_0404__li864143717355"><span>Log in to the management console.</span></li><li id="rms_05_0404__li1793515163215"><span>Click <span><img id="rms_05_0404__image333481220367" src="en-us_image_0000002015407113.png"></span> in the upper left corner of the page. In the service list that is displayed, under <strong id="rms_05_0404__b1525111372436">Compute</strong>, select <strong id="rms_05_0404__b1225193711436">FunctionGraph</strong>.</span></li><li id="rms_05_0404__li111041249154911"><span>In the navigation pane on the left, choose <strong id="rms_05_0404__b19391180184619">Functions</strong> &gt; <strong id="rms_05_0404__b1739117020465">Function List</strong>.</span></li><li id="rms_05_0404__li364514151101"><span>In the upper right corner, click <strong id="rms_05_0404__b191308722831242">Create Function</strong>. The <strong id="rms_05_0404__b1946674223615">Create from scratch</strong> tab is displayed by default.</span></li><li id="rms_05_0404__li1565685216114"><span>Set <strong id="rms_05_0404__b4417185819126">Function Type</strong> to <strong id="rms_05_0404__b1041719587126">Event Function</strong> and configure the required IAM agency. The agency grants the function required permissions and must include the <strong id="rms_05_0404__b1267802112239">rms:policyStates:update</strong> permission.</span></li><li id="rms_05_0404__li131041649164914"><span>Click <strong id="rms_05_0404__b125414475364">Create Function</strong>.</span></li><li id="rms_05_0404__li01047495499"><span>In the code box, enter a function and click <strong id="rms_05_0404__b13235245112511">Deploy</strong>.</span><p><p id="rms_05_0404__p1752593417518">For details about example code, see <a href="rms_05_0504.html">Example Functions (Python)</a>.</p>
<div class="section" id="rms_05_0404__section14111111694611"><a name="rms_05_0404__section14111111694611"></a><a name="section14111111694611"></a><h4 class="sectiontitle">Creating a Function with FunctionGraph</h4><ol id="rms_05_0404__ol131041349104913"><li id="rms_05_0404__li864143717355"><span>Log in to the management console.</span></li><li id="rms_05_0404__li1793515163215"><span>Click <span><img id="rms_05_0404__image333481220367" src="en-us_image_0000002015407113.png"></span> in the upper left corner of the page. In the service list that is displayed, under <strong id="rms_05_0404__b1525111372436">Compute</strong>, select <strong id="rms_05_0404__b1225193711436">FunctionGraph</strong>.</span></li><li id="rms_05_0404__li111041249154911"><span>In the navigation pane on the left, choose <strong id="rms_05_0404__b19391180184619">Functions</strong> &gt; <strong id="rms_05_0404__b1739117020465">Function List</strong>.</span></li><li id="rms_05_0404__li364514151101"><span>In the upper right corner, click <strong id="rms_05_0404__b191308722831242">Create Function</strong>. The <strong id="rms_05_0404__b1946674223615">Create from scratch</strong> tab is displayed by default.</span></li><li id="rms_05_0404__li1565685216114"><span>Set <strong id="rms_05_0404__b4417185819126">Function Type</strong> to <strong id="rms_05_0404__b1041719587126">Event Function</strong> and configure other parameters, including the function name and IAM agency.</span><p><p id="rms_05_0404__p4761185452018">The agency grants the function required permissions and must include the <strong id="rms_05_0404__b1267802112239">rms:policyStates:update</strong> permission.</p>
</p></li><li id="rms_05_0404__li131041649164914"><span>Click <strong id="rms_05_0404__b125414475364">Create Function</strong>.</span></li><li id="rms_05_0404__li01047495499"><span>In the code box, enter a function and click <strong id="rms_05_0404__b13235245112511">Deploy</strong>.</span><p><p id="rms_05_0404__p1752593417518">For details about example code, see <a href="rms_05_0504.html">Example Functions (Python)</a>.</p>
