ALIYUN::SAS::Instance类型用于购买云安全中心实例。
语法
{
"Type": "ALIYUN::SAS::Instance",
"Properties": {
"QuotaForApplicationProtection": Integer,
"ThreatAnalysis": Boolean,
"QuotaForMaliciousFileDetectionSDK": Integer,
"ContainerImageScan": Integer,
"ThreatAnalysisLogStorageCapacity": Integer,
"AutoRenew": Boolean,
"MaliciousFileDetectionSDK": Boolean,
"VCore": Integer,
"Period": Integer,
"VulnerabilityFixing": Boolean,
"QuotaForCloudHoneypot": Integer,
"QuotaForWebTamperProofing": Integer,
"AutoPay": Boolean,
"Edition": String,
"ConfigurationAssessment": Boolean,
"LogAnalysis": Integer,
"ProtectedServers": Integer,
"CloudHoneypot": Boolean,
"WebTamperProtection": Boolean,
"QuotaForConfigurationAssessment": Integer,
"QuotaForVulnerabilityFixing": Integer,
"AntiRansomware": Integer,
"PeriodUnit": String,
"AntiRansomwareManageService": Boolean,
"PostPayInstanceModule": Map,
"PayType": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
PayType | String | 是 | 否 | 付费类型。 | 取值:
|
PostPayInstanceModule | Map | 否 | 否 | 按量付费实例配置。 | 更多信息,请参考PostPayInstanceModule属性。 |
QuotaForApplicationProtection | Integer | 否 | 否 | 应用防护授权数。 | 该功能通过在应用运行时检测并阻断攻击,为应用提供安全防御。建议您将该应用防护授权数设置为每月需要防护的主机资产上的应用进程数量。购买的应用防护授权数越多,单价越低。具体价格,请参见计费概述。 |
ThreatAnalysis | Boolean | 否 | 否 | 是否威胁分析。 | 可检测并处理多个阿里云账号下多个云产品(例如云防火墙、专有网络VPC等)中的安全信息和安全事件,帮助您提升事件运营效率。 如果已购买日志分析存储容量,建议您将威胁分析日志存储量设置为日志分析存储容量的三倍。威胁分析需存储已接入管控的多个阿里云账号和阿里云产品的日志,因此需要购买充足的容量。 |
QuotaForMaliciousFileDetectionSDK | Integer | 否 | 否 | 恶意文件检测SDK次数。 | 该功能结合云端海量文件库及多架构检测引擎,为用户提供针对WebShell文件、恶意脚本、二进制程序、宏病毒文档的高精度文件判研结果,可随时集成到各类应用场景中批量检测恶意文件。 |
ContainerImageScan | Integer | 否 | 否 | 器镜像安全扫描。 | 增值服务,如果设置扫描个数大于0,则表示购买该功能。 容器镜像安全扫描数量建议设置为您每个月需要进行容器漏洞检测的镜像数量。云安全中心是以摘要(Digest)值唯一标识一个镜像,镜像的摘要值不变时,只在第一次扫描时消耗一个镜像安全扫描次数。摘要值变化后,执行扫描操作会重新消耗镜像安全扫描次数。例如,您需要检测10个镜像,在购买云安全中心服务的期限内,预计镜像更新总次数为20次(即所有镜像摘要值变更总次数为20次),则容器镜像安全扫描数量需要设置为30(即10+20)。仅版本选择高级版、企业版、旗舰版或仅采购增值服务时,支持购买该功能。 |
ThreatAnalysisLogStorageCapacity | Integer | 否 | 否 | 威胁分析日志存储容量。 | 无 |
AutoRenew | Boolean | 否 | 否 | 是否自动续订预付费实例。 | 取值:
选中自动续费后,自动续费周期与购买时长对应,即按年购买的自动续费周期是一年。例如,您购买了2年的云安全中心服务并选中了到期自动续费,购买的2年服务到期后云安全中心将为您自动续费1年。 |
MaliciousFileDetectionSDK | Boolean | 否 | 否 | 是否恶意文件检测SDK。 | 建议您将恶意文件检测次数设置为每个月需要检测的文件个数。 该功能结合云端海量文件库及多架构检测引擎,为用户提供针对WebShell文件、恶意脚本、二进制程序、宏病毒文档的高精度文件判研结果,可随时集成到各类应用场景中批量检测恶意文件。 |
VCore | Integer | 否 | 否 | 计算核数。 | 指定要防护的服务器总核数( Vmcore总数)。默认显示您最少需要购买的核数。 仅版本选择为防病毒版、旗舰版时需要配置该参数,选择其他版本时,无需配置该参数。 |
