Template name
ACS-RDS-BulkyModifySQLCollectorPolicy: Enables the SQL Explorer (SQL Audit) feature for RDS instances.
Template description
Enables SQL Explorer and Audit for ApsaraDB RDS instances.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Data type | Required | Default value | Limit |
regionId | Target instance | String | No | {{ ACS::RegionId }} | |
OOSAssumeRole | The target instances. | Json | No | {'Type': 'ResourceIds', 'ResourceIds': [], 'RegionId': '{{ regionId }}'} | |
instanceIds | The IDs of the ApsaraDB RDS instances. | List | No | [] | |
rateControl | Task execution concurrency rate | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | The RAM role that Operation Orchestration Service (OOS) assumes. | String | No | "" |
Output parameters
N/A.
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstances",
"rds:ModifySQLCollectorPolicy"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:GetApplicationGroup"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Details
ACS-RDS-BulkyModifySQLCollectorPolicy
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Enables the SQL Explorer and SQL Audit features for ApsaraDB RDS instances.
name-en: ACS-RDS-BulkyModifySQLCollectorPolicy
categories:
- security
- rds
Parameters:
regionId:
Type: String
Label:
en: RegionId
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
targets:
Type: Json
Label:
en: TargetInstance
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: ALIYUN::RDS::Instance
RegionId: regionId
Default:
Type: ResourceIds
ResourceIds: []
RegionId: '{{ regionId }}'
instanceIds:
Label:
en: InstanceIds
Type: List
Default: []
AssociationProperty: ALIYUN::RDS::Instance::InstanceId
AssociationPropertyMetadata:
RegionId: regionId
Visible:
Condition:
Fn::Equals:
- ${targets}
- {}
rateControl:
Label:
en: RateControl
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Conditions:
instanceId:
Fn::Equals:
- '{{ instanceIds }}'
- []
Tasks:
- Name: getInstance
When: instanceId
Description:
en: Retrieves the specified ApsaraDB RDS instances.
Action: ACS::SelectTargets
Properties:
ResourceType: ALIYUN::RDS::Instance
RegionId: '{{regionId}}'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: Instances.Instance[].InstanceId
- Name: modifySQLCollectorPolicy
Action: 'ACS::ExecuteAPI'
Description:
en: Enables the SQL collector policy for the ApsaraDB RDS instances.
Properties:
Service: RDS
API: ModifySQLCollectorPolicy
Parameters:
RegionId: '{{ regionId }}'
DBInstanceId: '{{ ACS::TaskLoopItem }}'
SQLCollectorStatus: Enable
Loop:
RateControl: '{{ rateControl }}'
Items:
Fn::If:
- Fn::Equals:
- '{{instanceIds}}'
- []
- '{{ getInstance.instanceIds }}'
- '{{ instanceIds}}'