A automação, um recurso do Systems Manager, preenche recursos da AWS noAWS Management Console que correspondem ao tipo de recurso definido para um parâmetro de entrada. Recursos na sua Conta da AWS, que correspondem ao tipo de recurso, são exibidos em uma lista suspensa para você escolher. Você pode definir tipos de parâmetros de entrada para instâncias do Amazon Elastic Compute Cloud (Amazon EC2), buckets do Amazon Simple Storage Service (Amazon S3) e funções do AWS Identity and Access Management (IAM). As definições de tipo suportadas e as expressões regulares usadas para localizar recursos correspondentes são as seguintes:
-
AWS::EC2::Instance::Id
-
^m?i-([a-z0-9]{8}|[a-z0-9]{17})$
-
List<AWS::EC2::Instance::Id>
-
^m?i-([a-z0-9]{8}|[a-z0-9]{17})$
-
AWS::S3::Bucket::Name
-
^[0-9a-z][a-z0-9\\-\\.]{3,63}$
-
List<AWS::S3::Bucket::Name>
-
^[0-9a-z][a-z0-9\\-\\.]{3,63}$
-
AWS::IAM::Role::Arn
-
^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$
-
List<AWS::IAM::Role::Arn>
-
^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$
O exemplo a seguir são tipos de parâmetros de entrada definidos no conteúdo do runbook.
- YAML
-
description: Enables encryption on an Amazon S3 bucket
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
parameters:
BucketName:
type: 'AWS::S3::Bucket::Name'
description: (Required) The name of the Amazon S3 bucket you want to encrypt.
SSEAlgorithm:
type: String
description: (Optional) The server-side encryption algorithm to use for the default encryption.
default: AES256
AutomationAssumeRole:
type: 'AWS::IAM::Role::Arn'
description: (Optional) The Amazon Resource Name (ARN) of the role that allows Automation to perform the actions on your behalf.
default: ''
mainSteps:
- name: enableBucketEncryption
action: 'aws:executeAwsApi'
inputs:
Service: s3
Api: PutBucketEncryption
Bucket: '{{BucketName}}'
ServerSideEncryptionConfiguration:
Rules:
- ApplyServerSideEncryptionByDefault:
SSEAlgorithm: '{{SSEAlgorithm}}'
isEnd: true
- JSON
-
{
"description": "Enables encryption on an Amazon S3 bucket",
"schemaVersion": "0.3",
"assumeRole": "{{ AutomationAssumeRole }}",
"parameters": {
"BucketName": {
"type": "AWS::S3::Bucket::Name",
"description": "(Required) The name of the Amazon S3 bucket you want to encrypt."
},
"SSEAlgorithm": {
"type": "String",
"description": "(Optional) The server-side encryption algorithm to use for the default encryption.",
"default": "AES256"
},
"AutomationAssumeRole": {
"type": "AWS::IAM::Role::Arn",
"description": "(Optional) The Amazon Resource Name (ARN) of the role that allows Automation to perform the actions on your behalf.",
"default": ""
}
},
"mainSteps": [
{
"name": "enableBucketEncryption",
"action": "aws:executeAwsApi",
"inputs": {
"Service": "s3",
"Api": "PutBucketEncryption",
"Bucket": "{{BucketName}}",
"ServerSideEncryptionConfiguration": {
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "{{SSEAlgorithm}}"
}
}
]
}
},
"isEnd": true
}
]
}