ALIYUN::Config::AggregateCompliancePack类型用于为指定账号组创建合规包。
语法
{
"Type": "ALIYUN::Config::AggregateCompliancePack",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"CompliancePackName": String,
"ExcludeResourceIdsScope": List,
"RegionIdsScope": List,
"ResourceGroupIdsScope": List,
"ConfigRules": List,
"CompliancePackTemplateId": String,
"RiskLevel": Integer,
"DefaultEnable": Boolean,
"AggregatorId": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
TagKeyScope | String | 否 | 是 | 合规包仅对绑定指定标签键的资源生效。 | 无 |
TagValueScope | String | 否 | 是 | 合规包仅对绑定指定标签键值对的资源生效。 | TagValueScope需结合TagKeyScope一起使用。 |
Description | String | 是 | 是 | 合规包描述。 | 无 |
CompliancePackName | String | 是 | 是 | 合规包名称。 | 无 |
ExcludeResourceIdsScope | List | 否 | 是 | 合规包对指定资源ID无效,即不对该资源执行评估。 | 多个资源ID之间用半角逗号(,)分隔。 |
RegionIdsScope | List | 否 | 是 | 合规包仅对指定地域ID中的资源生效。 | 多个地域ID之间用半角逗号(,)分隔。 |
ResourceGroupIdsScope | List | 否 | 是 | 合规包仅对指定资源组ID中的资源生效。 | 多个资源组ID之间用半角逗号(,)分隔。 |
ConfigRules | List | 是 | 是 | 合规包中的规则列表。 | 更多信息,请参见ConfigRules属性。 |
CompliancePackTemplateId | String | 否 | 否 | 合规包模板ID。 | 无 |
RiskLevel | Integer | 是 | 是 | 合规包风险等级。 | 取值:
|
DefaultEnable | Boolean | 否 | 是 | 规则是否支持快速启用。 | 取值:
|
AggregatorId | String | 是 | 是 | 账号组ID。 | 无 |
ConfigRules语法
"ConfigRules": [
{
"ConfigRuleId": String,
"Description": String,
"ConfigRuleName": String,
"ManagedRuleIdentifier": String,
"RiskLevel": Integer,
"ConfigRuleParameters": List
}
]ConfigRules属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
ConfigRuleId | String | 否 | 是 | 规则ID。 | 配置审计将已有规则加入到当前合规包中。
|
Description | String | 否 | 是 | 规则描述。 | 无 |
ConfigRuleName | String | 否 | 是 | 规则名称。 | 无 |
ManagedRuleIdentifier | String | 否 | 是 | 托管规则标识。 | 配置审计根据托管规则标识自动创建规则,并将该规则加入到当前合规包中。
|
RiskLevel | Integer | 是 | 是 | 规则风险等级。 | 取值:
|
ConfigRuleParameters | List | 否 | 是 | 规则参数信息。 | 更多信息,请参见ConfigRuleParameters属性。 |
ConfigRuleParameters语法
"ConfigRuleParameters": [
{
"ParameterValue": String,
"ParameterName": String
}
]ConfigRuleParameters属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
ParameterValue | String | 是 | 是 | 规则参数值。 | 参数 |
ParameterName | String | 是 | 是 | 规则参数名称。 | 参数 |
返回值
Fn::GetAtt
CompliancePackId:合规包ID。
示例
YAML格式ROSTemplateFormatVersion: '2015-09-01' Parameters: AggregatorId: Description: en: Aggregator id. Required: true Type: String CompliancePackName: Description: en: Compliance package name. Required: true Type: String CompliancePackTemplateId: Description: en: Compliance package template ID. Required: false Type: String ConfigRules: AssociationProperty: List[Parameter] AssociationPropertyMetadata: Parameter: AssociationPropertyMetadata: Parameters: ConfigRuleId: Description: en: Rule ID. Configure auditing to add existing rules to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one. Required: false Type: String ConfigRuleName: Description: en: The name of config rule. Required: false Type: String ConfigRuleParameters: AssociationProperty: List[Parameters] AssociationPropertyMetadata: Parameters: ParameterName: Description: en: The name of parameter. Required: true Type: String ParameterValue: Description: en: The value of parameter. Required: true Type: String Required: false Type: Json Description: AssociationProperty: TextArea Description: en: The description of config rule. Required: false Type: String ManagedRuleIdentifier: Description: en: Managed rule ID. Configure auditing to automatically create a rule based on the managed rule ID and add the rule to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one. Required: false Type: String RiskLevel: AllowedValues: - 1 - 2 - 3 Description: en: 'Rule risk level. Value: 1: High risk. 2: Medium risk. 3: Low risk.' Required: true Type: Number Required: false Type: Json Description: en: List of