ALIYUN::Config::Rule類型用於建立或修改規則。
文法
{
"Type": "ALIYUN::Config::Rule",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"ExcludeResourceIdsScope": String,
"SourceOwner": String,
"SourceIdentifier": String,
"MaximumExecutionFrequency": String,
"RegionIdsScope": String,
"ConfigRuleTriggerTypes": String,
"ResourceGroupIdsScope": String,
"RiskLevel": Integer,
"ResourceTypesScope": List,
"RuleName": String,
"InputParameters": Map,
"TagKeyLogicScope": String
}
}
屬性
屬性名稱 | 類型 | 必須 | 允許更新 | 描述 | 約束 |
ConfigRuleTriggerTypes | String | 是 | 是 | 規則的觸發器類型。 | 取值:
|
ResourceTypesScope | List | 是 | 是 | 需要根據規則評估的資源類型。 | 無 |
RiskLevel | Integer | 是 | 是 | 風險等級。 | 取值:
|
RuleName | String | 是 | 否 | 規則名稱。 | 無 |
SourceIdentifier | String | 是 | 否 | 規則標識或函數ARN。 | 當SourceOwner取值為ALIYUN(託管規則)時,該參數為規則標識。 當SourceOwner取值為CUSTOM_FC(使用者自訂函數)時,該參數為函數ARN。 |
SourceOwner | String | 是 | 否 | 規則來源的歸屬。 | 取值:
|
Description | String | 否 | 是 | 規則的描述資訊。 | 無 |
ExcludeResourceIdsScope | String | 否 | 是 | 規則排除的資源ID。 | 多個資源ID間以半形逗號(,)分隔。 當SourceOwner取值為ALIYUN(託管規則)時該參數有效。 |
InputParameters | Map | 否 | 是 | 規則入參。 | 取值樣本: |
MaximumExecutionFrequency | String | 否 | 是 | 規則執行循環。 | 取值:
|
RegionIdsScope | String | 否 | 是 | 規則的地區ID。 | 多個地區ID間以半形逗號(,)分隔。 當SourceOwner取值為ALIYUN(託管規則)時該參數有效。 |
ResourceGroupIdsScope | String | 否 | 是 | 規則的資源群組ID。 | 多個資源群組ID間以半形逗號(,)分隔。 當SourceOwner取值為ALIYUN(託管規則)時該參數有效。 |
TagKeyLogicScope | String | 否 | 否 | 規則的標籤鍵邏輯類型。 | 無 |
TagKeyScope | String | 否 | 是 | 規則的標籤鍵。 | 當SourceOwner取值為ALIYUN(託管規則)時該參數有效。 |
TagValueScope | String | 否 | 是 | 規則的標籤值。 | 當SourceOwner取值為ALIYUN(託管規則)時該參數有效。 |
傳回值
Fn::GetAtt
TagKeyScope:規則的標籤鍵。
TagValueScope:規則的標籤值。
Description:規則的描述資訊。
ExcludeResourceIdsScope:規則排除的資源ID。
SourceOwner:規則來源的歸屬。
SourceIdentifier:規則標識。
MaximumExecutionFrequency:規則執行循環。
ConfigRuleId:規則ID。
EventSource:事件來源。
RegionIdsScope:規則的地區ID。
ConfigRuleArn:規則ARN。
ConfigRuleTriggerTypes:規則的觸發器類型。
ResourceGroupIdsScope:規則的資源群組ID。
RiskLevel:規則的風險等級。
ResourceTypesScope:需要根據規則評估的資源類型。
RuleName:規則名稱。
InputParameters:規則入參。
樣本
YAML
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Description:
Default: test
Type: String
Description: The description of the rule
SourceOwner:
Type: String
Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule'
Default: ALIYUN
SourceIdentifier:
Type: String
Description: The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule
Default: ecs-instances-in-vpc
ConfigRuleTriggerTypes:
Type: String
Description: 'The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.'
Default: ConfigurationItemChangeNotification
RiskLevel:
Type: Number
Description: 'The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info'
Default: 3
ResourceTypesScope:
Type: Json
Description: The types of the resources to be evaluated against the rule
Default:
- ACS::ECS::Instance
RuleName:
Type: String
Description: The name of the rule.
