This product(
Yundun-bastionhost/2019-12-09) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts. Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.
Bastion Hosts (available only for bastion hosts that run V3.2.X)
| API | Title | Description |
|---|---|---|
| DescribeInstanceAttribute | DescribeInstanceAttribute | Queries the attribute information about the specified bastion host. The information includes the ID and remarks of the bastion host. |
| DescribeInstances | DescribeInstances | Queries bastion hosts. |
| ConfigInstanceSecurityGroups | ConfigInstanceSecurityGroups | Configures security groups for a bastion host. |
| ConfigInstanceWhiteList | ConfigInstanceWhiteList | Configures a whitelist of public IP addresses for a bastion host. |
| StartInstance | StartInstance | Enables the specified bastion host. |
| EnableInstancePublicAccess | EnableInstancePublicAccess | Enables Internet access for a bastion host. |
| DisableInstancePublicAccess | DisableInstancePublicAccess | Disables Internet access for a bastion host. |
| ModifyInstanceAttribute | ModifyInstanceAttribute | Modifies the information about a bastion host. |
| MoveResourceGroup | MoveResourceGroup | Moves a bastion host from one resource group to another resource group. |
Tags (available only for bastion hosts that run V3.2.X)
| API | Title | Description |
|---|---|---|
| ListTagKeys | ListTagKeys | Queries the tags that are added to a resource. |
| ListTagResources | ListTagResources | Queries the tags bound to one or more Bastionhost instances. |
| UntagResources | UntagResources | Removes tags from the specified bastion host and deletes the tags at a time. |
| TagResources | TagResources | Creates and adds tags to specified bastion hosts. |
Regions (available only for bastion hosts that run V3.2.X)
| API | Title | Description |
|---|---|---|
| DescribeRegions | DescribeRegions | Queries available regions where you can create bastion hosts. |
Hosts (available only for bastion hosts that run V3.2.17 and later versions)
| API | Title | Description |
|---|---|---|
| CreateHost | CreateHost | Bastionhost allows you to perform O\\\&M operations on hosts from different sources, such as Alibaba Cloud Elastic Compute Service (ECS) instances, servers in on-premises data centers, and servers on other cloud platforms. Before you perform O\\\&M operations on hosts by using a bastion host, you must import the hosts to the bastion host. You can call this operation to import a host to a bastion host. |
| GetHost | GetHost | Queries the details of a host, such as the name, source, address, protocol, and service port of the host. |
| ListHosts | ListHosts | Queries the hosts in a bastion host. |
| DeleteHost | DeleteHost | Deletes the specified host. |
| ModifyHostsPort | ModifyHostsPort | Changes the port for the O\\\\\\&M protocol on one or more hosts. |
| ModifyHostsActiveAddressType | ModifyHostsActiveAddressType | Changes the portal type of one or more hosts for O\&M. |
| ModifyHost | ModifyHost | Modifies information about a host. The information includes the address, name, and description of the host and the operating system that the host runs. |
Databases (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| CreateDatabase | CreateDatabase | Imports an ApsaraDB RDS for MySQL instance, ApsaraDB RDS for SQL Server instance, ApsaraDB RDS for PostgreSQL instance, PolarDB for MySQL cluster, PolarDB for PostgreSQL cluster, PolarDB for PostgreSQL (Compatible with Oracle) cluster, self-managed MySQL database, self-managed SQL Server database, self-managed PostgreSQL database, or self-managed Oracle database to a bastion host. |
| ModifyDatabase | ModifyDatabase | Modifies the basic information about a database. |
| GetDatabase | GetDatabase | Queries the detailed information about a database. |
| ListDatabases | ListDatabases | Queries the databases that are managed by a bastion host. |
| DeleteDatabase | DeleteDatabase | Deletes a database. |
Network Domain (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| CreateNetworkDomain | CreateNetworkDomain | Creates a network domain. |
| GetNetworkDomain | GetNetworkDomain | Queries the detailed information about a network domain. |
| ListNetworkDomains | ListNetworkDomains | Queries the network domains created in a bastion host. |
| DeleteNetworkDomain | DeleteNetworkDomain | Deletes a network domain. |
| ModifyNetworkDomain | ModifyNetworkDomain | Modifies the basic information about a network domain. |
| MoveHostsToNetworkDomain | MoveHostsToNetworkDomain | Adds multiple hosts to a network domain at a time. |
| MoveDatabasesToNetworkDomain | MoveDatabasesToNetworkDomain | Adds multiple databases to a network domain at a time. |
Host Accounts (available only for bastion hosts that run V3.2.17 and later versions)
| API | Title | Description |
|---|---|---|
| CreateHostAccount | CreateHostAccount | After you import a host to a bastion host, you must add an account of the host to the bastion host. This way, O\\\&M engineers can use the account to log on to and perform O\\\&M operations on the host by using the bastion host. |