</p></li><li id="rms_05_0404__li410514912493"><span>Click <strong id="rms_05_0404__b455819571286">Configurations</strong>, modify <strong id="rms_05_0404__b14541126951">Execution Timeout (s)</strong> and <strong id="rms_05_0404__b1487714853">Memory (MB)</strong> in the <strong id="rms_05_0404__b98781277515">Basic Settings</strong> area as required. Configure <strong id="rms_05_0404__b2923163319511">Concurrency</strong>.</span></li><li id="rms_05_0404__li8908015144120"><span>Click <strong id="rms_05_0404__b98110472531242">Save</strong>.</span><p><p id="rms_05_0404__p190820159411">For more details, see <a href="https://docs.otc.t-systems.com/function-graph/umn/building_functions/creating_a_function_from_scratch/creating_an_event_function.html" target="_blank" rel="noopener noreferrer">Creating an Event Function</a>.</p>
</p></li></ol>
</div>

2
docs/config/umn/rms_05_3000.html
View File

@ -4,7 +4,7 @@
<div id="body0000001794580470"><div class="section" id="rms_05_3000__section173424462018"><h4 class="sectiontitle">Scenario</h4><p id="rms_05_3000__en-us_topic_0285045111_p8060118">After you add a rule, you can view all rules in the rule list and view evaluation results and configurations of a rule on the rule details page.</p>
<p id="rms_05_3000__p2992145410118">You can export all evaluation results. On the upper right corner of the rule details page, multiple buttons are provided for you to trigger, modify, enable, disable, or delete a rule.</p>
</div>
<div class="section" id="rms_05_3000__section12171339407"><h4 class="sectiontitle">Procedure</h4><ol id="rms_05_3000__ol71440494425"><li id="rms_05_3000__li5144349184216"><span>Log in to the management console.</span></li><li id="rms_05_3000__li19581555146"><span>Click <span><img id="rms_05_3000__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_05_3000__rms_03_0102_b17226618104220">Management &amp; Deployment</strong>, click <strong id="rms_05_3000__rms_03_0102_b174231242256">Config</strong>.</span></li><li id="rms_05_3000__li1478620135510"><span>In the navigation pane on the left, choose <strong id="rms_05_3000__rms_05_0100_b178071349194015">Resource Compliance</strong>.</span></li><li id="rms_05_3000__li51372013615"><span>On the <strong id="rms_05_3000__b56111551794">Rules</strong> tab, view rules, rule status, and evaluation results.</span></li><li id="rms_05_3000__li01451549194219"><span>Click the name of the target rule to go to the <strong id="rms_05_3000__b858365513102">Rule Details</strong> page.</span><p><p id="rms_05_3000__p156581146101215">On the left of the <strong id="rms_05_3000__b18429926228">Basic Information</strong> page, evaluation results are displayed, and on the right, rule details are displayed. Above the evaluation result list, you can filter evaluation results by resource name and ID. You can also export the list.</p>
<div class="section" id="rms_05_3000__section12171339407"><h4 class="sectiontitle">Procedure</h4><ol id="rms_05_3000__ol71440494425"><li id="rms_05_3000__li5144349184216"><span>Log in to the management console.</span></li><li id="rms_05_3000__li19581555146"><span>Click <span><img id="rms_05_3000__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_05_3000__rms_03_0102_b17226618104220">Management &amp; Deployment</strong>, click <strong id="rms_05_3000__rms_03_0102_b174231242256">Config</strong>.</span></li><li id="rms_05_3000__li1478620135510"><span>In the navigation pane on the left, choose <strong id="rms_05_3000__rms_05_0100_b178071349194015">Resource Compliance</strong>.</span></li><li id="rms_05_3000__li51372013615"><span>On the <strong id="rms_05_3000__b56111551794">Rules</strong> tab, view rules, rule status, and evaluation results.</span></li><li id="rms_05_3000__li01451549194219"><span>Click the name of the target rule to go to the <strong id="rms_05_3000__b858365513102">Rule Details</strong> page.</span><p><p id="rms_05_3000__p156581146101215">On the left of the <strong id="rms_05_3000__b18429926228">Basic Information</strong> tab, evaluation results are displayed, and on the right, rule details are displayed. Above the list, you can filter the resources by evaluation result, resource name, and resource ID. You can also export all evaluation results.</p>
