ACS-ECS-BulkyAuthorizeSecurityGroup - CloudOps Orchestration Service

Template name

ACS-ECS-BulkyAuthorizeSecurityGroup

Execute Now

Template description

Creates a security group rule in multiple security groups at a time.

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
securityGroupIds	The security group IDs.	List	Yes
ipProtocol	The transport layer protocol.	String	Yes
portRange	The range of port numbers that correspond to the transport layer protocol of the security group.	String	Yes
sourceCidrIp	The source IPv4 CIDR block. Example: 10.0.0.0/8.	String	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
nicType	The type of the network interface card (NIC).	String	No	intranet
policy	The access control policy. Valid values: accept and drop.	String	No	accept
priority	The priority of the security group rule. Valid values: 1 to 100	Number	No	1
rateControl	The rate control settings.	Json	No	{'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}
OOSAssumeRole	The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

None

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:AuthorizeSecurityGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

References

For more information, see ACS-ECS-BulkyAuthorizeSecurityGroup.yml at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  en: Add a security group policy to multiple security groups
  zh-cn: the description in Chinese
  name-en: ACS-ECS-BulkyAuthorizeSecurityGroup
  name-zh-cn: the description in Chinese
  categories:
    - instance_manage
    - computenest
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: the description in Chinese
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  securityGroupIds:
    Label:
      en: SecurityGroupIds
      zh-cn: the description in Chinese
    Type: List
    AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
  ipProtocol:
    Label:
      en: IpProtocol
      zh-cn: the description in Chinese
    Type: String
    AllowedValues:
      - tcp
      - udp
      - icmp
      - gre
      - all
  portRange:
    Label:
      en: PortRange
      zh-cn: the description in Chinese
    Description:
      en:  correct style:1/200, error style:200/1. ranges:(TCP/UDP:1~65535, ICMP:-1/-1, GRE:-1/-1, IpProtocol value is all:-1/-1)
      zh-cn: the description in Chinese  
    Type: String
  nicType:
    Label:
      en: NicType
      zh-cn: the description in Chinese
    Description:
      en:  (internet:public network card, intrant:inner network card)
      zh-cn: the description in Chinese
    Type: String
    AllowedValues:
      - internet
      - intranet
    Default: intranet
  policy:
    Label:
      en: Policy
      zh-cn: the description in Chinese
    Type: String
    AllowedValues:
      - accept
      - drop
    Default: accept
  priority:
    Label:
      en: Priority
      zh-cn: the description in Chinese  
    Type: Number
    MinValue: 1
    MaxValue: 100
    Default: 1
  sourceCidrIp:
    Label:
      en: SourceCidrIp
      zh-cn: the description in Chinese
    Type: String
  rateControl:
    Label:
      en: RateControl
      zh-cn: the description in Chinese
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: the description in Chinese
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: AuthorizeSecurityGroup
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Authorize Security Group Policy to multiple Security Group
      zh-cn: the description in Chinese
    Properties:
      Service: ECS
      API: AuthorizeSecurityGroup
      Parameters:
        RegionId: '{{ regionId }}'
        IpProtocol: '{{ ipProtocol }}'
        PortRange: '{{ portRange }}'
        NicType: '{{ nicType }}'
        Policy: '{{ policy }}'
        Priority: '{{ priority }}'
        SourceCidrIp: '{{ sourceCidrIp }}'
        SecurityGroupId: '{{ ACS::TaskLoopItem }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ securityGroupIds }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - securityGroupIds
          - ipProtocol
          - portRange
          - nicType
          - policy
          - priority
          - sourceCidrIp
        Label:
          default:
            zh-cn: the description in Chinese
            en: Configure Parameters
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: the description in Chinese
            en: Control Options