| GetHostAccount | GetHostAccount | Queries the details of a specified host account. |
| ListHostAccounts | ListHostAccounts | Queries accounts of a specified host. |
| ModifyHostAccount | ModifyHostAccount | Modifies the information about a host account, such as the username, password, and private key of the host account. |
| DeleteHostAccount | DeleteHostAccount | Removes a host account. |
Database Accounts (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| CreateDatabaseAccount | CreateDatabaseAccount | After a database is created, you can create a database account for the database. After the account is created, O\\\&M engineers can use the account to log on to and perform O\\\&M operations on the database. |
| ModifyDatabaseAccount | ModifyDatabaseAccount | Modifies the basic information about a database account. |
| GetDatabaseAccount | GetDatabaseAccount | Queries the detailed information about a database account. |
| ListDatabaseAccounts | ListDatabaseAccounts | Queries the database accounts of a database. |
| ListDatabaseAccountsForUserGroup | ListDatabaseAccountsForUserGroup | Queries the database accounts of a database and whether a user group is authorized to manage each database account. |
| DeleteDatabaseAccount | DeleteDatabaseAccount | Deletes a database account. |
Users (available only for bastion hosts that run V3.2.17 and later versions)
| API | Title | Description |
|---|---|---|
| CreateUser | CreateUser | Adds a user to a bastion host. |
| GetUser | GetUser | Queries the details of a user of the specified bastion host. |
| ListUsers | ListUsers | Queries a list of users of a bastion host. |
| ModifyUser | ModifyUser | Modifies the information about a user of a bastion host. |
| DeleteUser | DeleteUser | Deletes a bastion host user. |
| CreateUserPublicKey | CreateUserPublicKey | Creates a public key for a bastion host user and hosts the public key in the bastion host. This way, O\\\&M engineers can use the private key that corresponds to the public key to log on to the bastion host from an O\\\&M client. |
| ListUserPublicKeys | ListUserPublicKeys | Queries all public keys of the specified user. |
| ModifyUserPublicKey | ModifyUserPublicKey | Modifies the public key of the user. |
| DeleteUserPublicKey | DeleteUserPublicKey | Deletes a public key from the specified user. |
| LockUsers | LockUsers | Locks one or more users of a bastion host. |
| UnlockUsers | UnlockUsers | Unlocks multiple bastion host users at a time. |
User Groups (available only for bastion hosts that run V3.2.17 and later versions)
| API | Title | Description |
|---|---|---|
| CreateUserGroup | CreateUserGroup | Creates a user group for the specified bastion host. |
| GetUserGroup | GetUserGroup | Queries the details of a user group in a bastion host. |
| ListUserGroups | ListUserGroups | Queries a list of user groups on a bastion host. |
| ModifyUserGroup | ModifyUserGroup | Modifies the information about the specified user group. |
| DeleteUserGroup | DeleteUserGroup | Deletes a specified user group from a specified bastion host. |
| AddUsersToGroup | AddUsersToGroup | Add one or more users to a user group. |
| RemoveUsersFromGroup | RemoveUsersFromGroup | Removes one or more users from a user group. |
Host Groups (available only for bastion hosts that run V3.2.17 and later versions)
| API | Title | Description |
|---|---|---|
| CreateHostGroup | CreateHostGroup | You can create asset groups based on your business requirements and add assets of the same type to an asset group. This allows you to classify assets and manage multiple assets at a time. |
| AddDatabasesToGroup | AddDatabasesToGroup | Adds multiple databases to a specified asset group. |
| AddHostsToGroup | AddHostsToGroup | Adds one or more hosts to the specified host group. |
| RemoveDatabasesFromGroup | RemoveDatabasesFromGroup | Removes multiple databases from an asset group at a time. |
| DeleteHostGroup | DeleteHostGroup | Deletes a host group. |
| RemoveHostsFromGroup | RemoveHostsFromGroup | Removes multiple hosts from an asset group at a time. |
| ModifyHostGroup | ModifyHostGroup | Modifies the name or description of the specified host group. |
| GetHostGroup | GetHostGroup | Queries the details of a specified host group. |
| ListHostGroups | ListHostGroups | Queries a list of asset groups that are managed by a bastion host. |
Host Authorization (available only for bastion hosts that run V3.2.17 and later versions)
| API | Title | Description |
|---|---|---|
| AttachHostAccountsToUser | AttachHostAccountsToUser | Authorizes a user to manage the hosts and host accounts. |
| ListHostsForUser | ListHostsForUser | Queries the hosts that a user group is authorized or not authorized to manage. |
| ListHostAccountsForUser | ListHostAccountsForUser | Queries the host accounts that the specified user is authorized to manage on the specified host. |
