ALIYUN::Config::AggregateCompliancePack类型用于为指定账号组创建合规包。
语法
{
"Type": "ALIYUN::Config::AggregateCompliancePack",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"CompliancePackName": String,
"ExcludeResourceIdsScope": List,
"RegionIdsScope": List,
"ResourceGroupIdsScope": List,
"ConfigRules": List,
"CompliancePackTemplateId": String,
"RiskLevel": Integer,
"DefaultEnable": Boolean,
"AggregatorId": String,
"ResourceIdsScope": String,
"ExcludeRegionIdsScope": String,
"TemplateContent": String,
"ExcludeResourceGroupIdsScope": String
}
}
属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AggregatorId | String | 是 | 是 | 账号组ID。 | 无 |
CompliancePackName | String | 是 | 是 | 合规包名称。 | 无 |
ConfigRules | List | 是 | 是 | 合规包中的规则列表。 | 更多信息,请参见ConfigRules属性。 |
Description | String | 是 | 是 | 合规包描述。 | 无 |
RiskLevel | Integer | 是 | 是 | 合规包风险等级。 | 取值:
|
CompliancePackTemplateId | String | 否 | 否 | 合规包模板ID。 | 无 |
DefaultEnable | Boolean | 否 | 是 | 规则是否支持快速启用。 | 取值:
|
ExcludeResourceIdsScope | List | 否 | 是 | 合规包对指定资源ID无效,即不对该资源执行评估。 | 多个资源ID之间用半角逗号(,)分隔。 |
RegionIdsScope | List | 否 | 是 | 合规包仅对指定地域ID中的资源生效。 | 多个地域ID之间用半角逗号(,)分隔。 |
ResourceGroupIdsScope | List | 否 | 是 | 合规包仅对指定资源组ID中的资源生效。 | 多个资源组ID之间用半角逗号(,)分隔。 |
TagKeyScope | String | 否 | 是 | 合规包仅对绑定指定标签键的资源生效。 | 无 |
TagValueScope | String | 否 | 是 | 合规包仅对绑定指定标签键值对的资源生效。 | TagValueScope需结合TagKeyScope一起使用。 |
ResourceIdsScope | String | 否 | 否 | 规则对指定资源 ID 生效。 | 多个资源 ID 之间用半角逗号(,)分隔。 |
ExcludeRegionIdsScope | String | 否 | 否 | 规则对指定地域内资源无效,即不对该地域内资源执行评估。 | 多个资源 ID 之间用半角逗号(,)分隔。 |
TemplateContent | String | 否 | 否 | 用于生成合规包的模板信息。 | 无 |
ExcludeResourceGroupIdsScope | String | 否 | 否 | 规则对指定资源组 ID 中的资源无效,即不对该资源组内的资源评估。 | 多个资源组 ID 之间用半角逗号(,)分隔。 |
ConfigRules语法
"ConfigRules": [
{
"ConfigRuleId": String,
"Description": String,
"ConfigRuleName": String,
"ManagedRuleIdentifier": String,
"RiskLevel": Integer,
"ConfigRuleParameters": List
}
]
ConfigRules属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
RiskLevel | Integer | 是 | 是 | 规则风险等级。 | 取值:
|
ConfigRuleId | String | 否 | 是 | 规则ID。 | 配置审计将已有规则加入到当前合规包中。
|
ConfigRuleName | String | 否 | 是 | 规则名称。 | 无 |
ConfigRuleParameters | List | 否 | 是 | 规则参数信息。 | 更多信息,请参见ConfigRuleParameters属性。 |
Description | String | 否 | 是 | 规则描述。 | 无 |
ManagedRuleIdentifier | String | 否 | 是 | 托管规则标识。 | 配置审计根据托管规则标识自动创建规则,并将该规则加入到当前合规包中。
|
ConfigRuleParameters语法
"ConfigRuleParameters": [
{
"ParameterValue": String,
"ParameterName": String
}
]
ConfigRuleParameters属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
ParameterValue | String | 是 | 是 | 规则参数值。 | 参数 |
ParameterName | String | 是 | 是 | 规则参数名称。 | 参数 |
返回值
Fn::GetAtt
CompliancePackId:合规包ID。
示例
YAML
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AggregatorId:
Description:
en: Aggregator id.
