ALIYUN::SAS::Instance is used to purchase Security Center.
Syntax
{
"Type": "ALIYUN::SAS::Instance",
"Properties": {
"QuotaForApplicationProtection": Integer,
"ThreatAnalysis": Boolean,
"QuotaForMaliciousFileDetectionSDK": Integer,
"ContainerImageScan": Integer,
"ThreatAnalysisLogStorageCapacity": Integer,
"AutoRenew": Boolean,
"MaliciousFileDetectionSDK": Boolean,
"VCore": Integer,
"Period": Integer,
"VulnerabilityFixing": Boolean,
"QuotaForCloudHoneypot": Integer,
"QuotaForWebTamperProofing": Integer,
"AutoPay": Boolean,
"Edition": String,
"ConfigurationAssessment": Boolean,
"LogAnalysis": Integer,
"ProtectedServers": Integer,
"CloudHoneypot": Boolean,
"WebTamperProtection": Boolean,
"QuotaForConfigurationAssessment": Integer,
"QuotaForVulnerabilityFixing": Integer,
"AntiRansomware": Integer,
"PeriodUnit": String,
"AntiRansomwareManageService": Boolean
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
QuotaForApplicationProtection | Integer | No | No | The quota for the application protection feature. | You can use the feature to identify and block attacks on applications during application runtime and provide self-protection. We recommend that you set this property to the number of application processes that you want to protect each month on your hosts. A larger quota provides protection at a lower unit price. For more information, see Billing overview. |
ThreatAnalysis | Boolean | No | No | Specifies whether to enable the threat analysis feature. | The feature can detect and handle the security events of multiple cloud services, such as Cloud Firewall and Virtual Private Cloud (VPC), across multiple Alibaba Cloud accounts. This helps improve the operational efficiency of events. If you purchased the log storage capacity for log analysis, we recommend that you set the Log Storage Capacity of Threat Analysis parameter to a value that is three times the purchased log storage capacity. The threat analysis feature stores the logs of multiple Alibaba Cloud accounts and cloud services that are added. Therefore, you must purchase sufficient log storage capacity for threat analysis. |
QuotaForMaliciousFileDetectionSDK | Integer | No | No | The quota for the SDK for malicious file detection feature. | The feature uses a large number of file libraries in the cloud and a multi-architecture detection engine to detect webshell files, malicious scripts, binary programs, and macro viruses in a precise manner. The feature can also detect multiple malicious files at a time in various scenarios. |
ContainerImageScan | Integer | No | No | The container image scan feature. | This is a value-added feature. If you set the quota for the container image scan feature to a value greater than 0, the feature is automatically purchased. We recommend that you set the quota for the container image scan feature to the number of images for which you want to detect container vulnerabilities each month. Security Center identifies an image based on a unique digest value. If the digest value of an image is not changed, the quota for the container image scan feature is deducted by one only for the first scan. If the digest value of an image is changed, the quota for the container image scan feature is deducted each time the image is scanned. For example, if you want to scan 10 images and the images are estimated to be updated 20 times within the validity period of Security Center, you must set the quota for the container image scan feature to 30. The value 30 is calculated based on the following quotation: Quota for the container image scan feature = Number of images that you want to scan + Total number of times the images are estimated to be updated. The number 20 indicates that the digest values of the images are estimated to be changed 20 times. This property is available only when you use the Advanced, Enterprise, Ultimate, or Value-added Plan edition. |
ThreatAnalysisLogStorageCapacity | Integer | No | No | The log storage capacity for the threat analysis feature. | None. |
AutoRenew | Boolean | No | No | Specifies whether to enable auto-renewal if Security Center uses the subscription billing method. | Valid values:
Note The auto-renewal cycle varies based on the unit of the subscription duration. If you purchase Security Center on a yearly basis, the auto-renewal cycle is one year. For example, if you select Auto-renewal and purchase a two-year subscription, the auto-renewal cycle is one year. |
MaliciousFileDetectionSDK | Boolean | No | No | Specifies whether to enable the SDK for malicious file detection feature. | We recommend that you set the quota for the feature to the number of files that you want to scan each month. The feature uses a large number of file libraries in the cloud and a multi-architecture detection engine to detect webshell files, malicious scripts, binary programs, and macro viruses in a precise manner. The feature can also detect multiple malicious files at a time in various scenarios. |
VCore | Integer | No | No | The number of cores of servers that you want to protect by using Security Center. | The default value indicates the minimum number of cores that you must purchase. You must specify this property only when you use the Anti-virus or Ultimate edition. |
Period | Integer | Yes | No | The subscription duration. |
|
