All Products
Search

This Product

    CloudOps Orchestration Service:ACS-ApiGateway-BulkyModifyApiGroupNetworkPolicy

    Document Center

    CloudOps Orchestration Service:ACS-ApiGateway-BulkyModifyApiGroupNetworkPolicy

    Last Updated:Nov 25, 2024

    Template name

    ACS-ApiGateway-BulkyModifyApiGroupNetworkPolicy

    Execute Now

    Template description

    Modifies the HTTPS version of an API gateway to support the Transport Layer Security (TLS) 1.2 protocol.

    Template type

    Automated

    Owner

    Alibaba Cloud

    Input parameters

    Parameter

    Description

    Type

    Required

    Default value

    Limit

    groupId

    The ID of the API group.

    String

    Yes

    httpsPolicy

    The HTTPS security policy.

    String

    Yes

    regionId

    The region ID.

    String

    No

    {{ ACS::RegionId }}

    rateControl

    The rate control settings.

    Json

    No

    {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}

    OOSAssumeRole

    The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).

    String

    No

    ""

    Output parameters

    None

    Permission policy that is required to execute the template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "cloudapi:DescribeApiGroups",
                "cloudapi:ModifyApiGroupNetworkPolicy",
                "cloudapi:ModifyInstanceAttribute"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    References

    For more information, see ACS-ApiGateway-BulkyModifyApiGroupNetworkPolicy.yml at GitHub.

    Template content

    FormatVersion: OOS-2019-06-01
Description:
  en: Modify the https version of apigateway instance to support tls1.2
  zh-cn: the description in Chinese
  name-en: ACS-ApiGateway-BulkyModifyApiGroupNetworkPolicy
  name-zh-cn: the description in Chinese
  categories:
    - security
Parameters:
  regionId:
    Label:
      en: RegionId
      zh-cn: the description in Chinese
    Type: String
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  groupId:
    Label:
      en: GroupId
      zh-cn: the description in Chinese
    Type: String
  httpsPolicy:
    Label:
      en: HttpsPolicy
      zh-cn: the description in Chinese
    Type: String
    AllowedValues:
      - HTTPS1_1_TLS1_0
      - HTTPS2_TLS1_0
      - HTTPS2_TLS1_2
  rateControl:
    Label:
      en: RateControl
      zh-cn: the description in Chinese
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: the description in Chinese
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: describeApiGroups
    Action: ACS::ExecuteAPI
    Description:
      en: Query the detailed instance type of apigateway
      zh-cn: the description in Chinese
    Properties:
      Service: CLOUDAPI
      API: DescribeApiGroups
      Parameters:
        RegionId: '{{ regionId }}'
        GroupId: '{{ groupId }}'
    Outputs:
      instanceType:
        Type: String
        ValueSelector: .ApiGroupAttributes.ApiGroupAttribute[].InstanceType
      instanceId:
        Type: String
        ValueSelector: .ApiGroupAttributes.ApiGroupAttribute[].InstanceId
  - Name: checkInstanceType
    Action: ACS::Choice
    Description:
      en: Identify the detailed instance type of apigateway
      zh-cn: the description in Chinese
    Properties:
      DefaultTask: ACS::END
      Choices:
        - When:
            Fn::Equals:
              - VPC_SHARED
              - '{{ describeApiGroups.instanceType }}'
          NextTask: modifyApiGroupNetworkPolicyForShared
        - When:
            Fn::Equals:
              - VPC_DEDICATED
              - '{{ describeApiGroups.instanceType }}'
          NextTask: modifyApiGroupNetworkPolicyForDedicated
  - Name: modifyApiGroupNetworkPolicyForShared
    Action: ACS::ExecuteAPI
    OnSuccess: ACS::END
    Description:
      en: Modify the https version of shared apigateway instance to support tls1.2
      zh-cn: the description in Chinese
    Properties:
      Service: CLOUDAPI
      API: ModifyApiGroupNetworkPolicy
      Parameters:
        RegionId: '{{ regionId }}'
        GroupId: '{{ groupId }}'
        HttpsPolicy: '{{ httpsPolicy }}'
  - Name: modifyApiGroupNetworkPolicyForDedicated
    Action: ACS::ExecuteAPI
    OnSuccess: ACS::END
    Description:
      en: Modify the https version of dedicated apigateway instance to support tls1.2
      zh-cn: the description in Chinese
    Properties:
      Service: CLOUDAPI
      API: ModifyInstanceAttribute
      Parameters:
        RegionId: '{{ regionId }}'
        InstanceId: '{{ describeApiGroups.instanceId }}'
        HttpsPolicy: '{{ httpsPolicy }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - httpsPolicy
        Label:
          default:
            zh-cn: the description in Chinese
            en: Configure Parameters
      - Parameters:
          - regionId
          - groupId
        Label:
          default:
            zh-cn: the description in Chinese
            en: Select Instance
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: the description in Chinese
            en: Control Options