Template name
ACS-KMS-BulkyUpdateRotationPolicy
Template description
Updates a key rotation policy.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Data type | Required | Default value | Limit |
keyIds | the key IDs. | List | Yes | ||
rotationInterval | The interval at which an automatic key rotation is performed. | String | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
rateControl | The rate control settings. | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | The RAM role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
N/A.
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"kms:UpdateRotationPolicy"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
ACS-KMS-BulkyUpdateRotationPolicy
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Update rotation policy
name-en: ACS-KMS-BulkyUpdateRotationPolicy
categories:
- security
Parameters:
regionId:
Type: String
Label:
en: RegionId
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
keyIds:
Label:
en: KeyIds
Type: List
rotationInterval:
Label:
en: RotationInterval
Type: String
rateControl:
Label:
en: RateControl
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: updateRotationPolicy
Action: 'ACS::ExecuteAPI'
Description:
en: Update rotation policy
Properties:
Service: KMS
API: UpdateRotationPolicy
Parameters:
RegionId: '{{ regionId }}'
KeyId: '{{ ACS::TaskLoopItem }}'
EnableAutomaticRotation: true
RotationInterval: '{{ rotationInterval }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ keyIds }}'