rules in the compliance package. MinLength: 1 Required: true Type: Json DefaultEnable: Description: en: 'Whether the rule supports quick activation. Value: true: This rule will be enabled when the compliance package is quickly enabled. false (default): disable' Required: false Type: Boolean Description: AssociationProperty: TextArea Description: en: The description of compliance pack. Required: true Type: String ExcludeResourceIdsScope: AssociationProperty: List[Parameter] AssociationPropertyMetadata: Parameter: Description: en: The resource id. Required: false Type: String Description: en: The compliance package is invalid for the specified resource ID, that is, no evaluation is performed on the resource. Required: false Type: Json RegionIdsScope: AssociationProperty: List[Parameter] AssociationPropertyMetadata: Parameter: Description: en: The region id. Required: false Type: String Description: en: The compliance package only takes effect for resources in the specified region ID. Required: false Type: Json ResourceGroupIdsScope: AssociationProperty: List[Parameter] AssociationPropertyMetadata: Parameter: Description: en: Resource group id. Required: false Type: String Description: en: The compliance package only takes effect on resources in the specified resource group ID. Required: false Type: Json RiskLevel: AllowedValues: - 1 - 2 - 3 Description: en: 'Compliance package risk level. Value: 1: High risk. 2: Medium risk. 3: Low risk.' Required: true Type: Number TagKeyScope: Description: en: Compliance packages only take effect on resources bound to the specified tag key. Required: false Type: String TagValueScope: Description: en: Compliance packages only take effect on resources bound to specified tag key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope. Required: false Type: String Resources: AggregateCompliancePack: Properties: AggregatorId: Ref: AggregatorId CompliancePackName: Ref: CompliancePackName CompliancePackTemplateId: Ref: CompliancePackTemplateId ConfigRules: Ref: ConfigRules DefaultEnable: Ref: DefaultEnable Description: Ref: Description ExcludeResourceIdsScope: Ref: ExcludeResourceIdsScope RegionIdsScope: Ref: RegionIdsScope ResourceGroupIdsScope: Ref: ResourceGroupIdsScope RiskLevel: Ref: RiskLevel TagKeyScope: Ref: TagKeyScope TagValueScope: Ref: TagValueScope Type: ALIYUN::Config::AggregateCompliancePack Outputs: CompliancePackId: Description: 'The ID of the compliance pack id. ' Value: Fn::GetAtt: - AggregateCompliancePack - CompliancePackIdJSON格式{ "ROSTemplateFormatVersion": "2015-09-01", "Parameters": { "TagKeyScope": { "Type": "String", "Description": { "en": "Compliance packages only take effect on resources bound to the specified tag key." }, "Required": false }, "TagValueScope": { "Type": "String", "Description": { "en": "Compliance packages only take effect on resources bound to specified tag key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope." }, "Required": false }, "Description": { "AssociationProperty": "TextArea", "Type": "String", "Description": { "en": "The description of compliance pack." }, "Required": true }, "CompliancePackName": { "Type": "String", "Description": { "en": "Compliance package name." }, "Required": true }, "ExcludeResourceIdsScope": { "AssociationPropertyMetadata": { "Parameter": { "Type": "String", "Description": { "en": "The resource id." }, "Required": false } }, "AssociationProperty": "List[Parameter]", "Type": "Json", "Description": { "en": "The compliance package is invalid for the specified resource ID, that is, no evaluation is performed on the resource." }, "Required": false }, "RegionIdsScope": { "AssociationPropertyMetadata": { "Parameter": { "Type": "String", "Description": { "en": "The