ALIYUN::Config::Rule类型用于新建或修改规则。
语法
{
"Type": "ALIYUN::Config::Rule",
"Properties": {
"TagKeyScope": String,
"TagValueScope": String,
"Description": String,
"ExcludeResourceIdsScope": String,
"SourceOwner": String,
"SourceIdentifier": String,
"MaximumExecutionFrequency": String,
"RegionIdsScope": String,
"ConfigRuleTriggerTypes": String,
"ResourceGroupIdsScope": String,
"RiskLevel": Integer,
"ResourceTypesScope": List,
"RuleName": String,
"InputParameters": Map,
"TagKeyLogicScope": String
}
}属性
| 属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
|---|---|---|---|---|---|
| TagKeyScope | String | 否 | 是 | 规则的标签键。 | 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
| TagValueScope | String | 否 | 是 | 规则的标签值。 | 当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
| Description | String | 否 | 是 | 规则的描述信息。 | 无 |
| ExcludeResourceIdsScope | String | 否 | 是 | 规则排除的资源ID。 | 多个资源ID间以半角逗号(,)分隔。
当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
| SourceOwner | String | 是 | 否 | 规则来源的归属。 | 取值:
|
| SourceIdentifier | String | 是 | 否 | 规则标识或函数ARN。 | 当SourceOwner取值为ALIYUN(托管规则)时,该参数为规则标识。
当SourceOwner取值为CUSTOM_FC(用户自定义函数)时,该参数为函数ARN。 |
| MaximumExecutionFrequency | String | 否 | 是 | 规则执行周期。 | 取值:
|
| RegionIdsScope | String | 否 | 是 | 规则的地域ID。 | 多个地域ID间以半角逗号(,)分隔。
当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
| ConfigRuleTriggerTypes | String | 是 | 是 | 规则的触发器类型。 | 取值:
|
| ResourceGroupIdsScope | String | 否 | 是 | 规则的资源组ID。 | 多个资源组ID间以半角逗号(,)分隔。
当SourceOwner取值为ALIYUN(托管规则)时该参数有效。 |
| RiskLevel | Integer | 是 | 是 | 风险等级。 | 取值:
|
| ResourceTypesScope | List | 是 | 是 | 需要根据规则评估的资源类型。 | 无 |
| RuleName | String | 是 | 否 | 规则名称。 | 无 |
| InputParameters | Map | 否 | 是 | 规则入参。 | 取值示例:{"cpuCount": "2"}。
|
| TagKeyLogicScope | String | 否 | 否 | 规则的标签键逻辑类型。 | 无 |
返回值
Fn::GetAtt
- TagKeyScope:规则的标签键。
- TagValueScope:规则的标签值。
- Description:规则的描述信息。
- ExcludeResourceIdsScope:规则排除的资源ID。
- SourceOwner:规则来源的归属。
- SourceIdentifier:规则标识。
- MaximumExecutionFrequency:规则执行周期。
- ConfigRuleId:规则ID。
- EventSource:事件来源。
- RegionIdsScope:规则的地域ID。
- ConfigRuleArn:规则ARN。
- ConfigRuleTriggerTypes:规则的触发器类型。
- ResourceGroupIdsScope:规则的资源组ID。
- RiskLevel:规则的风险等级。
- ResourceTypesScope:需要根据规则评估的资源类型。
- RuleName:规则名称。
- InputParameters:规则入参。
示例
JSON格式
{
"Parameters": {
"Description": {
"Default":"test",
"Type": "String",
"Description": "The description of the rule"
},
"SourceOwner": {
"Type": "String",
"Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
"Default": "ALIYUN"
},
"SourceIdentifier": {
"Type": "String",
"Description": "The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
"Default": "ecs-instances-in-vpc"
},
"ConfigRuleTriggerTypes": {
"Type": "String",
"Description": "The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
"Default": "ConfigurationItemChangeNotification"
},
"RiskLevel": {
"Type": "Number",
"Description": "The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info",
"Default": 3
},
"ResourceTypesScope": {
"Type": "Json",
"Description": "The types of the resources to be evaluated against the rule",
"Default": ["ACS::ECS::Instance"]
},
"RuleName": {
"Type": "String",
"Description": "The name of the rule.",
"Default": "MyRule"
}
},
"ROSTemplateFormatVersion": "2015-09-01",
"Outputs": {
"TagKeyScope": {
"Description": "The rule monitors the tag key, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"TagKeyScope"
]
}
},
"TagValueScope": {
"Description": "The rule monitors the tag value, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"TagValueScope"
]
}
},
"Description": {
"Description": "The description of the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"Description"
]
}
},
"ExcludeResourceIdsScope": {
"Description": "The rule monitors excluded resource IDs, multiple of which are separated by commas, only applies to rules created based on managed rules, , custom rule this field is empty",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ExcludeResourceIdsScope"
]
}
},
"SourceOwner": {
"Description": "Specifies whether you or Alibaba Cloud owns and manages the rule. Valid values: CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN: The rule is a managed rule and Alibaba Cloud owns the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"SourceOwner"
]
}
},
"SourceIdentifier": {
"Description": "The identifier of the rule. For a managed rule, the value is the name of the managed rule. For a custom rule, the value is the ARN of the custom rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"SourceIdentifier"
]
}
},
"MaximumExecutionFrequency": {
"Description": "The frequency of the compliance evaluations. Valid values: One_Hour Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"MaximumExecutionFrequency"
]
}
},
"ConfigRuleId": {
"Description": "The ID of the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleId"
]
}
},
"EventSource": {
"Description": "The event source of the rule.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"EventSource"
]
}
},
"RegionIdsScope": {
"Description": "The rule monitors region IDs, separated by commas, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RegionIdsScope"
]
}
},
"ConfigRuleArn": {
"Description": "config rule arn",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleArn"
]
}
},
"ConfigRuleTriggerTypes": {
"Description": "The trigger type of the rule. Valid values: ConfigurationItemChangeNotification: The rule is triggered upon configuration changes. ScheduledNotification: The rule is triggered as scheduled.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ConfigRuleTriggerTypes"
]
}
},
"ResourceGroupIdsScope": {
"Description": "The rule monitors resource group IDs, separated by commas, only applies to rules created based on managed rules",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ResourceGroupIdsScope"
]
}
},
"RiskLevel": {
"Description": "The risk level of the resources that are not compliant with the rule. Valid values: 1: critical 2: warning 3: info",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RiskLevel"
]
}
},
"ResourceTypesScope": {
"Description": "The types of the resources to be evaluated against the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"ResourceTypesScope"
]
}
},
"RuleName": {
"Description": "The name of the rule.",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"RuleName"
]
}
},
"InputParameters": {
"Description": "The settings of the input parameters for the rule",
"Value": {
"Fn::GetAtt": [
"ConfigRule",
"InputParameters"
]
}
}
},
"Resources": {
"ConfigRule": {
"Type": "ALIYUN::Config::Rule",
"Properties": {
"Description": {
"Ref": "Description"
},
"SourceOwner": {
"Ref": "SourceOwner"
},
"SourceIdentifier": {
"Ref": "SourceIdentifier"
},
"ConfigRuleTriggerTypes": {
"Ref": "ConfigRuleTriggerTypes"
},
"RiskLevel": {
"Ref": "RiskLevel"
},
"ResourceTypesScope": {
"Ref": "ResourceTypesScope"
},
"RuleName": {
"Ref": "RuleName"
}
}
}
}
}