Period | Integer | 否 | 否 | 购买时长。 | 取值:
|
VulnerabilityFixing | Boolean | 否 | 否 | 是否漏洞修复。 | 仅防病毒版和仅采购增值服务需要购买该功能。该功能可以一键修复服务器中的Linux软件漏洞和Windows系统漏洞。建议您将漏洞修复次数设置为每月需要修复的漏洞总数。
|
QuotaForCloudHoneypot | Integer | 否 | 否 | 云蜜罐授权数。 | 无 |
QuotaForWebTamperProofing | Integer | 否 | 否 | 网页防篡改配额。 | 可实时监控网站目录并通过备份恢复被篡改的文件或目录,保障重要系统的网站信息不被恶意篡改。 |
AutoPay | Boolean | 否 | 否 | 是否自动付款。 | 取值:
|
Edition | String | 否 | 否 | 版本。 | 取值:
|
ConfigurationAssessment | Boolean | 否 | 否 | 是否配置评估。 | 配置评估特性从身份和权限管理、阿里云服务安全风险、合规风险三个维度检测云服务的配置错误和安全风险。 这确保了云服务运行环境的安全性。 |
LogAnalysis | Integer | 否 | 否 | 日志分析。 | 增值服务,如果设置日志存储容量大于0 GB则表示购买该功能。日志分析服务提供主机日志、网络日志、安全日志等子类日志的全量日志检索服务,用于事件回溯和安全分析。 企业版和旗舰版支持16种子类日志;防病毒版和高级版仅支持主机和安全两大类的12种子类日志,不支持网络日志。 |
ProtectedServers | Integer | 否 | 否 | 保有服务器台数。 | 指定要防护的服务器总数。默认显示当前账号下拥有的ECS服务器和安装了云安全中心Agent的非阿里云服务器总数。
|
CloudHoneypot | Boolean | 否 | 否 | 是否开启云蜜罐。 | 可针对攻击者的行为进行及时高效的威胁诱捕,在攻防对抗场景中提升对核心资产的检测和防护能力。 |
WebTamperProtection | Boolean | 否 | 否 | 是否开启网页防篡改。 | 可实时监控网站目录并通过备份恢复被篡改的文件或目录,保障重要系统的网站信息不被恶意篡改。 |
QuotaForConfigurationAssessment | Integer | 否 | 否 | 配置评估配额。 | 无 |
QuotaForVulnerabilityFixing | Integer | 否 | 否 | 漏洞修复配额。 | 根据每个月需要修复的漏洞数量,设置漏洞修复配额。 配额等于您希望在所有服务器上修复的漏洞总数,而不管漏洞名称如何。 例如,如果在10台服务器上使用“安全中心”修复同一个漏洞,则配额减少10。 |
AntiRansomware | Integer | 否 | 否 | 防勒索。 | 增值服务,如果设置防护容量大于0 GB则表示购买该功能。 通用防勒索解决方案针对勒索病毒提供防御、告警和数据备份的能力,可预防勒索病毒入侵您的核心服务器。 请您确认需要防护的服务器在防勒索支持的地域内后,再购买该服务。具体支持的地域,请参见什么是防勒索。 |
PeriodUnit | String | 否 | 否 | 订阅持续时间的单位。 | 取值:
|
AntiRansomwareManageService | Boolean | 否 | 否 | 是否提供安全托管服务。 | 如反勒索软件配置、监控和反勒索软件事件应急响应。 |
PostPayInstanceModule语法
"PostPayInstanceModule":
{
"AgentlessDetection": Boolean,
"CloudSecurityPostureManagement": Boolean,
"CTDR": Boolean,
"HostAndContainerSecurity": Boolean,
"VulnerabilityFixing": Boolean,
"ServerlessAssetProtection": Boolean
}PostPayInstanceModule属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AgentlessDetection | Boolean | 否 | 否 | 是否启用无代理检测模块。 | 无 |
CloudSecurityPostureManagement | Boolean | 否 | 否 | 是否启用云安全态势管理模块。 | 无 |
CTDR | Boolean | 否 | 否 | 是否启用云本地威胁检测和响应模块。 | 无 |
HostAndContainerSecurity | Boolean | 否 | 否 | 是否启用主机和容器安全模块。 | 无 |
VulnerabilityFixing | Boolean | 否 | 否 | 是否启用漏洞修复模块。 | 无 |
ServerlessAssetProtection | Boolean | 否 | 否 | 是否启用无服务器资产保护模块。 | 无 |
返回值
Fn::GetAtt
InstanceId:实例ID。
示例
YAML
JSON
Outputs:
InstanceId:
Description: Instance Id.
