policy
is composed of several sub-statements. Each sub-statement contains the following elements: policy_key
, tag_key
, tag_value
, effective scope, etc.{"tags": {"Principal (Person in Charge)": {"tag_key": {"@@assign": "principal"},"tag_value": {"@@assign": ["name 1"]},"resource_type_scope":{"@@assign": ["ecs:instance","ecs:disk"]},"detection":"on",//Detection is a system default enabled feature. It will check whether the Tag value is compliant for specified resources with specified Tag keys by default, and is not shown in json by default."correction": {"@@assign": "on"},//Automatic repair, can be enabled when specifying one value, but multiple specified values cannot be automatically repaired."auto_assign":{"@@assign":"on"},//Auto-fill."enforced_for": { "@@assign": [ "*"] }, //Enforced."auto_assign_value": { "@@assign": "on" } //Auto-fill - Tag value}}}
{"tags": {"Principal (Person in Charge)": {"tag_key": {"@@assign": "principal"},"tag_value_dynamic": {"@@assign": "on"},//Enable dynamic value, the value is determined based on the value of the similarly named Tag key of the Sub-user in CAM."resource_type_scope":{"@@assign": ["ecs:instance","ecs:disk"]},"detection":"on",//Detection is a system default enabled feature. It will check whether the Tag value is compliant for specified resources with specified Tag keys by default, and is not shown in json by default."correction": {"@@assign": "on"},//Automatic repair, even dynamic values have only one value, automatic repair can be enabled."auto_assign":{"@@assign":"on"},//Auto-fill."enforced_for": { "@@assign": [ "*"] }, //Enforced."auto_assign_value": { "@@assign": "on" } //Auto-fill - Tag value}}}
Element | Required | Description | Description in above example |
tags | Yes | A tag policy always starts with tags . tags is always on the first line of a tag policy and is fixed. | tags , which is fixed |
policy_key | Yes | Tag key, which identifies a compliant tag key and takes the same value as the policy key. Tag keys are case sensitive. You can define multiple tag keys in a tag policy. | principal is the tag key. |
tag_key | Yes | Tag key, which identifies a compliant tag key and takes the same value as the policy key (case-sensitive). You can define multiple tag keys in a tag policy. | principal |
tag_value | Yes | Tag value, which identifies a compliant tag value. | Tag value is set to name1 and use principal as a valid value |
resource_type_scope | Yes | The effective scope of resource types, which is specified by the tag key-value pair. | Effective scope is limited to
ecs:instance,ecs:disk |
detection | Yes | The system is enabled by default | on enables the Detection feature within the resource range where the Tag Key Value is effective |
correction | No | Whether to enable Automatic repair. Acts as a switch for whether the Tag Key Value needs automatic repair | on enables the Automatic repair feature within the resource range where the Tag Key Value is effective |
auto_assign | No | Whether to enable Auto-fill. Indicates whether the Tag Key needs to be displayed by default in the Edit Tag position | on enables the Auto-fill feature within the resource range where the Tag Key is effective |
auto_assign_value | No | Whether to enable Auto-fill. Indicates whether the Tag Value needs to be displayed by default in the Edit Tag position | on enables the Auto-assignment Functionality within the resource range where the Tag Value is effective |
enforced_for | No | Whether to enable Forcible Execution. Indicates whether to Block Affinity for Non-compliant Tag Key-value Pairs | * enables the Forcible Execution feature for All Resources with Tag Key-Value |
Operator | Required | Description | Description in above example |
@@assign | Yes | This operator is used to assign the specified content to the specified element. | Assign principal to the policy key and tag keyAssign name 1 to the tag valueAssign ecs:instance,ecs:disk to the effective scope of resource typesAssign on to whether the correction feature is enabled |
Was this page helpful?