All Products
Search
Document Center

Bastionhost:List of operations by function

Last Updated:Dec 05, 2024
This product(Yundun-bastionhost/2019-12-09) OpenAPI adopts RPC Signature style. See signature details in Description of the signature mechanism. We have packaged SDKs for common programming languages for developers. Developers can directly call the OpenAPI of this product by downloading the SDK without paying attention to the technical details. If the existing SDK cannot meet the usage requirements, you can connect through the signature mechanism. It will take about 5 working days. Therefore, it is recommended to join our DingTalk service group (78410016550) and sign under the guidance of experts.
Before using the API, you need to prepare your identity account and access key (AccessKey) to effectively access the API through client tools (SDK, CLI, etc.). For details see getAccessKey.

Bastion Hosts (available only for bastion hosts that run V3.2.X)

APITitleDescription
DescribeInstanceAttributeDescribeInstanceAttributeQueries the attribute information about the specified bastion host. The information includes the ID and remarks of the bastion host.
DescribeInstancesDescribeInstancesQueries bastion hosts.
ConfigInstanceSecurityGroupsConfigInstanceSecurityGroupsConfigures security groups for a bastion host.
ConfigInstanceWhiteListConfigInstanceWhiteListConfigures a whitelist of public IP addresses for a bastion host.
StartInstanceStartInstanceEnables the specified bastion host.
EnableInstancePublicAccessEnableInstancePublicAccessEnables Internet access for a bastion host.
DisableInstancePublicAccessDisableInstancePublicAccessDisables Internet access for a bastion host.
ModifyInstanceAttributeModifyInstanceAttributeModifies the information about a bastion host.
MoveResourceGroupMoveResourceGroupMoves a bastion host from one resource group to another resource group.

Tags (available only for bastion hosts that run V3.2.X)

APITitleDescription
ListTagKeysListTagKeysQueries the tags that are added to a resource.
ListTagResourcesListTagResourcesQueries the tags bound to one or more Bastionhost instances.
UntagResourcesUntagResourcesRemoves tags from the specified bastion host and deletes the tags at a time.
TagResourcesTagResourcesCreates and adds tags to specified bastion hosts.

Regions (available only for bastion hosts that run V3.2.X)

APITitleDescription
DescribeRegionsDescribeRegionsQueries available regions where you can create bastion hosts.

Hosts (available only for bastion hosts that run V3.2.17 and later versions)

APITitleDescription
CreateHostCreateHostBastionhost allows you to perform O\\\&M operations on hosts from different sources, such as Alibaba Cloud Elastic Compute Service (ECS) instances, servers in on-premises data centers, and servers on other cloud platforms. Before you perform O\\\&M operations on hosts by using a bastion host, you must import the hosts to the bastion host. You can call this operation to import a host to a bastion host.
GetHostGetHostQueries the details of a host, such as the name, source, address, protocol, and service port of the host.
ListHostsListHostsQueries the hosts in a bastion host.
DeleteHostDeleteHostDeletes the specified host.
ModifyHostsPortModifyHostsPortChanges the port for the O\\\\\\&M protocol on one or more hosts.
ModifyHostsActiveAddressTypeModifyHostsActiveAddressTypeChanges the portal type of one or more hosts for O\&M.
ModifyHostModifyHostModifies information about a host. The information includes the address, name, and description of the host and the operating system that the host runs.

Databases (available only for bastion hosts that run V3.2.40)

APITitleDescription
CreateDatabaseCreateDatabaseImports an ApsaraDB RDS for MySQL instance, ApsaraDB RDS for SQL Server instance, ApsaraDB RDS for PostgreSQL instance, PolarDB for MySQL cluster, PolarDB for PostgreSQL cluster, PolarDB for PostgreSQL (Compatible with Oracle) cluster, self-managed MySQL database, self-managed SQL Server database, self-managed PostgreSQL database, or self-managed Oracle database to a bastion host.
ModifyDatabaseModifyDatabaseModifies the basic information about a database.
GetDatabaseGetDatabaseQueries the detailed information about a database.
ListDatabasesListDatabasesQueries the databases that are managed by a bastion host.
DeleteDatabaseDeleteDatabaseDeletes a database.

Network Domain (available only for bastion hosts that run V3.2.40)

APITitleDescription
CreateNetworkDomainCreateNetworkDomainCreates a network domain.
GetNetworkDomainGetNetworkDomainQueries the detailed information about a network domain.
ListNetworkDomainsListNetworkDomainsQueries the network domains created in a bastion host.
DeleteNetworkDomainDeleteNetworkDomainDeletes a network domain.
ModifyNetworkDomainModifyNetworkDomainModifies the basic information about a network domain.
MoveHostsToNetworkDomainMoveHostsToNetworkDomainAdds multiple hosts to a network domain at a time.
MoveDatabasesToNetworkDomainMoveDatabasesToNetworkDomainAdds multiple databases to a network domain at a time.

