ALIYUN::Config::AggregateCompliancePack is used to create a compliance package for an account group.
Syntax
{
"Type": "ALIYUN::Config::AggregateCompliancePack",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"CompliancePackName": String,
"ExcludeResourceIdsScope": List,
"RegionIdsScope": List,
"ResourceGroupIdsScope": List,
"ConfigRules": List,
"CompliancePackTemplateId": String,
"RiskLevel": Integer,
"DefaultEnable": Boolean,
"AggregatorId": String
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
TagKeyScope | String | No | Yes | The tag key of the resources that you want to evaluate by using the compliance package. | None. |
TagValueScope | String | No | Yes | The tag value of the resources that you want to evaluate by using the compliance package. | You must specify TagValueScope together with TagKeyScope. |
Description | String | Yes | Yes | The description of the compliance package. | None. |
CompliancePackName | String | Yes | Yes | The name of the compliance package. | None. |
ExcludeResourceIdsScope | List | No | Yes | The IDs of the resources that you do not want to evaluate by using the compliance package. | Separate multiple resource IDs with commas (,). |
RegionIdsScope | List | No | Yes | The IDs of the regions where resources you want to evaluate by using the compliance package reside. | Separate multiple region IDs with commas (,). |
ResourceGroupIdsScope | List | No | Yes | The IDs of the resource groups whose resources you want to evaluate by using the compliance package. | Separate multiple resource group IDs with commas (,). |
ConfigRules | List | Yes | Yes | The rules in the compliance package. | For more information, see ConfigRules properties. |
CompliancePackTemplateId | String | No | No | The ID of the compliance package template. | None. |
RiskLevel | Integer | Yes | Yes | The risk level of the resources that are not compliant with the rules in the compliance package. | Valid values:
|
DefaultEnable | Boolean | No | Yes | Specifies whether to enable the rules together with the compliance package. | Valid values:
|
AggregatorId | String | Yes | Yes | The ID of the account group. | None. |
ConfigRules syntax
"ConfigRules": [
{
"ConfigRuleId": String,
"Description": String,
"ConfigRuleName": String,
"ManagedRuleIdentifier": String,
"RiskLevel": Integer,
"ConfigRuleParameters": List
}
]
ConfigRules properties
Property | Type | Required | Editable | Description | Constraint |
ConfigRuleId | String | No | Yes | The rule ID. | If you specify this property, Cloud Config adds the rule of the specified ID to the compliance package. You need to only configure one of the |
Description | String | No | Yes | The description of the rule. | None. |
ConfigRuleName | String | No | Yes | The rule name. | None. |
ManagedRuleIdentifier | String | No | Yes | The ID of the managed rule. | Cloud Config automatically creates a managed rule of the specified ID and adds the rule to the compliance package. You need to only configure one of the |
RiskLevel | Integer | Yes | Yes | The risk level of the resources that are not compliant with the rule. | Valid values:
|
ConfigRuleParameters | List | No | Yes | The information about the input parameters of the rule. | For more information, see ConfigRuleParameters properties. |
ConfigRuleParameters syntax
"ConfigRuleParameters": [
{
"ParameterValue": String,
"ParameterName": String
}
]
ConfigRuleParameters properties
Property | Type | Required | Editable | Description | Constraint |
ParameterValue | String | Yes | Yes | The value of the input parameter. | You must configure both of the |
ParameterName | String | Yes | Yes | The name of the input parameter. | You must configure both of the |
Return values
Fn::GetAtt
CompliancePackId: the ID of the compliance package.