全部產品
Search
文件中心

:ALIYUN::Config::Rule

更新時間:Jul 23, 2024

ALIYUN::Config::Rule類型用於建立或修改規則。

文法

{
  "Type": "ALIYUN::Config::Rule",
  "Properties": {
    "TagKeyScope": String,
    "TagValueScope": String,
    "Description": String,
    "ExcludeResourceIdsScope": String,
    "SourceOwner": String,
    "SourceIdentifier": String,
    "MaximumExecutionFrequency": String,
    "RegionIdsScope": String,
    "ConfigRuleTriggerTypes": String,
    "ResourceGroupIdsScope": String,
    "RiskLevel": Integer,
    "ResourceTypesScope": List,
    "RuleName": String,
    "InputParameters": Map,
    "TagKeyLogicScope": String
  }
}

屬性

屬性名稱

類型

必須

允許更新

描述

約束

ConfigRuleTriggerTypes

String

規則的觸發器類型。

取值:

  • ConfigurationItemChangeNotification:規則在配置更改時觸發。

  • ScheduledNotification:規則按計劃觸發。

ResourceTypesScope

List

需要根據規則評估的資源類型。

RiskLevel

Integer

風險等級。

取值:

  • 1:高風險。

  • 2:中風險。

  • 3:低風險。

RuleName

String

規則名稱。

SourceIdentifier

String

規則標識或函數ARN。

當SourceOwner取值為ALIYUN(託管規則)時,該參數為規則標識。

當SourceOwner取值為CUSTOM_FC(使用者自訂函數)時,該參數為函數ARN。

SourceOwner

String

規則來源的歸屬。

取值:

  • CUSTOM_FC:使用者自訂函數。

  • ALIYUN:託管規則。

Description

String

規則的描述資訊。

ExcludeResourceIdsScope

String

規則排除的資源ID。

多個資源ID間以半形逗號(,)分隔。

當SourceOwner取值為ALIYUN(託管規則)時該參數有效。

InputParameters

Map

規則入參。

取值樣本:{"cpuCount": "2"}

MaximumExecutionFrequency

String

規則執行循環。

取值:

  • One_Hour:1小時。

  • Three_Hours:3小時。

  • Six_Hours:6小時。

  • Twelve_Hours:12小時。

  • TwentyFour_Hours:24小時。

RegionIdsScope

String

規則的地區ID。

多個地區ID間以半形逗號(,)分隔。

當SourceOwner取值為ALIYUN(託管規則)時該參數有效。

ResourceGroupIdsScope

String

規則的資源群組ID。

多個資源群組ID間以半形逗號(,)分隔。

當SourceOwner取值為ALIYUN(託管規則)時該參數有效。

TagKeyLogicScope

String

規則的標籤鍵邏輯類型。

TagKeyScope

String

規則的標籤鍵。

當SourceOwner取值為ALIYUN(託管規則)時該參數有效。

TagValueScope

String

規則的標籤值。

當SourceOwner取值為ALIYUN(託管規則)時該參數有效。

傳回值

Fn::GetAtt

  • TagKeyScope:規則的標籤鍵。

  • TagValueScope:規則的標籤值。

  • Description:規則的描述資訊。

  • ExcludeResourceIdsScope:規則排除的資源ID。

  • SourceOwner:規則來源的歸屬。

  • SourceIdentifier:規則標識。

  • MaximumExecutionFrequency:規則執行循環。

  • ConfigRuleId:規則ID。

  • EventSource:事件來源。

  • RegionIdsScope:規則的地區ID。

  • ConfigRuleArn:規則ARN。

  • ConfigRuleTriggerTypes:規則的觸發器類型。

  • ResourceGroupIdsScope:規則的資源群組ID。

  • RiskLevel:規則的風險等級。

  • ResourceTypesScope:需要根據規則評估的資源類型。

  • RuleName:規則名稱。

  • InputParameters:規則入參。

樣本

YAML

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Description:
    Default: test
    Type: String
    Description: The description of the rule
  SourceOwner:
    Type: String
    Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values:  CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule'
    Default: ALIYUN
  SourceIdentifier:
    Type: String
    Description: The identifier of the rule.  For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule
    Default: ecs-instances-in-vpc
  ConfigRuleTriggerTypes:
    Type: String
    Description: 'The trigger type of the rule. Valid values:  ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.'
    Default: ConfigurationItemChangeNotification
  RiskLevel:
    Type: Number
    Description: 'The risk level of the resources that are not compliant with the rule. Valid values:  1: critical 2: warning 3: info'
    Default: 3
  ResourceTypesScope:
    Type: Json
    Description: The types of the resources to be evaluated against the rule
    Default:
      - ACS::ECS::Instance
  RuleName:
    Type: String
    Description: The name of the rule.
    Default: MyRule
Resources:
  ConfigRule:
    Type: ALIYUN::Config::Rule
    Properties:
      Description:
        Ref: Description
      SourceOwner:
        Ref: SourceOwner
      SourceIdentifier:
        Ref: SourceIdentifier
      ConfigRuleTriggerTypes:
        Ref: ConfigRuleTriggerTypes
      RiskLevel:
        Ref: RiskLevel
      ResourceTypesScope:
        Ref: ResourceTypesScope
      RuleName:
        Ref: RuleName
Outputs:
  TagKeyScope:
    Description: The rule monitors the tag key, only applies to rules created based on managed rules
    Value:
      Fn::GetAtt:
        - ConfigRule
        - TagKeyScope
  TagValueScope:
    Description: The rule monitors the tag value, only applies to rules created based on managed rules
    Value:
      Fn::GetAtt:
        - ConfigRule
        - TagValueScope
  Description:
    Description: The description of the rule
    Value:
      Fn::GetAtt:
        - ConfigRule
        - Description
  ExcludeResourceIdsScope:
    Description: The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty
    Value:
      Fn::GetAtt:
        - ConfigRule
        - ExcludeResourceIdsScope
  SourceOwner:
    Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values:  CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule'
    Value:
      Fn::GetAtt:
        - ConfigRule
        - SourceOwner
  SourceIdentifier:
    Description: The identifier of the rule.  For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule
    Value:
      Fn::GetAtt:
        - ConfigRule
        - SourceIdentifier
  MaximumExecutionFrequency:
    Description: 'The frequency of the compliance evaluations. Valid values:  One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours'
    Value:
      Fn::GetAtt:
        - ConfigRule
        - MaximumExecutionFrequency
  ConfigRuleId:
    Description: The ID of the rule
    Value:
      Fn::GetAtt:
        - ConfigRule
        - ConfigRuleId
  EventSource:
    Description: The event source of the rule.
    Value:
      Fn::GetAtt:
        - ConfigRule
        - EventSource
  RegionIdsScope:
    Description: The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules
    Value:
      Fn::GetAtt:
        - ConfigRule
        - RegionIdsScope
  ConfigRuleArn:
    Description: config rule arn
    Value:
      Fn::GetAtt:
        - ConfigRule
        - ConfigRuleArn
  ConfigRuleTriggerTypes:
    Description: 'The trigger type of the rule. Valid values:  ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.'
    Value:
      Fn::GetAtt:
        - ConfigRule
        - ConfigRuleTriggerTypes
  ResourceGroupIdsScope:
    Description: The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules
    Value:
      Fn::GetAtt:
        - ConfigRule
        - ResourceGroupIdsScope
  RiskLevel:
    Description: 'The risk level of the resources that are not compliant with the rule. Valid values:  1: critical 2: warning 3: info'
    Value:
      Fn::GetAtt:
        - ConfigRule
        - RiskLevel
  ResourceTypesScope:
    Description: The types of the resources to be evaluated against the rule
    Value:
      Fn::GetAtt:
        - ConfigRule
        - ResourceTypesScope
  RuleName:
    Description: The name of the rule.
    Value:
      Fn::GetAtt:
        - ConfigRule
        - RuleName
  InputParameters:
    Description: The settings of the input parameters for the rule
    Value:
      Fn::GetAtt:
        - ConfigRule
        - InputParameters