Required: true
Type: String
CompliancePackName:
Description:
en: Compliance package name.
Required: true
Type: String
CompliancePackTemplateId:
Description:
en: Compliance package template ID.
Required: false
Type: String
ConfigRules:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
AssociationPropertyMetadata:
Parameters:
ConfigRuleId:
Description:
en: Rule ID. Configure auditing to add existing rules to the current
compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId.
When both parameters are set, ConfigRuleId is the correct one.
Required: false
Type: String
ConfigRuleName:
Description:
en: The name of config rule.
Required: false
Type: String
ConfigRuleParameters:
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
ParameterName:
Description:
en: The name of parameter.
Required: true
Type: String
ParameterValue:
Description:
en: The value of parameter.
Required: true
Type: String
Required: false
Type: Json
Description:
AssociationProperty: TextArea
Description:
en: The description of config rule.
Required: false
Type: String
ManagedRuleIdentifier:
Description:
en: Managed rule ID. Configure auditing to automatically create a
rule based on the managed rule ID and add the rule to the current
compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId.
When both parameters are set, ConfigRuleId is the correct one.
Required: false
Type: String
RiskLevel:
AllowedValues:
- 1
- 2
- 3
Description:
en: 'Rule risk level. Value:
1: High risk.
2: Medium risk.
3: Low risk.'
Required: true
Type: Number
Required: false
Type: Json
Description:
en: List of rules in the compliance package.
MinLength: 1
Required: true
Type: Json
DefaultEnable:
Description:
en: 'Whether the rule supports quick activation. Value:
true: This rule will be enabled when the compliance package is quickly enabled.
false (default): disable'
Required: false
Type: Boolean
Description:
AssociationProperty: TextArea
Description:
en: The description of compliance pack.
Required: true
Type: String
ExcludeResourceIdsScope:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: The resource id.
Required: false
Type: String
Description:
en: The compliance package is invalid for the specified resource ID, that is,
no evaluation is performed on the resource.
Required: false
Type: Json
RegionIdsScope:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: The region id.
Required: false
Type: String
Description:
en: The compliance package only takes effect for resources in the specified
region ID.
Required: false
Type: Json
ResourceGroupIdsScope:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Resource group id.
Required: false
Type: String
Description:
en: The compliance package only takes effect on resources in the specified resource
group ID.
Required: false
Type: Json
RiskLevel:
AllowedValues:
- 1
- 2
- 3
Description:
en: 'Compliance package risk level. Value:
1: High risk.
2: Medium risk.
3: Low risk.'
Required: true
Type: Number
TagKeyScope:
Description:
en: Compliance packages only take effect on resources bound to the specified
tag key.
Required: false
Type: String
TagValueScope:
Description:
en: Compliance packages only take effect on resources bound to specified tag
key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope.
Required: false
Type: String
Resources:
AggregateCompliancePack:
Properties:
AggregatorId:
Ref: AggregatorId
CompliancePackName:
Ref: CompliancePackName
CompliancePackTemplateId:
Ref: CompliancePackTemplateId
ConfigRules:
Ref: ConfigRules
DefaultEnable:
Ref: DefaultEnable
Description:
Ref: Description
ExcludeResourceIdsScope:
Ref: ExcludeResourceIdsScope
RegionIdsScope:
Ref: RegionIdsScope
ResourceGroupIdsScope:
Ref: ResourceGroupIdsScope
RiskLevel:
Ref: RiskLevel
TagKeyScope:
Ref: TagKeyScope
TagValueScope:
Ref: TagValueScope
Type: ALIYUN::Config::AggregateCompliancePack
Outputs:
CompliancePackId:
Description: 'The ID of the compliance pack id. '
Value:
Fn::GetAtt:
- AggregateCompliancePack
- CompliancePackId
JSON
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"TagKeyScope": {
"Type": "String",
"Description": {
"en": "Compliance packages only take effect on resources bound to the specified tag key."
