检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
CTS Trackers Have Been Created for the Specified OBS Bucket Rule Details Table 1 Rule details Parameter Description Rule Name cts-obs-bucket-track Identifier cts-obs-bucket-track Description If there are no CTS trackers created for the specified OBS bucket, the current account is
Tag obs, access-analyzer-verified Trigger Type Configuration change Filter Type obs.buckets Configure Rule Parameters None Applicable Scenario A bucket policy applies to the configured OBS bucket and objects in the bucket.
Tag obs, access-analyzer-verified Trigger Type Configuration change Filter Type obs.buckets Configure Rule Parameters None Applicable Scenario A bucket policy applies to the configured OBS bucket and objects in the bucket.
OBS Bucket Policies Do Not Allow Blacklisted Actions Rule Details Table 1 Rule details Parameter Description Rule Name obs-bucket-blacklisted-actions-prohibited Identifier obs-bucket-blacklisted-actions-prohibited Description If an OBS bucket has a policy that allows blacklisted actions
Note: The parameters should have the same format as the principals or conditions in OBS bucket policies. Applicable Scenario A bucket policy applies to the configured OBS bucket and objects in the bucket.
Rule Logic If an OBS bucket denies requests that are not encrypted with SSL, this bucket is compliant. If an OBS bucket allows requests that are not encrypted with SSL, this bucket is noncompliant.
Tag ces, obs Trigger Type Periodic Filter Type Account Configure Rule Parameters None Rule Logic If there are no alarm rules configured for modifying or deleting OBS bucket policies, this rule is noncompliant.
Resource Recorder Are Resource Snapshots and Resource Change Notifications Stored into the Same OBS Bucket? Yes, they are stored into the same OBS bucket.
Tag cts Trigger Type Periodic Filter Type Account Configure Rule Parameters None Applicable Scenario CTS allows you to create data trackers to record operations (such as upload and download) on data that is stored in OBS buckets Solution When you log in to CTS console for the first
Tag cts Trigger Type Configuration change Filter Type cts.trackers Configure Rule Parameters None Applicable Scenario This rule ensures that the traces dumped by a CTS tracker to an OBS bucket are encrypted.
is noncompliant. obs-bucket-ssl-requests-only obs If an OBS bucket allows HTTP requests, this bucket is noncompliant.
Supported Services and Resources Currently, although most Huawei Cloud services and resources support tagging, tag information of some resources, such as OBS buckets, cannot be synchronized to Config.
Rule Logic If an OBS bucket policy allows more permissions than the specified controlPolicy, this bucket is noncompliant. If an OBS bucket policy does not allow more permissions than the specified controlPolicy, this bucket is compliant. Parent topic: Object Storage Service
The OBS URL specifies the location of an object stored in an OBS bucket. To obtain an OBS URL on the OBS console, you need to locate the object and choose More > Copy Object URL in the Operation column on the Objects page.
${bucket_name}: The name of an OBS bucket. ${folder_name}: The name of a folder in an OBS bucket.
Billing The SMN topic and the OBS bucket that you configured for the resource recorder will be charged. For details, see SMN billing and OBS billing for OBS. The Function Graph functions used for creating custom rules will be charged.
Object Storage Service OBS Bucket Policies Do Not Allow Blacklisted Actions OBS Bucket Policies Only Allow Access from the Specified Objects Permission Boundary Check OBS Bucket Policies Do Not Allow Public Read Access OBS Bucket Policies Do Not Allow Public Write Access OBS Buckets
Storing Resource Change Notifications After you enable the resource recorder and specify an SMN topic and an OBS bucket, Config stores your resource change notifications to the OBS bucket every 6 hours.
Specify an OBS bucket. Select an OBS bucket from the current account or another account to store resource change messages and snapshots. If there are no OBS buckets in the current account, create one first. For details, see Creating a Bucket. Configure an SMN topic.
You can go to the Objects page on the OBS console and find your resource snapshots based on the paths.
