ALIYUN::Config::AggregateCompliancePack

ALIYUN::Config::AggregateCompliancePack类型用于为指定账号组创建合规包。

语法

{
  "Type": "ALIYUN::Config::AggregateCompliancePack",
  "Properties": {
    "TagKeyScope": String,
    "TagValueScope": String,
    "Description": String,
    "CompliancePackName": String,
    "ExcludeResourceIdsScope": List,
    "RegionIdsScope": List,
    "ResourceGroupIdsScope": List,
    "ConfigRules": List,
    "CompliancePackTemplateId": String,
    "RiskLevel": Integer,
    "DefaultEnable": Boolean,
    "AggregatorId": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

AggregatorId

String

账号组ID。

CompliancePackName

String

合规包名称。

ConfigRules

List

合规包中的规则列表。

更多信息,请参见ConfigRules属性

Description

String

合规包描述。

RiskLevel

Integer

合规包风险等级。

取值:

  • 1:高风险。

  • 2:中风险。

  • 3:低风险。

CompliancePackTemplateId

String

合规包模板ID。

DefaultEnable

Boolean

规则是否支持快速启用。

取值:

  • true:合规包快捷启用时会开启该规则。

  • false(默认值):不启用。

ExcludeResourceIdsScope

List

合规包对指定资源ID无效,即不对该资源执行评估。

多个资源ID之间用半角逗号(,)分隔。

RegionIdsScope

List

合规包仅对指定地域ID中的资源生效。

多个地域ID之间用半角逗号(,)分隔。

ResourceGroupIdsScope

List

合规包仅对指定资源组ID中的资源生效。

多个资源组ID之间用半角逗号(,)分隔。

TagKeyScope

String

合规包仅对绑定指定标签键的资源生效。

TagValueScope

String

合规包仅对绑定指定标签键值对的资源生效。

TagValueScope需结合TagKeyScope一起使用。

ConfigRules语法

"ConfigRules": [
  {
    "ConfigRuleId": String,
    "Description": String,
    "ConfigRuleName": String,
    "ManagedRuleIdentifier": String,
    "RiskLevel": Integer,
    "ConfigRuleParameters": List
  }
]

ConfigRules属性

属性名称

类型

必须

允许更新

描述

约束

RiskLevel

Integer

规则风险等级。

取值:

  • 1:高风险。

  • 2:中风险。

  • 3:低风险。

ConfigRuleId

String

规则ID。

配置审计将已有规则加入到当前合规包中。

ManagedRuleIdentifierConfigRuleId二选一,当两个参数都设置时,以ConfigRuleId为准确。

ConfigRuleName

String

规则名称。

ConfigRuleParameters

List

规则参数信息。

更多信息,请参见ConfigRuleParameters属性

Description

String

规则描述。

ManagedRuleIdentifier

String

托管规则标识。

配置审计根据托管规则标识自动创建规则,并将该规则加入到当前合规包中。

ManagedRuleIdentifierConfigRuleId二选一,当两个参数都设置时,以ConfigRuleId为准确。

ConfigRuleParameters语法

"ConfigRuleParameters": [
  {
    "ParameterValue": String,
    "ParameterName": String
  }
]