Value:
Fn::GetAtt:
- Instance
- InstanceId
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
QuotaForCloudHoneypot:
Default: Null
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${CloudHoneypot}
- true
Required: false
Type: Number
Label:
zh-cn: 云蜜罐授权数
en: QuotaForCloudHoneypot
PostPayInstanceModule:
Default: Null
AssociationPropertyMetadata:
Parameters:
ServerlessAssetProtection:
Default: false
Required: false
Type: Boolean
Description:
en: Whether to enable the serverless asset protection module.
CTDR:
Default: false
Required: false
Type: Boolean
Description:
en: Whether to enable the cloud-native threat detection and response module.
CloudSecurityPostureManagement:
Default: false
Required: false
Type: Boolean
Description:
en: Whether to enable the cloud security posture management module.
AgentlessDetection:
Default: false
Required: false
Type: Boolean
Description:
en: Whether to enable the agentless detection module.
HostAndContainerSecurity:
Default: false
Required: false
Type: Boolean
Description:
en: Whether to enable the host and container security module.
VulnerabilityFixing:
Default: false
Required: false
Type: Boolean
Description:
en: Whether to enable the vulnerability fixing module.
Required: false
Type: Json
Description:
en: PayAsYouGo instance module configuration.
ThreatAnalysisLogStorageCapacity:
Default: Null
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${ThreatAnalysis}
- true
Required: false
Type: Number
Label:
zh-cn: 威胁分析日志存储容量
en: ThreatAnalysisLogStorageCapacity
ConfigurationAssessment:
Default: Null
Required: false
Type: Boolean
Description:
en: 'The configuration assessment feature detects configuration errors and security risks on cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks.This ensures the security of the running environment of your cloud services.'
Label:
zh-cn: 是否配置评估
en: ConfigurationAssessment
QuotaForConfigurationAssessment:
Default: Null
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${ConfigurationAssessment}
- true
Required: false
Type: Number
Label:
zh-cn: 配置评估配额
en: QuotaForConfigurationAssessment
WebTamperProtection:
Default: Null
Required: false
Type: Boolean
Description:
en: To ensure that the website information of important systems is not maliciously tampered with, there are bad content such as hanging horses, black chains, illegal implantation of terrorist threats, pornography, etc.
Label:
zh-cn: 是否开启网页防篡改
en: WebTamperProtection
LogAnalysis:
Default: Null
Required: false
Type: Number
Description:
en: In response to the requirements of the network security law, which requires logs to be stored for at least 180 days, we recommend that you configure a 40GB log storage each server. Log analysis supports multi-dimensional security logs of cloud assets, out-of-the-box reports, and powerful SQL syntax analysis, so as to monitor business status, troubleshoot attacks, security operations such as traceability and positioning are easier.
Label:
zh-cn: 日志分析
en: LogAnalysis
ContainerImageScan:
Default: Null
Required: false
Type: Number
Description:
en: Security Center provides the container image scan feature to protect containers. Security Center can detect CVEs, application vulnerabilities, viruses, and malicious samples and allows you to handle the detected risks. You can configure this parameter based on the number of images or digests. For example, if the number of images or digests that are updated in the previous day is 10, you can set this parameter to 300 for a monthly subscription or to 3650 for a yearly subscription. This is more cost-effective.
Label:
zh-cn: 器镜像安全扫描
en: ContainerImageScan
PeriodUnit:
Description:
en: |
The unit of the subscription duration. Valid values:
Month
Year
Default: Null
Required: false
Label:
zh-cn: 订阅持续时间的单位
en: PeriodUnit
AssociationProperty: PayPeriodUnit
AllowedValues:
- Month
- Year
Type: String
QuotaForWebTamperProofing:
Default: Null
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${WebTamperProofing}
- true
Required: false
Type: Number
Label:
zh-cn: 网页防篡改配额
en: QuotaForWebTamperProofing
AutoRenew:
Default: false
Required: false
Type: Boolean
Description:
en: 'Whether to auto renew the prepay instance.Default: False'
Label:
zh-cn: 是否自动续订预付费实例
en: AutoRenew
ThreatAnalysis:
Default: Null
Required: false
Type: Boolean
Description:
en: 'The threat analysis feature allows you to handle alerts that are generated for assets in the cloud within different accounts and assets of multiple cloud services in a centralized manner. The feature also allows you to handle risks with a few clicks. The feature provides automatic orchestration and response capabilities. '
Label:
zh-cn: 是否威胁分析
en: ThreatAnalysis
VulnerabilityFixing:
Default: Null
Required: false
Type: Boolean
Description:
en: The vulnerability fixing feature allows you to fix system vulnerabilities with a few clicks. This improves O&M efficiency. You can separately purchase the vulnerability fixing feature. You are charged based on the number of times that you perform vulnerability fixing.