region id." }, "Required": false } }, "AssociationProperty": "List[Parameter]", "Type": "Json", "Description": { "en": "The compliance package only takes effect for resources in the specified region ID." }, "Required": false }, "ResourceGroupIdsScope": { "AssociationPropertyMetadata": { "Parameter": { "Type": "String", "Description": { "en": "Resource group id." }, "Required": false } }, "AssociationProperty": "List[Parameter]", "Type": "Json", "Description": { "en": "The compliance package only takes effect on resources in the specified resource group ID." }, "Required": false }, "ConfigRules": { "AssociationPropertyMetadata": { "Parameter": { "AssociationPropertyMetadata": { "Parameters": { "ConfigRuleId": { "Type": "String", "Description": { "en": "Rule ID. Configure auditing to add existing rules to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one." }, "Required": false }, "Description": { "AssociationProperty": "TextArea", "Type": "String", "Description": { "en": "The description of config rule." }, "Required": false }, "ConfigRuleName": { "Type": "String", "Description": { "en": "The name of config rule." }, "Required": false }, "ManagedRuleIdentifier": { "Type": "String", "Description": { "en": "Managed rule ID. Configure auditing to automatically create a rule based on the managed rule ID and add the rule to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one." }, "Required": false }, "RiskLevel": { "Type": "Number", "Description": { "en": "Rule risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk." }, "AllowedValues": [ 1, 2, 3 ], "Required": true }, "ConfigRuleParameters": { "AssociationPropertyMetadata": { "Parameters": { "ParameterValue": { "Type": "String", "Description": { "en": "The value of parameter." }, "Required": true }, "ParameterName": { "Type": "String", "Description": { "en": "The name of parameter." }, "Required": true } } }, "AssociationProperty": "List[Parameters]", "Type": "Json", "Required": false } } }, "Type": "Json", "Required": false } }, "AssociationProperty": "List[Parameter]", "Type": "Json", "Description": { "en": "List of rules in the compliance package." }, "Required": true, "MinLength": 1 }, "CompliancePackTemplateId": { "Type": "String", "Description": { "en": "Compliance package template ID." }, "Required": false }, "RiskLevel": { "Type": "Number", "Description": { "en": "Compliance package risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk." }, "AllowedValues": [ 1, 2, 3 ], "Required": true }, "DefaultEnable": { "Type": "Boolean", "Description": { "en": "Whether the rule supports quick activation. Value:\ntrue: This rule will be enabled when the compliance package is quickly enabled.\nfalse (default): disable" }, "Required": false }, "AggregatorId": { "Type": "String", "Description": { "en": "Aggregator id." }, "Required": true } }, "Resources": { "AggregateCompliancePack": { "Type": "ALIYUN::Config::AggregateCompliancePack", "Properties": { "TagKeyScope": { "Ref": "TagKeyScope" }, "TagValueScope": { "Ref": "TagValueScope" }, "Description": { "Ref": "Description" }, "CompliancePackName": { "Ref": "CompliancePackName" }, "ExcludeResourceIdsScope": { "Ref": "ExcludeResourceIdsScope" }, "RegionIdsScope": { "Ref": "RegionIdsScope" }, "ResourceGroupIdsScope": { "Ref": "ResourceGroupIdsScope" }, "ConfigRules": { "Ref": "ConfigRules" }, "CompliancePackTemplateId": { "Ref": "CompliancePackTemplateId" }, "RiskLevel": { "Ref": "RiskLevel" }, "DefaultEnable": { "Ref": "DefaultEnable" }, "AggregatorId": { "Ref": "AggregatorId" } } } }, "Outputs": { "CompliancePackId": { "Description": "The ID of the compliance pack id. ", "Value": { "Fn::GetAtt": [ "AggregateCompliancePack", "CompliancePackId" ] } } } }
反馈
- 本页导读 (1)
文档反馈