模板名稱
ACS-VPC-BulkyDeleteForwardEntry 刪除NAT Gateway上DNAT映射的指定風險連接埠
模板描述
刪除NAT Gateway上DNAT映射的指定風險連接埠
模板類型
自動化
所有者
Alibaba Cloud
輸入參數
參數名稱 | 描述 | 類型 | 是否必填 | 預設值 | 約束 |
instanceId | NAT Gateway執行個體ID | String | 是 | ||
port | 風險連接埠(後端連接埠) | List | 是 | ||
regionId | 地區ID | String | 否 | {{ ACS::RegionId }} | |
rateControl | 任務執行的並發比率 | Json | 否 | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | OOS扮演的RAM角色 | String | 否 | "" |
輸出參數
無
執行此模板需要的權限原則
{
"Version": "1",
"Statement": [
{
"Action": [
"vpc:DeleteForwardEntry",
"vpc:DescribeForwardTableEntries",
"vpc:DescribeNatGateways"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
詳情
ACS-VPC-BulkyDeleteForwardEntry詳情
模板內容
FormatVersion: OOS-2019-06-01
Description:
en: Del the specified risk ports mapped on dnat table
zh-cn: 刪除NAT Gateway上DNAT映射的指定風險連接埠
name-en: ACS-VPC-BulkyDeleteForwardEntry
name-zh-cn: 刪除NAT Gateway上DNAT映射的指定風險連接埠
categories:
- security
Parameters:
regionId:
Label:
en: RegionId
zh-cn: 地區ID
Type: String
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
instanceId:
Label:
en: The id of natgateway instance.
zh-cn: NAT Gateway執行個體ID
Type: String
port:
Label:
en: The risk port
zh-cn: 風險連接埠(後端連接埠)
Type: List
rateControl:
Label:
en: RateControl
zh-cn: 任務執行的並發比率
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOS扮演的RAM角色
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: describeNatGateways
Action: ACS::ExecuteAPI
Description:
en: Query dnat table id of the natgateway instance
zh-cn: 查詢NAT Gateway執行個體的DNAT表ID
Properties:
Service: VPC
API: DescribeNatGateways
Parameters:
RegionId: '{{ regionId }}'
NatGatewayId: '{{ instanceId }}'
Outputs:
ForwardTableIds:
Type: String
ValueSelector: .NatGateways.NatGateway[].ForwardTableIds.ForwardTableId[]
- Name: describeForwardTableEntries
Action: ACS::ExecuteAPI
Description:
en: Query the dnat entry id which matches the risk ports
zh-cn: 查詢命中風險連接埠的DNAT條目的ID
Properties:
Service: VPC
API: DescribeForwardTableEntries
Parameters:
RegionId: '{{ regionId }}'
ForwardTableId: '{{ describeNatGateways.ForwardTableIds }}'
InternalPort: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ port }}'
Outputs:
ForwardEntryId-all:
AggregateType: Fn::ListJoin
AggregateField: ForwardEntryId
Outputs:
ForwardEntryId:
Type: Json
ValueSelector: .ForwardTableEntries.ForwardTableEntry[].ForwardEntryId
- Name: deleteForwardEntry
Action: ACS::ExecuteAPI
Description:
en: Del the specified risk ports mapped on dnat table
zh-cn: 刪除NAT Gateway上DNAT映射的指定風險連接埠
Properties:
Service: VPC
API: DeleteForwardEntry
Parameters:
RegionId: '{{ regionId }}'
ForwardEntryId: '{{ ACS::TaskLoopItem }}'
ForwardTableId: '{{ describeNatGateways.ForwardTableIds }}'
Loop:
Items:
'Fn::Jq':
- All
- 'foreach .[] as $item ([[],[]]; if $item == null then [[],.[0]] else [(.[0] + [$item]),[]] end; if $item == null then .[1] else empty end) | .[]'
- '{{ describeForwardTableEntries.ForwardEntryId-all }}'
RateControl:
Mode: Concurrency
MaxErrors: 0
Concurrency: 1
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- port
Label:
default:
zh-cn: 設定參數
en: Configure Parameters
- Parameters:
- regionId
- instanceId
Label:
default:
zh-cn: 選擇執行個體
en: Select Instances
- Parameters:
- rateControl
- OOSAssumeRole
Label:
default:
zh-cn: 進階選項
en: Control Options