Default: MyRule
Resources:
ConfigRule:
Type: ALIYUN::Config::Rule
Properties:
Description:
Ref: Description
SourceOwner:
Ref: SourceOwner
SourceIdentifier:
Ref: SourceIdentifier
ConfigRuleTriggerTypes:
Ref: ConfigRuleTriggerTypes
RiskLevel:
Ref: RiskLevel
ResourceTypesScope:
Ref: ResourceTypesScope
RuleName:
Ref: RuleName
Outputs:
TagKeyScope:
Description: The rule monitors the tag key, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- TagKeyScope
TagValueScope:
Description: The rule monitors the tag value, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- TagValueScope
Description:
Description: The description of the rule
Value:
Fn::GetAtt:
- ConfigRule
- Description
ExcludeResourceIdsScope:
Description: The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty
Value:
Fn::GetAtt:
- ConfigRule
- ExcludeResourceIdsScope
SourceOwner:
Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule'
Value:
Fn::GetAtt:
- ConfigRule
- SourceOwner
SourceIdentifier:
Description: The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule
Value:
Fn::GetAtt:
- ConfigRule
- SourceIdentifier
MaximumExecutionFrequency:
Description: 'The frequency of the compliance evaluations. Valid values: One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours'
Value:
Fn::GetAtt:
- ConfigRule
- MaximumExecutionFrequency
ConfigRuleId:
Description: The ID of the rule
Value:
Fn::GetAtt:
- ConfigRule
- ConfigRuleId
EventSource:
Description: The event source of the rule.
Value:
Fn::GetAtt:
- ConfigRule
- EventSource
RegionIdsScope:
Description: The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- RegionIdsScope
ConfigRuleArn:
Description: config rule arn
Value:
Fn::GetAtt:
- ConfigRule
- ConfigRuleArn
ConfigRuleTriggerTypes:
Description: 'The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.'
Value:
Fn::GetAtt:
- ConfigRule
- ConfigRuleTriggerTypes
ResourceGroupIdsScope:
Description: The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- ResourceGroupIdsScope
RiskLevel:
Description: 'The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info'
Value:
Fn::GetAtt:
- ConfigRule
- RiskLevel
ResourceTypesScope:
Description: The types of the resources to be evaluated against the rule
Value:
Fn::GetAtt:
- ConfigRule
- ResourceTypesScope
RuleName:
Description: The name of the rule.
Value:
Fn::GetAtt:
- ConfigRule
- RuleName
InputParameters:
Description: The settings of the input parameters for the rule
Value:
Fn::GetAtt:
- ConfigRule
- InputParameters
JSON
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Description": {
"Default": "test",
"Type": "String",
"Description": "The description of the rule"
},
"SourceOwner": {
"Type": "String",
"Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
"Default": "ALIYUN"
},
"SourceIdentifier": {
"Type": "String",
"Description": "The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
"Default": "ecs-instances-in-vpc"
},
"ConfigRuleTriggerTypes": {
"Type": "String",
"Description": "The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
"Default": "ConfigurationItemChangeNotification"
},
"RiskLevel": {
"Type": "Number",
"Description": "The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info",
"Default": 3
},
"ResourceTypesScope": {
"Type": "Json",
"Description": "The types of the resources to be evaluated against the rule",
"Default": [
"ACS::ECS::Instance"
]
},
"RuleName": {
"Type": "String",
"Description": "The name of the rule.",
"Default": "MyRule"
}
},
"Resources": {
"ConfigRule": {
"Type": "ALIYUN::Config::Rule",
"Properties": {
"Description": {
"Ref": "Description"
},
"SourceOwner": {
"Ref": "SourceOwner"
},
"SourceIdentifier": {
"Ref": "SourceIdentifier"
},
"ConfigRuleTriggerTypes": {
"Ref": "ConfigRuleTriggerTypes"
},
"RiskLevel": {
"Ref": "RiskLevel"
},
"ResourceTypesScope": {
"Ref": "ResourceTypesScope"
},
"RuleName": {
"Ref": "RuleName"
}
}
}
},
"Outputs": {
"TagKeyScope": {
"Description": "The rule monitors the tag key, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"TagKeyScope"
]
}
},
"TagValueScope": {
"Description": "The rule monitors the tag value, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"TagValueScope"
]
}
},
"Description": {
"Description": "The description of the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"Description"
]
}
},
"ExcludeResourceIdsScope": {
"Description": "The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ExcludeResourceIdsScope"
]
}
},
"SourceOwner": {
"Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"SourceOwner"
]
}
},
"SourceIdentifier": {
"Description": "The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"SourceIdentifier"
]
}
},
"MaximumExecutionFrequency": {
"Description": "The frequency of the compliance evaluations. Valid values: One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"MaximumExecutionFrequency"
]
}
},
"ConfigRuleId": {
"Description": "The ID of the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleId"
]
}
},
"EventSource": {
"Description": "The event source of the rule.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"EventSource"
]
}
},
"RegionIdsScope": {
"Description": "The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RegionIdsScope"
]
}
},
"ConfigRuleArn": {
"Description": "config rule arn",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleArn"
]
}
},
"ConfigRuleTriggerTypes": {
"Description": "The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleTriggerTypes"
]
}
},
"ResourceGroupIdsScope": {
"Description": "The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ResourceGroupIdsScope"
]
}
},
"RiskLevel": {
"Description": "The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RiskLevel"
]
}
},
"ResourceTypesScope": {
"Description": "The types of the resources to be evaluated against the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ResourceTypesScope"
]
}
},
"RuleName": {
"Description": "The name of the rule.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RuleName"
]
}
},
"InputParameters": {
"Description": "The settings of the input parameters for the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"InputParameters"
]
}
}
}
}