1

我目前正在使用 cloudformation 模板自动创建 aws config 规则。我需要在脚本中添加修复操作以自动化不兼容的资源。我不知道将修复操作添加为云形成模板的参数。有人可以帮我解决这个问题吗?下面是我的代码。但我无法创建堆栈

{
"Resources": {
"AWSConfigRule": {
  "Type": "AWS::Config::ConfigRule",
  "Properties": {
    "ConfigRuleName": {
      "Ref": "ConfigRuleName"
    },
    "Description": "Checks whether Amazon Virtual Private Cloud flow logs 
are found and enabled for Amazon VPC.",
    "InputParameters": {
      "trafficType": {
        "Fn::If": [
          "trafficType",
          {
            "Ref": "trafficType"
          },
          {
            "Ref": "AWS::NoValue"
          }
        ]
      }
    },
    "Scope": {},
    "Source": {
      "Owner": "AWS",
      "SourceIdentifier": "VPC_FLOW_LOGS_ENABLED"
    },
    "MaximumExecutionFrequency": {
      "Ref": "MaximumExecutionFrequency"
    },
    "RemediationConfigurations": {
        "Ref": "RemediationConfigurations"
    },        
  }
}
  },
 "Parameters": {
"ConfigRuleName": {
  "Type": "String",
  "Default": "vpc-flow-logs-enabled",
  "Description": "The name that you assign to the AWS Config rule.",
  "MinLength": "1",
  "ConstraintDescription": "This parameter is required."
},
"MaximumExecutionFrequency": {
  "Type": "String",
  "Default": "TwentyFour_Hours",
  "Description": "The frequency that you want AWS Config to run evaluations for the rule.",
  "MinLength": "1",
  "ConstraintDescription": "This parameter is required.",
  "AllowedValues": [
    "One_Hour",
    "Three_Hours",
    "Six_Hours",
    "Twelve_Hours",
    "TwentyFour_Hours"
  ]
},
"trafficType": {
  "Type": "String",
  "Default": "",
  "Description": "TrafficType of flow logs"
},
"RemediationConfigurations": [ 
  { 
     "TargetId": "AWS-PublishSNSNotification",
     "TargetType": "SSM_DOCUMENT"
  }
]
},
4

1 回答 1

0

对于您可以直接在云端使用的配置规则,没有可用的属性,例如“RemediationConfigurations”。因此,您最好调用 lambda 函数并使用函数 putremediationconfigurations 通过脚本传递它。

于 2019-06-05T14:06:29.407 回答