全部產品
Search
文件中心

CloudOps Orchestration Service:ACS-ESS-ECILifeCycleModifyMongoDBIPWhitelist

更新時間:Sep 06, 2024

模板名稱

ACS-ESS-ECILifeCycleModifyMongoDBIPWhitelist ECI使用生命週期掛鈎設定MongoDB執行個體的IP白名單

立即執行

模板描述

ECI使用生命週期掛鈎設定MongoDB執行個體的IP白名單

模板類型

自動化

所有者

Alibaba Cloud

輸入參數

參數名稱

描述

類型

是否必填

預設值

約束

dbInstanceId

MongoDB執行個體ID

String

modifyMode

修改IP白名單的方式

String

regionId

地區ID

String

${regionId}

instanceIds

ECS執行個體ID列表

List

['${instanceIds}']

lifecycleHookId

生命週期掛鈎ID

String

${lifecycleHookId}

lifecycleActionToken

執行個體關聯的特定伸縮活動的令牌

String

${lifecycleActionToken}

OOSAssumeRole

OOS扮演的RAM角色

String

OOSServiceRole

輸出參數

參數名稱

描述

類型

ipAddresses

List

執行此模板需要的權限原則

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeInstances"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "dds:ModifySecurityIps"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ess:CompleteLifecycleAction"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

詳情

ACS-ESS-ECILifeCycleModifyMongoDBIPWhitelist詳情

模板內容

FormatVersion: OOS-2019-06-01
Description:
  en: Use lifecycleHook to modify the IP whitelist of the MongoDB instance
  zh-cn: ECI使用生命週期掛鈎設定MongoDB執行個體的IP白名單
  name-en: ACS-ESS-ECILifeCycleModifyMongoDBIPWhitelist
  name-zh-cn: ECI使用生命週期掛鈎設定MongoDB執行個體的IP白名單
  categories:
    - elastic_manage
Parameters:
  dbInstanceId:
    Label:
      en: DBInstanceId
      zh-cn: MongoDB執行個體ID
    Type: String
  modifyMode:
    Label:
      en: ModifyMode
      zh-cn: 修改IP白名單的方式
    Description:
      en: The method to modify the IP whitelist, Delete is used for elastic contraction activities, and Append is used for elastic expansion activities
      zh-cn: 修改IP白名單的方式,Append用於彈性擴張活動,Delete用於彈性收縮活動
    Type: String
    AllowedValues:
      - Append
      - Delete
  regionId:
    Label:
      en: RegionId
      zh-cn: 地區ID
    Description:
      en: The ID of region
      zh-cn: '地區ID,請使用Auto Scaling系統預設值 ${regionId}'
    Type: String
    Default: '${regionId}'
  instanceIds:
    Label:
      en: InstanceIds
      zh-cn: ECS執行個體ID列表
    Description:
      en: The ID list of the ECS instance
      zh-cn: 'ECS執行個體ID列表,請使用Auto Scaling系統預設值 ["${instanceId}"]'
    Type: List
    Default:
      - '${instanceIds}'
  lifecycleHookId:
    Label:
      en: LifecycleHookId
      zh-cn: 生命週期掛鈎ID
    Description:
      en: The ID of the lifecycle hook
      zh-cn: '生命週期掛鈎ID,請使用Auto Scaling系統預設值 ${lifecycleHookId}'
    Type: String
    Default: '${lifecycleHookId}'
  lifecycleActionToken:
    Label:
      en: LifecycleActionToken
      zh-cn: 執行個體關聯的特定伸縮活動的令牌
    Description:
      en: The token that indicates a specific scaling activity associated with an instance
      zh-cn: '執行個體關聯的特定伸縮活動的令牌,請使用Auto Scaling系統預設值 ${lifecycleActionToken}'
    Type: String
    Default: '${lifecycleActionToken}'
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: OOS扮演的RAM角色
    Type: String
    Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstanceIpAddress
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Gets ECS instance network type and ip address
      zh-cn: 擷取ECS執行個體的網路類型和Ip地址
    OnError: CompleteLifecycleActionForAbandon
    Properties:
      Service: ECS
      API: DescribeInstances
      Parameters:
        RegionId: '{{ regionId }}'
        InstanceIds: '{{ instanceIds }}'
    Outputs:
      Ips:
        Type: List
        ValueSelector: >-
          .Instances.Instance[]|.VpcAttributes.PrivateIpAddress.IpAddress+.InnerIpAddress.IpAddress|.[]
  - Name: modifySecurityIps
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Modifies the whitelist
      zh-cn: 修改白名單
    OnError: CompleteLifecycleActionForAbandon
    OnSuccess: CompleteLifecycleActionForContinue
    Properties:
      Service: DDS
      API: ModifySecurityIps
      Parameters:
        RegionId: '{{ regionId }}'
        ModifyMode: '{{ modifyMode }}'
        DBInstanceId: '{{ dbInstanceId }}'
        SecurityIps:
          'Fn::Join':
            - ','
            - '{{ getInstanceIpAddress.Ips }}'
  - Name: CompleteLifecycleActionForContinue
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Modify lifecycle action for continue
      zh-cn: 修改伸縮活動的等待狀態為繼續完成
    OnSuccess: 'ACS::END'
    Properties:
      Service: ESS
      API: CompleteLifecycleAction
      Parameters:
        RegionId: '{{ regionId }}'
        LifecycleHookId: '{{ lifecycleHookId }}'
        LifecycleActionToken: '{{ lifecycleActionToken }}'
        LifecycleActionResult: CONTINUE
  - Name: CompleteLifecycleActionForAbandon
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Complete lifecycle action for Abandon
      zh-cn: 修改伸縮活動的等待狀態為棄用
    Properties:
      Service: ESS
      API: CompleteLifecycleAction
      Parameters:
        RegionId: '{{ regionId }}'
        LifecycleHookId: '{{ lifecycleHookId }}'
        LifecycleActionToken: '{{ lifecycleActionToken }}'
        LifecycleActionResult: ABANDON
Outputs:
  ipAddresses:
    Type: List
    Value: '{{ getInstanceIpAddress.Ips }}'