ALIYUN::Config::AggregateCompliancePack is used to create a compliance package for an account group.
Syntax
{
"Type": "ALIYUN::Config::AggregateCompliancePack",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"CompliancePackName": String,
"ExcludeResourceIdsScope": List,
"RegionIdsScope": List,
"ResourceGroupIdsScope": List,
"ConfigRules": List,
"CompliancePackTemplateId": String,
"RiskLevel": Integer,
"DefaultEnable": Boolean,
"AggregatorId": String
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
AggregatorId | String | Yes | Yes | The ID of the account group. | None. |
CompliancePackName | String | Yes | Yes | The name of the compliance package. | None. |
ConfigRules | List | Yes | Yes | The rules in the compliance package. | For more information, see ConfigRules properties. |
Description | String | Yes | Yes | The description of the compliance package. | None. |
RiskLevel | Integer | Yes | Yes | The risk level of the compliance package. | Valid values:
|
CompliancePackTemplateId | String | No | No | The ID of the compliance package template. | None. |
DefaultEnable | Boolean | No | Yes | Specifies whether to enable the rules together with the compliance package. | Valid values:
|
ExcludeResourceIdsScope | List | No | Yes | The IDs of the resources that you do not want to evaluate by using the compliance package. | Separate multiple resource IDs with commas (,). |
RegionIdsScope | List | No | Yes | The IDs of the regions where resources you want to evaluate by using the compliance package reside. | Separate multiple region IDs with commas (,). |
ResourceGroupIdsScope | List | No | Yes | The IDs of the resource groups whose resources you want to evaluate by using the compliance package. | Separate multiple resource group IDs with commas (,). |
TagKeyScope | String | No | Yes | The tag key of the resources that you want to evaluate by using the compliance package. | None. |
TagValueScope | String | No | Yes | The tag value of the resources that you want to evaluate by using the compliance package. | You must specify TagValueScope together with TagKeyScope. |
ConfigRules syntax
"ConfigRules": [
{
"ConfigRuleId": String,
"Description": String,
"ConfigRuleName": String,
"ManagedRuleIdentifier": String,
"RiskLevel": Integer,
"ConfigRuleParameters": List
}
]ConfigRules properties
Property | Type | Required | Editable | Description | Constraint |
RiskLevel | Integer | Yes | Yes | The risk level of the resources that do not comply with the rule. | Valid values:
|
ConfigRuleId | String | No | Yes | The rule IDs. | If you specify this property, Cloud Config adds the rule of the specified ID to the compliance package. You need to only specify one of the |
ConfigRuleName | String | No | Yes | The rule name. | None. |
ConfigRuleParameters | List | No | Yes | The input parameters of the rule. | For more information, see ConfigRuleParameters properties. |
Description | String | No | Yes | The description of the rule. | None. |
ManagedRuleIdentifier | String | No | Yes | The identifier of the managed rule. | Cloud Config automatically creates a managed rule based on the specified identifier and adds the rule to the compliance package. You need to only specify one of the |
ConfigRuleParameters syntax
"ConfigRuleParameters": [
{
"ParameterValue": String,
"ParameterName": String
}
]ConfigRuleParameters properties
Property | Type | Required | Editable | Description | Constraint |
ParameterValue | String | Yes | Yes | The value of the input parameter. | You must specify the |
ParameterName | String | Yes | Yes | The name of the input parameter. | You must specify the |
Return values
Fn::GetAtt
CompliancePackId: the ID of the compliance package.
Examples
YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AggregatorId:
Description:
en: Aggregator id.
Required: true
Type: String
CompliancePackName:
Description:
en: Compliance package name.
Required: true
Type: String
CompliancePackTemplateId:
Description:
en: Compliance package template ID.
Required: false
Type: String
ConfigRules:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
AssociationPropertyMetadata:
Parameters:
ConfigRuleId:
Description:
en: Rule ID. Configure auditing to add existing rules to the current
compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId.
