ACS-ECS-JoinSecurityGroupToMultipleInstance_系统运维管理(OOS)-阿里云帮助中心

模板名称

ACS-ECS-JoinSecurityGroupToMultipleInstance 下发安全组至多台实例

立即执行

模板描述

将安全组下发至多台实例

模板类型

自动化

所有者

Alibaba Cloud

输入参数

参数名称	描述	类型	是否必填	默认值	约束
targets	目标实例	Json	是
securityGroupId	需下发的安全组ID	String	是
regionId	地域ID	String	否	{{ ACS::RegionId }}
rateControl	任务执行的并发比率	Json	否	{‘Mode’: ‘Concurrency’, ‘MaxErrors’: 0, ‘Concurrency’: 10}
OOSAssumeRole	OOS扮演的RAM角色	String	否	“”

输出参数

无

执行此模板需要的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInstances",
                "ecs:JoinSecurityGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

详情

ACS-ECS-JoinSecurityGroupToMultipleInstance详情

模板内容

FormatVersion: OOS-2019-06-01
Description:
  en: Join a security group to multiple instances
  zh-cn: 将安全组下发至多台实例
  name-en: ACS-ECS-JoinSecurityGroupToMultipleInstance
  name-zh-cn: 下发安全组至多台实例
  categories:
    - instance_manage
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: 地域ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  targets:
    Type: Json
    Label:
      en: TargetInstance
      zh-cn: 目标实例
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
  securityGroupId:
    Label:
      en: SecurityGroupId
      zh-cn: 需下发的安全组ID
    Type: String
    AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
    AssociationPropertyMetadata:
      RegionId: regionId
  rateControl:
    Label:
      en: RateControl
      zh-cn: 任务执行的并发比率
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
      zh-cn: 获取ECS实例
    Action: ACS::SelectTargets
    Properties:
      ResourceType: ALIYUN::ECS::Instance
      RegionId: '{{ regionId }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: checkInstanceReady
    Action: ACS::CheckFor
    Description:
      en: Checks whether the ECS instance status is running or stopped
      zh-cn: 检查实例状态在Running或者Stopped
    Properties:
      Service: ECS
      API: DescribeInstances
      Parameters:
        RegionId: '{{ regionId }}'
        InstanceIds:
          - '{{ ACS::TaskLoopItem }}'
      DesiredValues:
        - Running
        - Stopped
      PropertySelector: Instances.Instance[].Status
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
  - Name: joinSecurityGroup
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Deliver a security group to a specified ECS instance
      zh-cn: 将安全组下发到指定的ECS实例上
    Properties:
      Service: ECS
      API: JoinSecurityGroup
      Parameters:
        SecurityGroupId: '{{ securityGroupId }}'
        InstanceId: '{{ ACS::TaskLoopItem }}'
        RegionId: '{{ regionId }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - securityGroupId
        Label:
          default:
            zh-cn: 选择安全组
            en: Select Security Group
      - Parameters:
          - regionId
          - targets
        Label:
          default:
            zh-cn: 选择实例
            en: Select Ecs Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: 高级选项
            en: Control Options