Template name
ACS-RDS-BulkyMigrateSecurityIPMode - Switches the RDS whitelist to high-security mode
Template description
Changes the whitelist mode of ApsaraDB RDS instances to the enhanced whitelist mode.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Data type | Required | Default value | Limit |
regionId | The ID of the region. | String | No | {{ ACS::RegionId }} | |
targets | The target instances. | Json | No | {'Type': 'ResourceIds', 'ResourceIds': [], 'RegionId': '{{ regionId }}'} | |
instanceIds | A list of RDS instance IDs. | List | No | [] | |
rateControl | The concurrency rate for task execution. | Json | No | {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10} | |
OOSAssumeRole | The RAM role that Operation Orchestration Service (OOS) assumes. | String | No | "" |
Output parameters
N/A.
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"rds:DescribeDBInstances",
"rds:MigrateSecurityIPMode"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"oos:GetApplicationGroup"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Details
ACS-RDS-BulkyMigrateSecurityIPMode
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Migrate security ip mode
name-en: ACS-RDS-BulkyMigrateSecurityIPMode
categories:
- security
- rds
Parameters:
regionId:
Type: String
Label:
en: RegionId
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
targets:
Type: Json
Label:
en: TargetInstance
AssociationProperty: Targets
AssociationPropertyMetadata:
ResourceType: ALIYUN::RDS::Instance
RegionId: regionId
Default:
Type: ResourceIds
ResourceIds: []
RegionId: '{{ regionId }}'
instanceIds:
Label:
en: InstanceIds
AssociationProperty: ALIYUN::RDS::Instance::InstanceId
Type: List
Default: []
AssociationPropertyMetadata:
RegionId: regionId
Visible:
Condition:
Fn::Equals:
- ${targets}
- {}
rateControl:
Label:
en: RateControl
Type: Json
AssociationProperty: RateControl
Default:
Mode: Concurrency
MaxErrors: 0
Concurrency: 10
OOSAssumeRole:
Label:
en: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Conditions:
instanceId:
Fn::Equals:
- '{{ instanceIds }}'
- []
Tasks:
- Name: getInstance
When: instanceId
Description:
en: Get the RDS instances
Action: ACS::SelectTargets
Properties:
ResourceType: ALIYUN::RDS::Instance
RegionId: '{{regionId}}'
Filters:
- '{{ targets }}'
Outputs:
instanceIds:
Type: List
ValueSelector: Instances.Instance[].InstanceId
- Name: migrateSecurityIPMode
When: instanceId
Action: 'ACS::ExecuteAPI'
Description:
en: Migrate security ip mode
Properties:
Service: RDS
API: MigrateSecurityIPMode
Parameters:
RegionId: '{{ regionId }}'
DBInstanceId: '{{ ACS::TaskLoopItem }}'
Loop:
RateControl: '{{ rateControl }}'
Items:
Fn::If:
- Fn::Equals:
- '{{instanceIds}}'
- []
- '{{ getInstance.instanceIds }}'
- '{{ instanceIds}}'