Host Accounts (available only for bastion hosts that run V3.2.17 and later versions)

APITitleDescription
CreateHostAccountCreateHostAccountAfter you import a host to a bastion host, you must add an account of the host to the bastion host. This way, O\\\&M engineers can use the account to log on to and perform O\\\&M operations on the host by using the bastion host.
GetHostAccountGetHostAccountQueries the details of a specified host account.
ListHostAccountsListHostAccountsQueries accounts of a specified host.
ModifyHostAccountModifyHostAccountModifies the information about a host account, such as the username, password, and private key of the host account.
DeleteHostAccountDeleteHostAccountRemoves a host account.

Database Accounts (available only for bastion hosts that run V3.2.40)

APITitleDescription
CreateDatabaseAccountCreateDatabaseAccountAfter a database is created, you can create a database account for the database. After the account is created, O\\\&M engineers can use the account to log on to and perform O\\\&M operations on the database.
ModifyDatabaseAccountModifyDatabaseAccountModifies the basic information about a database account.
GetDatabaseAccountGetDatabaseAccountQueries the detailed information about a database account.
ListDatabaseAccountsListDatabaseAccountsQueries the database accounts of a database.
ListDatabaseAccountsForUserGroupListDatabaseAccountsForUserGroupQueries the database accounts of a database and whether a user group is authorized to manage each database account.
DeleteDatabaseAccountDeleteDatabaseAccountDeletes a database account.

Users (available only for bastion hosts that run V3.2.17 and later versions)

APITitleDescription
CreateUserCreateUserAdds a user to a bastion host.
GetUserGetUserQueries the details of a user of the specified bastion host.
ListUsersListUsersQueries a list of users of a bastion host.
ModifyUserModifyUserModifies the information about a user of a bastion host.
DeleteUserDeleteUserDeletes a bastion host user.
CreateUserPublicKeyCreateUserPublicKeyCreates a public key for a bastion host user and hosts the public key in the bastion host. This way, O\\\&M engineers can use the private key that corresponds to the public key to log on to the bastion host from an O\\\&M client.
ListUserPublicKeysListUserPublicKeysQueries all public keys of the specified user.
ModifyUserPublicKeyModifyUserPublicKeyModifies the public key of the user.
DeleteUserPublicKeyDeleteUserPublicKeyDeletes a public key from the specified user.
LockUsersLockUsersLocks multiple user accounts on a bastion host at a time.
UnlockUsersUnlockUsersUnlocks multiple bastion host users at a time.

User Groups (available only for bastion hosts that run V3.2.17 and later versions)

APITitleDescription
CreateUserGroupCreateUserGroupCreates a user group for the specified bastion host.
GetUserGroupGetUserGroupQueries the details of a user group in a bastion host.
ListUserGroupsListUserGroupsQueries a list of user groups on a bastion host.
ModifyUserGroupModifyUserGroupModifies the information about the specified user group.
DeleteUserGroupDeleteUserGroupDeletes a specified user group from a specified bastion host.
AddUsersToGroupAddUsersToGroupAdd one or more users to a user group.
RemoveUsersFromGroupRemoveUsersFromGroupRemoves multiple users from a user group at a time.

Host Groups (available only for bastion hosts that run V3.2.17 and later versions)

APITitleDescription
CreateHostGroupCreateHostGroupYou can create asset groups based on your business requirements and add assets of the same type to an asset group. This allows you to classify assets and manage multiple assets at a time.
AddDatabasesToGroupAddDatabasesToGroupAdds multiple databases to a specified asset group.
AddHostsToGroupAddHostsToGroupAdds one or more hosts to the specified host group.
RemoveDatabasesFromGroupRemoveDatabasesFromGroupRemoves multiple databases from an asset group at a time.
DeleteHostGroupDeleteHostGroupDeletes a host group.
RemoveHostsFromGroupRemoveHostsFromGroupRemoves multiple hosts from an asset group at a time.
ModifyHostGroupModifyHostGroupModifies the name or description of the specified host group.
GetHostGroupGetHostGroupQueries the details of a specified host group.
ListHostGroupsListHostGroupsQueries a list of asset groups that are managed by a bastion host.