Label:
zh-cn: 是否漏洞修复
en: VulnerabilityFixing
VCore:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Or:
- Fn::Equals:
- ${Edition}
- Anti-virus
- Fn::Equals:
- ${Edition}
- Ultimate
Description:
en: This parameter indicates the number of server vCPUs.
Default: Null
Required: false
Label:
zh-cn: 计算核数
en: VCore
Type: Number
AutoPay:
Default: true
Required: false
Type: Boolean
Description:
en: 'Whether to auto pay the bill.Default: True'
Label:
zh-cn: 是否自动付款
en: AutoPay
CloudHoneypot:
Default: Null
Required: false
Type: Boolean
Description:
en: The cloud honeypot feature can capture attacks in a timely and efficient manner. You can use the feature to protect your core assets and detect attacks in attack and defense scenarios.
Label:
zh-cn: 是否开启云蜜罐
en: CloudHoneypot
QuotaForVulnerabilityFixing:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${VulnerabilityFixing}
- true
Description:
en: Specify the quota for vulnerability fixing based on the number of vulnerabilities that you want to fix each month. The quota is equal to the total number of vulnerabilities that you want to fix on all servers regardless of the vulnerability names. For example, if you use Security Center to fix the same vulnerability on 10 servers, the quota is deducted by 10.
Default: Null
Required: false
Label:
zh-cn: 漏洞修复配额
en: QuotaForVulnerabilityFixing
Type: Number
AntiRansomwareManageService:
Default: Null
Required: false
Type: Boolean
Description:
en: |-
Provide you with security hosting services such as anti-ransomware configuration, monitoring, and anti-ransomware incident emergency response.
Note:
Label:
zh-cn: 是否提供安全托管服务
en: AntiRansomwareManageService
Period:
Description:
en: |-
The subscription period of the firewallIf PeriodUnit is month, the valid range is 1, 3, 6
If periodUnit is year, the valid range is 1, 2, 3
Default: Null
Required: false
Label:
zh-cn: 购买时长
en: Period
AssociationProperty: PayPeriod
AllowedValues:
- 1
- 2
- 3
- 6
Type: Number
QuotaForMaliciousFileDetectionSDK:
Default: Null
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${MaliciousFileDetectionSDK}
- true
Required: false
Type: Number
Label:
zh-cn: 恶意文件检测SDK次数
en: QuotaForMaliciousFileDetectionSDK
Edition:
Description:
en: The version of Security center.
Default: Null
Required: false
Label:
zh-cn: 版本
en: Edition
AllowedValues:
- Anti-virus
- Advanced
- Enterprise
- Ultimate
- Value-added Plan
Type: String
AntiRansomware:
Default: Null
Required: false
Type: Number
Description:
en: Security Center provides a comprehensive anti-ransomware solution to protect your business. We recommend that you configure a data protection capacity of 50GB for each server.
Label:
zh-cn: 防勒索
en: AntiRansomware
MaliciousFileDetectionSDK:
Default: Null
Required: false
Type: Boolean
Description:
en: 'The configuration assessment feature detects configuration errors and security risks on cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks. This ensures the security of the running environment of your cloud services.'
Label:
zh-cn: 是否恶意文件检测SDK
en: MaliciousFileDetectionSDK
ProtectedServers:
Default: Null
Required: false
Type: Number
Description:
en: Authorization is the same as the number of servers you have.
Label:
zh-cn: 保有服务器台数
en: ProtectedServers
QuotaForApplicationProtection:
Default: Null
Required: false
Type: Number
Description:
en: The application protection feature can detect attacks on applications and provide self-protection during application runtime. The feature supports simple and convenient O&M and can effectively defend against zero-day and OWASP Top vulnerabilities. The feature is a value-added feature. You are charged based on the number of assets on which the RASP agent is installed. You must configure protection policies after you purchase the feature.
