All Products
Search

This Product

    CloudOps Orchestration Service:ACS-ESS-ECILifeCycleModifyRedisIPWhitelist

    Document Center

    CloudOps Orchestration Service:ACS-ESS-ECILifeCycleModifyRedisIPWhitelist

    Last Updated:Dec 24, 2025

    Template name

    ACS-ESS-ECILifeCycleModifyRedisIPWhitelist: ECI uses a lifecycle hook to set the IP address whitelist of a Redis instance.

    Execute Now

    Template description

    Uses a lifecycle hook to add or remove the IP addresses of elastic container instances in the IP address whitelist of a Tair (Redis OSS-compatible) instance.

    Template type

    Automated

    Owner

    Alibaba Cloud

    Input parameters

    Parameter

    Description

    Type

    Required

    Default value

    Limit

    dbInstanceId

    The ID of the Tair (Redis OSS-compatible) instance.

    String

    Yes

    modifyMode

    The method used to modify the IP address whitelist.

    String

    Yes

    regionId

    The region ID.

    String

    No

    ${regionId}

    instanceIds

    The IDs of the elastic container instances.

    List

    No

    ['${instanceIds}']

    lifecycleHookId

    The lifecycle hook ID.

    String

    No

    ${lifecycleHookId}

    lifecycleActionToken

    The token of a specific scaling activity that is associated with the instances.

    String

    No

    ${lifecycleActionToken}

    OOSAssumeRole

    The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).

    String

    No

    OOSServiceRole

    Output parameters

    Parameter

    Description

    Type

    ipAddresses

    List

    Policy that is required to execute the template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "eci:DescribeContainerGroups"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "kvstore:ModifySecurityIps"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "ess:CompleteLifecycleAction"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Details

    ACS-ESS-ECILifeCycleModifyRedisIPWhitelist

    Template content

    FormatVersion: OOS-2019-06-01
Description:
  en: Uses a lifecycle hook to modify the IP whitelist of a Redis instance.
  name-en: ACS-ESS-ECILifeCycleModifyRedisIPWhitelist
  categories:
    - elastic_manage
Parameters:
  dbInstanceId:
    Label:
      en: Redis instance ID
    Type: String
  modifyMode:
    Label:
      en: Modification mode for IP whitelist
    Description:
      en: The method to modify the IP whitelist. Set the value to Append for scale-out activities or Delete for scale-in activities.
    Type: String
    AllowedValues:
      - Append
      - Delete
  regionId:
    Label:
      en: Region ID
    Description:
      en: The ID of the region. Use the default value ${regionId} provided by Auto Scaling.
    Type: String
    Default: '${regionId}'
  instanceIds:
    Label:
      en: ECI instance IDs
    Description:
      en: The list of ECI instance IDs. Use the default value ["${instanceId}"] provided by Auto Scaling.
    Type: List
    Default:
      - '${instanceIds}'
  lifecycleHookId:
    Label:
      en: Lifecycle hook ID
    Description:
      en: The ID of the lifecycle hook. Use the default value ${lifecycleHookId} provided by Auto Scaling.
    Type: String
    Default: '${lifecycleHookId}'
  lifecycleActionToken:
    Label:
      en: Token for the scaling activity
    Description:
      en: The token for the specific scaling activity associated with the instance. Use the default value ${lifecycleActionToken} provided by Auto Scaling.
    Type: String
    Default: '${lifecycleActionToken}'
  OOSAssumeRole:
    Label:
      en: The RAM role assumed by OOS
    Type: String
    Default: OOSServiceRole
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: getInstanceIpAddress
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Obtains the IP addresses of the ECI instances.
    OnError: CompleteLifecycleActionForAbandon
    Properties:
      Service: ECI
      API: DescribeContainerGroups
      Parameters:
        RegionId: '{{ regionId }}'
        ContainerGroupIds: '{{ instanceIds }}'
    Outputs:
      Ips:
        Type: List
        ValueSelector: '.ContainerGroups[].IntranetIp'
  - Name: modifySecurityIps
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Modifies the whitelist.
    OnError: CompleteLifecycleActionForAbandon
    OnSuccess: CompleteLifecycleActionForContinue
    Properties:
      Service: R-KVSTORE
      API: ModifySecurityIps
      Parameters:
        RegionId: '{{ regionId }}'
        ModifyMode: '{{ modifyMode }}'
        InstanceId: '{{ dbInstanceId }}'
        SecurityIps:
          'Fn::Join':
            - ','
            - '{{ getInstanceIpAddress.Ips }}'
  - Name: CompleteLifecycleActionForContinue
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Sets the lifecycle action result to CONTINUE.
    OnSuccess: 'ACS::END'
    Properties:
      Service: ESS
      API: CompleteLifecycleAction
      Parameters:
        RegionId: '{{ regionId }}'
        LifecycleHookId: '{{ lifecycleHookId }}'
        LifecycleActionToken: '{{ lifecycleActionToken }}'
        LifecycleActionResult: CONTINUE
  - Name: CompleteLifecycleActionForAbandon
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Sets the lifecycle action result to ABANDON.
    Properties:
      Service: ESS
      API: CompleteLifecycleAction
      Parameters:
        RegionId: '{{ regionId }}'
        LifecycleHookId: '{{ lifecycleHookId }}'
        LifecycleActionToken: '{{ lifecycleActionToken }}'
        LifecycleActionResult: ABANDON
Outputs:
  ipAddresses:
    Type: List
    Value: '{{ getInstanceIpAddress.Ips }}'