-
Notifications
You must be signed in to change notification settings - Fork 17
/
ACS-KMS-BulkySetDeletionProtection.json
127 lines (127 loc) · 2.83 KB
/
ACS-KMS-BulkySetDeletionProtection.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
{
"FormatVersion": "OOS-2019-06-01",
"Description": {
"en": "Enable deletion protection for CMK",
"zh-cn": "开启CMK删除保护",
"name-en": "ACS-KMS-BulkySetDeletionProtection",
"name-zh-cn": "开启CMK删除保护",
"categories": [
"security"
]
},
"Parameters": {
"regionId": {
"Label": {
"en": "RegionId",
"zh-cn": "地域ID"
},
"Type": "String",
"AssociationProperty": "RegionId",
"Default": "{{ ACS::RegionId }}"
},
"keyId": {
"Label": {
"en": "The ids of key",
"zh-cn": "密钥ID"
},
"Type": "String"
},
"rateControl": {
"Label": {
"en": "RateControl",
"zh-cn": "任务执行的并发比率"
},
"Type": "Json",
"AssociationProperty": "RateControl",
"Default": {
"Mode": "Concurrency",
"MaxErrors": 0,
"Concurrency": 10
}
},
"OOSAssumeRole": {
"Label": {
"en": "OOSAssumeRole",
"zh-cn": "OOS扮演的RAM角色"
},
"Type": "String",
"Default": ""
}
},
"RamRole": "{{ OOSAssumeRole }}",
"Tasks": [
{
"Name": "describeKey",
"Action": "ACS::ExecuteAPI",
"Description": {
"en": "Query the arn of key",
"zh-cn": "查询密钥的arn"
},
"Properties": {
"Service": "KMS",
"API": "DescribeKey",
"Parameters": {
"RegionId": "{{ regionId }}",
"KeyId": "{{ keyId }}"
}
},
"Outputs": {
"arn": {
"Type": "List",
"ValueSelector": ".KeyMetadata.Arn"
}
}
},
{
"Name": "setDeletionProtection",
"Action": "ACS::ExecuteAPI",
"Description": {
"en": "Enable deletion protection for CMK.",
"zh-cn": "开启CMK删除保护。"
},
"Properties": {
"Service": "KMS",
"API": "SetDeletionProtection",
"Parameters": {
"RegionId": "{{ regionId }}",
"ProtectedResourceArn": "{{ ACS::TaskLoopItem }}",
"EnableDeletionProtection": true
}
},
"Loop": {
"RateControl": "{{ rateControl }}",
"Items": "{{ describeKey.arn }}"
}
}
],
"Metadata": {
"ALIYUN::OOS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"regionId",
"keyId"
],
"Label": {
"default": {
"zh-cn": "选择密钥",
"en": "Select KMS Key"
}
}
},
{
"Parameters": [
"rateControl",
"OOSAssumeRole"
],
"Label": {
"default": {
"zh-cn": "高级选项",
"en": "Control Options"
}
}
}
]
}
}
}