ACS-ECS-BulkyModifyUserPasswordBySecretParameter

模板名称

ACS-ECS-BulkyModifyUserPasswordBySecretParameter 通过加密参数批量修改ECS实例用户密码

立即执行

模板描述

通过加密参数批量修改ECS实例用户密码

模板类型

自动化

所有者

Alibaba Cloud

输入参数

参数名称

描述

类型

是否必填

默认值

约束

targets

目标实例

Json

username

要修改密码的用户名

String

passwordParameter

密码加密参数

String

regionId

地域ID

String

{{ ACS::RegionId }}

whetherToDeleteSecretParameter

是否删除加密参数

Boolean

False

rateControl

任务执行的并发比率

Json

{‘Mode’: ‘Concurrency’, ‘MaxErrors’: 0, ‘Concurrency’: 10}

OOSAssumeRole

OOS扮演的RAM角色

String

“”

输出参数

执行此模板需要的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:AttachInstanceRamRole",
                "ecs:DescribeInstanceRamRole",
                "ecs:DescribeInstances",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInvocations",
                "ecs:DetachInstanceRamRole",
                "ecs:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ros:CreateStack",
                "ros:DeleteStack",
                "ros:GetStack"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ram:PassRole"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "oos:DeleteSecretParameter"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

详情

ACS-ECS-BulkyModifyUserPasswordBySecretParameter详情

模板内容

FormatVersion: OOS-2019-06-01
Description:
  en: Bulky modify ECS instance user password by secret parameter
  zh-cn: 通过加密参数批量修改ECS实例用户密码
  name-en: ACS-ECS-BulkyModifyUserPasswordBySecretParameter
  name-zh-cn: 通过加密参数批量修改ECS实例用户密码
  categories:
    - run_command
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: 地域ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  targets:
    Type: Json
    Label:
      en: TargetInstance
      zh-cn: 目标实例
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
  username:
    Label:
      en: Username
      zh-cn: 要修改密码的用户名
    Type: String
  passwordParameter:
    Label:
      en: The password secret parameter
      zh-cn: 密码加密参数
    Type: String
  whetherToDeleteSecretParameter:
    Label:
      en: WhetherToDeleteSecretParameter
      zh-cn: 是否删除加密参数
    Type: Boolean
    Default: false
  rateControl:
    Label:
      en: RateControl
      zh-cn: 任务执行的并发比率
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
      zh-cn: 获取ECS实例
    Action: ACS::SelectTargets
    Properties:
      ResourceType: ALIYUN::ECS::Instance
      RegionId: '{{ regionId }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: modifyUserPasswordBySecretParameter
    Action: ACS::ECS::ModifyUserPasswordBySecretParameter
    OnError: deleteSecretParameter
    Description:
      en: Use encrypted parameters to modify user password
      zh-cn: 使用加密参数修改用户密码
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ ACS::TaskLoopItem }}'
      username: '{{ username }}'
      passwordParameter: '{{ passwordParameter }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
  - Name: deleteSecretParameter
    When:
      'Fn::Equals':
        - true
        - '{{ whetherToDeleteSecretParameter }}'
    Description:
      en: Delete the secret parameter
      zh-cn: 删除加密参数
    Action: ACS::ExecuteAPI
    Properties:
      Service: OOS
      API: DeleteSecretParameter
      Parameters:
        RegionId: '{{ regionId }}'
        Name:
          Fn::Select:
            - 0
            - Fn::Split:
                - '}'
                - Fn::Select:
                  - 1
                  - Fn::Split:
                      - ':'
                      - '{{passwordParameter}}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - username
          - passwordParameter
          - whetherToDeleteSecretParameter
        Label:
          default:
            zh-cn: 设置参数
            en: Configure Parameters
      - Parameters:
          - regionId
          - targets
        Label:
          default:
            zh-cn: 选择实例
            en: Select ECS Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: 高级选项
            en: Control Options