Template name
ACS-ECS-BulkyModifyUserPasswordBySecretParameter uses secret parameters to perform batch modifications of user passwords on ECS instances.
Template description
Changes the passwords of multiple Elastic Compute Service (ECS) instances in a batch using a secret parameter.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Type | Required | Default value | Limit |
targets | Target instance | Json | Yes | ||
username | The username of the account whose password you want to change. | String | Yes | ||
passwordParameter | Password encryption parameters | String | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
whetherToDeleteSecretParameter | Specifies whether to delete the secret parameter. | Boolean | No | False | |
rateControl | Rate of concurrent task execution | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
None
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:AttachInstanceRamRole",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstances",
"ecs:DescribeInvocationResults",
"ecs:DescribeInvocations",
"ecs:DetachInstanceRamRole",
"ecs:RunCommand"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:DeleteSecretParameter",
"oos:GetApplicationGroup"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ros:CreateStack",
"ros:DeleteStack",
"ros:GetStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:PassRole"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Details
For more details, see ACS-ECS-BulkyModifyUserPasswordBySecretParameter.
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Changes the passwords for multiple ECS instances using a secret parameter.
zh-cn: Changes the passwords for multiple ECS instances using a secret parameter.
name-en: ACS-ECS-BulkyModifyUserPasswordBySecretParameter
name-zh-cn: Change passwords for multiple ECS instances using a secret parameter
categories:
- run_command
Parameters:
regionId:
Type: String
Label:
en: Region ID
zh-cn: Region ID
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
targets:
Type: Json
Label:
en: Target instance
zh-cn: Target instance
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: 'ALIYUN::ECS::Instance'
RegionId: regionId
username:
Label:
en: Username
zh-cn: Username
Type: String
passwordParameter:
Label:
en: Password secret parameter
zh-cn: Password secret parameter
Type: String
whetherToDeleteSecretParameter:
Label:
en: Delete secret parameter after use
zh-cn: Delete secret parameter after use
Type: Boolean
Default: false
rateControl:
Label:
en: Rate control
zh-cn: Rate control
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: RAM role for OOS
zh-cn: RAM role for OOS
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Conditions:
whetherToDeleteSecretParameter:
Fn::Equals:
- true
- '{{ whetherToDeleteSecretParameter }}'
Tasks:
- Name: getInstance
Description:
en: Gets the specified ECS instances.
zh-cn: Gets the specified ECS instances.
Action: ACS::SelectTargets
Properties:
ResourceType: ALIYUN::ECS::Instance
RegionId: '{{ regionId }}'
Filters:
- '{{ targets }}'
- Name: modifyUserPasswordBySecretParameter
Action: ACS::ECS::ModifyUserPasswordBySecretParameter
OnError: deleteSecretParameter
Description:
en: Modifies the user password with the secret parameter.
zh-cn: Modifies the user password with the secret parameter.
Properties:
regionId: '{{ regionId }}'
instanceId: '{{ ACS::TaskLoopItem }}'
username: '{{ username }}'
passwordParameter: '{{ passwordParameter }}'
Loop:
RateControl: '{{ rateControl }}'
Items: '{{ getInstance.Instances.Instance[].InstanceId }}'
- Name: deleteSecretParameter
When: whetherToDeleteSecretParameter
Description:
en: Deletes the secret parameter.
zh-cn: Deletes the secret parameter.
Action: ACS::ExecuteAPI
Properties:
Service: OOS
API: DeleteSecretParameter
Parameters:
RegionId: '{{ regionId }}'
Name:
Fn::Select:
- 0
- Fn::Split:
- '}'
- Fn::Select:
- 1
- Fn::Split:
- ':'
- '{{passwordParameter}}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- username
- passwordParameter
- whetherToDeleteSecretParameter
Label:
default:
zh-cn: Configure parameters
en: Configure parameters
- Parameters:
- regionId
- targets
Label:
default:
zh-cn: Select instances
en: Select instances
- Parameters:
- rateControl
- OOSAssumeRole
Label:
default:
zh-cn: Advanced options
en: Advanced options