英文:
How to define a elb-custom-security-policy-ssl-check aws config rule
问题
以下是AWS配置elb-custom-security-policy-ssl-check规则的描述的翻译:
标识符:ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
资源类型:AWS::ElasticLoadBalancing::LoadBalancer
触发类型:配置更改
AWS区域:除了亚太地区(雅加达)、非洲(开普敦)、中东(阿联酋)、亚太地区(海得拉巴)、亚太地区(大阪)、亚太地区(墨尔本)、欧洲(米兰)、AWS GovCloud(美国东部)、以色列(特拉维夫)、欧洲(西班牙)、欧洲(苏黎世)之外的所有支持的AWS区域
参数:
sslProtocolsAndCiphers
类型:字符串
逗号分隔的密码和协议列表。
我正在为AWS配置创建一个Terraform配置,并创建了以下变量以传递此规则的输入参数:
variable "elb_custom_security_policy_ssl_check" {
type = string
default = "AES128-SHA256,TLSv1.3"
}
但是我遇到了一个内部错误,因为符合性包未创建,但是当我删除该规则时,它会创建。我正在尝试弄清楚默认值的正确表示方式。
Terraform符合性包代码:
resource "aws_config_conformance_pack" "conformancepack" {
name = "conformancepact"
template_body = <<EOT
Resources:
ElbCustomSecurityPolicySslCheck:
properties:
ConifigRuleName: elb-custom-security-policy-ssl-check
InputParameters:
sslProtocolsAndCiphers: ${var.elb_custom_security_policy_ssl_check}
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
EOT
}
希望这可以帮助您解决问题。
英文:
I have the following description of the aws config elb-custom-security-policy-ssl-check rule:
Identifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Resource Types: AWS::ElasticLoadBalancing::LoadBalancer
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Africa (Cape Town), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), Europe (Milan), AWS GovCloud (US-East), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region
Parameters:
sslProtocolsAndCiphers
Type: String
Comma separated list of ciphers and protocols.
I am creating a terraform configuration for aws config and I have this variable created to pass the input parameter for this rule:
variable "elb_custom_security_policy_ssl_check" {
type = string
default = "AES128-SHA256,TLSv1.3"
}
but I am getting an internal error as the conformance pack isn't created, but when I remove that rule it gets created. The proper representation of the default values is what I am trying to figure out.
Terraform conformance pack code:
resource "aws_config_conformance_pack" "conformancepack" {
name = "conformancepact"
template_body = <<EOT
Resources:
ElbCustomSecurityPolicySslCheck:
properties:
ConifigRuleName: elb-custom-security-policy-ssl-check
InputParameters:
sslProtocolsAndCiphers: ${var.elb_custom_security_policy_ssl_check}
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
EOT
}
答案1
得分: 1
在您的conformancePack配置中存在拼写错误,应该是ConfigRuleName而不是ConifigRuleName。
英文:
There is a spelling error in your conformancePack configuration ConifigRuleName instead of ConfigRuleName
答案2
得分: 1
问题在于使用heredoc语法创建的YML文件中使用了错误的参数:
template_body = <<EOT
Resources:
ElbCustomSecurityPolicySslCheck:
properties: <------------- 这不是正确的属性名称
ConfigRuleName: elb-custom-security-policy-ssl-check
InputParameters:
sslProtocolsAndCiphers: ${var.elb_custom_security_policy_ssl_check}
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
EOT
应该修复为如下所示(请注意,应该是Properties而不是properties):
resource "aws_config_conformance_pack" "conformancepack" {
name = "conformancepact"
template_body = <<EOT
Resources:
ElbCustomSecurityPolicySslCheck:
Properties:
ConfigRuleName: elb-custom-security-policy-ssl-check
InputParameters:
sslProtocolsAndCiphers: "${var.elb_custom_security_policy_ssl_check}"
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
EOT
}
然而,根据terraform文档的注释,请注意以下内容:
> 在成功创建或更新符合性包之前,帐户必须具有适当的IAM权限的配置记录器。另请参阅aws_config_configuration_recorder资源。
英文:
The issue is that the YML created with the heredoc syntax is using a wrong parameter:
template_body = <<EOT
Resources:
ElbCustomSecurityPolicySslCheck:
properties: <------------- This is not the correct property name
ConfigRuleName: elb-custom-security-policy-ssl-check
InputParameters:
sslProtocolsAndCiphers: ${var.elb_custom_security_policy_ssl_check}
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
EOT
This should be fixed to look like the following (note that it is Properties instead of properties):
resource "aws_config_conformance_pack" "conformancepack" {
name = "conformancepact"
template_body = <<EOT
Resources:
ElbCustomSecurityPolicySslCheck:
Properties:
ConfigRuleName: elb-custom-security-policy-ssl-check
InputParameters:
sslProtocolsAndCiphers: "${var.elb_custom_security_policy_ssl_check}"
Scope:
ComplianceResourceTypes:
- AWS::ElasticLoadBalancing::LoadBalancer
Source:
Owner: AWS
SourceIdentifier: ELB_CUSTOM_SECURITY_POLICY_SSL_CHECK
Type: AWS::Config::ConfigRule
EOT
}
However, based on the terraform documentation note the following:
> The account must have a Configuration Recorder with proper IAM permissions before the Conformance Pack will successfully create or update. See also the aws_config_configuration_recorder resource.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论