通过 Cloudformation (yaml) 创建配置修复规则时出错
Getting error to create Config remediation rule through Cloudformation (yaml)
我在最后一个参数中遇到错误,我不得不提及 TrailName 和 KMSKeyId 的值。从 yaml 文件创建 CFT 时,这两个都变得不正确。确切的错误是:(服务:AmazonConfig;状态代码:400;错误代码:InvalidParameterValueException;请求 ID:78f748ce-c07e-4552-8d6b-d156b83475b7;代理:空)
请帮助我使用正确的参数值语法进行手动修复。
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
ConfigRuleForCloudTrailEncryption:
Type: "AWS::Config::ConfigRule"
Properties:
ConfigRuleName: "cloud-trail-encryption"
Scope:
ComplianceResourceTypes: []
Description: "A config rule that checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The rule is COMPLIANT if the KmsKeyId is defined."
Source:
Owner: "AWS"
SourceIdentifier: "CLOUD_TRAIL_ENCRYPTION_ENABLED"
MaximumExecutionFrequency: "TwentyFour_Hours"
RemediationForConfigRule:
Type: "AWS::Config::RemediationConfiguration"
Properties:
Automatic: false
ConfigRuleName:
Ref: "ConfigRuleForCloudTrailEncryption"
MaximumAutomaticAttempts: 5
RetryAttemptSeconds: 60
TargetId: "AWS-EnableCloudTrailKmsEncryption"
TargetType: "SSM_DOCUMENT"
TargetVersion: "1"
Parameters:
TrailNames:
StaticValue:
Value: "stringnamefortrail"
KmsKeyId:
StaticValue:
Value: "KeyId/Keyarn"
Parameters: {}
Metadata: {}
Conditions: {}
在这个aws-doc的例子中,你可以发现参数value应该是一个使用-的列表。
失败
Parameters:
TrailNames:
StaticValue:
Value: "stringnamefortrail"
固定
Parameters:
TrailNames:
StaticValue:
Value:
- "stringnamefortrail"
我在最后一个参数中遇到错误,我不得不提及 TrailName 和 KMSKeyId 的值。从 yaml 文件创建 CFT 时,这两个都变得不正确。确切的错误是:(服务:AmazonConfig;状态代码:400;错误代码:InvalidParameterValueException;请求 ID:78f748ce-c07e-4552-8d6b-d156b83475b7;代理:空)
请帮助我使用正确的参数值语法进行手动修复。
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
ConfigRuleForCloudTrailEncryption:
Type: "AWS::Config::ConfigRule"
Properties:
ConfigRuleName: "cloud-trail-encryption"
Scope:
ComplianceResourceTypes: []
Description: "A config rule that checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The rule is COMPLIANT if the KmsKeyId is defined."
Source:
Owner: "AWS"
SourceIdentifier: "CLOUD_TRAIL_ENCRYPTION_ENABLED"
MaximumExecutionFrequency: "TwentyFour_Hours"
RemediationForConfigRule:
Type: "AWS::Config::RemediationConfiguration"
Properties:
Automatic: false
ConfigRuleName:
Ref: "ConfigRuleForCloudTrailEncryption"
MaximumAutomaticAttempts: 5
RetryAttemptSeconds: 60
TargetId: "AWS-EnableCloudTrailKmsEncryption"
TargetType: "SSM_DOCUMENT"
TargetVersion: "1"
Parameters:
TrailNames:
StaticValue:
Value: "stringnamefortrail"
KmsKeyId:
StaticValue:
Value: "KeyId/Keyarn"
Parameters: {}
Metadata: {}
Conditions: {}
在这个aws-doc的例子中,你可以发现参数value应该是一个使用-的列表。
失败
Parameters:
TrailNames:
StaticValue:
Value: "stringnamefortrail"
固定
Parameters:
TrailNames:
StaticValue:
Value:
- "stringnamefortrail"