Automation (Systems Manager 的功能) 會在 AWS Management Console 中填入 AWS 資源,該主控台符合您為輸入參數定義的資源類型。符合資源類型之 AWS 帳戶 中的資源會顯示在下拉式清單中供您選擇。您可以為 Amazon Elastic Compute Cloud (Amazon EC2) 執行個體、Amazon Simple Storage Service (Amazon S3) 儲存貯體和 AWS Identity and Access Management (IAM) 角色定義輸入參數類型。支援的類型定義和用來尋找相符資源的規則運算式如下:
-
AWS::EC2::Instance::Id
-^m?i-([a-z0-9]{8}|[a-z0-9]{17})$
-
List<AWS::EC2::Instance::Id>
-^m?i-([a-z0-9]{8}|[a-z0-9]{17})$
-
AWS::S3::Bucket::Name
-^[0-9a-z][a-z0-9\\-\\.]{3,63}$
-
List<AWS::S3::Bucket::Name>
-^[0-9a-z][a-z0-9\\-\\.]{3,63}$
-
AWS::IAM::Role::Arn
-^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$
-
List<AWS::IAM::Role::Arn>
-^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):iam::[0-9]{12}:role/.*$
以下為 Runbook 內容中定義之輸入參數類型的範例。
description: Enables encryption on an Amazon S3 bucket
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
parameters:
BucketName:
type: 'AWS::S3::Bucket::Name'
description: (Required) The name of the Amazon S3 bucket you want to encrypt.
SSEAlgorithm:
type: String
description: (Optional) The server-side encryption algorithm to use for the default encryption.
default: AES256
AutomationAssumeRole:
type: 'AWS::IAM::Role::Arn'
description: (Optional) The Amazon Resource Name (ARN) of the role that allows Automation to perform the actions on your behalf.
default: ''
mainSteps:
- name: enableBucketEncryption
action: 'aws:executeAwsApi'
inputs:
Service: s3
Api: PutBucketEncryption
Bucket: '{{BucketName}}'
ServerSideEncryptionConfiguration:
Rules:
- ApplyServerSideEncryptionByDefault:
SSEAlgorithm: '{{SSEAlgorithm}}'
isEnd: true