VulnerabilityFixing | Boolean | No | No | Specifies whether to enable the vulnerability fixing feature. | You must specify this property only when you use the Anti-virus or Value-added Plan edition. You can use the feature to fix Linux software vulnerabilities and Windows system vulnerabilities that are detected on your servers with a few clicks. We recommend that you set the quota for the feature to the total number of vulnerabilities that you want to fix each month. Note
|
QuotaForCloudHoneypot | Integer | No | No | The quota for the cloud honeypot feature. | None. |
QuotaForWebTamperProofing | Integer | No | No | The quota for the web tamper proofing feature. | The feature monitors web directories in real time and can restore files or directories that are tampered with based on backups. This prevents important website information from being tampered with. |
AutoPay | Boolean | No | No | Specifies whether to enable the automatic payment feature. | Valid values:
|
Edition | String | No | No | The edition. | Valid values:
|
ConfigurationAssessment | Boolean | No | No | Specifies whether to enable the configuration assessment feature. | The feature detects configuration errors and security risks of cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks. This ensures security of the running environment of your cloud services. |
LogAnalysis | Integer | No | No | The log analysis feature. | This is a value-added feature. If you set the log storage capacity for log analysis to a value greater than 0, the feature is automatically purchased. The unit of the log storage capacity is GB. The log analysis feature retrieves data from all subtypes of logs, including host, network, and security logs. This allows you to trace and analyze security events. Note The Enterprise and Ultimate editions of Security Center support 16 subtypes of logs. The Anti-virus and Advanced editions of Security Center support only 12 subtypes of host logs and security logs, but do not support network logs. |
ProtectedServers | Integer | No | No | The number of servers that you want to protect by using Security Center. | The default value is the total number of Elastic Compute Service (ECS) instances plus the servers that are not deployed on Alibaba Cloud but have the Security Center agent installed within your Alibaba Cloud account. Note
|
CloudHoneypot | Boolean | No | No | Specifies whether to enable the cloud honeypot feature. | The feature can capture attacks at the earliest opportunity. You can use this feature to detect attacks and protect your core assets in an efficient manner in attack and defense scenarios. |
WebTamperProtection | Boolean | No | No | Specifies whether to enable the web tamper proofing feature. | The feature monitors web directories in real time and can restore files or directories that are tampered with based on backups. This prevents important website information from being tampered with. |
QuotaForConfigurationAssessment | Integer | No | No | The quota for the configuration assessment feature. | None. |
QuotaForVulnerabilityFixing | Integer | No | No | The quota for the vulnerability fixing feature. | You must specify this property based on the total number of vulnerabilities that you want to fix each month. The quota indicates the total number of vulnerabilities that you want to fix on all servers each month, regardless of the vulnerability names. For example, if you use Security Center on 10 servers to fix the same vulnerability, the quota is deducted by 10. |
AntiRansomware | Integer | No | No | The anti-ransomware feature. | This is a value-added feature. If you set the anti-ransomware capacity to a value greater than 0, the feature is automatically purchased. The unit of the anti-ransomware capacity is GB. The general anti-ransomware feature provides the protection, alerting, and data backup capabilities to prevent ransomware from intruding into your core servers. Note Before you purchase this feature, make sure that the servers that you want to protect are deployed in a supported region of anti-ransomware. For more information about the supported regions, see Overview. |
PeriodUnit | String | Yes | No | The unit of the subscription duration. | Valid values:
|
AntiRansomwareManageService | Boolean | No | No | Specifies whether to enable the managed anti-ransomware feature. | The feature provides anti-ransomware configurations, monitoring, and emergency responses to anti-ransomware incidents. |
Return values
Fn::GetAtt
InstanceId: the ID of the purchased Security Center.
Examples
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AntiRansomware:
Description:
en: Security Center provides a comprehensive anti-ransomware solution to protect
your business. We recommend that you configure a data protection capacity
of 50GB for each server.
Required: false
Type: Number
AutoPay:
Default: true
Description:
en: 'Whether to auto pay the bill.Default: True'
Required: false
Type: Boolean
AutoRenew:
Default: false
Description:
en: 'Whether to auto renew the prepay instance.Default: False'
Required: false
Type: Boolean
CloudHoneypot:
Description:
en: The cloud honeypot feature can capture attacks in a timely and efficient
manner. You can use the feature to protect your core assets and detect attacks
in attack and defense scenarios.
Required: false
Type: Boolean
ConfigurationAssessment:
Description:
en: 'The configuration assessment feature detects configuration errors and security
risks on cloud services from the following dimensions: identity and permission
management, security risks in Alibaba Cloud services, and compliance risks.This
ensures the security of the running environment of your cloud services.'
