ACS-ECS-BulkyModifyUserPasswordBySecretParameter - CloudOps Orchestration Service

Template name

ACS-ECS-BulkyModifyUserPasswordBySecretParameter

Execute Now

Template description

Changes the password for multiple Elastic Compute Service (ECS) instances at a time by using a secret parameter.

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
targets	The ECS instances for which you want to change the passwords.	Json	Yes
username	The username of the account whose password you want to change.	String	Yes
passwordParameter	The secret parameter to be used to change the password.	String	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
whetherToDeleteSecretParameter	Specifies whether to delete the secret parameter.	Boolean	No	False
rateControl	The rate control settings.	Json	No	{'Mode': 'Concurrency', 'MaxErrors': '0', 'Concurrency': 10}
OOSAssumeRole	The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

None

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:AttachInstanceRamRole",
                "ecs:DescribeInstanceRamRole",
                "ecs:DescribeInstances",
                "ecs:DescribeInvocationResults",
                "ecs:DescribeInvocations",
                "ecs:DetachInstanceRamRole",
                "ecs:RunCommand"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ros:CreateStack",
                "ros:DeleteStack",
                "ros:GetStack"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ram:PassRole"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "oos:DeleteSecretParameter"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

References

For more information, see ACS-ECS-BulkyModifyUserPasswordBySecretParameter.yml at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  en: Bulky modify ECS instance user password by secret parameter
  zh-cn: the description in Chinese
  name-en: ACS-ECS-BulkyModifyUserPasswordBySecretParameter
  name-zh-cn: the description in Chinese
  categories:
    - run_command
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: the description in Chinese
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  targets:
    Type: Json
    Label:
      en: TargetInstance
      zh-cn: the description in Chinese
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
  username:
    Label:
      en: Username
      zh-cn: the description in Chinese
    Type: String
  passwordParameter:
    Label:
      en: The password secret parameter
      zh-cn: the description in Chinese
    Type: String
  whetherToDeleteSecretParameter:
    Label:
      en: WhetherToDeleteSecretParameter
      zh-cn: the description in Chinese
    Type: Boolean
    Default: false
  rateControl:
    Label:
      en: RateControl
      zh-cn: the description in Chinese
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: the description in Chinese
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstance
    Description:
      en: Views the ECS instances
      zh-cn: the description in Chinese
    Action: ACS::SelectTargets
    Properties:
      ResourceType: ALIYUN::ECS::Instance
      RegionId: '{{ regionId }}'
      Filters:
        - '{{ targets }}'
    Outputs:
      instanceIds:
        Type: List
        ValueSelector: Instances.Instance[].InstanceId
  - Name: modifyUserPasswordBySecretParameter
    Action: ACS::ECS::ModifyUserPasswordBySecretParameter
    OnError: deleteSecretParameter
    Description:
      en: Use encrypted parameters to modify user password
      zh-cn: the description in Chinese
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ ACS::TaskLoopItem }}'
      username: '{{ username }}'
      passwordParameter: '{{ passwordParameter }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ getInstance.instanceIds }}'
  - Name: deleteSecretParameter
    When:
      'Fn::Equals':
        - true
        - '{{ whetherToDeleteSecretParameter }}'
    Description:
      en: Delete the secret parameter
      zh-cn: the description in Chinese
    Action: ACS::ExecuteAPI
    Properties:
      Service: OOS
      API: DeleteSecretParameter
      Parameters:
        RegionId: '{{ regionId }}'
        Name:
          Fn::Select:
            - 0
            - Fn::Split:
                - '}'
                - Fn::Select:
                  - 1
                  - Fn::Split:
                      - ':'
                      - '{{passwordParameter}}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - username
          - passwordParameter
          - whetherToDeleteSecretParameter
        Label:
          default:
            zh-cn: the description in Chinese
            en: Configure Parameters
      - Parameters:
          - regionId
          - targets
        Label:
          default:
            zh-cn: the description in Chinese
            en: Select ECS Instances
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: the description in Chinese
            en: Control Options