模板名称
ACS-OSS-PutBucketEncryption 配置OSSBucket加密规则
模板描述
配置OSSBucket的加密规则
模板类型
自动化
所有者
Alibaba Cloud
输入参数
参数名称 | 描述 | 类型 | 是否必填 | 默认值 | 约束 |
SSEAlgorithm | SSE加密方式 | String | 是 | ||
bucketName | OSS bucket 名称 | String | 是 | ||
regionId | 地域ID | String | 否 | {{ ACS::RegionId }} | |
KMSMasterKeyID | KMS密钥ID | String | 否 | False | |
OOSAssumeRole | OOS扮演的RAM角色 | String | 否 | "" |
输出参数
无
执行此模板需要的权限策略
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:PutBucketEncryption"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
详情
模板内容
FormatVersion: OOS-2019-06-01
Description:
en: Encryption rules for configuring buckets
zh-cn: 配置OSSBucket的加密规则
name-en: ACS-OSS-PutBucketEncryption
name-zh-cn: 配置OSSBucket加密规则
categories:
- security
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: 地域ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
SSEAlgorithm:
Label:
en: SSEAlgorithm
zh-cn: SSE加密方式
Description:
en: Set the default encryption method of the server
zh-cn: 设置服务端默认加密方式
Type: String
AllowedValues:
- KMS
- AES256
KMSMasterKeyID:
Label:
en: KMSMasterKeyID
zh-cn: KMS密钥ID
Description:
en: >-
When the ssealgorithm value is KMS, you need to enter the key ID,
otherwise, it must be empty(Default No is empty)
zh-cn: 当SSEAlgorithm值为KMS时,需输入KMSMasterKeyID,其他情况下,必须为空(No 代表为空)
Type: String
Default: No
bucketName:
Label:
en: BucketName
zh-cn: OSS bucket 名称
Type: String
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
RegionId: regionId
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOS扮演的RAM角色
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: chooseWetherHasKMSMasterKeyIDTask
Action: 'ACS::Choice'
Properties:
DefaultTask: putBucketEncryptionNoKeyId
Choices:
- When:
'Fn::Equals':
- KMS
- '{{ SSEAlgorithm }}'
NextTask: putBucketEncryption
- When:
'Fn::Equals':
- AES256
- '{{ SSEAlgorithm }}'
NextTask: putBucketEncryptionNoKeyId
- Name: putBucketEncryptionNoKeyId
Action: 'ACS::ExecuteAPI'
Description:
en: 'Encryption rules for configuring buckets(AES256)'
zh-cn: 用于配置Bucket的加密规则(AES256)
OnSuccess: 'ACS::END'
Properties:
Service: OSS
API: PutBucketEncryption
Method: PUT
URI: '?encryption'
Headers:
Content-MD5: ""
Content-Type: application/xml
Parameters:
RegionId: '{{ regionId }}'
BucketName: '{{ bucketName }}'
Body: '<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionRule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm>
<KMSMasterKeyID></KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>'
- Name: putBucketEncryption
Action: 'ACS::ExecuteAPI'
Description:
en: Encryption rules for configuring buckets(KMS)
zh-cn: 用于配置Bucket的加密规则(KMS)
Properties:
Service: OSS
API: PutBucketEncryption
Method: PUT
URI: '?encryption'
Headers:
Content-MD5: ""
Content-Type: application/xml
Parameters:
RegionId: '{{ regionId }}'
BucketName: '{{ bucketName }}'
Body: '<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionRule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm>
<KMSMasterKeyID>{{ KMSMasterKeyID }}</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>'
文档内容是否对您有帮助?