-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathACS-OSS-PutBucketEncryption.json
146 lines (146 loc) · 4.24 KB
/
ACS-OSS-PutBucketEncryption.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
{
"FormatVersion": "OOS-2019-06-01",
"Description": {
"en": "Encryption rules for configuring buckets",
"zh-cn": "配置OSSBucket的加密规则",
"name-en": "ACS-OSS-PutBucketEncryption",
"name-zh-cn": "配置OSSBucket加密规则",
"categories": [
"security"
]
},
"Parameters": {
"regionId": {
"Type": "String",
"Label": {
"en": "RegionId",
"zh-cn": "地域ID"
},
"AssociationProperty": "RegionId",
"Default": "{{ ACS::RegionId }}"
},
"SSEAlgorithm": {
"Label": {
"en": "SSEAlgorithm",
"zh-cn": "SSE加密方式"
},
"Description": {
"en": "Set the default encryption method of the server",
"zh-cn": "设置服务端默认加密方式"
},
"Type": "String",
"AllowedValues": [
"KMS",
"AES256"
]
},
"KMSMasterKeyID": {
"Label": {
"en": "KMSMasterKeyID",
"zh-cn": "KMS密钥ID"
},
"Description": {
"en": "When the ssealgorithm value is KMS, you need to enter the key ID, otherwise, it must be empty(Default No is empty)",
"zh-cn": "当SSEAlgorithm值为KMS时,需输入KMSMasterKeyID,其他情况下,必须为空(No 代表为空)"
},
"Type": "String",
"Default": false
},
"bucketName": {
"Label": {
"en": "BucketName",
"zh-cn": "OSS bucket 名称"
},
"Type": "String",
"AssociationProperty": "ALIYUN::OSS::Bucket::BucketName",
"AssociationPropertyMetadata": {
"RegionId": "regionId"
}
},
"OOSAssumeRole": {
"Label": {
"en": "OOSAssumeRole",
"zh-cn": "OOS扮演的RAM角色"
},
"Type": "String",
"Default": ""
}
},
"RamRole": "{{ OOSAssumeRole }}",
"Tasks": [
{
"Name": "chooseWetherHasKMSMasterKeyIDTask",
"Action": "ACS::Choice",
"Properties": {
"DefaultTask": "putBucketEncryptionNoKeyId",
"Choices": [
{
"When": {
"Fn::Equals": [
"KMS",
"{{ SSEAlgorithm }}"
]
},
"NextTask": "putBucketEncryption"
},
{
"When": {
"Fn::Equals": [
"AES256",
"{{ SSEAlgorithm }}"
]
},
"NextTask": "putBucketEncryptionNoKeyId"
}
]
}
},
{
"Name": "putBucketEncryptionNoKeyId",
"Action": "ACS::ExecuteAPI",
"Description": {
"en": "Encryption rules for configuring buckets(AES256)",
"zh-cn": "用于配置Bucket的加密规则(AES256)"
},
"OnSuccess": "ACS::END",
"Properties": {
"Service": "OSS",
"API": "PutBucketEncryption",
"Method": "PUT",
"URI": "?encryption",
"Headers": {
"Content-MD5": "",
"Content-Type": "application/xml"
},
"Parameters": {
"RegionId": "{{ regionId }}",
"BucketName": "{{ bucketName }}"
},
"Body": "<?xml version=\"1.0\" encoding=\"UTF-8\"?> <ServerSideEncryptionRule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm> <KMSMasterKeyID></KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> </ServerSideEncryptionRule>"
}
},
{
"Name": "putBucketEncryption",
"Action": "ACS::ExecuteAPI",
"Description": {
"en": "Encryption rules for configuring buckets(KMS)",
"zh-cn": "用于配置Bucket的加密规则(KMS)"
},
"Properties": {
"Service": "OSS",
"API": "PutBucketEncryption",
"Method": "PUT",
"URI": "?encryption",
"Headers": {
"Content-MD5": "",
"Content-Type": "application/xml"
},
"Parameters": {
"RegionId": "{{ regionId }}",
"BucketName": "{{ bucketName }}"
},
"Body": "<?xml version=\"1.0\" encoding=\"UTF-8\"?> <ServerSideEncryptionRule> <ApplyServerSideEncryptionByDefault> <SSEAlgorithm>{{ SSEAlgorithm }}</SSEAlgorithm> <KMSMasterKeyID>{{ KMSMasterKeyID }}</KMSMasterKeyID> </ApplyServerSideEncryptionByDefault> </ServerSideEncryptionRule>"
}
}
]
}