CLI integration example
This topic uses an example of calling the Anti-DDoS Origin ListPolicy API to query mitigation policies to show you how to use the Alibaba Cloud CLI to call Anti-DDoS Origin APIs.
Concepts
-
Alibaba Cloud CLI (Alibaba Cloud Command Line Interface) is a command-line tool built on OpenAPI. You can use it to automate the management of Anti-DDoS Origin. For more information, see What is Alibaba Cloud CLI.
-
You cannot use Alibaba Cloud CLI to call the APIs of Anti-DDoS Diversion, which corresponds to the Anti-DDoS Origin
2023-07-01OpenAPI version. If you need this feature, submit a ticket.
Step 1: Install Alibaba Cloud CLI
Before you use Alibaba Cloud CLI, you must install it. Installation options are available for Windows, Linux, and macOS. Select the appropriate installation method for your operating system.
-
Windows: Install Alibaba Cloud CLI on Windows.
Cloud Shell comes with Alibaba Cloud CLI pre-installed and is regularly updated. You can use Cloud Shell to quickly run and debug Alibaba Cloud CLI commands. For more information, see What is Cloud Shell?.
Step 2: Configure Alibaba Cloud CLI
An Alibaba Cloud account (primary account) has full permissions to manage all services through their APIs, which poses a high security risk. We strongly recommend that you create a RAM user (sub-account), grant permissions based on the principle of least privilege, and use the RAM user to access OpenAPI. For information about the permission policies that Anti-DDoS Origin supports, see System policy reference for Anti-DDoS Origin and Custom policies of Anti-DDoS Origin.
Before using Alibaba Cloud CLI, you must configure your identity credentials and a region ID. Alibaba Cloud CLI supports multiple types of identity credentials. For more information, see Configure and manage credentials. The following steps describe how to configure credentials by using a RAM user's AccessKey.
-
Create a RAM user and an AccessKey pair to use for your credentials. For more information, see Create a RAM user and Create an AccessKey.
-
Grant permissions to the RAM user. In this example, grant the RAM user read-only access to Anti-DDoS Origin by assigning the
AliyunYundunAntiDDoSBagReadOnlyAccesspermission. For more information, see Manage RAM user permissions. -
Obtain an available region ID to use when you configure your credentials. Alibaba Cloud CLI sends API requests to the region that you specify. For a list of available regions for Anti-DDoS Origin, see Endpoints.
NoteWhen you run a command, you can use the
--regionoption to specify a region for that specific request. This option overrides the default region set in your credential configuration and environment variables. For more information, see Command-line options. -
Configure credentials by using the RAM user's AccessKey and name the configuration profile
AkProfile. For more information, see Configure and manage credentials.
Step 3: Generate a CLI command example
-
In OpenAPI Explorer, go to the ListPolicy debugging page.
-
On the Parameters tab, enter the request parameters. Then, click the CLI Example tab to view the generated command.
-
Copy the CLI command example or run it directly in Cloud Shell:
-
Click the Run Command icon
to open Cloud Shell and run the command. -
Click the Copy icon
to copy the command to your clipboard. You can then paste it into your local shell to run it.
NoteWhen you copy the CLI command example to a local shell for debugging, make sure that the parameter format is correct. For more information about the parameter format of Alibaba Cloud CLI, see Parameter format.
The command generated in OpenAPI Explorer includes the
--regionoption by default. When you run this command, Alibaba Cloud CLI uses the specified region and ignores the default region in your credential configurations and environment variables. You can keep or remove this option as needed. -
Step 4: Call the Anti-DDoS Origin OpenAPI
Example 1: List available Anti-DDoS Origin APIs
The following example shows how to use the --help option to list the available Anti-DDoS Origin APIs in Alibaba Cloud CLI. For more information, see API overview.
-
Run the following command:
aliyun ddosbgp --help -
The following output is returned:
Product: ddosbgp () Version: 2018-07-20 Available Api List: AddIp AddRdMemberList AttachAssetGroupToInstance AttachToPolicy CheckAccessLogAuth CheckGrant ConfigSchedruleOnDemand
Example 2: Query mitigation policies
The following example shows how to use Alibaba Cloud CLI to call the ListPolicy API of Anti-DDoS Origin to query mitigation policies for Elastic Compute Service.
-
Run the following command:
aliyun ddosbgp ListPolicy --ProductType ecs -
The following output is returned:
{ "RequestId": "B4B379C2-9319-4C6B-B579-FE36831B09F4", "PolicyList": [ { "Id": "877afbdf-3982-4d36-9886-f043********", "Name": "test**", "Type": "l3", "Remark": "test", "AttachedCount": 0, "Content": { "BlackIpListExpireAt": 1716878000, "EnableIntelligence": true, "IntelligenceLevel": "default", "WhitenGfbrNets": false, "EnableDropIcmp": false, "RegionBlockCountryList": [ 11 ], "RegionBlockProvinceList": [ 2 ], "SourceLimit": { "Pps": 64, "Bps": 2048, "SynPps": 64, "SynBps": 2048 }, "SourceBlockList": [ { "Type": 3, "BlockExpireSeconds": 120, "EverySeconds": 60, "ExceedLimitTimes": 5 } ], "ReflectBlockUdpPortList": [ 123 ], "PortRuleList": [ { "Id": "8f3c3062-6c20-425d-8405-2bd1********", "Protocol": "udp", "SrcPortStart": 0, "SrcPortEnd": 65535, "DstPortStart": 0, "DstPortEnd": 65535, "MatchAction": "drop", "SeqNo": 1 } ], "FingerPrintRuleList": [ { "Id": "2c0b09cd-a565-4481-9acb-418b********", "Protocol": "udp", "SrcPortStart": 0, "SrcPortEnd": 65535, "DstPortStart": 0, "DstPortEnd": 65535, "MinPktLen": 1, "MaxPktLen": 1500, "Offset": 0, "PayloadBytes": "abcd", "MatchAction": "drop", "RateValue": 1000, "SeqNo": 1 } ], "EnableL4Defense": true, "L4RuleList": [ { "Name": "test**", "Priority": 1, "Method": "char", "Match": "1", "Action": "2", "Limited": 0, "ConditionList": [ { "Arg": "test", "Position": 0, "Depth": 32 } ] } ] } } ], "Total": 10 }NoteIf an Anti-DDoS Origin API call returns an error, use the returned error code to check if the request parameters and their values are valid.
Record the returned RequestID or the SDK error message, and then use the Alibaba Cloud OpenAPI Diagnostic Platform to troubleshoot the issue.