Template name
ACS-ECS-ApproveROSCreateInstances Approves the creation of ECS instances through ROS.
Template description
Uses Resource Orchestration Service (ROS) to create Elastic Compute Service (ECS) instances after approval.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Type | Required | Default value | Limit |
imageId | The ID of the image that is used to create ECS instances. | String | Yes | ||
instanceType | The instance type of the ECS instances to be created. | String | Yes | ||
zoneId | The ID of the zone in which the vSwitch is to be created. | String | Yes | ||
webHookUrl | The webhook URL of the DingTalk chatbot. | String | Yes | ||
atMobiles | The DingTalk mobile numbers of group members mentioned in an approval notification. | List | Yes | ||
approvers | The users who can approve the task. | List | Yes | ||
instancesCount | The number of ECS instances to be created. | Number | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
atAll | Specifies whether to notify all group members when an approval notification is sent to the specified DingTalk group. | String | No | false | |
minRequiredApprovals | The minimum number of approvers who are required to approve the task. | Number | No | 1 | |
OOSAssumeRole | The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
Parameter | Description | Type |
instanceIds | List |
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ros:CreateStack",
"ros:DeleteStack",
"ros:GetStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:AddTags",
"ecs:AllocatePublicIpAddress",
"ecs:AttachKeyPair",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ConfigureSecurityGroupPermissions",
"ecs:CreateSecurityGroup",
"ecs:DeleteInstance",
"ecs:DeleteSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeDedicatedHosts",
"ecs:DescribeDisks",
"ecs:DescribeImageSupportInstanceTypes",
"ecs:DescribeImages",
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstances",
"ecs:DescribeKeyPairs",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribePrice",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSnapshots",
"ecs:DescribeUserData",
"ecs:DetachKeyPair",
"ecs:JoinResourceGroup",
"ecs:ModifyDiskSpec",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyInstanceChargeType",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupRule",
"ecs:RemoveTags",
"ecs:ReplaceSystemDisk",
"ecs:ResizeDisk",
"ecs:RunInstances",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:TagResources",
"ecs:UntagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"quotas:ListProductQuotas"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:GetRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:DescribeLoadBalancers"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVSwitch",
"vpc:CreateVpc",
"vpc:DeleteVSwitch",
"vpc:DeleteVpc",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpnGateways",
"vpc:DescribeZones",
"vpc:ModifyVSwitchAttribute",
"vpc:ModifyVpcAttribute",
"vpc:TagResources",
"vpc:UnTagResources"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Details
Details of ACS-ECS-ApproveROSCreateInstances
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Create ECS instances by ROS with approval
zh-cn: Create ECS instances by ROS with approval
name-en: ACS-ECS-ApproveROSCreateInstances
name-zh-cn: ACS-ECS-ApproveROSCreateInstances
categories:
- cost_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: RegionId
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
imageId:
Label:
en: ImageId
zh-cn: ImageId
Type: String
AssociationProperty: 'ALIYUN::ECS::Image::ImageId'
AssociationPropertyMetadata:
RegionId: regionId
instanceType:
Label:
en: InstanceType
zh-cn: InstanceType
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
zoneId:
Label:
en: ZoneId
zh-cn: ZoneId
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
Type: String
AssociationPropertyMetadata:
RegionId: regionId
webHookUrl:
Label:
en: WebHookUrl
zh-cn: WebHookUrl
Description:
en: >-
For example, https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414. For more information about how to obtain a DingTalk webhook, see https://www.alibabacloud.com/help/document_detail/144679.html#h2--2-webhook-5.
zh-cn: >-
For example, https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414. For more information about how to obtain a DingTalk webhook, see https://www.alibabacloud.com/help/document_detail/144679.html#h2--2-webhook-5.
Type: String
atMobiles:
Label:
en: AtMobiles
zh-cn: AtMobiles
Type: List
atAll:
Label:
en: AtAll
zh-cn: AtAll
Type: String
Default: 'false'
approvers:
Label:
en: Approvers
zh-cn: Approvers
Description:
en: >-
The username is the part of the RAM user's name that precedes the at sign (@). For example, if the RAM user's name is user001@companyAlias.onaliyun.com, enter user001.
zh-cn: >-
The username is the part of the RAM user's name that precedes the at sign (@). For example, if the RAM user's name is user001@companyAlias.onaliyun.com, enter user001.
Type: List
AssociationProperty: ALIYUN::RAM::User
minRequiredApprovals:
Label:
en: MinRequiredApprovals
zh-cn: MinRequiredApprovals
Type: Number
Default: 1
instancesCount:
Label:
en: InstancesCount
zh-cn: InstancesCount
Type: Number
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: approveCreateInstances
Action: 'ACS::Approve'
Description:
en: Requests approval to create multiple ECS instances.
zh-cn: Requests approval to create multiple ECS instances.
Properties:
Approvers: '{{approvers}}'
MinRequiredApprovals: '{{minRequiredApprovals}}'
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: >-
Notify: Please approve the task execution to create ECS instance sent by
{{ACS::RegionId}} oos {{ACS::ExecutionId}}.
