All Products
Search
Document Center

CLI sample code

Last Updated: May 21, 2021

This topic describes how to complete Resource Access Management (RAM) and network configurations by using a command-line interface (CLI).

RAM configurations

You can use a CLI script to complete the following configurations:

  • Configure a password policy for RAM users.

  • Create custom policies for system administrators.

  • Configure RAM user groups. This simplifies RAM user authorization.

Procedure

  1. Clone the CLI script repository.

    git clone https://code.aliyun.com/labs/tutorial-landing-zone-one-cli.git

    If you have cloned the repository, run the cd ~/tutorial-landing-zone-one-cli; git pull command.

  2. Run the following CLI script to configure RAM:

    /bin/bash ~/tutorial-landing-zone-one-cli/ram/main.sh

    You can view the complete CLI script in the ram/main.sh file. The script contains the following configurations:

    • Custom policies are created for system administrators.

    • A password policy is configured for RAM users.

    • The CloudAdminGroup group is created, and the AdministratorAccess permission is granted to the group. Users in the group have full access to Alibaba Cloud resources.

    • The SystemAdminGroup group is created, and custom permissions are granted to the group. If your team has multiple roles, such as database administrators and network administrators, you can create user groups for each of the roles and grant the required permissions to the groups. Then, add the RAM users of each role to the groups.

    • The BillingAdminGroup group is created, and the AliyunBSSFullAccess and AliyunFinanceConsoleFullAccess permissions are granted to the group. You can add members of the finance team to the group. This way, the members of the finance team can process bills and invoices on Alibaba Cloud.

    • The CommonUserGroup group is created with no permissions granted.

    Network configurations

    You can configure your network by using a CLI script. For example, you can create a virtual private cloud (VPC) and a security group.

    Run the following CLI script to configure your network:

    /bin/bash ~/tutorial-landing-zone-one-cli/vpc/main.sh

    You can view the complete CLI script in the vpc/main.sh file. The script contains the following configurations:

    • A VPC named default_vpc is created.

    • A vSwitch named default_vSwitch is created in the VPC.

    • A security group named default_sg is created.