Required: false
Type: Boolean
ContainerImageScan:
Description:
en: Security Center provides the container image scan feature to protect containers.
Security Center can detect CVEs, application vulnerabilities, viruses, and
malicious samples and allows you to handle the detected risks. You can configure
this parameter based on the number of images or digests. For example, if the
number of images or digests that are updated in the previous day is 10, you
can set this parameter to 300 for a monthly subscription or to 3650 for a
yearly subscription. This is more cost-effective.
Required: false
Type: Number
Edition:
AllowedValues:
- Anti-virus
- Advanced
- Enterprise
- Ultimate
Description:
en: The version of Security center.
Required: false
Type: String
LogAnalysis:
Description:
en: In response to the requirements of the network security law, which requires
logs to be stored for at least 180 days, we recommend that you configure a
40GB log storage each server. Log analysis supports multi-dimensional security
logs of cloud assets, out-of-the-box reports, and powerful SQL syntax analysis,
so as to monitor business status, troubleshoot attacks, security operations
such as traceability and positioning are easier.
Required: false
Type: Number
MaliciousFileDetectionSDK:
Description:
en: 'The configuration assessment feature detects configuration errors and security
risks on cloud services from the following dimensions: identity and permission
management, security risks in Alibaba Cloud services, and compliance risks.
This ensures the security of the running environment of your cloud services.'
Required: false
Type: Boolean
Period:
AllowedValues:
- 1
- 2
- 3
- 6
AssociationProperty: PayPeriod
Description:
en: 'The subscription period of the firewallIf PeriodUnit is month, the valid
range is 1, 3, 6
If periodUnit is year, the valid range is 1, 2, 3'
Required: true
Type: Number
PeriodUnit:
AllowedValues:
- Month
- Year
AssociationProperty: PayPeriodUnit
Description:
en: 'The unit of the subscription duration. Valid values:
Month
Year
'
Required: true
Type: String
ProtectedServers:
Description:
en: Authorization is the same as the number of servers you have.
Required: false
Type: Number
QuotaForApplicationProtection:
Description:
en: The application protection feature can detect attacks on applications and
provide self-protection during application runtime. The feature supports simple
and convenient O&M and can effectively defend against zero-day and OWASP Top
vulnerabilities. The feature is a value-added feature. You are charged based
on the number of assets on which the RASP agent is installed. You must configure
protection policies after you purchase the feature.
Required: false
Type: Number
QuotaForCloudHoneypot:
Required: false
Type: Number
QuotaForConfigurationAssessment:
Required: false
Type: Number
QuotaForMaliciousFileDetectionSDK:
Required: false
Type: Number
QuotaForVulnerabilityFixing:
Description:
en: Specify the quota for vulnerability fixing based on the number of vulnerabilities
that you want to fix each month. The quota is equal to the total number of
vulnerabilities that you want to fix on all servers regardless of the vulnerability
names. For example, if you use Security Center to fix the same vulnerability
on 10 servers, the quota is deducted by 10.
Required: false
Type: Number
QuotaForWebTamperProofing:
Required: false
Type: Number
ThreatAnalysis:
Description:
en: 'The threat analysis feature allows you to handle alerts that are generated
for assets in the cloud within different accounts and assets of multiple cloud
services in a centralized manner. The feature also allows you to handle risks
with a few clicks. The feature provides automatic orchestration and response
capabilities. '
Required: false
Type: Boolean
ThreatAnalysisLogStorageCapacity:
Required: false
Type: Number
VCore:
Description:
en: This parameter indicates the number of server vCPUs.
Required: false
Type: Number
VulnerabilityFixing:
Description:
en: The vulnerability fixing feature allows you to fix system vulnerabilities
with a few clicks. This improves O&M efficiency. You can separately purchase
the vulnerability fixing feature. You are charged based on the number of times
that you perform vulnerability fixing.
Required: false
Type: Boolean
WebTamperProtection:
Description:
en: To ensure that the website information of important systems is not maliciously
tampered with, there are bad content such as hanging horses, black chains,
illegal implantation of terrorist threats, pornography, etc.