When both parameters are set, ConfigRuleId is the correct one.
Required: false
Type: String
ConfigRuleName:
Description:
en: The name of config rule.
Required: false
Type: String
ConfigRuleParameters:
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
Parameters:
ParameterName:
Description:
en: The name of parameter.
Required: true
Type: String
ParameterValue:
Description:
en: The value of parameter.
Required: true
Type: String
Required: false
Type: Json
Description:
AssociationProperty: TextArea
Description:
en: The description of config rule.
Required: false
Type: String
ManagedRuleIdentifier:
Description:
en: Managed rule ID. Configure auditing to automatically create a
rule based on the managed rule ID and add the rule to the current
compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId.
When both parameters are set, ConfigRuleId is the correct one.
Required: false
Type: String
RiskLevel:
AllowedValues:
- 1
- 2
- 3
Description:
en: 'Rule risk level. Value:
1: High risk.
2: Medium risk.
3: Low risk.'
Required: true
Type: Number
Required: false
Type: Json
Description:
en: List of rules in the compliance package.
MinLength: 1
Required: true
Type: Json
DefaultEnable:
Description:
en: 'Whether the rule supports quick activation. Value:
true: This rule will be enabled when the compliance package is quickly enabled.
false (default): disable'
Required: false
Type: Boolean
Description:
AssociationProperty: TextArea
Description:
en: The description of compliance pack.
Required: true
Type: String
ExcludeResourceIdsScope:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: The resource id.
Required: false
Type: String
Description:
en: The compliance package is invalid for the specified resource ID, that is,
no evaluation is performed on the resource.
Required: false
Type: Json
RegionIdsScope:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: The region id.
Required: false
Type: String
Description:
en: The compliance package only takes effect for resources in the specified
region ID.
Required: false
Type: Json
ResourceGroupIdsScope:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: Resource group id.
Required: false
Type: String
Description:
en: The compliance package only takes effect on resources in the specified resource
group ID.
Required: false
Type: Json
RiskLevel:
AllowedValues:
- 1
- 2
- 3
Description:
en: 'Compliance package risk level. Value:
1: High risk.
2: Medium risk.
3: Low risk.'
Required: true
Type: Number
TagKeyScope:
Description:
en: Compliance packages only take effect on resources bound to the specified
tag key.
Required: false
Type: String
TagValueScope:
Description:
en: Compliance packages only take effect on resources bound to specified tag
key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope.
Required: false
Type: String
Resources:
AggregateCompliancePack:
Properties:
AggregatorId:
Ref: AggregatorId
CompliancePackName:
Ref: CompliancePackName
CompliancePackTemplateId:
Ref: CompliancePackTemplateId
ConfigRules:
Ref: ConfigRules
DefaultEnable:
Ref: DefaultEnable
Description:
Ref: Description
ExcludeResourceIdsScope:
Ref: ExcludeResourceIdsScope
RegionIdsScope:
Ref: RegionIdsScope
ResourceGroupIdsScope:
Ref: ResourceGroupIdsScope
RiskLevel:
Ref: RiskLevel
TagKeyScope:
Ref: TagKeyScope
TagValueScope:
Ref: TagValueScope
Type: ALIYUN::Config::AggregateCompliancePack
Outputs:
CompliancePackId:
Description: 'The ID of the compliance pack id. '
Value:
Fn::GetAtt:
- AggregateCompliancePack
- CompliancePackId
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"TagKeyScope": {
"Type": "String",
"Description": {
"en": "Compliance packages only take effect on resources bound to the specified tag key."
},
"Required": false
},
"TagValueScope": {
"Type": "String",
"Description": {
"en": "Compliance packages only take effect on resources bound to specified tag key-value pairs.TagValueScope needs to be used in conjunction with TagKeyScope."
},
"Required": false
},
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of compliance pack."
},
"Required": true
},
"CompliancePackName": {
"Type": "String",
"Description": {
"en": "Compliance package name."