ConfigRuleParameters属性

属性名称

类型

必须

允许更新

描述

约束

ParameterValue

String

规则参数值。

参数ParameterNameParameterValue必须同时设置,或同时不设置。如果托管规则存在参数,且无默认取值,则您必须设置该参数。

ParameterName

String

规则参数名称。

参数ParameterNameParameterValue必须同时设置,或同时不设置。如果托管规则存在参数,且无默认取值,则您必须设置该参数。

返回值

Fn::GetAtt

CompliancePackId:合规包ID。

示例

YAML

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  AggregatorId:
    Description:
      en: Aggregator id.
    Required: true
    Type: String
  CompliancePackName:
    Description:
      en: Compliance package name.
    Required: true
    Type: String
  CompliancePackTemplateId:
    Description:
      en: Compliance package template ID.
    Required: false
    Type: String
  ConfigRules:
    AssociationProperty: List[Parameter]
    AssociationPropertyMetadata:
      Parameter:
        AssociationPropertyMetadata:
          Parameters:
            ConfigRuleId:
              Description:
                en: Rule ID. Configure auditing to add existing rules to the current
                  compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId.
                  When both parameters are set, ConfigRuleId is the correct one.
              Required: false
              Type: String
            ConfigRuleName:
              Description:
                en: The name of config rule.
              Required: false
              Type: String
            ConfigRuleParameters:
              AssociationProperty: List[Parameters]
              AssociationPropertyMetadata:
                Parameters:
                  ParameterName:
                    Description:
                      en: The name of parameter.
                    Required: true
                    Type: String
                  ParameterValue:
                    Description:
                      en: The value of parameter.
                    Required: true
                    Type: String
              Required: false
              Type: Json
            Description:
              AssociationProperty: TextArea
              Description:
                en: The description of config rule.
              Required: false
              Type: String
            ManagedRuleIdentifier:
              Description:
                en: Managed rule ID. Configure auditing to automatically create a
                  rule based on the managed rule ID and add the rule to the current
                  compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId.
                  When both parameters are set, ConfigRuleId is the correct one.
              Required: false
              Type: String
            RiskLevel:
              AllowedValues:
              - 1
              - 2
              - 3
              Description:
                en: 'Rule risk level. Value:

                  1: High risk.

                  2: Medium risk.

                  3: Low risk.'
              Required: true
              Type: Number
        Required: false
        Type: Json
    Description:
      en: List of rules in the compliance package.
    MinLength: 1
    Required: true
    Type: Json
  DefaultEnable:
    Description:
      en: 'Whether the rule supports quick activation. Value:

        true: This rule will be enabled when the compliance package is quickly enabled.

        false (default): disable'
    Required: false
    Type: Boolean
  Description:
    AssociationProperty: TextArea
    Description:
      en: The description of compliance pack.
    Required: true
    Type: String
  ExcludeResourceIdsScope:
    AssociationProperty: List[Parameter]
    AssociationPropertyMetadata:
      Parameter:
        Description:
          en: The resource id.
        Required: false
        Type: String
    Description:
      en: The compliance package is invalid for the specified resource ID, that is,
        no evaluation is performed on the resource.
    Required: false
    Type: Json
  RegionIdsScope:
    AssociationProperty: List[Parameter]
    AssociationPropertyMetadata:
      Parameter:
        Description:
          en: The region id.
        Required: false
        Type: String
    Description:
      en: The compliance package only takes effect for resources in the specified
        region ID.
    Required: false
    Type: Json
  ResourceGroupIdsScope:
    AssociationProperty: List[Parameter]
    AssociationPropertyMetadata:
      Parameter:
        Description:
          en: Resource group id.
        Required: false
        Type: String
    Description:
      en: The compliance package only takes effect on resources in the specified resource
        group ID.
    Required: false
    Type: Json
  RiskLevel:
    AllowedValues:
    - 1
    - 2
    - 3
    Description:
      en: 'Compliance package risk level. Value:

        1: High risk.

        2: Medium risk.

        3: Low risk.'
    Required: true
    Type: Number
  TagKeyScope:
    Description:
      en: Compliance packages only take effect on resources bound to the specified
        tag key.
    Required: false
    Type: String
  TagValueScope:
    Description:
      en: Compliance packages only take effect on resources bound to specified tag
        key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope.
    Required: false
    Type: String
Resources:
  AggregateCompliancePack:
    Properties:
      AggregatorId:
        Ref: AggregatorId
      CompliancePackName:
        Ref: CompliancePackName
      CompliancePackTemplateId:
        Ref: CompliancePackTemplateId
      ConfigRules:
        Ref: ConfigRules
      DefaultEnable:
        Ref: DefaultEnable
      Description:
        Ref: Description
      ExcludeResourceIdsScope:
        Ref: ExcludeResourceIdsScope
      RegionIdsScope:
        Ref: RegionIdsScope
      ResourceGroupIdsScope:
        Ref: ResourceGroupIdsScope
      RiskLevel:
        Ref: RiskLevel
      TagKeyScope:
        Ref: TagKeyScope
      TagValueScope:
        Ref: TagValueScope
    Type: ALIYUN::Config::AggregateCompliancePack
Outputs:
  CompliancePackId:
    Description: 'The ID of the compliance pack id. '
    Value:
      Fn::GetAtt:
      - AggregateCompliancePack
      - CompliancePackId
                        

