Template name
ACS-ECS-ApproveROSCreateInstances
Template description
Uses Resource Orchestration Service (ROS) to create Elastic Compute Service (ECS) instances after approval.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Type | Required | Default value | Limit |
imageId | The ID of the image that is used to create ECS instances. | String | Yes | ||
instanceType | The instance type of the ECS instances to be created. | String | Yes | ||
zoneId | The ID of the zone in which the vSwitch is to be created. | String | Yes | ||
webHookUrl | The webhook URL of the DingTalk chatbot. | String | Yes | ||
atMobiles | The members to be notified when an approval notification is sent to the specified DingTalk group. | List | Yes | ||
approvers | The users who can approve the task. | List | Yes | ||
instancesCount | The number of ECS instances to be created. | Number | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
atAll | Specifies whether to notify all group members when an approval notification is sent to the specified DingTalk group. | String | No | false | |
minRequiredApprovals | The minimum number of approvers who are required to approve the task. | Number | No | 1 | |
OOSAssumeRole | The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
Parameter | Description | Type |
instanceIds | List |
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ros:CreateStack",
"ros:DeleteStack",
"ros:GetStack"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
For more information, see ACS-ECS-ApproveROSCreateInstances.yml at GitHub.
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Create ECS instances by ROS with approval
zh-cn: the description in Chinese
name-en: ACS-ECS-ApproveROSCreateInstances
name-zh-cn: the description in Chinese
categories:
- cost_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: the description in Chinese
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
imageId:
Label:
en: ImageId
zh-cn: the description in Chinese
Type: String
AssociationProperty: 'ALIYUN::ECS::Image::ImageId'
AssociationPropertyMetadata:
RegionId: regionId
instanceType:
Label:
en: InstanceType
zh-cn: the description in Chinese
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
zoneId:
Label:
en: ZoneId
zh-cn: the description in Chinese
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
Type: String
AssociationPropertyMetadata:
RegionId: regionId
webHookUrl:
Label:
en: WebHookUrl
zh-cn: the description in Chinese
Description:
en: >-
e.g.https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414,acquiring DingTalk webhook please refer to second appendix in https://help.aliyun.com/document_detail/144679.html.
zh-cn: >-
the description in Chinese
Type: String
atMobiles:
Label:
en: AtMobiles
zh-cn: the description in Chinese
Type: List
atAll:
Label:
en: AtAll
zh-cn: the description in Chinese
Type: String
Default: 'false'
approvers:
Label:
en: Approvers
zh-cn: the description in Chinese
Description:
en: the name to fill is the front part of @ in the RAM user name,if RAM user is user***@companyAlias.onaliyun.com, then fill user001 in list.
zh-cn: the description in Chinese
Type: List
AssociationProperty: ALIYUN::RAM::User
minRequiredApprovals:
Label:
en: MinRequiredApprovals
zh-cn: the description in Chinese
Type: Number
Default: 1
instancesCount:
Label:
en: InstancesCount
zh-cn: the description in Chinese
Type: Number
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: the description in Chinese
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: approveCreateInstances
Action: 'ACS::Approve'
Description:
en: Approve task creating ECS instances
zh-cn: the description in Chinese
Properties:
Approvers: '{{approvers}}'
MinRequiredApprovals: '{{minRequiredApprovals}}'
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: >-
Notify: Please approve the task execution to create ECS instance sent by
{{ACS::RegionId}} oos {{ACS::ExecutionId}}.