},
"Required": true
},
"ExcludeResourceIdsScope": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The resource id."
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The compliance package is invalid for the specified resource ID, that is, no evaluation is performed on the resource."
},
"Required": false
},
"RegionIdsScope": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The region id."
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The compliance package only takes effect for resources in the specified region ID."
},
"Required": false
},
"ResourceGroupIdsScope": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "Resource group id."
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The compliance package only takes effect on resources in the specified resource group ID."
},
"Required": false
},
"ConfigRules": {
"AssociationPropertyMetadata": {
"Parameter": {
"AssociationPropertyMetadata": {
"Parameters": {
"ConfigRuleId": {
"Type": "String",
"Description": {
"en": "Rule ID. Configure auditing to add existing rules to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one."
},
"Required": false
},
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of config rule."
},
"Required": false
},
"ConfigRuleName": {
"Type": "String",
"Description": {
"en": "The name of config rule."
},
"Required": false
},
"ManagedRuleIdentifier": {
"Type": "String",
"Description": {
"en": "Managed rule ID. Configure auditing to automatically create a rule based on the managed rule ID and add the rule to the current compliance package.Choose one of ManagedRuleIdentifier and ConfigRuleId. When both parameters are set, ConfigRuleId is the correct one."
},
"Required": false
},
"RiskLevel": {
"Type": "Number",
"Description": {
"en": "Rule risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk."
},
"AllowedValues": [
1,
2,
3
],
"Required": true
},
"ConfigRuleParameters": {
"AssociationPropertyMetadata": {
"Parameters": {
"ParameterValue": {
"Type": "String",
"Description": {
"en": "The value of parameter."
},
"Required": true
},
"ParameterName": {
"Type": "String",
"Description": {
"en": "The name of parameter."
},
"Required": true
}
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Required": false
}
}
},
"Type": "Json",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "List of rules in the compliance package."
},
"Required": true,
"MinLength": 1
},
"CompliancePackTemplateId": {
"Type": "String",
"Description": {
"en": "Compliance package template ID."
},
"Required": false
},
"RiskLevel": {
"Type": "Number",
"Description": {
"en": "Compliance package risk level. Value:\n1: High risk.\n2: Medium risk.\n3: Low risk."
},
"AllowedValues": [
1,
2,
3
],
"Required": true
},
"DefaultEnable": {
"Type": "Boolean",
"Description": {
"en": "Whether the rule supports quick activation. Value:\ntrue: This rule will be enabled when the compliance package is quickly enabled.\nfalse (default): disable"
},
"Required": false
},
"AggregatorId": {
"Type": "String",
"Description": {
"en": "Aggregator id."
},
"Required": true
}
},
"Resources": {
"AggregateCompliancePack": {
"Type": "ALIYUN::Config::AggregateCompliancePack",
"Properties": {
"TagKeyScope": {
"Ref": "TagKeyScope"
},
"TagValueScope": {
"Ref": "TagValueScope"
},
"Description": {
"Ref": "Description"
},
"CompliancePackName": {
"Ref": "CompliancePackName"
},
"ExcludeResourceIdsScope": {
"Ref": "ExcludeResourceIdsScope"
},
"RegionIdsScope": {
"Ref": "RegionIdsScope"
},
"ResourceGroupIdsScope": {
"Ref": "ResourceGroupIdsScope"
},
"ConfigRules": {
"Ref": "ConfigRules"
},
"CompliancePackTemplateId": {
"Ref": "CompliancePackTemplateId"
},
"RiskLevel": {
"Ref": "RiskLevel"
},
"DefaultEnable": {
"Ref": "DefaultEnable"
},
"AggregatorId": {
"Ref": "AggregatorId"
}
}
}
},
"Outputs": {
"CompliancePackId": {
"Description": "The ID of the compliance pack id. ",
"Value": {
"Fn::GetAtt": [
"AggregateCompliancePack",
"CompliancePackId"
]
}
}
}
}