JSON

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "TagKeyScope": {
      "Type": "String",
      "Description": {
        "en": "Compliance packages only take effect on resources bound to the specified tag key."
      },
      "Required": false
    },
    "TagValueScope": {
      "Type": "String",
      "Description": {
        "en": "Compliance packages only take effect on resources bound to specified tag key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope."
      },
      "Required": false
    },
    "Description": {
      "AssociationProperty": "TextArea",
      "Type": "String",
      "Description": {
        "en": "The description of compliance pack."
      },
      "Required": true
    },
    "CompliancePackName": {
      "Type": "String",
      "Description": {
        "en": "Compliance package name."
      },
      "Required": true
    },
    "ExcludeResourceIdsScope": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "The resource id."
          },
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The compliance package is invalid for the specified resource ID, that is, no evaluation is performed on the resource."
      },
      "Required": false
    },
    "RegionIdsScope": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "The region id."
          },
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The compliance package only takes effect for resources in the specified region ID."
      },
      "Required": false
    },
    "ResourceGroupIdsScope": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "Resource group id."
          },
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The compliance package only takes effect on resources in the specified resource group ID."
      },
      "Required": false
    },
    "ConfigRules": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "AssociationPropertyMetadata": {
            "Parameters": {
              "ConfigRuleId": {
                "Type": "String",
                "Description": {
                  "en": "Rule ID. Configure auditing to add existing rules to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one."
                },
                "Required": false
              },
              "Description": {
                "AssociationProperty": "TextArea",
                "Type": "String",
                "Description": {
                  "en": "The description of config rule."
                },
                "Required": false
              },
              "ConfigRuleName": {
                "Type": "String",
                "Description": {
                  "en": "The name of config rule."
                },
                "Required": false
              },
              "ManagedRuleIdentifier": {
                "Type": "String",
                "Description": {
                  "en": "Managed rule ID. Configure auditing to automatically create a rule based on the managed rule ID and add the rule to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one."
                },
                "Required": false
              },
              "RiskLevel": {
                "Type": "Number",
                "Description": {
                  "en": "Rule risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk."
                },
                "AllowedValues": [
                  1,
                  2,
                  3
                ],
                "Required": true
              },
              "ConfigRuleParameters": {
                "AssociationPropertyMetadata": {
                  "Parameters": {
                    "ParameterValue": {
                      "Type": "String",
                      "Description": {
                        "en": "The value of parameter."
                      },
                      "Required": true
                    },
                    "ParameterName": {
                      "Type": "String",
                      "Description": {
                        "en": "The name of parameter."
                      },
                      "Required": true
                    }
                  }
                },
                "AssociationProperty": "List[Parameters]",
                "Type": "Json",
                "Required": false
              }
            }
          },
          "Type": "Json",
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "List of rules in the compliance package."
      },
      "Required": true,
      "MinLength": 1
    },
    "CompliancePackTemplateId": {
      "Type": "String",
      "Description": {
        "en": "Compliance package template ID."
      },
      "Required": false
    },
    "RiskLevel": {
      "Type": "Number",
      "Description": {
        "en": "Compliance package risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk."
      },
      "AllowedValues": [
        1,
        2,
        3
      ],
      "Required": true
    },
    "DefaultEnable": {
      "Type": "Boolean",
      "Description": {
        "en": "Whether the rule supports quick activation. Value:\ntrue: This rule will be enabled when the compliance package is quickly enabled.\nfalse (default): disable"
      },
      "Required": false
    },
    "AggregatorId": {
      "Type": "String",
      "Description": {
        "en": "Aggregator id."
      },
      "Required": true
    }
  },
  "Resources": {
    "AggregateCompliancePack": {
      "Type": "ALIYUN::Config::AggregateCompliancePack",
      "Properties": {
        "TagKeyScope": {
          "Ref": "TagKeyScope"
        },
        "TagValueScope": {
          "Ref": "TagValueScope"
        },
        "Description": {
          "Ref": "Description"
        },
        "CompliancePackName": {
          "Ref": "CompliancePackName"
        },
        "ExcludeResourceIdsScope": {
          "Ref": "ExcludeResourceIdsScope"
        },
        "RegionIdsScope": {
          "Ref": "RegionIdsScope"
        },
        "ResourceGroupIdsScope": {
          "Ref": "ResourceGroupIdsScope"
        },
        "ConfigRules": {
          "Ref": "ConfigRules"
        },
        "CompliancePackTemplateId": {
          "Ref": "CompliancePackTemplateId"
        },
        "RiskLevel": {
          "Ref": "RiskLevel"
        },
        "DefaultEnable": {
          "Ref": "DefaultEnable"
        },
        "AggregatorId": {
          "Ref": "AggregatorId"
        }
      }
    }
  },
  "Outputs": {
    "CompliancePackId": {
      "Description": "The ID of the compliance pack id. ",
      "Value": {
        "Fn::GetAtt": [
          "AggregateCompliancePack",
          "CompliancePackId"
        ]
      }
    }
  }
}