检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
If a mounted EVS disk is not encrypted, this disk is noncompliant.
If an EVS disk is not mounted to any cloud server, this disk is noncompliant. volumes-encrypted-check ecs, evs If a mounted EVS disk is not encrypted, this disk is noncompliant. vpn-connections-active vpnaas If a VPN is not normally connected, this rule is noncompliant. bms-key-pair-security-login
If a mounted EVS disk is not encrypted, this disk is noncompliant. vpc-flow-logs-enabled vpc If there is a flow log that has not been enabled for a VPC, this VPC is noncompliant. vpn-connections-active vpnaas Ensure normal VPN connections.
If a mounted EVS disk is not encrypted, this disk is noncompliant. vpc-flow-logs-enabled vpc If there is a flow log that has not been enabled for a VPC, this VPC is noncompliant. vpc-sg-ports-check vpc If a security group allows all inbound traffic (with the source address set to
If not, the VPCs are considered non-compliant. 4.1 access-keys-rotated iam If an IAM user's access key is not rotated within the specified number of days, this user is noncompliant. 4.1 evs-use-in-specified-days evs If an EVS disk has not been used within the specified time range
If an EVS disk is not encrypted, this EVS disk is noncompliant. ecs-instance-no-public-ip ecs If an ECS has an EIP attached, this ECS is noncompliant. ecs-instance-agency-attach-iam-agency ecs If an ECS does not have any IAM agencies attached, this ECS is noncompliant. sfsturbo-encrypted-check
Enter the following query and click Run to query idle EVS disks. SELECT * FROM tracked_resources WHERE provider = 'evs' AND type = 'volumes' AND properties.status != 'in-use' On the Results area, click Export to export query results to a CSV or a JSON file.
Encryption Workshop Identity and Access Management Document Database Service Simple Message Notification Virtual Private Cloud Virtual Private Network Cloud Eye Cloud Container Engine Cloud Trace Service Relational Database Service GaussDB TaurusDB GeminiDB Cloud Search Service Elastic
For example, you can list all EVS disks that have not been attached to any ECS to avoid unnecessary expenditures. You can only use advanced queries to query, view, or export cloud resources. If you need to modify or delete resources, go to related service consoles.
SELECT * FROM resources WHERE provider = 'obs' AND type = 'buckets' AND name LIKE '%figure%' Example 4: List ECSs and the EVS disks attached to each ECS.
sfsturbo-encrypted-check KMS Encryption Is Enabled for SFS C.CS.FOUNDATION.G_5_4.R_1 cbr-backup-encrypted-check CBR Backup Encryption Check C.CS.FOUNDATION.G_5_4.R_4 sfsturbo-last-backup-created SFSturbo Backup Time Window Check C.CS.FOUNDATION.G_5_4.R_4 evs-last-backup-created EVS
Public services, such as Elastic Cloud Server (ECS), Elastic Volume Service (EVS), Object Storage Service (OBS), Virtual Private Cloud (VPC), Elastic IP (EIP), and Image Management Service (IMS), are shared within the same region.
Volume Service (EVS) EVS Disk Type Check Configuration change evs.volumes Disks Are Used Within the Specified Time Periodic evs.volumes Idle EVS Disk Check Configuration change evs.volumes EVS Disks Are Encrypted Configuration change evs.volumes Disk Encryption Are Enabled Configuration
') ECS (SELECT id FROM resources WHERE provider = 'evs' AND type = 'volumes') EVS WHERE contains(ecs.evs_list, evs.id) 'contains(a, element)→boolean' determines whether an element appears in array a.
Example: the binding relationship between EVS disks and ECSs the relationship between ECSs and VPCs OBT Viewing Resource Relationships November 2019 No. Feature Description Phase Documentation 1 My resources You can now: Query all resources. Query details about a resource.
If a mounted EVS disk is not encrypted, this disk is noncompliant. vpc-acl-unused-check vpc If a network ACL is not attached to any subnets, this ACL is noncompliant. vpc-default-sg-closed vpc If a default security group allows all inbound or outbound traffic, this security group
drs.subscriptionJob) Backup Migration Tasks (drs.backupMigrationJob) Bare Metal Server (BMS) BMSs (bms.servers) Elastic Cloud Server (ECS) ECSs (ecs.cloudservers) Hyper Elastic Cloud Server (HECS) HECSs (hecs.hcloudservers) Virtual Private Cloud (VPC) VPCs (vpc.vpcs) EIPs (vpc.publicips) Elastic
", "policy_type" : "builtin", "description" : "An EVS disk is non-compliant if it has been mounted but not encrypted.
Example Requests Querying IDs of all VMs under your account POST https://{endpoint}/v1/resource-manager/domains/{domain_id}/run-query { "expression" : "select id from resources where provider = 'ecs' and type = 'cloudservers'" } Querying EVS disks with a capacity of 100 GB in the
Use this rule to identity idle cloud disks. 2.3 kms-not-scheduled-for-deletion Use this rule to identify KMS keys that are scheduled for deletion. 2.5 A sfsturbo-encrypted-check Enable KMS encryption for SFS Turbo file systems. 2.5 A volumes-encrypted-check Enable encryption for EVS