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: createStack
Action: 'ACS::ExecuteAPI'
Description:
en: Create a resource stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: CreateStack
Parameters:
RegionId: '{{ regionId }}'
StackName: 'OOS-{{ACS::ExecutionId}}'
TimeoutInMinutes: 10
DisableRollback: false
Parameters:
- ParameterKey: instanceType
ParameterValue: '{{ instanceType }}'
- ParameterKey: zoneId
ParameterValue: '{{ zoneId }}'
- ParameterKey: regionId
ParameterValue: '{{ regionId }}'
- ParameterKey: imageId
ParameterValue: '{{imageId}}'
- ParameterKey: executionId
ParameterValue: '{{ ACS::ExecutionId }}'
- ParameterKey: instancesCount
ParameterValue: '{{ instancesCount }}'
TemplateBody: |
{
"Description": "Create VPC ECS instance",
"Parameters": {
"imageId": {
"Type": "String"
},
"instanceType": {
"Type": "String"
},
"executionId": {
"Type": "String"
},
"instancesCount": {
"Type": "String"
},
"zoneId": {
"Type": "String"
},
"regionId": {
"Type": "String"
},
"resourcePrefix": {
"Type": "String",
"Default": "oos-generated"
}
},
"ROSTemplateFormatVersion": "2015-09-01",
"Outputs": {
"ecs_instance_id": {
"Value": {
"Fn::GetAtt": [
"ecs",
"InstanceIds"
]
}
}
},
"Resources": {
"vswitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Description": {
"Fn::Join": [
" ",
[
"OOS execution id is",
{
"Ref": "executionId"
}
]
]
},
"ZoneId": {
"Ref": "zoneId"
},
"CidrBlock": "192.168.0.0/16"
}
},
"sg": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"Tags": [
{
"Key": "oos-generated",
"Value": {
"Ref": "executionId"
}
},
{
"Key": "region",
"Value": {
"Ref": "regionId"
}
}
],
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupName": {
"Fn::Join": [
"-",
[
{
"Ref": "resourcePrefix"
},
"sg"
]
]
},
"SecurityGroupEgress": [
{
"PortRange": "-1/-1",
"Priority": 1,
"IpProtocol": "all",
"DestCidrIp": "0.0.0.0/0",
"NicType": "intranet"
}
]
}
},
"vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"Description": {
"Fn::Join": [
" ",
[
"OOS execution id is",
{
"Ref": "executionId"
}
]
]
},
"VpcName": {
"Fn::Join": [
"-",
[
{
"Ref": "resourcePrefix"
},
"vpc"
]
]
}
}
},
"ecs": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"ImageId": {
"Ref": "imageId"
},
"SecurityGroupId": {
"Ref": "sg"
},
"VpcId": {
"Ref": "vpc"
},
"VSwitchId": {
"Ref": "vswitch"
},
"InstanceType": {
"Ref": "instanceType"
},
"MinAmount": {
"Ref": "instancesCount"
},
"MaxAmount": {
"Ref": "instancesCount"
},
"Tags": [
{
"Key": "oos-generated",
"Value": {
"Ref": "executionId"
}
},
{
"Key": "region",
"Value": {
"Ref": "regionId"
}
}
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"TemplateTags": [
"acs:integrate:oos:ecs_approve_ros_create_instances"
]
}
}
}
Outputs:
StackId:
Type: String
ValueSelector: StackId
- Name: untilStackReady
OnSuccess: ACS::END
OnError: queryStackStatusReason
Action: 'ACS::WaitFor'
Description:
en: Wait for the stack status CREATE_COMPLETE
zh-cn: the description in Chinese
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
DesiredValues:
- CREATE_COMPLETE
StopRetryValues:
- CREATE_FAILED
- CHECK_FAILED
- ROLLBACK_FAILED
- ROLLBACK_COMPLETE
- CREATE_ROLLBACK_COMPLETE
PropertySelector: Status
Outputs:
instanceIds:
Type: String
ValueSelector: 'Outputs[0].OutputValue'
- Name: queryStackStatusReason
Action: ACS::ExecuteAPI
OnError: deleteStack
OnSuccess: deleteStack
Description:
en: Query the reson of failed created stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
Outputs:
statusReason:
Type: String
ValueSelector: 'StatusReason'
- Name: deleteStack
Action: 'ACS::ExecuteApi'
Description:
en: Delete the stack
zh-cn: the description in Chinese
Properties:
Service: ROS
API: DeleteStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
Outputs:
instanceIds:
Type: List
Value: '{{ untilStackReady.instanceIds }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- webHookUrl
- atMobiles
- atAll
- approvers
- minRequiredApprovals
Label:
default:
zh-cn: the description in Chinese
en: Configure Approval
- Parameters:
- regionId
- zoneId
- imageId
- instanceType
- instancesCount
Label:
default:
zh-cn: the description in Chinese
en: Configure ECS Instance
- Parameters:
- OOSAssumeRole
Label:
default:
zh-cn: the description in Chinese
en: Control Options