全部产品
Search

搜索本产品

    CloudOps Orchestration Service:ACS-OSS-PutBucketEncryption

    文档中心

    CloudOps Orchestration Service:ACS-OSS-PutBucketEncryption

    更新时间:Jun 28, 2025

    Nama template

    ACS-OSS-PutBucketEncryption

    Jalankan Sekarang

    Deskripsi template

    Mengonfigurasi aturan enkripsi data untuk bucket Object Storage Service (OSS).

    Tipe template

    Otomatis

    Pemilik

    Alibaba Cloud

    Parameter input

    Parameter

    Deskripsi

    Tipe data

    Diperlukan

    Nilai default

    Batasan

    SSEAlgorithm

    Metode enkripsi sisi server (SSE).

    String

    Ya

    bucketName

    Nama dari OSS bucket.

    String

    Ya

    regionId

    ID wilayah.

    String

    Tidak

    {{ ACS::RegionId }}

    KMSMasterKeyID

    ID kunci yang dikelola oleh Key Management Service (KMS).

    String

    Tidak

    False

    OOSAssumeRole

    Peran RAM yang diasumsikan oleh CloudOps Orchestration Service (OOS).

    String

    Tidak

    ""

    Parameter output

    Tidak tersedia.

    Kebijakan izin yang diperlukan untuk mengeksekusi template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "oss:PutBucketEncryption"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Referensi

    ACS-OSS-PutBucketEncryption

    Konten Template

    FormatVersion: OOS-2019-06-01
Description:
  en: Encryption rules for configuring buckets
  name-en: ACS-OSS-PutBucketEncryption 
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId   
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  SSEAlgorithm:
    Label:
      en: SSEAlgorithm      
    Description:
      en: Set the default encryption method of the server      
    Type: String
    AllowedValues:
      - KMS
      - AES256
  KMSMasterKeyID:
    Label:
      en: KMSMasterKeyID      
    Description:
      en: >-
        When the ssealgorithm value is KMS, you need to enter the key ID,
        otherwise, it must be empty(Default No is empty)      
    Type: String
    Default: No
  bucketName:
    Label:
      en: BucketName       
    Type: String
    AssociationProperty: ALIYUN::OSS::Bucket::BucketName
    AssociationPropertyMetadata:
      RegionId: regionId
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: chooseWetherHasKMSMasterKeyIDTask
    Action: 'ACS::Choice'
    Properties:
      DefaultTask: putBucketEncryptionNoKeyId
      Choices:
        - When:
            'Fn::Equals':
              - KMS
              - '{{ SSEAlgorithm }}'
          NextTask: putBucketEncryption
        - When:
            'Fn::Equals':
              - AES256
              - '{{ SSEAlgorithm }}'
          NextTask: putBucketEncryptionNoKeyId
  - Name: putBucketEncryptionNoKeyId
    Action: 'ACS::ExecuteAPI'
    Description:
      en: 'Encryption rules for configuring buckets(AES256)'      
    OnSuccess: 'ACS::END'
    Properties:
      Service: OSS
      API: PutBucketEncryption
      Method: PUT
      URI: '?encryption'
      Headers:
        Content-MD5: ""
        Content-Type: application/xml
      Parameters:
        RegionId: '{{ regionId }}'
        BucketName: '{{ bucketName }}'
      Body: '<?xml version="1.0" encoding="UTF-8"?>
             <ServerSideEncryptionRule>
               <ApplyServerSideEncryptionByDefault>
                 <SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm>
                 <KMSMasterKeyID></KMSMasterKeyID>
               </ApplyServerSideEncryptionByDefault>
             </ServerSideEncryptionRule>'
  - Name: putBucketEncryption
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Encryption rules for configuring buckets(KMS)     
    Properties:
      Service: OSS
      API: PutBucketEncryption
      Method: PUT
      URI: '?encryption'
      Headers:
        Content-MD5: ""
        Content-Type: application/xml
      Parameters:
        RegionId: '{{ regionId }}'
        BucketName: '{{ bucketName }}'
      Body: '<?xml version="1.0" encoding="UTF-8"?>
             <ServerSideEncryptionRule>
               <ApplyServerSideEncryptionByDefault>
                 <SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm>
                 <KMSMasterKeyID>{{ KMSMasterKeyID }}</KMSMasterKeyID>
               </ApplyServerSideEncryptionByDefault>
             </ServerSideEncryptionRule>'