ACS-ECS-BulkyAuthorizeSecurityGroup
更新時(shí)間:
模板名稱
ACS-ECS-BulkyAuthorizeSecurityGroup 批量授權(quán)安全組策略
模板描述
將一條安全組策略添加至多個(gè)安全組
模板類型
自動(dòng)化
所有者
Alibaba Cloud
輸入?yún)?shù)
參數(shù)名稱 | 描述 | 類型 | 是否必填 | 默認(rèn)值 | 約束 |
securityGroupIds | 安全組ID | List | 是 | ||
ipProtocol | 傳輸層協(xié)議 | String | 是 | ||
portRange | 傳輸層協(xié)議端口范圍 | String | 是 | ||
sourceCidrIp | 源端IPv4 CIDR地址段, 例如:10.0.0.0/8 | String | 是 | ||
regionId | 地域ID | String | 否 | {{ ACS::RegionId }} | |
nicType | 網(wǎng)卡類型 | String | 否 | intranet | |
policy | 設(shè)置訪問(wèn)權(quán)限(accept:接受訪問(wèn),drop:拒絕訪問(wèn)) | String | 否 | accept | |
priority | 安全組規(guī)則優(yōu)先級(jí)。取值范圍:1~100 | Number | 否 | 1 | |
rateControl | 任務(wù)執(zhí)行的并發(fā)比率 | Json | 否 | {‘Mode’: ‘Concurrency’, ‘MaxErrors’: 0, ‘Concurrency’: 10} | |
OOSAssumeRole | OOS扮演的RAM角色 | String | 否 | “” |
輸出參數(shù)
無(wú)
執(zhí)行此模板需要的權(quán)限策略
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:AuthorizeSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
詳情
ACS-ECS-BulkyAuthorizeSecurityGroup詳情
模板內(nèi)容
FormatVersion: OOS-2019-06-01
Description:
en: Add a security group policy to multiple security groups
zh-cn: 將一條安全組策略添加至多個(gè)安全組
name-en: ACS-ECS-BulkyAuthorizeSecurityGroup
name-zh-cn: 批量授權(quán)安全組策略
categories:
- instance_manage
- computenest
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: 地域ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
securityGroupIds:
Label:
en: SecurityGroupIds
zh-cn: 安全組ID
Type: List
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
ipProtocol:
Label:
en: IpProtocol
zh-cn: 傳輸層協(xié)議
Type: String
AllowedValues:
- tcp
- udp
- icmp
- gre
- all
portRange:
Label:
en: PortRange
zh-cn: 傳輸層協(xié)議端口范圍
Description:
en: correct style:1/200, error style:200/1. ranges:(TCP/UDP:1~65535, ICMP:-1/-1, GRE:-1/-1, IpProtocol value is all:-1/-1)
zh-cn: 正確樣式:1/200, 錯(cuò)誤樣式200/1:。取值范圍:(TCP/UDP:1~65535, ICMP協(xié)議:-1/-1, GRE協(xié)議:-1/-1, IpProtocol取值為all:-1/-1)
Type: String
nicType:
Label:
en: NicType
zh-cn: 網(wǎng)卡類型
Description:
en: (internet:public network card, intrant:inner network card)
zh-cn: (internet:公網(wǎng)網(wǎng)卡,intranet:內(nèi)網(wǎng)網(wǎng)卡)
Type: String
AllowedValues:
- internet
- intranet
Default: intranet
policy:
Label:
en: Policy
zh-cn: 設(shè)置訪問(wèn)權(quán)限(accept:接受訪問(wèn),drop:拒絕訪問(wèn))
Type: String
AllowedValues:
- accept
- drop
Default: accept
priority:
Label:
en: Priority
zh-cn: 安全組規(guī)則優(yōu)先級(jí)。取值范圍:1~100
Type: Number
MinValue: 1
MaxValue: 100
Default: 1
sourceCidrIp:
Label:
en: SourceCidrIp
zh-cn: 源端IPv4 CIDR地址段, 例如:10.0.0.0/8
Type: String
rateControl:
Label:
en: RateControl
zh-cn: 任務(wù)執(zhí)行的并發(fā)比率
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOS扮演的RAM角色
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: AuthorizeSecurityGroup
Action: 'ACS::ExecuteAPI'
Description:
en: Authorize Security Group Policy to multiple Security Group
zh-cn: 授權(quán)安全組策略至多個(gè)安全組
Properties:
Service: ECS
API: AuthorizeSecurityGroup
Parameters:
RegionId: '{{ regionId }}'
IpProtocol: '{{ ipProtocol }}'
PortRange: '{{ portRange }}'
NicType: '{{ nicType }}'
Policy: '{{ policy }}'
Priority: '{{ priority }}'
SourceCidrIp: '{{ sourceCidrIp }}'
SecurityGroupId: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ securityGroupIds }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- securityGroupIds
- ipProtocol
- portRange
- nicType
- policy
- priority
- sourceCidrIp
Label:
default:
zh-cn: 配置參數(shù)
en: Configure Parameters
- Parameters:
- rateControl
- OOSAssumeRole
Label:
default:
zh-cn: 高級(jí)選項(xiàng)
en: Control Options文檔內(nèi)容是否對(duì)您有幫助?