This topic describes how to use Alibaba Cloud Command Line Interface (CLI) to call Anti-DDoS Origin APIs. To illustrate this process, we use Alibaba Cloud CLI to call the ListPolicy API of Anti-DDoS Origin to query mitigation policies.
Background
Alibaba Cloud CLI is a general-purpose command-line tool developed based on APIs. It enables automated management and maintenance of Anti-DDoS Origin. For more information, see What is Alibaba Cloud CLI?
Limit
Currently, Alibaba Cloud CLI does not support calling Anti-DDoS Diversion (Anti-DDoS Origin 2023-07-01 API version). If you need assistance with this functionality, submit a ticket.
Procedure
Step 1: Install Alibaba Cloud CLI
Ensure that you have installed Alibaba Cloud CLI on your system. Alibaba Cloud CLI offers installation packages for Windows, Linux, and macOS users.
You can also debug Alibaba Cloud CLI commands in Cloud Shell, where Alibaba Cloud CLI is pre-installed and receives regular updates. For more information, see What is Cloud Shell?
Step 2: Configure Alibaba Cloud CLI
We highly recommend that you create a RAM user and apply the Principle of Least Privilege when granting permissions to access APIs. An Alibaba Cloud account has the permissions to manage and access the APIs of all Alibaba Cloud services, which can lead to security risks. For the permission policies supported by Anti-DDoS Origin, see System policies for DdosBgp and Custom policies of Anti-DDoS Origin.
Before using Alibaba Cloud CLI, you need to configure your identity credentials and region ID. Alibaba Cloud CLI supports various types of identity credentials. For more information, see Credential types.
To configure AccessKey credentials with the AccessKey ID of a RAM user, follow these steps:
Create a RAM user and an AccessKey pair. For more information, see Create a RAM user and Create an AccessKey pair.
Grant permissions to the RAM user. In this example, grant the RAM user read-only access to Anti-DDoS Origin using
AliyunYundunAntiDDoSBagReadOnlyAccess. For more information, see Grant permissions to a RAM user.Identify the region ID. Alibaba Cloud CLI uses the specified region to call APIs. To check available regions for Anti-DDoS Origin, see Endpoints.
NoteWhen using Alibaba Cloud CLI, you can specify a region with the
--regionoption to override the default region information set in your identity credential configuration and environment variable settings. For more information, see Command line options for API calls.Configure AccessKey credentials with the AccessKey ID of the RAM user, and name the configuration file
AkProfile. For more information, see Configuration examples.
Step 3: Generate CLI command examples
Access ListPolicy debugging address.
In the Parameters section, input the request parameters and click the CLI Example tab to view the generated CLI command.
Copy the CLI command or execute it directly in Cloud Shell:
Click Run Command
to launch Cloud Shell, which allows you to expedite command debugging.Click Copy
to copy the CLI command to your clipboard. You can then use this command in your local shell.
NoteWhen you paste the CLI command into your local shell for debugging, ensure that the parameter format is correct. For more information on the command parameter formats of Alibaba Cloud CLI, see Parameter formats.
Additionally, note that the
--regionoption is included by default in the sample command generated in the OpenAPI Explorer. When you copy this command to your shell, Alibaba Cloud CLI ignores the region information in the default identity credential configurations and environment variable settings, and preferentially runs the command in the specified region. You can either delete or retain this option based on your business requirements.
Step 4: Call the APIs of Anti-DDoS Origin
Example 1: Query the Anti-DDoS Origin API operations that can be called by Alibaba Cloud CLI
Use the --help option to list the Anti-DDoS Origin API operations available in the Alibaba Cloud CLI. For more information, see List of operations by function.
Run the following command:
aliyun ddosbgp --helpRun the following command:
Example 2: Query mitigation policies
This example illustrates how to use Alibaba Cloud CLI to call the ListPolicy API of Anti-DDoS Origin to query mitigation policies for Elastic Compute Service.
Run the following command:
aliyun ddosbgp ListPolicy --ProductType ecsView the result.
{ "RequestId": "B4B379C2-9319-4C6B-B579-FE36831B09F4", "PolicyList": [ { "Id": "877afbdf-3982-4d36-9886-f043********", "Name": "test**", "Type": "l3", "Remark": "test", "AttachedCount": 0, "Content": { "BlackIpListExpireAt": 1716878000, "EnableIntelligence": true, "IntelligenceLevel": "default", "WhitenGfbrNets": false, "EnableDropIcmp": false, "RegionBlockCountryList": [ 11 ], "RegionBlockProvinceList": [ 2 ], "SourceLimit": { "Pps": 64, "Bps": 2048, "SynPps": 64, "SynBps": 2048 }, "SourceBlockList": [ { "Type": 3, "BlockExpireSeconds": 120, "EverySeconds": 60, "ExceedLimitTimes": 5 } ], "ReflectBlockUdpPortList": [ 123 ], "PortRuleList": [ { "Id": "8f3c3062-6c20-425d-8405-2bd1********", "Protocol": "udp", "SrcPortStart": 0, "SrcPortEnd": 65535, "DstPortStart": 0, "DstPortEnd": 65535, "MatchAction": "drop", "SeqNo": 1 } ], "FingerPrintRuleList": [ { "Id": "2c0b09cd-a565-4481-9acb-418b********", "Protocol": "udp", "SrcPortStart": 0, "SrcPortEnd": 65535, "DstPortStart": 0, "DstPortEnd": 65535, "MinPktLen": 1, "MaxPktLen": 1500, "Offset": 0, "PayloadBytes": "abcd", "MatchAction": "drop", "RateValue": 1000, "SeqNo": 1 } ], "EnableL4Defense": true, "L4RuleList": [ { "Name": "test**", "Priority": 1, "Method": "char", "Match": "1", "Action": "2", "Limited": 0, "ConditionList": [ { "Arg": "test", "Position": 0, "Depth": 32 } ] } ] } } ], "Total": 10 }NoteIf you receive an error after calling the API operations of Anti-DDoS Origin, you need to verify the accuracy of the request parameters and their associated values based on the error message.
You can also document the RequestID or the SDK error message returned by the API call for self-diagnosis using the Alibaba Cloud OpenAPI Diagnostic Platform.