ACS-ECS-BulkyEncryptSystemDisk - CloudOps Orchestration Service

模板名稱

ACS-ECS-BulkyEncryptSystemDisk 大量加密系統硬碟

立即執行

模板描述

大量加密系統硬碟

模板類型

自動化

所有者

Alibaba Cloud

輸入參數

參數名稱	描述	類型	是否必填	預設值	約束
targets	目標執行個體	Json	是
KMSKeyId	加密鏡像使用的KMS密鑰ID	String	是
regionId	地區ID	String	否	{{ ACS::RegionId }}
rateControl	任務執行的並發比率	Json	否	{‘Mode’: ‘Concurrency’, ‘MaxErrors’: 0, ‘Concurrency’: 10}
OOSAssumeRole	OOS扮演的RAM角色	String	否	“”

輸出參數

參數名稱	描述	類型
systemDiskEncryptedInstances		Json

執行此模板需要的權限原則

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CopyImage",
                "ecs:CreateImage",
                "ecs:CreateSnapshot",
                "ecs:DeleteImage",
                "ecs:DeleteSnapshot",
                "ecs:DescribeDisks",
                "ecs:DescribeImages",
                "ecs:DescribeInstances",
                "ecs:DescribeSnapshots",
                "ecs:ReplaceSystemDisk",
                "ecs:StartInstance",
                "ecs:StopInstance"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

詳情

ACS-ECS-BulkyEncryptSystemDisk詳情

模板內容

FormatVersion: OOS-2019-06-01
Description:
  en: Bulky encrypt the system disks
  zh-cn: 大量加密系統硬碟
  name-en: ACS-ECS-BulkyEncryptSystemDisk
  name-zh-cn: 大量加密系統硬碟
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: 地區ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  targets:
    Type: Json
    Label:
      en: TargetInstance
      zh-cn: 目標執行個體
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
  KMSKeyId:
    Label:
      en: KMSKeyId
      zh-cn: 加密鏡像使用的KMS密鑰ID
    AssociationProperty: ALIYUN::KMS::Key::KeyId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: String
  rateControl:
    Label:
      en: RateControl
      zh-cn: 任務執行的並發比率
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
  Description:
    en: Views the ECS instances
    zh-cn: 擷取ECS執行個體
  Action: ACS::SelectTargets
  Properties:
    ResourceType: ALIYUN::ECS::Instance
    RegionId: '{{ regionId }}'
    Filters:
      - '{{ targets }}'
  Outputs:
    instanceIds:
      Type: List
      ValueSelector: Instances.Instance[].InstanceId
- Name: encryptSystemDisk
  Action: ACS::ECS::EncryptSystemDisk
  Description:
    en: Bulky encrypt the system disks
    zh-cn: 大量加密系統硬碟
  Properties:
    regionId: '{{ regionId }}'
    instanceId: '{{ ACS::TaskLoopItem }}'
    KMSKeyId: '{{ KMSKeyId }}'
  Outputs:
    systemDiskEncryptedInstance:
      Type: String
      ValueSelector: .systemDiskEncryptedInstance
  Loop:
    RateControl: '{{ rateControl }}'
    Items: '{{ getInstance.instanceIds }}'
    Outputs:
      systemDiskEncryptedInstances:
        AggregateType: Fn::ListJoin
        AggregateField: systemDiskEncryptedInstance
Outputs:
  systemDiskEncryptedInstances:
    Type: Json
    Value:
      Fn::Jq:
        - First
        - '[.[][]]|.|= map(select(.))'
        - '{{ encryptSystemDisk.systemDiskEncryptedInstances }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - targets
          - instancePassword
        Label:
          default:
            zh-cn: 選擇執行個體
            en: Select Ecs Instances
      - Parameters:
          - KMSKeyId
        Label:
          default:
            zh-cn: 配置KMSKey
            en: Configure KMSKey
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: 進階選項
            en: Control Options