检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
You can use the following examples to learn how to query a specific trace: Use CTS to audit Elastic Volume Service (EVS) creation and deletion operations from the last two weeks. For details, see Security Auditing.
Notification Example of Resource Changes { "detail": { "resource": { "id": "3e62c0e6-e779-469e-b0f2-35743f6229d1", "name": "ecs-51c8", "provider": "evs", "type": "volumes", "checksum": "b3bcc019cecbb701e324e0dcf2f283236685885236b49f5ba5ea2f5f788170a1
", "policy_filter" : { "region_id" : null, "resource_provider" : "evs", "resource_type" : "volumes", "resource_id" : null, "tag_key" : null, "tag_value" : null }, "state" : "Enabled", "period" : null, "custom_policy" : null,
Example Requests None Example Responses Status code: 200 Operation succeeded. { "policy_assignment_type" : "builtin", "id" : "5fb76a240f2daf0b9662a04d", "name" : "volume-inuse-check", "description" : "An EVS disk is non-compliant if it is not mounted to a cloud server.
Object> Resource attributes Example quires are as follows: Example 1: Querying the names of stopped ECSs in a resource aggregator SELECT domainId, name FROM aggregator_resources WHERE provider = 'ecs' AND type = 'cloudservers' AND properties.status = 'SHUTOFF' Example 2: Querying EVS
", "policy_filter" : { "region_id" : null, "resource_provider" : "evs", "resource_type" : "volumes", "resource_id" : null, "tag_key" : null, "tag_value" : null }, "state" : "Enabled", "period" : null, "custom_policy" : null, "created" : "2020-11
", "policy_filter" : { "region_id" : null, "resource_provider" : "evs", "resource_type" : "volumes", "resource_id" : null, "tag_key" : null, "tag_value" : null }, "period" : null, "custom_policy" : null, "state" : "Enabled", "created" : "2020-11
Ensure their own websites are employing suitable encryption technology to protect client data as it travels over the Internet. volumes-encrypted-check Enable encryption for EVS to protect data. 6_SECURE DEVICES: ENCRYPTION Protect data by encrypting it.
", "period" : null, "policy_filter" : { "region_id" : null, "resource_provider" : "evs", "resource_type" : "volumes", "resource_id" : null, "tag_key" : null, "tag_value" : null }, "policy_definition_id" : "5fa265c0aa1e6afc05a0ff07", "parameters" :
Requests GET https://{endpoint}/v1/resource-manager/policy-definitions/5f8d5428ffeecc14f1fb5205 Example Responses Status code: 200 Operation succeeded. { "id" : "5f8d5428ffeecc14f1fb5205", "name" : "ecs-instance-no-public-ip", "display_name" : "Enable encryption for the attached EVS
d02b7fa9d5a74e638c1402d0868f71fd", "organization_policy_assignment_name" : "allowed-images-by-id", "description" : "The ECS resource is non-compliant if the image it used is not in the allowed list", "period" : null, "policy_filter" : { "region_id" : null, "resource_provider" : "evs
", "period" : null, "policy_filter" : { "region_id" : null, "resource_provider" : "evs", "resource_type" : "volumes", "resource_id" : null, "tag_key" : null, "tag_value" : null }, "policy_definition_id" : "5fa265c0aa1e6afc05a0ff07", "parameters" :
", "period" : null, "policy_filter" : { "region_id" : null, "resource_provider" : "evs", "resource_type" : "volumes", "resource_id" : null, "tag_key" : null, "tag_value" : null }, "policy_definition_id" : "5fa265c0aa1e6afc05a0ff07", "parameters" :
Where hashed and truncated versions of the same PAN are present in an entity's environment, additional controls must be in place to ensure that the hashed and truncated versions cannot be correlated to reconstruct the original PAN. volumes-encrypted-check Enable encryption for EVS
Idle ECS Check Rule Details Table 1 Rule details Parameter Description Rule Name stopped-ecs-date-diff Identifier Idle ECS Check Description If an ECS has been stopped for longer than the time allowed, and no operations have been performed on it, this ECS is non-compliant. Tag ecs
ECS Status Check Rule Details Table 1 Rule details Parameter Description Rule Name ecs-instance-status-no-stopped Identifier ECS Status Check Description If an ECS is not in the stopped state, the check result is non-compliant. Tag ecs Trigger Type Configuration change Filter Type
ECS Memory Size Rule Details Table 1 Rule details Parameter Description Rule Name ecs-instance-memory-check Identifier ECS Memory Size Description If an ECS has less memory than required, the check result is non-compliant. Tag ecs Trigger Type Configuration change Filter Type ecs.cloudservers
Number of ECS vCPUs Rule Details Table 1 Rule details Parameter Description Rule Name ecs-instance-cpu-check Identifier Number of ECS vCPUs Description If an ECS has fewer vCPUs than required, the check result is non-compliant. Tag ecs Trigger Type Configuration change Filter Type
ECS Backup Time Check Rule Details Table 1 Rule details Parameter Description Rule Name ecs-last-backup-created Identifier ECS Backup Time Check Description If an ECS does not have a backup created within the specified period, this ECS is non-compliant. Tag cbr, ecs Trigger Type Periodic
ECS Instances Are in the Specified VPC Rule Details Table 1 Rule details Parameter Description Rule Name ecs-instance-in-vpc Identifier ECS Instances Are in the Specified VPC Description If an ECS is not in the specified VPC, this ECS is non-compliant. Tag ecs, vpc Trigger Type Configuration
