resources/config/config.yml

ROSTemplateFormatVersion: '2015-09-01'
Description: Config Rule resource example
Parameters:
  TagKeyScope:
    Type: String
    Description: The rule monitors the tag key, only applies to rules created based
      on managed rules
    Default: null
  TagValueScope:
    Type: String
    Description: The rule monitors the tag value, only applies to rules created based
      on managed rules
    Default: null
  Description:
    Type: String
    Description: The description of the rule
    Default: null
  ExcludeResourceIdsScope:
    Type: String
    Description: The rule monitors excluded resource IDs, multiple of which are separated
      by commas, only applies to rules created based on managed rules, , custom rule
      this field is empty
    Default: null
  SourceOwner:
    Type: String
    Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule.
      Valid values:  CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN:
      The rule is a managed rule and Alibaba Cloud owns the rule'
  SourceIdentifier:
    Type: String
    Description: The identifier of the rule.  For a managed rule, the value is the
      name of the managed rule. For a custom rule, the value is the ARN of the custom
      rule
  MaximumExecutionFrequency:
    Type: String
    Description: 'The frequency of the compliance evaluations. Valid values:  One_Hour
      Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours'
    Default: null
  RegionIdsScope:
    Type: String
    Description: The rule monitors region IDs, separated by commas, only applies to
      rules created based on managed rules
    Default: null
  ConfigRuleTriggerTypes:
    Type: String
    Description: 'The trigger type of the rule. Valid values:  ConfigurationItemChangeNotification:
      The rule is triggered upon configuration changes. ScheduledNotification: The
      rule is triggered as scheduled.'
  ResourceGroupIdsScope:
    Type: String
    Description: The rule monitors resource group IDs, separated by commas, only applies
      to rules created based on managed rules
    Default: null
  RiskLevel:
    Type: Number
    Description: 'The risk level of the resources that are not compliant with the
      rule. Valid values:  1: critical 2: warning 3: info'
  ResourceTypesScope:
    Type: Json
    Description: The types of the resources to be evaluated against the rule
  RuleName:
    Type: String
    Description: The name of the rule.
  InputParameters:
    Type: Json
    Description: The settings of the input parameters for the rule
    Default: null
Resources:
  ConfigRule:
    Type: ALIYUN::Config::Rule
    Properties:
      TagKeyScope:
        Ref: TagKeyScope
      TagValueScope:
        Ref: TagValueScope
      Description:
        Ref: Description
      ExcludeResourceIdsScope:
        Ref: ExcludeResourceIdsScope
      SourceOwner:
        Ref: SourceOwner
      SourceIdentifier:
        Ref: SourceIdentifier
      MaximumExecutionFrequency:
        Ref: MaximumExecutionFrequency
      RegionIdsScope:
        Ref: RegionIdsScope
      ConfigRuleTriggerTypes:
        Ref: ConfigRuleTriggerTypes
      ResourceGroupIdsScope:
        Ref: ResourceGroupIdsScope
      RiskLevel:
        Ref: RiskLevel
      ResourceTypesScope:
        Ref: ResourceTypesScope
      RuleName:
        Ref: RuleName
      InputParameters:
        Ref: InputParameters
Outputs:
  TagKeyScope:
    Description: The rule monitors the tag key, only applies to rules created based
      on managed rules
    Value:
      Fn::GetAtt:
      - ConfigRule
      - TagKeyScope
  TagValueScope:
    Description: The rule monitors the tag value, only applies to rules created based
      on managed rules
    Value:
      Fn::GetAtt:
      - ConfigRule
      - TagValueScope
  Description:
    Description: The description of the rule
    Value:
      Fn::GetAtt:
      - ConfigRule
      - Description
  ExcludeResourceIdsScope:
    Description: The rule monitors excluded resource IDs, multiple of which are separated
      by commas, only applies to rules created based on managed rules, , custom rule
      this field is empty
    Value:
      Fn::GetAtt:
      - ConfigRule
      - ExcludeResourceIdsScope
  SourceOwner:
    Description: 'Specifies whether you or Alibaba Cloud owns and manages the rule.
      Valid values:  CUSTOM_FC: The rule is a custom rule and you own the rule. ALIYUN:
      The rule is a managed rule and Alibaba Cloud owns the rule'
    Value:
      Fn::GetAtt:
      - ConfigRule
      - SourceOwner
  SourceIdentifier:
    Description: The identifier of the rule.  For a managed rule, the value is the
      name of the managed rule. For a custom rule, the value is the ARN of the custom
      rule
    Value:
      Fn::GetAtt:
      - ConfigRule
      - SourceIdentifier
  MaximumExecutionFrequency:
    Description: 'The frequency of the compliance evaluations. Valid values:  One_Hour
      Three_Hours Six_Hours Twelve_Hours TwentyFour_Hours'
    Value:
      Fn::GetAtt:
      - ConfigRule
      - MaximumExecutionFrequency
  ConfigRuleId:
    Description: The ID of the rule
    Value:
      Fn::GetAtt:
      - ConfigRule
      - ConfigRuleId
  EventSource:
    Description: The event source of the rule.
    Value:
      Fn::GetAtt:
      - ConfigRule
      - EventSource
  RegionIdsScope:
    Description: The rule monitors region IDs, separated by commas, only applies to
      rules created based on managed rules
    Value:
      Fn::GetAtt:
      - ConfigRule
      - RegionIdsScope
  ConfigRuleArn:
    Description: config rule arn
    Value:
      Fn::GetAtt:
      - ConfigRule
      - ConfigRuleArn
  ConfigRuleTriggerTypes:
    Description: 'The trigger type of the rule. Valid values:  ConfigurationItemChangeNotification:
      The rule is triggered upon configuration changes. ScheduledNotification: The
      rule is triggered as scheduled.'
    Value:
      Fn::GetAtt:
      - ConfigRule
      - ConfigRuleTriggerTypes
  ResourceGroupIdsScope:
    Description: The rule monitors resource group IDs, separated by commas, only applies
      to rules created based on managed rules
    Value:
      Fn::GetAtt:
      - ConfigRule
      - ResourceGroupIdsScope
  RiskLevel:
    Description: 'The risk level of the resources that are not compliant with the
      rule. Valid values:  1: critical 2: warning 3: info'
    Value:
      Fn::GetAtt:
      - ConfigRule
      - RiskLevel
  ResourceTypesScope:
    Description: The types of the resources to be evaluated against the rule
    Value:
      Fn::GetAtt:
      - ConfigRule
      - ResourceTypesScope
  RuleName:
    Description: The name of the rule.
    Value:
      Fn::GetAtt:
      - ConfigRule
      - RuleName
  InputParameters:
    Description: The settings of the input parameters for the rule
    Value:
      Fn::GetAtt:
      - ConfigRule
      - InputParameters