1

我在最后一个参数中遇到错误,我必须提到 TrailName 和 KMSKeyId 的值。从 yaml 文件创建 CFT 时,这两者都变得不正确。确切的错误是:(服务:AmazonConfig;状态代码:400;错误代码:InvalidParameterValueException;请求 ID:78f748ce-c07e-4552-8d6b-d156b83475b7;代理:null) 错误截图

请帮助我使用正确的语法来手动修复参数值。

AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  ConfigRuleForCloudTrailEncryption:
    Type: "AWS::Config::ConfigRule"
    Properties:
      ConfigRuleName: "cloud-trail-encryption"
      Scope:
        ComplianceResourceTypes: []
      Description: "A config rule that checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The rule is COMPLIANT if the KmsKeyId is defined."
      Source:
        Owner: "AWS"
        SourceIdentifier: "CLOUD_TRAIL_ENCRYPTION_ENABLED"
      MaximumExecutionFrequency: "TwentyFour_Hours"
  RemediationForConfigRule:
    Type: "AWS::Config::RemediationConfiguration"
    Properties:
      Automatic: false
      ConfigRuleName:
        Ref: "ConfigRuleForCloudTrailEncryption"
      MaximumAutomaticAttempts: 5
      RetryAttemptSeconds: 60
      TargetId: "AWS-EnableCloudTrailKmsEncryption"
      TargetType: "SSM_DOCUMENT"
      TargetVersion: "1"
      Parameters:
        TrailNames:
          StaticValue:
            Value: "stringnamefortrail"
        KmsKeyId:
          StaticValue:
            Value: "KeyId/Keyarn"
Parameters: {}
Metadata: {}
Conditions: {}
4

1 回答 1

2

在这个aws-doc的示例中,您可以发现 Parametersvalue应该是一个使用 的列表-

失败

      Parameters:
        TrailNames:
          StaticValue:
            Value: "stringnamefortrail"

固定的

      Parameters:
        TrailNames:
          StaticValue:
            Value: 
            - "stringnamefortrail"
于 2021-07-23T21:36:41.733 回答