| DetachHostAccountsFromUser | DetachHostAccountsFromUser | Revokes permissions on hosts and host accounts from a user. |
| DetachHostAccountsFromUserGroup | DetachHostAccountsFromUserGroup | Revokes the permissions on one or more hosts and host accounts from a user group. |
| DetachHostGroupAccountsFromUser | DetachHostGroupAccountsFromUser | Removes host groups and host accounts from the list of host groups and host accounts that a user is authorized to manage. |
| AttachHostAccountsToUserGroup | AttachHostAccountsToUserGroup | Authorizes a user group to manage one or more hosts and host accounts. |
| DetachHostGroupAccountsFromUserGroup | DetachHostGroupAccountsFromUserGroup | Revokes permissions on one or more host groups and host accounts from a user group. |
| AttachHostGroupAccountsToUser | AttachHostGroupAccountsToUser | Authorizes a user to manage one or more host groups and host accounts. |
| AttachHostGroupAccountsToUserGroup | AttachHostGroupAccountsToUserGroup | Authorizes a user to manage one or more host groups and host accounts. |
| ListHostAccountsForUserGroup | ListHostAccountsForUserGroup | Queries the host accounts of the specified host that the specified user group is authorized to manage. |
| ListHostGroupAccountNamesForUser | ListHostGroupAccountNamesForUser | Queries the names of the host accounts that a specified user is authorized to manage in a specified host group. |
| ListHostGroupAccountNamesForUserGroup | ListHostGroupAccountNamesForUserGroup | Queries the names of the host accounts that a user group is authorized to manage in a host group. |
| ListHostGroupsForUser | ListHostGroupsForUser | Queries a list of host groups that a bastion host user is authorized or is not authorized to manage. |
| ListHostGroupsForUserGroup | ListHostGroupsForUserGroup | Queries the hosts that a specified user group is authorized or not authorized to manage. |
| ListHostsForUserGroup | ListHostsForUserGroup | Queries the hosts that a user group is authorized or not authorized to manage. |
Database Authorization (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| AttachDatabaseAccountsToUser | AttachDatabaseAccountsToUser | Authorizes a user to manage databases and database accounts. |
| ListDatabasesForUser | ListDatabasesForUser | Queries the databases that a user is authorized to manage. |
| DetachDatabaseAccountsFromUserGroup | DetachDatabaseAccountsFromUserGroup | Revokes permissions on databases and database accounts from a user group. |
| ListDatabaseAccountsForUser | ListDatabaseAccountsForUser | Queries the database accounts of a database and whether a user is authorized to manage each database account. |
| DetachDatabaseAccountsFromUser | DetachDatabaseAccountsFromUser | Revokes permissions on databases and database accounts from a user. |
| AttachDatabaseAccountsToUserGroup | AttachDatabaseAccountsToUserGroup | Authorizes a user group to manage databases and database accounts. |
| ListDatabasesForUserGroup | ListDatabasesForUserGroup | Queries the databases that a user group is authorized to manage. |
Operation Token (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| ListOperationDatabases | ListOperationDatabases | Queries a list of databases that the current Resource Access Management (RAM) user is authorized to manage. |
| ListOperationHosts | ListOperationHosts | Queries a list of hosts that the current Resource Access Management (RAM) user is authorized to manage. |
| ListOperationHostAccounts | ListOperationHostAccounts | Queries a list of host accounts that the current Resource Access Management (RAM) user is authorized to manage. |
| ListOperationDatabaseAccounts | ListOperationDatabaseAccounts | Queries a list of database accounts that the current Resource Access Management (RAM) user is authorized to manage. |
| GenerateAssetOperationToken | GenerateAssetOperationToken | Applies for an O\&M token. |
| RenewAssetOperationToken | RenewAssetOperationToken | Renews an O\\\&M token for one hour. |
Authorization Rules (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| CreateRule | CreateRule | You can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. This way, you can manage users and assets in a more efficient manner and limit the time periods during which users can access assets. |
| ModifyRule | ModifyRule | Modifies the basic information of an authorization rule. |
| GetRule | GetRule | Queries the detailed information about an authorization rule. |
| ListRules | ListRules | Queries a list of authorization rules of a bastion host. |
| EnableRule | EnableRule | Enables an authorization rule. |
| DisableRule | DisableRule | Disables an authorization rule. |
| DeleteRule | DeleteRule | Deletes an authorization rule. |
Policies (available only for bastion hosts that run V3.2.40)
| API | Title | Description |
|---|---|---|
| CreatePolicy | CreatePolicy | Configures a command control, command approval, protocol control, or access control policy to manage O\\\&M operations. This effectively prevents users from performing high-risk operations or accidental operations to ensure O\\\&M security. |
