Compliance
data class CompliancePackArgs(val compliancePackName: Output<String>? = null, val compliancePackTemplateId: Output<String>? = null, val configRuleIds: Output<List<CompliancePackConfigRuleIdArgs>>? = null, val configRules: Output<List<CompliancePackConfigRuleArgs>>? = null, val description: Output<String>? = null, val riskLevel: Output<Int>? = null) : ConvertibleToJava<CompliancePackArgs>
Provides a Cloud Config Compliance Pack resource. For information about Cloud Config Compliance Pack and how to use it, see What is Compliance Pack.
NOTE: Available since v1.124.0.
Example Usage
Basic Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetRegionsArgs;
import com.pulumi.alicloud.cfg.Rule;
import com.pulumi.alicloud.cfg.RuleArgs;
import com.pulumi.alicloud.cfg.CompliancePack;
import com.pulumi.alicloud.cfg.CompliancePackArgs;
import com.pulumi.alicloud.cfg.inputs.CompliancePackConfigRuleIdArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf-example-config");
final var defaultRegions = AlicloudFunctions.getRegions(GetRegionsArgs.builder()
.current(true)
.build());
var defaultRule = new Rule("defaultRule", RuleArgs.builder()
.description("If the ACL policy of the OSS bucket denies read access from the Internet, the configuration is considered compliant.")
.sourceOwner("ALIYUN")
.sourceIdentifier("oss-bucket-public-read-prohibited")
.riskLevel(1)
.tagKeyScope("For")
.tagValueScope("example")
.regionIdsScope(defaultRegions.applyValue(getRegionsResult -> getRegionsResult.regions()[0].id()))
.configRuleTriggerTypes("ConfigurationItemChangeNotification")
.resourceTypesScopes("ACS::OSS::Bucket")
.ruleName("oss-bucket-public-read-prohibited")
.build());
var defaultCompliancePack = new CompliancePack("defaultCompliancePack", CompliancePackArgs.builder()
.compliancePackName(name)
.description(name)
.riskLevel("1")
.configRuleIds(CompliancePackConfigRuleIdArgs.builder()
.configRuleId(defaultRule.id())
.build())
.build());
}
}Content copied to clipboard
Import
Cloud Config Compliance Pack can be imported using the id, e.g.
$ pulumi import alicloud:cfg/compliancePack:CompliancePack example <id>Content copied to clipboard
Constructors
Link copied to clipboard
fun CompliancePackArgs(compliancePackName: Output<String>? = null, compliancePackTemplateId: Output<String>? = null, configRuleIds: Output<List<CompliancePackConfigRuleIdArgs>>? = null, configRules: Output<List<CompliancePackConfigRuleArgs>>? = null, description: Output<String>? = null, riskLevel: Output<Int>? = null)