ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

模板名称

ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray 从RDS实例IP白名单分组里删除0.0.0.0/0

立即执行

模板描述

从RDS实例IP白名单分组里删除0.0.0.0/0

模板类型

自动化

所有者

Alibaba Cloud

输入参数

参数名称

描述

类型

是否必填

默认值

约束

instanceId

RDS实例ID

String

regionId

地域ID

String

{{ ACS::RegionId }}

OOSAssumeRole

OOS扮演的RAM角色

String

""

输出参数

执行此模板需要的权限策略

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeDBInstanceIPArrayList",
                "rds:ModifySecurityIps"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

详情

ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray详情

模板内容

FormatVersion: OOS-2019-06-01
Description:
  en: Del 0.0.0.0/0 from the ip white list array of rds instances
  zh-cn: 从RDS实例IP白名单分组里删除0.0.0.0/0
  name-en: ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray
  name-zh-cn: 从RDS实例IP白名单分组里删除0.0.0.0/0
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: 地域ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  instanceId:
    Label:
      en: InstanceId
      zh-cn: RDS实例ID
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: String
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: describeDBInstanceIPArray
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Query SecurityIPList of a rds instance
      zh-cn: 查询一个RDS实例包含的SecurityIPList
    Properties:
      Service: RDS
      API: DescribeDBInstanceIPArrayList
      Parameters:
        RegionId: '{{ regionId }}'
        DBInstanceId: '{{ instanceId }}'
    Outputs:
      DBInstanceIPArray:
        Type: List
        ValueSelector: '.Items.DBInstanceIPArray[] | {"SecurityIPList": .SecurityIPList, "DBInstanceIPArrayName": .DBInstanceIPArrayName, "WhitelistNetworkType": .WhitelistNetworkType}'
  - Name: modifySecurityByDBInstanceIPArray
    Action: ACS::RDS::ModifySecurityIpsByInstanceIPArray
    Description:
      en: Query SecurityIPList of a rds instance
      zh-cn: 查询一个RDS实例包含的SecurityIPList
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ instanceId }}'
      securityIps:
        'Fn::Select':
          - SecurityIPList
          - '{{ ACS::TaskLoopItem }}'
      instanceIPArrayName:
        'Fn::Select':
          - DBInstanceIPArrayName
          - '{{ ACS::TaskLoopItem }}'
      whitelistNetworkType:
        'Fn::Select':
          - WhitelistNetworkType
          - '{{ ACS::TaskLoopItem }}'
    Loop:
      Items: '{{ describeDBInstanceIPArray.DBInstanceIPArray }}'
      RateControl:
        Mode: Concurrency
        MaxErrors: 0
        Concurrency: 1