Host Authorization (available only for bastion hosts that run V3.2.17 and later versions)

APITitleDescription
AttachHostAccountsToUserAttachHostAccountsToUserAuthorizes a user to manage the hosts and host accounts.
ListHostsForUserListHostsForUserQueries the hosts that a user group is authorized or not authorized to manage.
ListHostAccountsForUserListHostAccountsForUserQueries the host accounts that the specified user is authorized to manage on the specified host.
DetachHostAccountsFromUserDetachHostAccountsFromUserRevokes permissions on hosts and host accounts from a user.
DetachHostAccountsFromUserGroupDetachHostAccountsFromUserGroupRevokes the permissions on one or more hosts and host accounts from a user group.
DetachHostGroupAccountsFromUserDetachHostGroupAccountsFromUserRemoves host groups and host accounts from the list of host groups and host accounts that a user is authorized to manage.
AttachHostAccountsToUserGroupAttachHostAccountsToUserGroupAuthorizes a user group to manage one or more hosts and host accounts.
DetachHostGroupAccountsFromUserGroupDetachHostGroupAccountsFromUserGroupRevokes permissions on one or more host groups and host accounts from a user group.
AttachHostGroupAccountsToUserAttachHostGroupAccountsToUserAuthorizes a user to manage one or more host groups and host accounts.
AttachHostGroupAccountsToUserGroupAttachHostGroupAccountsToUserGroupAuthorizes a user to manage one or more host groups and host accounts.
ListHostAccountsForUserGroupListHostAccountsForUserGroupQueries the host accounts of the specified host that the specified user group is authorized to manage.
ListHostGroupAccountNamesForUserListHostGroupAccountNamesForUserQueries the names of the host accounts that a specified user is authorized to manage in a specified host group.
ListHostGroupAccountNamesForUserGroupListHostGroupAccountNamesForUserGroupQueries the names of the host accounts that a user group is authorized to manage in a host group.
ListHostGroupsForUserListHostGroupsForUserQueries a list of host groups that a bastion host user is authorized or is not authorized to manage.
ListHostGroupsForUserGroupListHostGroupsForUserGroupQueries the hosts that a specified user group is authorized or not authorized to manage.
ListHostsForUserGroupListHostsForUserGroupQueries the hosts that a user group is authorized or not authorized to manage.

Database Authorization (available only for bastion hosts that run V3.2.40)

APITitleDescription
AttachDatabaseAccountsToUserAttachDatabaseAccountsToUserAuthorizes a user to manage databases and database accounts.
ListDatabasesForUserListDatabasesForUserQueries the databases that a user is authorized to manage.
DetachDatabaseAccountsFromUserGroupDetachDatabaseAccountsFromUserGroupRevokes permissions on databases and database accounts from a user group.
ListDatabaseAccountsForUserListDatabaseAccountsForUserQueries the database accounts of a database and whether a user is authorized to manage each database account.
DetachDatabaseAccountsFromUserDetachDatabaseAccountsFromUserRevokes permissions on databases and database accounts from a user.
AttachDatabaseAccountsToUserGroupAttachDatabaseAccountsToUserGroupAuthorizes a user group to manage databases and database accounts.
ListDatabasesForUserGroupListDatabasesForUserGroupQueries the databases that a user group is authorized to manage.

Operation Token (available only for bastion hosts that run V3.2.40)

APITitleDescription
ListOperationDatabasesListOperationDatabasesQueries a list of databases that the current Resource Access Management (RAM) user is authorized to manage.
ListOperationHostsListOperationHostsQueries a list of hosts that the current Resource Access Management (RAM) user is authorized to manage.
ListOperationHostAccountsListOperationHostAccountsQueries a list of host accounts that the current Resource Access Management (RAM) user is authorized to manage.
ListOperationDatabaseAccountsListOperationDatabaseAccountsQueries a list of database accounts that the current Resource Access Management (RAM) user is authorized to manage.
GenerateAssetOperationTokenGenerateAssetOperationTokenApplies for an O\\\&M token that is used to perform O\\\&M operations on a host or a database.
RenewAssetOperationTokenRenewAssetOperationTokenRenews an O\\\&M token for one hour.

Authorization Rules (available only for bastion hosts that run V3.2.40)

APITitleDescription
CreateRuleCreateRuleYou can create authorization rules to authorize multiple users to manage assets. You can also specify a validity period for an authorization rule. This way, you can manage users and assets in a more efficient manner and limit the time periods during which users can access assets.
ModifyRuleModifyRuleModifies the basic information of an authorization rule.
GetRuleGetRuleQueries the detailed information about an authorization rule.
ListRulesListRulesQueries a list of authorization rules of a bastion host.
EnableRuleEnableRuleEnables an authorization rule.
DisableRuleDisableRuleDisables an authorization rule.
DeleteRuleDeleteRuleDeletes an authorization rule.