Label:
zh-cn: 应用防护授权数
en: QuotaForApplicationProtection
PayType:
Required: true
Type: String
Description:
en: |-
The billing method of the firewall instance. Valid values:
PayAsYouGo: pay-as-you-go
Subscription: subscription
AllowedValues:
- PayAsYouGo
- Subscription
Resources:
Instance:
Type: ALIYUN::SAS::Instance
Properties:
QuotaForCloudHoneypot:
Ref: QuotaForCloudHoneypot
PostPayInstanceModule:
Ref: PostPayInstanceModule
ThreatAnalysisLogStorageCapacity:
Ref: ThreatAnalysisLogStorageCapacity
ConfigurationAssessment:
Ref: ConfigurationAssessment
QuotaForConfigurationAssessment:
Ref: QuotaForConfigurationAssessment
WebTamperProtection:
Ref: WebTamperProtection
LogAnalysis:
Ref: LogAnalysis
ContainerImageScan:
Ref: ContainerImageScan
PeriodUnit:
Ref: PeriodUnit
QuotaForWebTamperProofing:
Ref: QuotaForWebTamperProofing
AutoRenew:
Ref: AutoRenew
ThreatAnalysis:
Ref: ThreatAnalysis
VulnerabilityFixing:
Ref: VulnerabilityFixing
VCore:
Ref: VCore
AutoPay:
Ref: AutoPay
CloudHoneypot:
Ref: CloudHoneypot
QuotaForVulnerabilityFixing:
Ref: QuotaForVulnerabilityFixing
AntiRansomwareManageService:
Ref: AntiRansomwareManageService
Period:
Ref: Period
QuotaForMaliciousFileDetectionSDK:
Ref: QuotaForMaliciousFileDetectionSDK
Edition:
Ref: Edition
AntiRansomware:
Ref: AntiRansomware
MaliciousFileDetectionSDK:
Ref: MaliciousFileDetectionSDK
ProtectedServers:
Ref: ProtectedServers
QuotaForApplicationProtection:
Ref: QuotaForApplicationProtection
PayType:
Ref: PayType
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- GroupType: Payment
Parameters:
- Items:
- Period
- PeriodUnit
Label: 支付方式
Label:
default:
zh-cn: 付费类型
en: Payment
- Parameters:
- AutoRenew
- AutoPay
Label:
default:
zh-cn: 订单配置
en: Order Configuration
- Parameters:
- Edition
- ProtectedServers
- VCore
Label:
default:
zh-cn: 版本配置
en: Version Configuration
- Parameters:
- AntiRansomware
Label:
default:
zh-cn: 反勒索配置
en: AntiRansomware Configuration
- Parameters:
- LogAnalysis
Label:
default:
zh-cn: 日志分析配置
en: Log Configuration
- Parameters:
- AntiRansomware
Label:
default:
zh-cn: 反勒索配置
en: AntiRansomware Configuration
- Parameters:
- QuotaForApplicationProtection
Label:
default:
zh-cn: 应用防护配置
en: Application Protection Configuration
- Parameters:
- ThreatAnalysis
- ThreatAnalysisLogStorageCapacity
Label:
default:
zh-cn: 威胁分析配置
en: ThreatAnalysis Configuration
- Parameters:
- MaliciousFileDetectionSDK
- QuotaForMaliciousFileDetectionSDK
Label:
default:
zh-cn: 恶意文件检测配置
en: Malicious File Detection Configuration
- Parameters:
- ConfigurationAssessment
- QuotaForConfigurationAssessment
Label:
default:
zh-cn: 配置评估
en: Configuration Assessment Configuration
- Parameters:
- WebTamperProtection
- QuotaForWebTamperProofing
Label:
default:
zh-cn: 网页防篡改配置
en: WebTamper Protection Configuration
- Parameters:
- VulnerabilityFixing
- QuotaForVulnerabilityFixing
Label:
default:
zh-cn: 漏洞修复配置
en: Vulnerability Fixing Configuration
- Parameters:
- CloudHoneypot
- QuotaForCloudHoneypot
Label:
default:
zh-cn: 云蜜罐配置
en: Cloud Honeypot Configuration
- Parameters:
- ContainerImageScan
Label:
default:
zh-cn: 容器镜像安全扫描
en: Container Image Scan Configuration
{
"Outputs": {
"InstanceId": {
"Description": "Instance Id.",
"Value": {
"Fn::GetAtt": [
"Instance",
"InstanceId"
]
}
}
},
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"QuotaForCloudHoneypot": {
"Default": null,
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${CloudHoneypot}",
true
]
}
}
},
"Required": false,
"Type": "Number",
"Label": {
"zh-cn": "云蜜罐授权数",
"en": "QuotaForCloudHoneypot"
}
},
"PostPayInstanceModule": {
"Default": null,
"AssociationPropertyMetadata": {
"Parameters": {
"ServerlessAssetProtection": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to enable the serverless asset protection module."
}
},
"CTDR": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to enable the cloud-native threat detection and response module."
}
},
"CloudSecurityPostureManagement": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to enable the cloud security posture management module."
}
},
"AgentlessDetection": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to enable the agentless detection module."
}
},
"HostAndContainerSecurity": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to enable the host and container security module."
}
},
"VulnerabilityFixing": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to enable the vulnerability fixing module."
}
}
}
},
"Required": false,
"Type": "Json",
"Description": {
"en": "PayAsYouGo instance module configuration."
