Template name
ACS-RDS-BulkyModifySQLCollectorRetention sets the log retention period for SQL Explorer on RDS instances to 180 days.
Template description
Sets the retention period of SQL audit logs on ApsaraDB RDS instances to 180 days.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Data type | Required | Default value | Limit |
regionId | The ID of the region. | String | No | {{ ACS::RegionId }} | |
targets | The target instances. | Json | No | {'Type': 'ResourceIds', 'ResourceIds': [], 'RegionId': '{{ regionId }}'} | |
instanceIds | The list of RDS instance IDs. | List | No | [] | |
rateControl | The concurrency rate for task execution. | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | The RAM role that is assumed by Operation Orchestration Service (OOS). | String | No | "" |
Output parameters
N/A.
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstances",
"rds:ModifySQLCollectorRetention"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:GetApplicationGroup"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Details
ACS-RDS-BulkyModifySQLCollectorRetention
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Sets the log retention period of SQL Explorer for RDS instances to 180 days.
name-en: ACS-RDS-BulkyModifySQLCollectorRetention
categories:
- security
- rds
Parameters:
regionId:
Type: String
Label:
en: Region ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
targets:
Type: Json
Label:
en: Target instance
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: ALIYUN::RDS::Instance
RegionId: regionId
Default:
Type: ResourceIds
ResourceIds: []
RegionId: '{{ regionId }}'
instanceIds:
Label:
en: Instance IDs
Type: List
Default: []
AssociationProperty: ALIYUN::RDS::Instance::InstanceId
AssociationPropertyMetadata:
RegionId: regionId
Visible:
Condition:
Fn::Equals:
- ${targets}
- {}
rateControl:
Label:
en: Rate control
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOS assume role
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Conditions:
instanceId:
Fn::Equals:
- '{{ instanceIds }}'
- []
Tasks:
- Name: getInstance
When: instanceId
Description:
en: Gets the specified RDS instances.
Action: ACS::SelectTargets
Properties:
ResourceType: ALIYUN::RDS::Instance
RegionId: '{{regionId}}'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: Instances.Instance[].InstanceId
- Name: modifySQLCollectorRetention
Action: ACS::ExecuteAPI
Description:
en: Modifies the log retention period for SQL Explorer.
Properties:
Service: RDS
API: ModifySQLCollectorRetention
Parameters:
RegionId: '{{ regionId }}'
DBInstanceId: '{{ ACS::TaskLoopItem }}'
ConfigValue: 180
Loop:
RateControl: '{{ rateControl }}'
Items:
Fn::If:
- Fn::Equals:
- '{{instanceIds}}'
- []
- '{{ getInstance.instanceIds }}'
- '{{ instanceIds}}'