<div class="fignone" id="rms_05_3000__fig318113495163"><span class="figcap"><b>Figure 1 </b>Rule Details</span><br><span><img id="rms_05_3000__image5182164917169" src="en-us_image_0000001924869504.png"></span></div>
<div class="note" id="rms_05_3000__note19635108112118"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_05_3000__p5988190185013">A rule may be in one of the following statuses:</p>
<ul id="rms_05_3000__ul10657145818507"><li id="rms_05_3000__li1301195125013"><strong id="rms_05_3000__b121411057181211">Enabled</strong>: The rule is available.</li><li id="rms_05_3000__li1614431216463"><strong id="rms_05_3000__b1299983221316">Disabled</strong>: The rule is disabled.</li><li id="rms_05_3000__li188113118512"><strong id="rms_05_3000__b96632520132">Evaluating</strong>: The rule is evaluating resources.</li><li id="rms_05_3000__li773694331610"><strong id="rms_05_3000__b613519165147">Submitting</strong>: The rule is submitting an evaluation task to the associated FunctionGraph function.</li></ul>

2
docs/config/umn/rms_06_0701.html
View File

@ -156,7 +156,7 @@
</div>
<p id="rms_06_0701__p205894363119"><strong id="rms_06_0701__b10877162323020">aggregator_resources</strong> contains <strong id="rms_06_0701__b967685183010">domain_id</strong> that indicates the account ID. The type of a domain ID is a string.</p>
<p id="rms_06_0701__p512182815417"><strong id="rms_06_0701__b254942912371">provider</strong> and <strong id="rms_06_0701__b754911294379">type</strong> represent a unique resource. For different resources, <strong id="rms_06_0701__b10549162963720">properties</strong> varies. For example, for an ECS, the <strong id="rms_06_0701__b19120287527">provider</strong> and <strong id="rms_06_0701__b15291636145215">type</strong> are <strong id="rms_06_0701__b15573161211535">ecs</strong> and <strong id="rms_06_0701__b16773161515314">cloudservers</strong>, and the <strong id="rms_06_0701__b04822584017">properties</strong> contains <strong id="rms_06_0701__b1072771011113">flavor</strong>. For a VPC, the <strong id="rms_06_0701__b6741202613111">provider</strong> and <strong id="rms_06_0701__b874120266112">type</strong> are <strong id="rms_06_0701__b13115181122">vpc</strong> and <strong id="rms_06_0701__b388010315215">publicips</strong>, and the <strong id="rms_06_0701__b1451011511921">properties</strong> contains <strong id="rms_06_0701__b1365316114310">bandwidth</strong>.</p>
<p id="rms_06_0701__p22971929163915">You can obtain resource attributes that can be included in the <strong id="rms_06_0701__b1355319244318">properties</strong> element for each resource on Config console or by calling the related API. For more details, see <a href="rms_08_0100.html#rms_08_0100__section1077795954511">How Can I Obtain Resource Attributes Reported to Config?</a>.</p>
<p id="rms_06_0701__p22971929163915">You can obtain resource attributes that can be included in the <strong id="rms_06_0701__b1425519316229">properties</strong> element for each resource on Config console or by calling the related API. For more details, see <a href="rms_08_0100.html#rms_08_0100__section1077795954511">How Can I Obtain Resource Attributes Reported to Config?</a></p>
<p id="rms_06_0701__p612428245"><strong id="rms_06_0701__b38360138816">properties</strong> supports nested queries. The following shows an example of how to query the <strong id="rms_06_0701__b258173416123">addresses</strong> parameter under <strong id="rms_06_0701__b1819718215132">properties</strong> for the running ECS.</p>