| ModifyPolicy | ModifyPolicy | Modifies the basic information about a control policy. |
| GetPolicy | GetPolicy | Queries the detailed information about a control policy. |
| ListPolicies | ListPolicies | Queries a list of control policies. |
| GetPolicyAssetScope | GetPolicyAssetScope | Queries the assets to which a control policy applies. |
| SetPolicyProtocolConfig | SetPolicyProtocolConfig | Modify the protocol control settings in a control policy. |
| SetPolicyCommandConfig | SetPolicyCommandConfig | Specifies the commands that can or cannot be run by the users or on the assets associated with the policy and the commands that must be reviewed. |
| SetPolicyIPAclConfig | SetPolicyIPAclConfig | Configures access control settings in a control policy. |
| GetPolicyUserScope | GetPolicyUserScope | Queries the scope of users to whom a control policy applies. |
| SetPolicyAccessTimeRangeConfig | SetPolicyAccessTimeRangeConfig | Configures the logon period limits in a control policy. |
| SetPolicyAssetScope | SetPolicyAssetScope | Specifies the assets to which a control policy applies. |
| SetPolicyUserScope | SetPolicyUserScope | Specifies the users to whom a control policy applies. |
| SetPolicyApprovalConfig | SetPolicyApprovalConfig | Configures the O\&M approval setting in a control policy. |
| DeletePolicy | DeletePolicy | Deletes a control policy. |
Approval (available only for bastion hosts that run V3.2.37)
| API | Title | Description |
|---|---|---|
| ListApproveCommands | ListApproveCommands | Queries commands to be reviewed. |
| AcceptApproveCommand | AcceptApproveCommand | If an O\\\&M engineer attempts to run a command specified in the Command Approval field on the Create Control Policy page, the administrator is notified to review the command in the Bastionhost console. The command can be run only after it is approved by the administrator. |
| RejectApproveCommand | RejectApproveCommand | If an O\\\&M engineer attempts to run a command specified in the Command Approval section of the Create Control Policy page, the administrator is notified to review the command in the Bastionhost console. The command can be run only after it is approved by the administrator. |
| ListOperationTickets | ListOperationTickets | Queries O\\\\\\&M applications to be reviewed. |
| AcceptOperationTicket | AcceptOperationTicket | If a Bastionhost administrator enables O\\\&M Approval on the Create Control Policy page, O\\\&M engineers can log on to assets to perform O\\\&M operations only after the administrator approves their O\\\&M applications. |
| RejectOperationTicket | RejectOperationTicket | If a Bastionhost administrator enables O\\\&M Approval on the Create Control Policy page, O\\\&M engineers can log on to assets to perform O\\\&M operations only after the administrator approves their O\\\&M applications. |
Asset Management (available only for bastion hosts that run V3.2.X)
| API | Title | Description |
|---|---|---|
| CreateHostShareKey | CreateHostShareKey | Bastionhost provides the shared key feature. This feature allows you to manage the private key that is used to log on to a host in a bastion host. This way, you can associate the private key with multiple accounts of the host to make host account management more efficient. |
| GetHostShareKey | GetHostShareKey | Queries the information about a shared key. |
| ListHostShareKeys | ListHostShareKeys | Queries the shared keys that are associated with a host. |
| ListHostAccountsForHostShareKey | ListHostAccountsForHostShareKey | Queries the host accounts that are associated with a shared key. |
| ModifyHostShareKey | ModifyHostShareKey | Modifies a shared key. |
| AttachHostAccountsToHostShareKey | AttachHostAccountsToHostShareKey | Associates host accounts with a shared key. |
| DetachHostAccountsFromHostShareKey | DetachHostAccountsFromHostShareKey | Disassociate host accounts from a shared key. |
| DeleteHostShareKey | DeleteHostShareKey | Deletes a shared key. |
System Settings (available only for bastion hosts that run V3.2.X)
| API | Title | Description |
|---|---|---|
| GetInstanceADAuthServer | GetInstanceADAuthServer | Queries the settings of Active Directory (AD) authentication on a bastion host. |
| ModifyInstanceADAuthServer | ModifyInstanceADAuthServer | Modifies the settings of the Active Directory (AD) authentication server of a bastion host. |
| GetInstanceTwoFactor | GetInstanceTwoFactor | Queries the settings of two-factor authentication on a bastion host. |
| ModifyInstanceTwoFactor | ModifyInstanceTwoFactor | Modifies the two-factor authentication settings of a bastion host. |
| ModifyInstanceLDAPAuthServer | ModifyInstanceLDAPAuthServer | Modifies the settings of the Lightweight Directory Access Protocol (LDAP) authentication server of a bastion host. |
| GetInstanceLDAPAuthServer | GetInstanceLDAPAuthServer | Queries the settings of Lightweight Directory Access Protocol (LDAP) authentication on a bastion host. |