ACS-ECS-BulkyLeaveSecurityGroup - CloudOps Orchestration Service

Template name

ACS-ECS-BulkyLeaveSecurityGroup

Execute Now

Template description

Removes multiple Elastic Compute Service (ECS) instances from a specific security group.

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
securityGroupId	The security group ID.	String	Yes
targets	The ECS instances to be removed from the security group.	Json	Yes
rateControl	The rate control settings.	Json	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
OOSAssumeRole	The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

None

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInstances",
                "ecs:LeaveSecurityGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

References

For more information, see ACS-ECS-BulkyLeaveSecurityGroup.yml at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  name-en: ACS-ECS-BulkyLeaveSecurityGroup
  name-zh-cn: removes multiple ECS instances from a specified security group at a time
  en: Bulky leave security group
  zh-cn: the description in Chinese
Parameters:
  regionId:
    Label:
      en: RegionId
      zh-cn: the description in Chinese
    Type: String
    AssociationProperty: ALIYUN::ECS::RegionId
    Default: '{{ ACS::RegionId }}'
  securityGroupId:
    Label:
      en: SecurityGroupId
      zh-cn: the description in Chinese
    Type: String
    AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
    AssociationPropertyMetadata:
      RegionId: regionId
  targets:
    Type: Json
    Label:
      en: TargetInstance
      zh-cn: the description in Chinese
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
      Status: Running
  rateControl:
    Label:
      en: RateControl
      zh-cn: the description in Chinese
    Type: Json
    AssociationProperty: RateControl
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: the description in Chinese
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
      zh-cn: the description in Chinese
    Action: ACS::SelectTargets
    Properties:
      ResourceType: ALIYUN::ECS::Instance
      RegionId: '{{ regionId }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: leaveSecurityGroup
    Action: ACS::ExecuteAPI
    Description:
      en: Leave security group
      zh-cn: the description in Chinese
    Properties:
      Service: ECS
      API: LeaveSecurityGroup
      Parameters:
        RegionId: '{{ regionId }}'
        InstanceId: '{{ ACS::TaskLoopItem }}'
        SecurityGroupId: '{{ securityGroupId }}'
    Loop:
      Items: '{{ getInstance.instanceIds }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - targets
          - securityGroupId
        Label:
          default:
            zh-cn: the description in Chinese
            en: Select Ecs Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: the description in Chinese
            en: Control Options