<pre class="screen" id="rms_06_0701__screen124420471753">SELECT name, created, updated, properties.addresses FROM resources
WHERE provider = 'ecs' AND type = 'cloudservers' AND properties.status = 'ACTIVE'</pre>

4
docs/config/umn/rms_08_0100.html
View File

@ -14,7 +14,7 @@
<div class="section" id="rms_08_0100__section15641074526"><h4 class="sectiontitle">Why Are Resource Change Notifications Not Stored into the Configured OBS Bucket?</h4><p id="rms_08_0100__p515311324214">To store resource change notifications, you need to configure both an SMN topic and an OBS bucket.</p>
<p id="rms_08_0100__p8060118">To make an SMN topic effective, you not only need to create a topic, but add subscription endpoints and request subscription confirmation.</p>
</div>
<div class="section" id="rms_08_0100__section28980415516"><h4 class="sectiontitle">Why Do I Receive a Notification When I Did Nothing with a Resource?</h4><p id="rms_08_0100__p15577141745117">If you have specified an effective SMN topic when you enabled the resource recorder, Config will send notifications of resource changes that are resulted from both user operations and non-user operations. For more details, see <a href="rms_04_0300.html">Notifications</a>. You are advised to use HTTPS or FunctionGraph (functions) instead of SMS messages or emails to receive notifications from Config.</p>
<div class="section" id="rms_08_0100__section28980415516"><h4 class="sectiontitle">Why Do I Receive a Notification When I Did Nothing with a Resource?</h4><p id="rms_08_0100__p15577141745117">If you have specified an effective SMN topic when you enabled the resource recorder, Config will send notifications of resource changes that are resulted from both user operations and non-user operations. For more details, see <a href="rms_04_0300.html">Notifications</a>. You are advised to use HTTPS or FunctionGraph functions instead of SMS messages or emails to receive notifications from Config.</p>
</div>
<div class="section" id="rms_08_0100__section1077795954511"><a name="rms_08_0100__section1077795954511"></a><a name="section1077795954511"></a><h4 class="sectiontitle">How Can I Obtain Resource Attributes Reported to Config?</h4><p id="rms_08_0100__p1154964785316">You can obtain resource attributes reported to Config in either of the following ways:</p>
<ul id="rms_08_0100__ul1655419476534"><li id="rms_08_0100__li95531447205318">Go to Config console and open the <strong id="rms_08_0100__b17465191953714">Query Editor</strong>. Resource attributes that are reported to Config are displayed on the left side of the <strong id="rms_08_0100__b20526154420381">Query Editor</strong>. The following procedure shows how to open the <strong id="rms_08_0100__b19338433163916">Query Editor</strong>.<ol id="rms_08_0100__ol763992315814"><li id="rms_08_0100__li146391323185811">Log in to the management console.</li><li id="rms_08_0100__li356185855416">Click <span><img id="rms_08_0100__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711" src="en-us_image_0000001978727588.png"></span> in the upper left corner of the page. In the service list that is displayed, under <strong id="rms_08_0100__b1242865465313">Management &amp; Deployment</strong>, select <strong id="rms_08_0100__b16429145414532">Config</strong>.</li><li id="rms_08_0100__li1277115512">In the navigation pane on the left, choose <strong id="rms_08_0100__b16601141914556">Advanced Queries</strong>.</li><li id="rms_08_0100__li10989173618119">On the <strong id="rms_08_0100__b3899133164218">Default Queries</strong> tab, click <strong id="rms_08_0100__b1623953213428">Query</strong> in the <strong id="rms_08_0100__b583874434215">Operation</strong> column of any rows.<div class="fignone" id="rms_08_0100__fig1574711541020"><span class="figcap"><b>Figure 1 </b>Using a query</span><br><span><img id="rms_08_0100__image67488159109" src="en-us_image_0000002001635001.png"></span></div>