JSON

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Description": {
      "Default": "test",
      "Type": "String",
      "Description": "The description of the rule"
    },
    "SourceOwner": {
      "Type": "String",
      "Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values:  CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
      "Default": "ALIYUN"
    },
    "SourceIdentifier": {
      "Type": "String",
      "Description": "The identifier of the rule.  For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
      "Default": "ecs-instances-in-vpc"
    },
    "ConfigRuleTriggerTypes": {
      "Type": "String",
      "Description": "The trigger type of the rule. Valid values:  ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
      "Default": "ConfigurationItemChangeNotification"
    },
    "RiskLevel": {
      "Type": "Number",
      "Description": "The risk level of the resources that are not compliant with the rule. Valid values:  1: critical 2: warning 3: info",
      "Default": 3
    },
    "ResourceTypesScope": {
      "Type": "Json",
      "Description": "The types of the resources to be evaluated against the rule",
      "Default": [
        "ACS::ECS::Instance"
      ]
    },
    "RuleName": {
      "Type": "String",
      "Description": "The name of the rule.",
      "Default": "MyRule"
    }
  },
  "Resources": {
    "ConfigRule": {
      "Type": "ALIYUN::Config::Rule",
      "Properties": {
        "Description": {
          "Ref": "Description"
        },
        "SourceOwner": {
          "Ref": "SourceOwner"
        },
        "SourceIdentifier": {
          "Ref": "SourceIdentifier"
        },
        "ConfigRuleTriggerTypes": {
          "Ref": "ConfigRuleTriggerTypes"
        },
        "RiskLevel": {
          "Ref": "RiskLevel"
        },
        "ResourceTypesScope": {
          "Ref": "ResourceTypesScope"
        },
        "RuleName": {
          "Ref": "RuleName"
        }
      }
    }
  },
  "Outputs": {
    "TagKeyScope": {
      "Description": "The rule monitors the tag key, only applies to rules created based on managed rules",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "TagKeyScope"
        ]
      }
    },
    "TagValueScope": {
      "Description": "The rule monitors the tag value, only applies to rules created based on managed rules",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "TagValueScope"
        ]
      }
    },
    "Description": {
      "Description": "The description of the rule",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "Description"
        ]
      }
    },
    "ExcludeResourceIdsScope": {
      "Description": "The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "ExcludeResourceIdsScope"
        ]
      }
    },
    "SourceOwner": {
      "Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values:  CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "SourceOwner"
        ]
      }
    },
    "SourceIdentifier": {
      "Description": "The identifier of the rule.  For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "SourceIdentifier"
        ]
      }
    },
    "MaximumExecutionFrequency": {
      "Description": "The frequency of the compliance evaluations. Valid values:  One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "MaximumExecutionFrequency"
        ]
      }
    },
    "ConfigRuleId": {
      "Description": "The ID of the rule",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "ConfigRuleId"
        ]
      }
    },
    "EventSource": {
      "Description": "The event source of the rule.",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "EventSource"
        ]
      }
    },
    "RegionIdsScope": {
      "Description": "The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "RegionIdsScope"
        ]
      }
    },
    "ConfigRuleArn": {
      "Description": "config rule arn",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "ConfigRuleArn"
        ]
      }
    },
    "ConfigRuleTriggerTypes": {
      "Description": "The trigger type of the rule. Valid values:  ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "ConfigRuleTriggerTypes"
        ]
      }
    },
    "ResourceGroupIdsScope": {
      "Description": "The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "ResourceGroupIdsScope"
        ]
      }
    },
    "RiskLevel": {
      "Description": "The risk level of the resources that are not compliant with the rule. Valid values:  1: critical 2: warning 3: info",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "RiskLevel"
        ]
      }
    },
    "ResourceTypesScope": {
      "Description": "The types of the resources to be evaluated against the rule",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "ResourceTypesScope"
        ]
      }
    },
    "RuleName": {
      "Description": "The name of the rule.",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "RuleName"
        ]
      }
    },
    "InputParameters": {
      "Description": "The settings of the input parameters for the rule",
      "Value": {
        "Fn::GetAtt": [
          "ConfigRule",
          "InputParameters"
        ]
      }
    }
  }
}