All Products
Search

This Product

    CloudOps Orchestration Service:ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Document Center

    CloudOps Orchestration Service:ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Last Updated:Nov 26, 2024

    Template name

    ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Execute Now

    Template description

    Removes 0.0.0.0/0 from the IP address whitelist of an ApsaraDB RDS instance.

    Template type

    Automated

    Owner

    Alibaba Cloud

    Input parameters

    Parameter

    Description

    Data type

    Required

    Default value

    Limit

    instanceId

    The ID of the ApsaraDB RDS instance.

    String

    Yes

    regionId

    The region ID.

    String

    No

    {{ ACS::RegionId }}

    OOSAssumeRole

    The RAM role that is assumed by CloudOps Orchestration Service (OOS).

    String

    No

    ""

    Output parameters

    N/A.

    Permission policy that is required to execute the template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeDBInstanceIPArrayList",
                "rds:ModifySecurityIps"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    References

    ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Template content

    FormatVersion: OOS-2019-06-01
Description:
  en: Del 0.0.0.0/0 from the ip white list array of rds instances   
  name-en: ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray   
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId     
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  instanceId:
    Label:
      en: InstanceId       
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: String
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole     
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: describeDBInstanceIPArray
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Query SecurityIPList of a rds instance       
    Properties:
      Service: RDS
      API: DescribeDBInstanceIPArrayList
      Parameters:
        RegionId: '{{ regionId }}'
        DBInstanceId: '{{ instanceId }}'
    Outputs:
      DBInstanceIPArray:
        Type: List
        ValueSelector: '.Items.DBInstanceIPArray[] | {"SecurityIPList": .SecurityIPList, "DBInstanceIPArrayName": .DBInstanceIPArrayName, "WhitelistNetworkType": .WhitelistNetworkType}'
  - Name: modifySecurityByDBInstanceIPArray
    Action: ACS::RDS::ModifySecurityIpsByInstanceIPArray
    Description:
      en: Query SecurityIPList of a rds instance       
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ instanceId }}'
      securityIps:
        'Fn::Select':
          - SecurityIPList
          - '{{ ACS::TaskLoopItem }}'
      instanceIPArrayName:
        'Fn::Select':
          - DBInstanceIPArrayName
          - '{{ ACS::TaskLoopItem }}'
      whitelistNetworkType:
        'Fn::Select':
          - WhitelistNetworkType
          - '{{ ACS::TaskLoopItem }}'
    Loop:
      Items: '{{ describeDBInstanceIPArray.DBInstanceIPArray }}'
      RateControl:
        Mode: Concurrency
        MaxErrors: 0
        Concurrency: 1