@ -22,7 +22,7 @@
</li></ol>
</li><li id="rms_08_0100__li15553104705316">Alternatively, you can call the the querying schema API (GET /v1/resource-manager/domains/{domain_id}/schemas) to obtain resource attributes. In the response, the <strong id="rms_08_0100__b7823729185016">type</strong> field indicates the resource type, and the <strong id="rms_08_0100__b38231729185011">schema</strong> field indicates resource attributes that are reported to Config. For more details, see <em id="rms_08_0100__i28231529125017">Config API Reference</em>.</li></ul>
</div>
<div class="section" id="rms_08_0100__section1356812297234"><a name="rms_08_0100__section1356812297234"></a><a name="section1356812297234"></a><h4 class="sectiontitle">Why Is an Error Reported When Data Is Dumped to the OBS Bucket After the Resource Recorder Is Enabled?</h4><div class="p" id="rms_08_0100__p1573316404147">If the message "Failed to write the ConfigWritabilityCheckFile file to the OBS bucket because the OBS bucket or the IAM agency is invalid" is displayed, the possible reasons are as follows:<ol id="rms_08_0100__ol1774482510141"><li id="rms_08_0100__li1674422520146">The IAM agency assigned to the resource recorder does not contain the permission, <strong id="rms_08_0100__b374811102812">obs:object:PutObject</strong>.</li><li id="rms_08_0100__li157441125111420">If an OBS bucket from the current account was used, the reason may be that the bucket policy explicitly denies the <strong id="rms_08_0100__b9468183143013">PutObject</strong> action from the IAM agency. If an OBS bucket from another account was used, the reason may be that the bucket policy does not explicitly allow the <strong id="rms_08_0100__b57021738103418">PutObject</strong> action from the IAM agency. For more details, see <a href="rms_04_0200.html#rms_04_0200__section95911732882">Cross-Account Authorization</a> and <a href="https://docs.otc.t-systems.com/object-storage-service/umn/obs_console_operation_guide/permissions_control/bucket_policy_parameters/effect.html" target="_blank" rel="noopener noreferrer">Effect</a>.</li><li id="rms_08_0100__li1744132517141">You used an encrypted OBS bucket, but the agency assigned to the resource recorder did not contain related KMS permissions. For more details, see <a href="rms_04_0200.html#rms_04_0200__section1414618337911">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</a>.</li></ol>
<div class="section" id="rms_08_0100__section1356812297234"><a name="rms_08_0100__section1356812297234"></a><a name="section1356812297234"></a><h4 class="sectiontitle">Why Is an Error Reported When Data Is Dumped to the OBS Bucket After the Resource Recorder Is Enabled?</h4><div class="p" id="rms_08_0100__p1573316404147">If the message "Failed to write the ConfigWritabilityCheckFile file to the OBS bucket because the OBS bucket or the IAM agency is invalid" is displayed, the possible reasons are as follows:<ol id="rms_08_0100__ol1774482510141"><li id="rms_08_0100__li1674422520146">The IAM agency assigned to the resource recorder does not contain the permission, <strong id="rms_08_0100__b374811102812">obs:object:PutObject</strong>.</li><li id="rms_08_0100__li157441125111420">If an OBS bucket from the current account was used, the reason may be that the bucket policy explicitly denies the <strong id="rms_08_0100__b9468183143013">PutObject</strong> action from the IAM agency. If an OBS bucket from another account was used, the reason may be that the bucket policy does not explicitly allow the <strong id="rms_08_0100__b57021738103418">PutObject</strong> action from the IAM agency. For more details, see <a href="rms_04_0200.html#rms_04_0200__section95911732882">Cross-Account Authorization</a>. For permission judgement logic of budget policies, see <a href="https://docs.otc.t-systems.com/object-storage-service/umn/obs_console_operation_guide/permissions_control/bucket_policy_parameters/effect.html" target="_blank" rel="noopener noreferrer">Effect</a>.</li><li id="rms_08_0100__li1744132517141">You used an encrypted OBS bucket, but the agency assigned to the resource recorder did not contain related KMS permissions. For more details, see <a href="rms_04_0200.html#rms_04_0200__section1414618337911">Storing Resource Change Notifications and Resource Snapshots to an Encrypted OBS Bucket</a>.</li></ol>