}
},
"ThreatAnalysisLogStorageCapacity": {
"Default": null,
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${ThreatAnalysis}",
true
]
}
}
},
"Required": false,
"Type": "Number",
"Label": {
"zh-cn": "威胁分析日志存储容量",
"en": "ThreatAnalysisLogStorageCapacity"
}
},
"ConfigurationAssessment": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "The configuration assessment feature detects configuration errors and security risks on cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks.This ensures the security of the running environment of your cloud services."
},
"Label": {
"zh-cn": "是否配置评估",
"en": "ConfigurationAssessment"
}
},
"QuotaForConfigurationAssessment": {
"Default": null,
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${ConfigurationAssessment}",
true
]
}
}
},
"Required": false,
"Type": "Number",
"Label": {
"zh-cn": "配置评估配额",
"en": "QuotaForConfigurationAssessment"
}
},
"WebTamperProtection": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "To ensure that the website information of important systems is not maliciously tampered with, there are bad content such as hanging horses, black chains, illegal implantation of terrorist threats, pornography, etc."
},
"Label": {
"zh-cn": "是否开启网页防篡改",
"en": "WebTamperProtection"
}
},
"LogAnalysis": {
"Default": null,
"Required": false,
"Type": "Number",
"Description": {
"en": "In response to the requirements of the network security law, which requires logs to be stored for at least 180 days, we recommend that you configure a 40GB log storage each server. Log analysis supports multi-dimensional security logs of cloud assets, out-of-the-box reports, and powerful SQL syntax analysis, so as to monitor business status, troubleshoot attacks, security operations such as traceability and positioning are easier."
},
"Label": {
"zh-cn": "日志分析",
"en": "LogAnalysis"
}
},
"ContainerImageScan": {
"Default": null,
"Required": false,
"Type": "Number",
"Description": {
"en": "Security Center provides the container image scan feature to protect containers. Security Center can detect CVEs, application vulnerabilities, viruses, and malicious samples and allows you to handle the detected risks. You can configure this parameter based on the number of images or digests. For example, if the number of images or digests that are updated in the previous day is 10, you can set this parameter to 300 for a monthly subscription or to 3650 for a yearly subscription. This is more cost-effective."
},
"Label": {
"zh-cn": "器镜像安全扫描",
"en": "ContainerImageScan"
}
},
"PeriodUnit": {
"Description": {
"en": "The unit of the subscription duration. Valid values:\nMonth\nYear\n"
},
"Default": null,
"Required": false,
"Label": {
"zh-cn": "订阅持续时间的单位",
"en": "PeriodUnit"
},
"AssociationProperty": "PayPeriodUnit",
"AllowedValues": [
"Month",
"Year"
],
"Type": "String"
},
"QuotaForWebTamperProofing": {
"Default": null,
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${WebTamperProofing}",
true
]
}
}
},
"Required": false,
"Type": "Number",
"Label": {
"zh-cn": "网页防篡改配额",
"en": "QuotaForWebTamperProofing"
}
},
"AutoRenew": {
"Default": false,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to auto renew the prepay instance.Default: False"
},
"Label": {
"zh-cn": "是否自动续订预付费实例",
"en": "AutoRenew"
}
},
"ThreatAnalysis": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "The threat analysis feature allows you to handle alerts that are generated for assets in the cloud within different accounts and assets of multiple cloud services in a centralized manner. The feature also allows you to handle risks with a few clicks. The feature provides automatic orchestration and response capabilities. "
},
"Label": {
"zh-cn": "是否威胁分析",
"en": "ThreatAnalysis"
}
},
"VulnerabilityFixing": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "The vulnerability fixing feature allows you to fix system vulnerabilities with a few clicks. This improves O&M efficiency. You can separately purchase the vulnerability fixing feature. You are charged based on the number of times that you perform vulnerability fixing."
},
"Label": {
"zh-cn": "是否漏洞修复",
"en": "VulnerabilityFixing"
}
},
"VCore": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Or": [
{
"Fn::Equals": [
"${Edition}",
"Anti-virus"
]
},
{
"Fn::Equals": [
"${Edition}",
"Ultimate"
]
}
]
}
}
},
"Description": {
"en": "This parameter indicates the number of server vCPUs."
},
"Default": null,
"Required": false,
"Label": {
"zh-cn": "计算核数",
"en": "VCore"
},
"Type": "Number"
},
"AutoPay": {
"Default": true,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Whether to auto pay the bill.Default: True"
},
"Label": {
"zh-cn": "是否自动付款",
"en": "AutoPay"
}
},
"CloudHoneypot": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "The cloud honeypot feature can capture attacks in a timely and efficient manner. You can use the feature to protect your core assets and detect attacks in attack and defense scenarios."
