ALIYUN::Config::Rule类型用于新建或修改规则。
语法
{
"Type": "ALIYUN::Config::Rule",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"ExcludeResourceIdsScope": String,
"SourceOwner": String,
"SourceIdentifier": String,
"MaximumExecutionFrequency": String,
"RegionIdsScope": String,
"ConfigRuleTriggerTypes": String,
"ResourceGroupIdsScope": String,
"RiskLevel": Integer,
"ResourceTypesScope": List,
"RuleName": String,
"InputParameters": Map,
"TagKeyLogicScope": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
ConfigRuleTriggerTypes | String | 是 | 是 | 规则的触发器类型。 | 取值:
|
ResourceTypesScope | List | 是 | 是 | 需要根据规则评估的资源类型。 | 无 |
RiskLevel | Integer | 是 | 是 | 风险等级。 | 取值:
|
RuleName | String | 是 | 否 | 规则名称。 | 无 |
SourceIdentifier | String | 是 | 否 | 规则标识或函数ARN。 | 当SourceOwner取值为ALIYUN(托管规则)时,该参数为规则标识。 当SourceOwner取值为CUSTOM_FC(用户自定义函数)时,该参数为函数ARN。 |
SourceOwner | String | 是 | 否 | 规则来源的归属。 | 取值:
|
Description | String | 否 | 是 | 规则的描述信息。 | 无 |
ExcludeResourceIdsScope | String | 否 | 是 | 规则排除的资源ID。 | 多个资源ID间以半角逗号(,)分隔。 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
InputParameters | Map | 否 | 是 | 规则入参。 | 取值示例: |
MaximumExecutionFrequency | String | 否 | 是 | 规则执行周期。 | 取值:
|
RegionIdsScope | String | 否 | 是 | 规则的地域ID。 | 多个地域ID间以半角逗号(,)分隔。 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
ResourceGroupIdsScope | String | 否 | 是 | 规则的资源组ID。 | 多个资源组ID间以半角逗号(,)分隔。 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
TagKeyLogicScope | String | 否 | 否 | 规则的标签键逻辑类型。 | 无 |
TagKeyScope | String | 否 | 是 | 规则的标签键。 | 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
TagValueScope | String | 否 | 是 | 规则的标签值。 | 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
返回值
Fn::GetAtt
TagKeyScope:规则的标签键。
TagValueScope:规则的标签值。
Description:规则的描述信息。
ExcludeResourceIdsScope:规则排除的资源ID。
SourceOwner:规则来源的归属。
SourceIdentifier:规则标识。
MaximumExecutionFrequency:规则执行周期。
ConfigRuleId:规则ID。
EventSource:事件来源。
RegionIdsScope:规则的地域ID。
ConfigRuleArn:规则ARN。
ConfigRuleTriggerTypes:规则的触发器类型。
ResourceGroupIdsScope:规则的资源组ID。
RiskLevel:规则的风险等级。
ResourceTypesScope:需要根据规则评估的资源类型。
RuleName:规则名称。
InputParameters:规则入参。
示例
YAML
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Description:
Default: test
Type: String
Description: The description of the rule
SourceOwner:
Type: String
Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule'
Default: ALIYUN
SourceIdentifier:
Type: String
Description: The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule
Default: ecs-instances-in-vpc
ConfigRuleTriggerTypes:
Type: String
Description: 'The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.'
Default: ConfigurationItemChangeNotification
RiskLevel:
Type: Number
Description: 'The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info'
Default: 3
ResourceTypesScope:
Type: Json
Description: The types of the resources to be evaluated against the rule
Default:
- ACS::ECS::Instance
RuleName:
Type: String
Description: The name of the rule.
Default: MyRule
Resources:
ConfigRule:
Type: ALIYUN::Config::Rule
Properties:
Description:
Ref: Description
SourceOwner:
Ref: SourceOwner
SourceIdentifier:
Ref: SourceIdentifier
ConfigRuleTriggerTypes:
Ref: ConfigRuleTriggerTypes
RiskLevel:
Ref: RiskLevel
ResourceTypesScope:
Ref: ResourceTypesScope
RuleName:
Ref: RuleName
Outputs:
TagKeyScope:
Description: The rule monitors the tag key, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- TagKeyScope
TagValueScope:
Description: The rule monitors the tag value, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- TagValueScope
Description:
Description: The description of the rule
Value:
Fn::GetAtt:
- ConfigRule
- Description
ExcludeResourceIdsScope:
Description: The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty
Value:
Fn::GetAtt:
- ConfigRule
- ExcludeResourceIdsScope
SourceOwner:
Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule'
Value:
Fn::GetAtt:
- ConfigRule
- SourceOwner
SourceIdentifier:
Description: The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule
Value:
Fn::GetAtt:
- ConfigRule
- SourceIdentifier
MaximumExecutionFrequency:
Description: 'The frequency of the compliance evaluations. Valid values: One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours'
Value:
Fn::GetAtt:
- ConfigRule
- MaximumExecutionFrequency
ConfigRuleId:
Description: The ID of the rule
Value:
Fn::GetAtt:
- ConfigRule
- ConfigRuleId
EventSource:
Description: The event source of the rule.
