ACS-ESS-ECILifeCycleModifyPolarDBIPWhitelist

模板名称

ACS-ESS-ECILifeCycleModifyPolarDBIPWhitelist ECI使用生命周期挂钩设置PolarDB实例的IP白名单

立即执行

模板描述

ECI使用生命周期挂钩设置PolarDB实例的IP白名单

模板类型

自动化

所有者

Alibaba Cloud

输入参数

参数名称

描述

类型

是否必填

默认值

约束

dbClusterId

PolarDB集群ID

String

modifyMode

修改IP白名单的方式

String

regionId

地域ID

String

${regionId}

instanceIds

ECS实例ID列表

List

['${instanceIds}']

lifecycleHookId

生命周期挂钩ID

String

${lifecycleHookId}

lifecycleActionToken

实例关联的特定伸缩活动的令牌

String

${lifecycleActionToken}

OOSAssumeRole

OOS扮演的RAM角色

String

OOSServiceRole

输出参数

参数名称

描述

类型

ipAddresses

List

执行此模板需要的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "eci:DescribeContainerGroups"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "polardb:DescribeDBClusterAccessWhitelist",
                "polardb:ModifyDBClusterAccessWhitelist"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ess:CompleteLifecycleAction"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

详情

ACS-ESS-ECILifeCycleModifyPolarDBIPWhitelist详情

模板内容

FormatVersion: OOS-2019-06-01
Description:
  en: Use lifecycleHook to modify the IP whitelist of the PolarDB instance
  zh-cn: ECI使用生命周期挂钩设置PolarDB实例的IP白名单
  name-en: ACS-ESS-ECILifeCycleModifyPolarDBIPWhitelist
  name-zh-cn: ECI使用生命周期挂钩设置PolarDB实例的IP白名单
  categories:
    - elastic_manage
Parameters:
  dbClusterId:
    Label:
      en: DBClusterId
      zh-cn: PolarDB集群ID
    Type: String
  modifyMode:
    Label:
      en: ModifyMode
      zh-cn: 修改IP白名单的方式
    Description:
      en: The method to modify the IP whitelist, Delete is used for elastic contraction activities, and Append is used for elastic expansion activities
      zh-cn: 修改IP白名单的方式,Append用于弹性扩张活动,Delete用于弹性收缩活动
    Type: String
    AllowedValues:
      - Append
      - Delete
  regionId:
    Label:
      en: RegionId
      zh-cn: 地域ID
    Description:
      en: The ID of region
      zh-cn: '地域ID,请使用弹性伸缩系统默认值 ${regionId}'
    Type: String
    Default: '${regionId}'
  instanceIds:
    Label:
      en: InstanceIds
      zh-cn: ECS实例ID列表
    Description:
      en: The ID list of the ECS instance
      zh-cn: 'ECS实例ID列表,请使用弹性伸缩系统默认值 ["${instanceId}"]'
    Type: List
    Default:
      - '${instanceIds}'
  lifecycleHookId:
    Label:
      en: LifecycleHookId
      zh-cn: 生命周期挂钩ID
    Description:
      en: The ID of the lifecycle hook
      zh-cn: '生命周期挂钩ID,请使用弹性伸缩系统默认值 ${lifecycleHookId}'
    Type: String
    Default: '${lifecycleHookId}'
  lifecycleActionToken:
    Label:
      en: LifecycleActionToken
      zh-cn: 实例关联的特定伸缩活动的令牌
    Description:
      en: The token that indicates a specific scaling activity associated with an instance
      zh-cn: '实例关联的特定伸缩活动的令牌,请使用弹性伸缩系统默认值 ${lifecycleActionToken}'
    Type: String
    Default: '${lifecycleActionToken}'
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstanceIpAddress
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Get  ip address of ECI instance
      zh-cn: 获取ECI实例的Ip地址
    OnError: CompleteLifecycleActionForAbandon
    Properties:
      Service: ECI
      API: DescribeContainerGroups
      Parameters:
        RegionId: '{{ regionId }}'
        ContainerGroupIds: '{{ instanceIds }}'
    Outputs:
      ipAddress:
        Type: List
        ValueSelector: '.ContainerGroups[].IntranetIp'
  - Name: modifyPolarDBIPWhitelist
    Action: 'ACS::ESS::ModifyPolarDBIPWhitelist'
    Description:
      en: Modify the ip whitelist
      zh-cn: 修改IP白名单
    OnError: CompleteLifecycleActionForAbandon
    OnSuccess: CompleteLifecycleActionForContinue
    Properties:
      regionId: '{{ regionId }}'
      dbClusterId: '{{ dbClusterId }}'
      modifyMode: '{{ modifyMode }}'
      securityIp: '{{ ACS::TaskLoopItem }}'
    Loop:
      Items: '{{ getInstanceIpAddress.ipAddress }}'
  - Name: CompleteLifecycleActionForContinue
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Modify lifecycle action for continue
      zh-cn: 修改伸缩活动的等待状态为继续完成
    OnSuccess: 'ACS::END'
    Properties:
      Service: ESS
      API: CompleteLifecycleAction
      Parameters:
        RegionId: '{{ regionId }}'
        LifecycleHookId: '{{ lifecycleHookId }}'
        LifecycleActionToken: '{{ lifecycleActionToken }}'
        LifecycleActionResult: CONTINUE
  - Name: CompleteLifecycleActionForAbandon
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Complete lifecycle action for Abandon
      zh-cn: 修改伸缩活动的等待状态为弃用
    Properties:
      Service: ESS
      API: CompleteLifecycleAction
      Parameters:
        RegionId: '{{ regionId }}'
        LifecycleHookId: '{{ lifecycleHookId }}'
        LifecycleActionToken: '{{ lifecycleActionToken }}'
        LifecycleActionResult: ABANDON
Outputs:
  ipAddresses:
    Type: List
    Value: '{{ getInstanceIpAddress.ipAddress}}'