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: createStack
Action: 'ACS::ExecuteAPI'
Description:
en: Creates a resource stack.
zh-cn: Creates a resource stack.
Properties:
Service: ROS
API: CreateStack
Parameters:
RegionId: '{{ regionId }}'
StackName: 'OOS-{{ACS::ExecutionId}}'
TimeoutInMinutes: 10
DisableRollback: false
Parameters:
- ParameterKey: instanceType
ParameterValue: '{{ instanceType }}'
- ParameterKey: zoneId
ParameterValue: '{{ zoneId }}'
- ParameterKey: regionId
ParameterValue: '{{ regionId }}'
- ParameterKey: imageId
ParameterValue: '{{imageId}}'
- ParameterKey: executionId
ParameterValue: '{{ ACS::ExecutionId }}'
- ParameterKey: instancesCount
ParameterValue: '{{ instancesCount }}'
TemplateBody: |
{
"Description": "Create VPC ECS instance",
"Parameters": {
"imageId": {
"Type": "String"
},
"instanceType": {
"Type": "String"
},
"executionId": {
"Type": "String"
},
"instancesCount": {
"Type": "String"
},
"zoneId": {
"Type": "String"
},
"regionId": {
"Type": "String"
},
"resourcePrefix": {
"Type": "String",
"Default": "oos-generated"
}
},
"ROSTemplateFormatVersion": "2015-09-01",
"Outputs": {
"ecs_instance_id": {
"Value": {
"Fn::GetAtt": [
"ecs",
"InstanceIds"
]
}
}
},
"Resources": {
"vswitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Description": {
"Fn::Join": [
" ",
[
"OOS execution id is",
{
"Ref": "executionId"
}
]
]
},
"ZoneId": {
"Ref": "zoneId"
},
"CidrBlock": "192.168.0.0/16"
}
},
"sg": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"Tags": [
{
"Key": "oos-generated",
"Value": {
"Ref": "executionId"
}
},
{
"Key": "region",
"Value": {
"Ref": "regionId"
}
}
],
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupName": {
"Fn::Join": [
"-",
[
{
"Ref": "resourcePrefix"
},
"sg"
]
]
},
"SecurityGroupEgress": [
{
"PortRange": "-1/-1",
"Priority": 1,
"IpProtocol": "all",
"DestCidrIp": "0.0.0.0/0",
"NicType": "intranet"
}
]
}
},
"vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"Description": {
"Fn::Join": [
" ",
[
"OOS execution id is",
{
"Ref": "executionId"
}
]
]
},
"VpcName": {
"Fn::Join": [
"-",
[
{
"Ref": "resourcePrefix"
},
"vpc"
]
]
}
}
},
"ecs": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"ImageId": {
"Ref": "imageId"
},
"SecurityGroupId": {
"Ref": "sg"
},
"VpcId": {
"Ref": "vpc"
},
"VSwitchId": {
"Ref": "vswitch"
},
"InstanceType": {
"Ref": "instanceType"
},
"MinAmount": {
"Ref": "instancesCount"
},
"MaxAmount": {
"Ref": "instancesCount"
},
"Tags": [
{
"Key": "oos-generated",
"Value": {
"Ref": "executionId"
}
},
{
"Key": "region",
"Value": {
"Ref": "regionId"
}
}
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"TemplateTags": [
"acs:integrate:oos:ecs_approve_ros_create_instances"
]
}
}
}
Outputs:
StackId:
Type: String
ValueSelector: StackId
- Name: untilStackReady
OnSuccess: ACS::END
OnError: queryStackStatusReason
Action: 'ACS::WaitFor'
Description:
en: Waits until the stack is in the CREATE_COMPLETE state.
zh-cn: Waits until the stack is in the CREATE_COMPLETE state.
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
DesiredValues:
- CREATE_COMPLETE
StopRetryValues:
- CREATE_FAILED
- CHECK_FAILED
- ROLLBACK_FAILED
- ROLLBACK_COMPLETE
- CREATE_ROLLBACK_COMPLETE
PropertySelector: Status
Outputs:
instanceIds:
Type: String
ValueSelector: 'Outputs[0].OutputValue'
- Name: queryStackStatusReason
Action: ACS::ExecuteAPI
OnError: deleteStack
OnSuccess: deleteStack
Description:
en: Queries the reason why the stack failed to be created.
zh-cn: Queries the reason why the stack failed to be created.
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
Outputs:
statusReason:
Type: String
ValueSelector: 'StatusReason'
- Name: deleteStack
Action: 'ACS::ExecuteApi'
Description:
en: Deletes the resource stack.
zh-cn: Deletes the resource stack.
Properties:
Service: ROS
API: DeleteStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
Outputs:
instanceIds:
Type: List
Value: '{{ untilStackReady.instanceIds }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- webHookUrl
- atMobiles
- atAll
- approvers
- minRequiredApprovals
Label:
default:
zh-cn: Configure Approval
en: Configure Approval
- Parameters:
- regionId
- zoneId
- imageId
- instanceType
- instancesCount
Label:
default:
zh-cn: Configure ECS Instance
en: Configure ECS Instance
- Parameters:
- OOSAssumeRole
Label:
default:
zh-cn: Advanced Options
en: Advanced Options