},
"Required": false
},
"TagValueScope": {
"Type": "String",
"Description": {
"en": "Compliance packages only take effect on resources bound to specified tag key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope."
},
"Required": false
},
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of compliance pack."
},
"Required": true
},
"CompliancePackName": {
"Type": "String",
"Description": {
"en": "Compliance package name."
},
"Required": true
},
"ExcludeResourceIdsScope": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The resource id."
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The compliance package is invalid for the specified resource ID, that is, no evaluation is performed on the resource."
},
"Required": false
},
"RegionIdsScope": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The region id."
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The compliance package only takes effect for resources in the specified region ID."
},
"Required": false
},
"ResourceGroupIdsScope": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Resource group id."
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The compliance package only takes effect on resources in the specified resource group ID."
},
"Required": false
},
"ConfigRules": {
"AssociationPropertyMetadata": {
"Parameter": {
"AssociationPropertyMetadata": {
"Parameters": {
"ConfigRuleId": {
"Type": "String",
"Description": {
"en": "Rule ID. Configure auditing to add existing rules to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one."
},
"Required": false
},
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of config rule."
},
"Required": false
},
"ConfigRuleName": {
"Type": "String",
"Description": {
"en": "The name of config rule."
},
"Required": false
},
"ManagedRuleIdentifier": {
"Type": "String",
"Description": {
"en": "Managed rule ID. Configure auditing to automatically create a rule based on the managed rule ID and add the rule to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one."
},
"Required": false
},
"RiskLevel": {
"Type": "Number",
"Description": {
"en": "Rule risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk."
},
"AllowedValues": [
1,
2,
3
],
"Required": true
},
"ConfigRuleParameters": {
"AssociationPropertyMetadata": {
"Parameters": {
"ParameterValue": {
"Type": "String",
"Description": {
"en": "The value of parameter."
},
"Required": true
},
"ParameterName": {
"Type": "String",
"Description": {
"en": "The name of parameter."
},
"Required": true
}
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Required": false
}
}
},
"Type": "Json",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "List of rules in the compliance package."
},
"Required": true,
"MinLength": 1
},
"CompliancePackTemplateId": {
"Type": "String",
"Description": {
"en": "Compliance package template ID."
},
"Required": false
},
"RiskLevel": {
"Type": "Number",
"Description": {
"en": "Compliance package risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk."
},
"AllowedValues": [
1,
2,
3
],
"Required": true
},
"DefaultEnable": {
"Type": "Boolean",
"Description": {
"en": "Whether the rule supports quick activation. Value:\ntrue: This rule will be enabled when the compliance package is quickly enabled.\nfalse (default): disable"
},
"Required": false
},
"AggregatorId": {
"Type": "String",
"Description": {
"en": "Aggregator id."
},
"Required": true
}
},
"Resources": {
"AggregateCompliancePack": {
"Type": "ALIYUN::Config::AggregateCompliancePack",
"Properties": {
"TagKeyScope": {
"Ref": "TagKeyScope"
},
"TagValueScope": {
"Ref": "TagValueScope"
},
"Description": {
"Ref": "Description"
},
"CompliancePackName": {
"Ref": "CompliancePackName"
},
"ExcludeResourceIdsScope": {
"Ref": "ExcludeResourceIdsScope"
},
"RegionIdsScope": {
"Ref": "RegionIdsScope"
},
"ResourceGroupIdsScope": {
"Ref": "ResourceGroupIdsScope"
},
"ConfigRules": {
"Ref": "ConfigRules"
},
"CompliancePackTemplateId": {
"Ref": "CompliancePackTemplateId"
},
"RiskLevel": {
"Ref": "RiskLevel"
},
"DefaultEnable": {
"Ref": "DefaultEnable"
},
"AggregatorId": {
"Ref": "AggregatorId"
}
}
}
},
"Outputs": {
"CompliancePackId": {
"Description": "The ID of the compliance pack id. ",
"Value": {
"Fn::GetAtt": [
"AggregateCompliancePack",
"CompliancePackId"
]
}
}
}
}