Required: false
Type: Boolean
Resources:
Instance:
Properties:
AntiRansomware:
Ref: AntiRansomware
AutoPay:
Ref: AutoPay
AutoRenew:
Ref: AutoRenew
CloudHoneypot:
Ref: CloudHoneypot
ConfigurationAssessment:
Ref: ConfigurationAssessment
ContainerImageScan:
Ref: ContainerImageScan
Edition:
Ref: Edition
LogAnalysis:
Ref: LogAnalysis
MaliciousFileDetectionSDK:
Ref: MaliciousFileDetectionSDK
Period:
Ref: Period
PeriodUnit:
Ref: PeriodUnit
ProtectedServers:
Ref: ProtectedServers
QuotaForApplicationProtection:
Ref: QuotaForApplicationProtection
QuotaForCloudHoneypot:
Ref: QuotaForCloudHoneypot
QuotaForConfigurationAssessment:
Ref: QuotaForConfigurationAssessment
QuotaForMaliciousFileDetectionSDK:
Ref: QuotaForMaliciousFileDetectionSDK
QuotaForVulnerabilityFixing:
Ref: QuotaForVulnerabilityFixing
QuotaForWebTamperProofing:
Ref: QuotaForWebTamperProofing
ThreatAnalysis:
Ref: ThreatAnalysis
ThreatAnalysisLogStorageCapacity:
Ref: ThreatAnalysisLogStorageCapacity
VCore:
Ref: VCore
VulnerabilityFixing:
Ref: VulnerabilityFixing
WebTamperProtection:
Ref: WebTamperProtection
Type: ALIYUN::SAS::Instance
Outputs:
InstanceId:
Description: Instance Id.
Value:
Fn::GetAtt:
- Instance
- InstanceId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"QuotaForApplicationProtection": {
"Type": "Number",
"Description": {
"en": "The application protection feature can detect attacks on applications and provide self-protection during application runtime. The feature supports simple and convenient O&M and can effectively defend against zero-day and OWASP Top vulnerabilities. The feature is a value-added feature. You are charged based on the number of assets on which the RASP agent is installed. You must configure protection policies after you purchase the feature."
},
"Required": false
},
"ThreatAnalysis": {
"Type": "Boolean",
"Description": {
"en": "The threat analysis feature allows you to handle alerts that are generated for assets in the cloud within different accounts and assets of multiple cloud services in a centralized manner. The feature also allows you to handle risks with a few clicks. The feature provides automatic orchestration and response capabilities. "
},
"Required": false
},
"QuotaForMaliciousFileDetectionSDK": {
"Type": "Number",
"Required": false
},
"ContainerImageScan": {
"Type": "Number",
"Description": {
"en": "Security Center provides the container image scan feature to protect containers. Security Center can detect CVEs, application vulnerabilities, viruses, and malicious samples and allows you to handle the detected risks. You can configure this parameter based on the number of images or digests. For example, if the number of images or digests that are updated in the previous day is 10, you can set this parameter to 300 for a monthly subscription or to 3650 for a yearly subscription. This is more cost-effective."
},
"Required": false
},
"ThreatAnalysisLogStorageCapacity": {
"Type": "Number",
"Required": false
},
"AutoRenew": {
"Type": "Boolean",
"Description": {
"en": "Whether to auto renew the prepay instance.Default: False"
},
"Required": false,
"Default": false
},
"MaliciousFileDetectionSDK": {
"Type": "Boolean",
"Description": {
"en": "The configuration assessment feature detects configuration errors and security risks on cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks. This ensures the security of the running environment of your cloud services."
},
"Required": false
},
"VCore": {
"Type": "Number",
"Description": {
"en": "This parameter indicates the number of server vCPUs."
},
"Required": false
},
"Period": {
"AssociationProperty": "PayPeriod",
"Type": "Number",
"Description": {
"en": "The subscription period of the firewallIf PeriodUnit is month, the valid range is 1, 3, 6\nIf periodUnit is year, the valid range is 1, 2, 3"
},
"AllowedValues": [
1,
2,
3,
6
],
"Required": true
},
"VulnerabilityFixing": {
"Type": "Boolean",
"Description": {
"en": "The vulnerability fixing feature allows you to fix system vulnerabilities with a few clicks. This improves O&M efficiency. You can separately purchase the vulnerability fixing feature. You are charged based on the number of times that you perform vulnerability fixing."
},
"Required": false
},
"QuotaForCloudHoneypot": {
"Type": "Number",
"Required": false
},
"QuotaForWebTamperProofing": {
"Type": "Number",
"Required": false
},
"AutoPay": {
"Type": "Boolean",
"Description": {
"en": "Whether to auto pay the bill.Default: True"
},
"Required": false,
"Default": true
},
"Edition": {
"Type": "String",
"Description": {
"en": "The version of Security center."
