Agentless Vulnerability & Threat Detection pre-deployment steps for Alibaba Cloud

Procedure

1. Configure your Alibaba Cloud account for Agentless Vulnerability & Threat Detection deployment.
   1. Enable the following services in your Alibaba Cloud account:
      • Simple Log Service
      • Simple Message Queue
      • EventBridge
        • When enabling EventBridge, select and authorize the following EventBridge service-linked roles to ensure agentless Vulnerability & Threat Detection functions correctly:
          • AliyunServiceRoleForEventBridgeSendToFC
          • AliyunServiceRoleForEventBridgeSendToMNS
2. Verify that your Alibaba Cloud account has sufficient resource quotas to handle Agentless Vulnerability & Threat Detection deployment.
   1. Check the following static resource types and ensure your quotas meet or exceed the numbers of resources deployed by Agentless Vulnerability & Threat Detection.

      OCI static resource quota requirements

      Resource type	Quota requirement: deployment to primary region only	Quota requirement: deployment to primary region and non-primary region
      alicloud_fc_function	5	10
      alicloud_fc_function_async_invoke_config	1	2
      alicloud_fc_service	4	8
      alicloud_fc_trigger	4	8
      alicloud_fcv3_async_invoke_config	5	10
      alicloud_fcv3_concurrency_config	2	4
      alicloud_fcv3_function	12	23
      alicloud_fcv3_trigger	13	23
      alicloud_log_project	1	2
      alicloud_log_store	3	6
      alicloud_log_store_index	3	6
      alicloud_message_service_queue	6	12
      alicloud_oos_secret_parameter	3	4
      alicloud_oss_bucket	2	4
      alicloud_ots_search_index	1	2
      alicloud_ots_table	2	4
      alicloud_ram_policy	6	6
      alicloud_ram_role	4	4
      alicloud_ram_role_policy_attachment	6	6
      alicloud_security_group	1	2
      alicloud_security_group_rule	1	2
      alicloud_vpc	1	2
      alicloud_vswitch	1	2

   2. Ensure the resource limits set for your deployed region are sufficient to handle the following dynamic resources created during Agentless Vulnerability & Threat Detection scans. Dynamic resources are automatically deleted when a scan completes.
      • Elastic Compute Service (ECS) instances
      • ECS block storage disks
      • ECS snapshots

      Tip To learn more about making sure your account in the deployment region has sufficient resource limits to handle resources created and used by Agentless Vulnerability & Threat Detection, see the Alibaba Cloud documentation about the Quota Center.