如何解决通过 Cloudformation (yaml) 创建配置修复规则时出错
我在最后一个参数中遇到错误,我必须提及 TrailName 和 KMSKeyId 的值。从 yaml 文件创建 CFT 时,这两个都变得不正确。确切的错误是:(服务:AmazonConfig;状态代码:400;错误代码:InvalidParameterValueException;请求 ID:78f748ce-c07e-4552-8d6b-d156b83475b7;代理:null) 
请帮助我使用正确的参数值语法以进行手动修复。
AWstemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
ConfigRuleForCloudTrailEncryption:
Type: "AWS::Config::ConfigRule"
Properties:
ConfigRuleName: "cloud-trail-encryption"
Scope:
ComplianceResourceTypes: []
Description: "A config rule that checks whether AWS CloudTrail is configured to use the server side encryption (SSE) AWS Key Management Service (AWS KMS) customer master key (CMK) encryption. The rule is COMPLIANT if the KmsKeyId is defined."
Source:
Owner: "AWS"
SourceIdentifier: "CLOUD_TRAIL_ENCRYPTION_ENABLED"
MaximumExecutionFrequency: "TwentyFour_Hours"
RemediationForConfigRule:
Type: "AWS::Config::RemediationConfiguration"
Properties:
Automatic: false
ConfigRuleName:
Ref: "ConfigRuleForCloudTrailEncryption"
MaximumAutomaticAttempts: 5
RetryAttemptSeconds: 60
TargetId: "AWS-EnableCloudTrailKmsEncryption"
targettype: "SSM_DOCUMENT"
TargetVersion: "1"
Parameters:
TrailNames:
StaticValue:
Value: "stringnamefortrail"
KmsKeyId:
StaticValue:
Value: "KeyId/Keyarn"
Parameters: {}
Metadata: {}
Conditions: {}
解决方法
在此 aws-doc 的示例中,您可以发现参数 value 应该是使用 - 的列表。
失败
Parameters:
TrailNames:
StaticValue:
Value: "stringnamefortrail"
已修复
Parameters:
TrailNames:
StaticValue:
Value:
- "stringnamefortrail"
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