},
"AllowedValues": [
"Anti-virus",
"Advanced",
"Enterprise",
"Ultimate"
],
"Required": false
},
"ConfigurationAssessment": {
"Type": "Boolean",
"Description": {
"en": "The configuration assessment feature detects configuration errors and security risks on cloud services from the following dimensions: identity and permission management, security risks in Alibaba Cloud services, and compliance risks.This ensures the security of the running environment of your cloud services."
},
"Required": false
},
"LogAnalysis": {
"Type": "Number",
"Description": {
"en": "In response to the requirements of the network security law, which requires logs to be stored for at least 180 days, we recommend that you configure a 40GB log storage each server. Log analysis supports multi-dimensional security logs of cloud assets, out-of-the-box reports, and powerful SQL syntax analysis, so as to monitor business status, troubleshoot attacks, security operations such as traceability and positioning are easier."
},
"Required": false
},
"ProtectedServers": {
"Type": "Number",
"Description": {
"en": "Authorization is the same as the number of servers you have."
},
"Required": false
},
"CloudHoneypot": {
"Type": "Boolean",
"Description": {
"en": "The cloud honeypot feature can capture attacks in a timely and efficient manner. You can use the feature to protect your core assets and detect attacks in attack and defense scenarios."
},
"Required": false
},
"WebTamperProtection": {
"Type": "Boolean",
"Description": {
"en": "To ensure that the website information of important systems is not maliciously tampered with, there are bad content such as hanging horses, black chains, illegal implantation of terrorist threats, pornography, etc."
},
"Required": false
},
"QuotaForConfigurationAssessment": {
"Type": "Number",
"Required": false
},
"QuotaForVulnerabilityFixing": {
"Type": "Number",
"Description": {
"en": "Specify the quota for vulnerability fixing based on the number of vulnerabilities that you want to fix each month. The quota is equal to the total number of vulnerabilities that you want to fix on all servers regardless of the vulnerability names. For example, if you use Security Center to fix the same vulnerability on 10 servers, the quota is deducted by 10."
},
"Required": false
},
"AntiRansomware": {
"Type": "Number",
"Description": {
"en": "Security Center provides a comprehensive anti-ransomware solution to protect your business. We recommend that you configure a data protection capacity of 50GB for each server."
},
"Required": false
},
"PeriodUnit": {
"AssociationProperty": "PayPeriodUnit",
"Type": "String",
"Description": {
"en": "The unit of the subscription duration. Valid values:\nMonth\nYear\n"
},
"AllowedValues": [
"Month",
"Year"
],
"Required": true
}
},
"Resources": {
"Instance": {
"Type": "ALIYUN::SAS::Instance",
"Properties": {
"QuotaForApplicationProtection": {
"Ref": "QuotaForApplicationProtection"
},
"ThreatAnalysis": {
"Ref": "ThreatAnalysis"
},
"QuotaForMaliciousFileDetectionSDK": {
"Ref": "QuotaForMaliciousFileDetectionSDK"
},
"ContainerImageScan": {
"Ref": "ContainerImageScan"
},
"ThreatAnalysisLogStorageCapacity": {
"Ref": "ThreatAnalysisLogStorageCapacity"
},
"AutoRenew": {
"Ref": "AutoRenew"
},
"MaliciousFileDetectionSDK": {
"Ref": "MaliciousFileDetectionSDK"
},
"VCore": {
"Ref": "VCore"
},
"Period": {
"Ref": "Period"
},
"VulnerabilityFixing": {
"Ref": "VulnerabilityFixing"
},
"QuotaForCloudHoneypot": {
"Ref": "QuotaForCloudHoneypot"
},
"QuotaForWebTamperProofing": {
"Ref": "QuotaForWebTamperProofing"
},
"AutoPay": {
"Ref": "AutoPay"
},
"Edition": {
"Ref": "Edition"
},
"ConfigurationAssessment": {
"Ref": "ConfigurationAssessment"
},
"LogAnalysis": {
"Ref": "LogAnalysis"
},
"ProtectedServers": {
"Ref": "ProtectedServers"
},
"CloudHoneypot": {
"Ref": "CloudHoneypot"
},
"WebTamperProtection": {
"Ref": "WebTamperProtection"
},
"QuotaForConfigurationAssessment": {
"Ref": "QuotaForConfigurationAssessment"
},
"QuotaForVulnerabilityFixing": {
"Ref": "QuotaForVulnerabilityFixing"
},
"AntiRansomware": {
"Ref": "AntiRansomware"
},
"PeriodUnit": {
"Ref": "PeriodUnit"
}
}
}
},
"Outputs": {
"InstanceId": {
"Description": "Instance Id.",
"Value": {
"Fn::GetAtt": [
"Instance",
"InstanceId"
]
}
}
}
}