},
"Label": {
"zh-cn": "是否开启云蜜罐",
"en": "CloudHoneypot"
}
},
"QuotaForVulnerabilityFixing": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${VulnerabilityFixing}",
true
]
}
}
},
"Description": {
"en": "Specify the quota for vulnerability fixing based on the number of vulnerabilities that you want to fix each month. The quota is equal to the total number of vulnerabilities that you want to fix on all servers regardless of the vulnerability names. For example, if you use Security Center to fix the same vulnerability on 10 servers, the quota is deducted by 10."
},
"Default": null,
"Required": false,
"Label": {
"zh-cn": "漏洞修复配额",
"en": "QuotaForVulnerabilityFixing"
},
"Type": "Number"
},
"AntiRansomwareManageService": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "Provide you with security hosting services such as anti-ransomware configuration, monitoring, and anti-ransomware incident emergency response.\nNote: "
},
"Label": {
"zh-cn": "是否提供安全托管服务",
"en": "AntiRansomwareManageService"
}
},
"Period": {
"Description": {
"en": "The subscription period of the firewallIf PeriodUnit is month, the valid range is 1, 3, 6\nIf periodUnit is year, the valid range is 1, 2, 3"
},
"Default": null,
"Required": false,
"Label": {
"zh-cn": "购买时长",
"en": "Period"
},
"AssociationProperty": "PayPeriod",
"AllowedValues": [
1,
2,
3,
6
],
"Type": "Number"
},
"QuotaForMaliciousFileDetectionSDK": {
"Default": null,
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${MaliciousFileDetectionSDK}",
true
]
}
}
},
"Required": false,
"Type": "Number",
"Label": {
"zh-cn": "恶意文件检测SDK次数",
"en": "QuotaForMaliciousFileDetectionSDK"
}
},
"Edition": {
"Description": {
"en": "The version of Security center."
},
"Default": null,
"Required": false,
"Label": {
"zh-cn": "版本",
"en": "Edition"
},
"AllowedValues": [
"Anti-virus",
"Advanced",
"Enterprise",
"Ultimate",
"Value-added Plan"
],
"Type": "String"
},
"AntiRansomware": {
"Default": null,
"Required": false,
"Type": "Number",
"Description": {
"en": "Security Center provides a comprehensive anti-ransomware solution to protect your business. We recommend that you configure a data protection capacity of 50GB for each server."
},
"Label": {
"zh-cn": "防勒索",
"en": "AntiRansomware"
}
},
"MaliciousFileDetectionSDK": {
"Default": null,
"Required": false,
"Type": "Boolean",
"Description": {
"en": "The configuration assessment feature detects configuration errors and security risks on cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks. This ensures the security of the running environment of your cloud services."
},
"Label": {
"zh-cn": "是否恶意文件检测SDK",
"en": "MaliciousFileDetectionSDK"
}
},
"ProtectedServers": {
"Default": null,
"Required": false,
"Type": "Number",
"Description": {
"en": "Authorization is the same as the number of servers you have."
},
"Label": {
"zh-cn": "保有服务器台数",
"en": "ProtectedServers"
}
},
"QuotaForApplicationProtection": {
"Default": null,
"Required": false,
"Type": "Number",
"Description": {
"en": "The application protection feature can detect attacks on applications and provide self-protection during application runtime. The feature supports simple and convenient O&M and can effectively defend against zero-day and OWASP Top vulnerabilities. The feature is a value-added feature. You are charged based on the number of assets on which the RASP agent is installed. You must configure protection policies after you purchase the feature."
