Remediation
data class RemediationArgs(val configRuleId: Output<String>? = null, val invokeType: Output<String>? = null, val params: Output<String>? = null, val remediationSourceType: Output<String>? = null, val remediationTemplateId: Output<String>? = null, val remediationType: Output<String>? = null) : ConvertibleToJava<RemediationArgs>
Provides a Config Remediation resource. For information about Config Remediation and how to use it, see What is Remediation.
NOTE: Available since v1.204.0.
Example Usage
Basic Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetRegionsArgs;
import com.pulumi.alicloud.oss.Bucket;
import com.pulumi.alicloud.oss.BucketArgs;
import com.pulumi.alicloud.cfg.Rule;
import com.pulumi.alicloud.cfg.RuleArgs;
import com.pulumi.alicloud.cfg.Remediation;
import com.pulumi.alicloud.cfg.RemediationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("tf-example-oss");
final var defaultRegions = AlicloudFunctions.getRegions(GetRegionsArgs.builder()
.current(true)
.build());
var defaultBucket = new Bucket("defaultBucket", BucketArgs.builder()
.bucket(name)
.acl("public-read")
.tags(Map.of("For", "example"))
.build());
var defaultRule = new Rule("defaultRule", RuleArgs.builder()
.description("If the ACL policy of the OSS bucket denies read access from the Internet, the configuration is considered compliant.")
.sourceOwner("ALIYUN")
.sourceIdentifier("oss-bucket-public-read-prohibited")
.riskLevel(1)
.tagKeyScope("For")
.tagValueScope("example")
.regionIdsScope(defaultRegions.applyValue(getRegionsResult -> getRegionsResult.regions()[0].id()))
.configRuleTriggerTypes("ConfigurationItemChangeNotification")
.resourceTypesScopes("ACS::OSS::Bucket")
.ruleName("oss-bucket-public-read-prohibited")
.build());
var defaultRemediation = new Remediation("defaultRemediation", RemediationArgs.builder()
.configRuleId(defaultRule.configRuleId())
.remediationTemplateId("ACS-OSS-PutBucketAcl")
.remediationSourceType("ALIYUN")
.invokeType("MANUAL_EXECUTION")
.params(defaultBucket.bucket().applyValue(bucket -> String.format("{{\"bucketName\": \"%s\", \"regionId\": \"%s\", \"permissionName\": \"private\"}}", bucket,defaultRegions.applyValue(getRegionsResult -> getRegionsResult.regions()[0].id()))))
.remediationType("OOS")
.build());
}
}Content copied to clipboard
Import
Config Remediation can be imported using the id, e.g.
$ pulumi import alicloud:cfg/remediation:Remediation example <id>Content copied to clipboard