Value:
Fn::GetAtt:
- ConfigRule
- EventSource
RegionIdsScope:
Description: The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- RegionIdsScope
ConfigRuleArn:
Description: config rule arn
Value:
Fn::GetAtt:
- ConfigRule
- ConfigRuleArn
ConfigRuleTriggerTypes:
Description: 'The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.'
Value:
Fn::GetAtt:
- ConfigRule
- ConfigRuleTriggerTypes
ResourceGroupIdsScope:
Description: The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules
Value:
Fn::GetAtt:
- ConfigRule
- ResourceGroupIdsScope
RiskLevel:
Description: 'The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info'
Value:
Fn::GetAtt:
- ConfigRule
- RiskLevel
ResourceTypesScope:
Description: The types of the resources to be evaluated against the rule
Value:
Fn::GetAtt:
- ConfigRule
- ResourceTypesScope
RuleName:
Description: The name of the rule.
Value:
Fn::GetAtt:
- ConfigRule
- RuleName
InputParameters:
Description: The settings of the input parameters for the rule
Value:
Fn::GetAtt:
- ConfigRule
- InputParametersJSON
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Description": {
"Default": "test",
"Type": "String",
"Description": "The description of the rule"
},
"SourceOwner": {
"Type": "String",
"Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
"Default": "ALIYUN"
},
"SourceIdentifier": {
"Type": "String",
"Description": "The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
"Default": "ecs-instances-in-vpc"
},
"ConfigRuleTriggerTypes": {
"Type": "String",
"Description": "The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
"Default": "ConfigurationItemChangeNotification"
},
"RiskLevel": {
"Type": "Number",
"Description": "The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info",
"Default": 3
},
"ResourceTypesScope": {
"Type": "Json",
"Description": "The types of the resources to be evaluated against the rule",
"Default": [
"ACS::ECS::Instance"
]
},
"RuleName": {
"Type": "String",
"Description": "The name of the rule.",
"Default": "MyRule"
}
},
"Resources": {
"ConfigRule": {
"Type": "ALIYUN::Config::Rule",
"Properties": {
"Description": {
"Ref": "Description"
},
"SourceOwner": {
"Ref": "SourceOwner"
},
"SourceIdentifier": {
"Ref": "SourceIdentifier"
},
"ConfigRuleTriggerTypes": {
"Ref": "ConfigRuleTriggerTypes"
},
"RiskLevel": {
"Ref": "RiskLevel"
},
"ResourceTypesScope": {
"Ref": "ResourceTypesScope"
},
"RuleName": {
"Ref": "RuleName"
}
}
}
},
"Outputs": {
"TagKeyScope": {
"Description": "The rule monitors the tag key, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"TagKeyScope"
]
}
},
"TagValueScope": {
"Description": "The rule monitors the tag value, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"TagValueScope"
]
}
},
"Description": {
"Description": "The description of the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"Description"
]
}
},
"ExcludeResourceIdsScope": {
"Description": "The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ExcludeResourceIdsScope"
]
}
},
"SourceOwner": {
"Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"SourceOwner"
]
}
},
"SourceIdentifier": {
"Description": "The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"SourceIdentifier"
]
}
},
"MaximumExecutionFrequency": {
"Description": "The frequency of the compliance evaluations. Valid values: One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"MaximumExecutionFrequency"
]
}
},
"ConfigRuleId": {
"Description": "The ID of the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleId"
]
}
},
"EventSource": {
"Description": "The event source of the rule.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"EventSource"
]
}
},
"RegionIdsScope": {
"Description": "The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RegionIdsScope"
]
}
},
"ConfigRuleArn": {
"Description": "config rule arn",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleArn"
]
}
},
"ConfigRuleTriggerTypes": {
"Description": "The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleTriggerTypes"
]
}
},
"ResourceGroupIdsScope": {
"Description": "The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ResourceGroupIdsScope"
]
}
},
"RiskLevel": {
"Description": "The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RiskLevel"
]
}
},
"ResourceTypesScope": {
"Description": "The types of the resources to be evaluated against the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ResourceTypesScope"
]
}
},
"RuleName": {
"Description": "The name of the rule.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RuleName"
]
}
},
"InputParameters": {
"Description": "The settings of the input parameters for the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"InputParameters"
]
}
}
}
}