模板名稱
ACS-OSS-PutBucketEncryption 配置OSSBucket加密規則
模板描述
配置OSSBucket的加密規則
模板類型
自動化
所有者
Alibaba Cloud
輸入參數
參數名稱 | 描述 | 類型 | 是否必填 | 預設值 | 約束 |
SSEAlgorithm | SSE加密方式 | String | 是 | ||
bucketName | OSS bucket 名稱 | String | 是 | ||
regionId | 地區ID | String | 否 | {{ ACS::RegionId }} | |
KMSMasterKeyID | KMS密鑰ID | String | 否 | False | |
OOSAssumeRole | OOS扮演的RAM角色 | String | 否 | "" |
輸出參數
無
執行此模板需要的權限原則
{
"Version": "1",
"Statement": [
{
"Action": [
"oss:PutBucketEncryption"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
詳情
模板內容
FormatVersion: OOS-2019-06-01
Description:
en: Encryption rules for configuring buckets
zh-cn: 配置OSSBucket的加密規則
name-en: ACS-OSS-PutBucketEncryption
name-zh-cn: 配置OSSBucket加密規則
categories:
- security
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: 地區ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
SSEAlgorithm:
Label:
en: SSEAlgorithm
zh-cn: SSE加密方式
Description:
en: Set the default encryption method of the server
zh-cn: 設定服務端預設加密方式
Type: String
AllowedValues:
- KMS
- AES256
KMSMasterKeyID:
Label:
en: KMSMasterKeyID
zh-cn: KMS密鑰ID
Description:
en: >-
When the ssealgorithm value is KMS, you need to enter the key ID,
otherwise, it must be empty(Default No is empty)
zh-cn: 當SSEAlgorithm值為KMS時,需輸入KMSMasterKeyID,其他情況下,必須為空白(No 代表為空白)
Type: String
Default: No
bucketName:
Label:
en: BucketName
zh-cn: OSS bucket 名稱
Type: String
AssociationProperty: ALIYUN::OSS::Bucket::BucketName
AssociationPropertyMetadata:
RegionId: regionId
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOS扮演的RAM角色
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: chooseWetherHasKMSMasterKeyIDTask
Action: 'ACS::Choice'
Properties:
DefaultTask: putBucketEncryptionNoKeyId
Choices:
- When:
'Fn::Equals':
- KMS
- '{{ SSEAlgorithm }}'
NextTask: putBucketEncryption
- When:
'Fn::Equals':
- AES256
- '{{ SSEAlgorithm }}'
NextTask: putBucketEncryptionNoKeyId
- Name: putBucketEncryptionNoKeyId
Action: 'ACS::ExecuteAPI'
Description:
en: 'Encryption rules for configuring buckets(AES256)'
zh-cn: 用於配置Bucket的加密規則(AES256)
OnSuccess: 'ACS::END'
Properties:
Service: OSS
API: PutBucketEncryption
Method: PUT
URI: '?encryption'
Headers:
Content-MD5: ""
Content-Type: application/xml
Parameters:
RegionId: '{{ regionId }}'
BucketName: '{{ bucketName }}'
Body: '<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionRule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm>
<KMSMasterKeyID></KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>'
- Name: putBucketEncryption
Action: 'ACS::ExecuteAPI'
Description:
en: Encryption rules for configuring buckets(KMS)
zh-cn: 用於配置Bucket的加密規則(KMS)
Properties:
Service: OSS
API: PutBucketEncryption
Method: PUT
URI: '?encryption'
Headers:
Content-MD5: ""
Content-Type: application/xml
Parameters:
RegionId: '{{ regionId }}'
BucketName: '{{ bucketName }}'
Body: '<?xml version="1.0" encoding="UTF-8"?>
<ServerSideEncryptionRule>
<ApplyServerSideEncryptionByDefault>
<SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm>
<KMSMasterKeyID>{{ KMSMasterKeyID }}</KMSMasterKeyID>
</ApplyServerSideEncryptionByDefault>
</ServerSideEncryptionRule>'