All Products
Search

This Product

    CloudOps Orchestration Service:ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Document Center

    CloudOps Orchestration Service:ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Last Updated:Dec 22, 2025

    Template name

    ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray removes 0.0.0.0/0 from an RDS instance's IP address whitelist group.

    Execute Now

    Template description

    Removes 0.0.0.0/0 from the IP address whitelist of an ApsaraDB RDS instance.

    Template type

    Automated

    Owner

    Alibaba Cloud

    Input parameters

    Parameter

    Description

    Data type

    Required

    Default value

    Limit

    instanceId

    The ID of the ApsaraDB RDS instance.

    String

    Yes

    regionId

    The region ID.

    String

    No

    {{ ACS::RegionId }}

    OOSAssumeRole

    The RAM role that is assumed by CloudOps Orchestration Service (OOS).

    String

    No

    ""

    Output parameters

    N/A.

    Permission policy that is required to execute the template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "rds:DescribeDBInstanceIPArrayList",
                "rds:ModifySecurityIps"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Details

    ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray

    Template content

    FormatVersion: OOS-2019-06-01
Description:
  en: Deletes 0.0.0.0/0 from the IP address whitelist groups of RDS instances.
  name-en: ACS-RDS-BulkyModifySecurityIpsByInstanceIPArray
  categories:
    - security
    - rds
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  instanceId:
    Label:
      en: InstanceId
    AssociationProperty: ALIYUN::RDS::Instance::InstanceId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: String
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: describeDBInstanceIPArray
    Action: 'ACS::ExecuteAPI'
    Description:
      en: Queries the IP address whitelist groups of an RDS instance.
    Properties:
      Service: RDS
      API: DescribeDBInstanceIPArrayList
      Parameters:
        RegionId: '{{ regionId }}'
        DBInstanceId: '{{ instanceId }}'
    Outputs:
      DBInstanceIPArray:
        Type: List
        ValueSelector: '.Items.DBInstanceIPArray[] | {"SecurityIPList": .SecurityIPList, "DBInstanceIPArrayName": .DBInstanceIPArrayName, "WhitelistNetworkType": .WhitelistNetworkType}'
  - Name: modifySecurityByDBInstanceIPArray
    Action: ACS::RDS::ModifySecurityIpsByInstanceIPArray
    Description:
      en: Modifies the IP address whitelist groups of the RDS instance.
    Properties:
      regionId: '{{ regionId }}'
      instanceId: '{{ instanceId }}'
      securityIps:
        'Fn::Select':
          - SecurityIPList
          - '{{ ACS::TaskLoopItem }}'
      instanceIPArrayName:
        'Fn::Select':
          - DBInstanceIPArrayName
          - '{{ ACS::TaskLoopItem }}'
      whitelistNetworkType:
        'Fn::Select':
          - WhitelistNetworkType
          - '{{ ACS::TaskLoopItem }}'
    Loop:
      Items: '{{ describeDBInstanceIPArray.DBInstanceIPArray }}'
      RateControl:
        Mode: Concurrency
        MaxErrors: 0
        Concurrency: 1