</div>
</div>
</div>

2
docs/config/umn/rms_10_0200.html
View File

@ -7,6 +7,8 @@
</div>
<div class="section" id="rms_10_0200__section869911416247"><a name="rms_10_0200__section869911416247"></a><a name="section869911416247"></a><h4 class="sectiontitle">Creating a Custom Query</h4><ol id="rms_10_0200__ol123601145252"><li id="rms_10_0200__li133605452510"><span>Log in to the management console.</span></li><li id="rms_10_0200__li17340118202511"><span>Click <span><img id="rms_10_0200__rms_03_0102_rms_03_0102_rms_03_0101_rms_11_3000_rms_03_0102_rms_03_0101_image4857236125711" src="en-us_image_0000001711484518.png"></span> in the upper left corner. Under <strong id="rms_10_0200__rms_03_0102_b17226618104220">Management &amp; Deployment</strong>, click <strong id="rms_10_0200__rms_03_0102_b174231242256">Config</strong>.</span></li><li id="rms_10_0200__li13305181914256"><span>In the navigation pane on the left, choose <strong id="rms_10_0200__b1627512444513">Advanced Queries</strong>.</span></li><li id="rms_10_0200__li192971026102510"><span>Choose the <strong id="rms_10_0200__b113018551718">Custom Queries</strong> tab and click <strong id="rms_10_0200__b78726517212">Create Query</strong> in the upper right corner.</span><p><div class="fignone" id="rms_10_0200__fig12635131572520"><span class="figcap"><b>Figure 1 </b>Create Query</span><br><span><img id="rms_10_0200__image9635215162516" src="en-us_image_0000001924943432.png"></span></div>
</p></li><li id="rms_10_0200__li588482911395"><span>In the <strong id="rms_10_0200__b6529124255115">Query Editor</strong>, enter the query statements.</span><p><p id="rms_10_0200__p18225185213318">On the left of the page, the Schema information is displayed. Schema information shows detailed resource attributes that are specified by the <strong id="rms_10_0200__b892116438011">properties</strong> parameter in the statement. For details about query statements, see <a href="#rms_10_0200__section1933391511259">Configuration Examples of Advanced Queries</a>.</p>
<div class="note" id="rms_10_0200__note04011050144013"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_10_0200__p1040214507404">For supported cloud services and related schemas, see <a href="rms_01_0017.html">Supported Resources</a>.</p>
</div></div>
</p></li><li id="rms_10_0200__li127021620192915"><span>Click <strong id="rms_10_0200__b1454914219225">Save Query</strong> and enter the query name and description.</span><p><p id="rms_10_0200__p387252216398">A query name can contain only digits, letters, underscores (_), and hyphens (-). It cannot exceed 64 characters.</p>
</p></li><li id="rms_10_0200__li16741824112917"><span>Click <strong id="rms_10_0200__b181149474227">OK</strong>.</span><p><div class="fignone" id="rms_10_0200__fig194212555205"><span class="figcap"><b>Figure 2 </b>Saving a query</span><br><span><img id="rms_10_0200__image184221955192018" src="en-us_image_0000001924872408.png"></span></div>
<div class="note" id="rms_10_0200__note19263142314617"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="rms_10_0200__p1544745116592">There is a limit to how many custom queries you can create. If you exceed this limit, you will receive a notification: "The maximum number of custom queries has been reached." Although the query cannot be saved, you can still run the query and export the results.</p>