Policies (available only for bastion hosts that run V3.2.40)

APITitleDescription
CreatePolicyCreatePolicyConfigures a command control, command approval, protocol control, or access control policy to manage O\\\&M operations. This effectively prevents users from performing high-risk operations or accidental operations to ensure O\\\&M security.
ModifyPolicyModifyPolicyModifies the basic information about a control policy.
GetPolicyGetPolicyQueries the detailed information about a control policy.
ListPoliciesListPoliciesQueries a list of control policies.
GetPolicyAssetScopeGetPolicyAssetScopeQueries the assets to which a control policy applies.
SetPolicyProtocolConfigSetPolicyProtocolConfigModify the protocol control settings in a control policy.
SetPolicyCommandConfigSetPolicyCommandConfigSpecifies the commands that can or cannot be run by the users or on the assets associated with the policy and the commands that must be reviewed.
SetPolicyIPAclConfigSetPolicyIPAclConfigConfigures access control settings in a control policy.
GetPolicyUserScopeGetPolicyUserScopeQueries the scope of users to whom a control policy applies.
SetPolicyAccessTimeRangeConfigSetPolicyAccessTimeRangeConfigConfigures the logon period limits in a control policy.
SetPolicyAssetScopeSetPolicyAssetScopeSpecifies the assets to which a control policy applies.
SetPolicyUserScopeSetPolicyUserScopeSpecifies the users to whom a control policy applies.
SetPolicyApprovalConfigSetPolicyApprovalConfigConfigures the O\&M approval setting in a control policy.
DeletePolicyDeletePolicyDeletes a control policy.

Approval (available only for bastion hosts that run V3.2.37)

APITitleDescription
ListApproveCommandsListApproveCommandsQueries commands to be reviewed.
AcceptApproveCommandAcceptApproveCommandIf an O\\\&M engineer attempts to run a command specified in the Command Approval field on the Create Control Policy page, the administrator is notified to review the command in the Bastionhost console. The command can be run only after it is approved by the administrator.
RejectApproveCommandRejectApproveCommandIf an O\\\&M engineer attempts to run a command specified in the Command Approval section of the Create Control Policy page, the administrator is notified to review the command in the Bastionhost console. The command can be run only after it is approved by the administrator.
ListOperationTicketsListOperationTicketsQueries O\\\\\\&M applications to be reviewed.
AcceptOperationTicketAcceptOperationTicketApproves an O\\\\\\&M application.
RejectOperationTicketRejectOperationTicketIf a Bastionhost administrator enables O\\\&M Approval on the Create Control Policy page, O\\\&M engineers can log on to assets to perform O\\\&M operations only after the administrator approves their O\\\&M applications.

Asset Management (available only for bastion hosts that run V3.2.X)

APITitleDescription
CreateHostShareKeyCreateHostShareKeyBastionhost provides the shared key feature. This feature allows you to manage the private key that is used to log on to a host in a bastion host. This way, you can associate the private key with multiple accounts of the host to make host account management more efficient.
GetHostShareKeyGetHostShareKeyQueries the information about a shared key.
ListHostShareKeysListHostShareKeysQueries the shared keys that are associated with a host.
ListHostAccountsForHostShareKeyListHostAccountsForHostShareKeyQueries the host accounts that are associated with a shared key.
ModifyHostShareKeyModifyHostShareKeyModifies a shared key.
AttachHostAccountsToHostShareKeyAttachHostAccountsToHostShareKeyAssociates host accounts with a shared key.
DetachHostAccountsFromHostShareKeyDetachHostAccountsFromHostShareKeyDisassociate host accounts from a shared key.
DeleteHostShareKeyDeleteHostShareKeyDeletes a shared key.

System Settings (available only for bastion hosts that run V3.2.X)

APITitleDescription
GetInstanceADAuthServerGetInstanceADAuthServerQueries the settings of Active Directory (AD) authentication on a bastion host.
ModifyInstanceADAuthServerModifyInstanceADAuthServerModifies the settings of the Active Directory (AD) authentication server of a bastion host.
GetInstanceTwoFactorGetInstanceTwoFactorQueries the settings of two-factor authentication on a bastion host.
ModifyInstanceTwoFactorModifyInstanceTwoFactorModifies the two-factor authentication settings of a bastion host.
ModifyInstanceLDAPAuthServerModifyInstanceLDAPAuthServerModifies the settings of the Lightweight Directory Access Protocol (LDAP) authentication server of a bastion host.
GetInstanceLDAPAuthServerGetInstanceLDAPAuthServerQueries the settings of Lightweight Directory Access Protocol (LDAP) authentication on a bastion host.