},
"Label": {
"zh-cn": "应用防护授权数",
"en": "QuotaForApplicationProtection"
}
},
"PayType": {
"Required": true,
"Type": "String",
"Description": {
"en": "The billing method of the firewall instance. Valid values:\nPayAsYouGo: pay-as-you-go\nSubscription: subscription"
},
"AllowedValues": [
"PayAsYouGo",
"Subscription"
]
}
},
"Resources": {
"Instance": {
"Type": "ALIYUN::SAS::Instance",
"Properties": {
"QuotaForCloudHoneypot": {
"Ref": "QuotaForCloudHoneypot"
},
"PostPayInstanceModule": {
"Ref": "PostPayInstanceModule"
},
"ThreatAnalysisLogStorageCapacity": {
"Ref": "ThreatAnalysisLogStorageCapacity"
},
"ConfigurationAssessment": {
"Ref": "ConfigurationAssessment"
},
"QuotaForConfigurationAssessment": {
"Ref": "QuotaForConfigurationAssessment"
},
"WebTamperProtection": {
"Ref": "WebTamperProtection"
},
"LogAnalysis": {
"Ref": "LogAnalysis"
},
"ContainerImageScan": {
"Ref": "ContainerImageScan"
},
"PeriodUnit": {
"Ref": "PeriodUnit"
},
"QuotaForWebTamperProofing": {
"Ref": "QuotaForWebTamperProofing"
},
"AutoRenew": {
"Ref": "AutoRenew"
},
"ThreatAnalysis": {
"Ref": "ThreatAnalysis"
},
"VulnerabilityFixing": {
"Ref": "VulnerabilityFixing"
},
"VCore": {
"Ref": "VCore"
},
"AutoPay": {
"Ref": "AutoPay"
},
"CloudHoneypot": {
"Ref": "CloudHoneypot"
},
"QuotaForVulnerabilityFixing": {
"Ref": "QuotaForVulnerabilityFixing"
},
"AntiRansomwareManageService": {
"Ref": "AntiRansomwareManageService"
},
"Period": {
"Ref": "Period"
},
"QuotaForMaliciousFileDetectionSDK": {
"Ref": "QuotaForMaliciousFileDetectionSDK"
},
"Edition": {
"Ref": "Edition"
},
"AntiRansomware": {
"Ref": "AntiRansomware"
},
"MaliciousFileDetectionSDK": {
"Ref": "MaliciousFileDetectionSDK"
},
"ProtectedServers": {
"Ref": "ProtectedServers"
},
"QuotaForApplicationProtection": {
"Ref": "QuotaForApplicationProtection"
},
"PayType": {
"Ref": "PayType"
}
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"GroupType": "Payment",
"Parameters": [
{
"Items": [
"Period",
"PeriodUnit"
],
"Label": "支付方式"
}
],
"Label": {
"default": {
"zh-cn": "付费类型",
"en": "Payment"
}
}
},
{
"Parameters": [
"AutoRenew",
"AutoPay"
],
"Label": {
"default": {
"zh-cn": "订单配置",
"en": "Order Configuration"
}
}
},
{
"Parameters": [
"Edition",
"ProtectedServers",
"VCore"
],
"Label": {
"default": {
"zh-cn": "版本配置",
"en": "Version Configuration"
}
}
},
{
"Parameters": [
"AntiRansomware"
],
"Label": {
"default": {
"zh-cn": "反勒索配置",
"en": "AntiRansomware Configuration"
}
}
},
{
"Parameters": [
"LogAnalysis"
],
"Label": {
"default": {
"zh-cn": "日志分析配置",
"en": "Log Configuration"
}
}
},
{
"Parameters": [
"AntiRansomware"
],
"Label": {
"default": {
"zh-cn": "反勒索配置",
"en": "AntiRansomware Configuration"
}
}
},
{
"Parameters": [
"QuotaForApplicationProtection"
],
"Label": {
"default": {
"zh-cn": "应用防护配置",
"en": "Application Protection Configuration"
}
}
},
{
"Parameters": [
"ThreatAnalysis",
"ThreatAnalysisLogStorageCapacity"
],
"Label": {
"default": {
"zh-cn": "威胁分析配置",
"en": "ThreatAnalysis Configuration"
}
}
},
{
"Parameters": [
"MaliciousFileDetectionSDK",
"QuotaForMaliciousFileDetectionSDK"
],
"Label": {
"default": {
"zh-cn": "恶意文件检测配置",
"en": "Malicious File Detection Configuration"
}
}
},
{
"Parameters": [
"ConfigurationAssessment",
"QuotaForConfigurationAssessment"
],
"Label": {
"default": {
"zh-cn": "配置评估",
"en": "Configuration Assessment Configuration"
}
}
},
{
"Parameters": [
"WebTamperProtection",
"QuotaForWebTamperProofing"
],
"Label": {
"default": {
"zh-cn": "网页防篡改配置",
"en": "WebTamper Protection Configuration"
}
}
},
{
"Parameters": [
"VulnerabilityFixing",
"QuotaForVulnerabilityFixing"
],
"Label": {
"default": {
"zh-cn": "漏洞修复配置",
"en": "Vulnerability Fixing Configuration"
}
}
},
{
"Parameters": [
"CloudHoneypot",
"QuotaForCloudHoneypot"
],
"Label": {
"default": {
"zh-cn": "云蜜罐配置",
"en": "Cloud Honeypot Configuration"
}
}
},
{
"Parameters": [
"ContainerImageScan"
],
"Label": {
"default": {
"zh-cn": "容器镜像安全扫描",
"en": "Container Image Scan Configuration"
}
}
}
]
}
}
}该文章对您有帮助吗?
- 本页导读 (1)
- 语法
- 属性
- PostPayInstanceModule语法
- PostPayInstanceModule属性
- 返回值
- 示例
