alicloud_config_remediation_Terraform(Terraform)-阿里云帮助中心

Provides a Config Remediation resource.

For information about Config Remediation and how to use it, see What is Remediation.

-> NOTE: Available since v1.204.0.

Example Usage

Basic Usage

variable "name" {
  default = "tf-example-oss"
}
data "alicloud_regions" "default" {
  current = true
}

resource "random_integer" "default" {
  min = 10000
  max = 99999
}

resource "alicloud_oss_bucket" "default" {
  bucket = "${var.name}-${random_integer.default.result}"
  tags = {
    For = "example"
  }
}

resource "alicloud_oss_bucket_acl" "name" {
  bucket = alicloud_oss_bucket.default.bucket
  acl    = "public-read"
}

resource "alicloud_config_rule" "default" {
  description               = "If the ACL policy of the OSS bucket denies read access from the Internet, the configuration is considered compliant."
  source_owner              = "ALIYUN"
  source_identifier         = "oss-bucket-public-read-prohibited"
  risk_level                = 1
  tag_key_scope             = "For"
  tag_value_scope           = "example"
  region_ids_scope          = data.alicloud_regions.default.regions.0.id
  config_rule_trigger_types = "ConfigurationItemChangeNotification"
  resource_types_scope      = ["ACS::OSS::Bucket"]
  rule_name                 = "oss-bucket-public-read-prohibited"
}

resource "alicloud_config_remediation" "default" {
  config_rule_id          = alicloud_config_rule.default.config_rule_id
  remediation_template_id = "ACS-OSS-PutBucketAcl"
  remediation_source_type = "ALIYUN"
  invoke_type             = "MANUAL_EXECUTION"
  params                  = "{\"bucketName\": \"${alicloud_oss_bucket.default.bucket}\", \"regionId\": \"${data.alicloud_regions.default.regions.0.id}\", \"permissionName\": \"private\"}"
  remediation_type        = "OOS"
}

Argument Reference

The following arguments are supported:

config_rule_id - (Required, ForceNew) Rule ID.
invoke_type - (Required) Execution type, valid values: Manual, Automatic.
params - (Required, JsonString) Remediation parameter.
remediation_source_type - (Optional, ForceNew) Remediation resource type, valid values: ALIYUN , CUSTOMER.
remediation_template_id - (Required) Remediation template ID.
remediation_type - (Required, ForceNew) Remediation type, valid values: OOS, FC.

The following arguments will be discarded. Please use new fields as soon as possible:

Attributes Reference

The following attributes are exported:

id - The key of the resource supplied above.
remediation_id - Remediation ID.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

create - (Defaults to 5 mins) Used when create the Remediation.
delete - (Defaults to 5 mins) Used when delete the Remediation.
update - (Defaults to 5 mins) Used when update the Remediation.

Import

Config Remediation can be imported using the id, e.g.

$ terraform import alicloud_config_remediation.example <id>