ACS-SLB-BulkyModifyAccessControlListEntry - CloudOps Orchestration Service

Template name

ACS-SLB-BulkyModifyAccessControlListEntry - Modifies IP entries in a Server Load Balancer access control list in bulk

Execute Now

Template description

Batch modifies IP entries in access control lists (ACLs).

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
action	The modification method.	String	Yes
aclIds	The ACL IDs.	List	Yes
aclEntrys	Setting an access control policy group	String	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
rateControl	Concurrent task execution rate	Json	No	{'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}
OOSAssumeRole	The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

None

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "slb:AddAccessControlListEntry",
                "slb:RemoveAccessControlListEntry"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

Details

For more information, see ACS-SLB-BulkyModifyAccessControlListEntry at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  en: Bulky modify access control list entry
  name-en: ACS-SLB-BulkyModifyAccessControlListEntry
  categories:
    - computenest
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  action:
    Label:
      en: Action
    Type: String
    AllowedValues:
      - Add
      - Remove
  aclIds:
    Label:
      en: AclIds
    AssociationProperty: ALIYUN::SLB::ACL::ACLId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: List
  aclEntrys:
    Label:
      en: AclEntrys
    Description:
      en: <ul><li>Format: [{"entry":"10.0.**.**/24","comment":"privaterule1"},{"entry":"192.168.**.**/16","comment":"privaterule2"}]</li><li>entry: The IP entries to add to the access control list (ACL). You can specify CIDR blocks. Separate multiple CIDR blocks with commas.</li><li>comment: The description of the IP entry.</li></ul>
    Type: String
  rateControl:
    Label:
      en: RateControl
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Conditions:
  Add:
    'Fn::Equals':
      - '{{ action }}'
      - Add
  Remove:
    'Fn::Equals':
      - '{{ action }}'
      - Remove
Tasks:
- Name: addAccessControlListEntrys
  When: Add
  Action: ACS::ExecuteApi
  Description:
    en: Add access control list entry
  Properties:
    Service: SLB
    API: AddAccessControlListEntry
    Parameters:
      RegionId: '{{ regionId }}'
      AclId: '{{ ACS::TaskLoopItem }}'
      AclEntrys: '{{ aclEntrys }}'
  Loop:
    RateControl: '{{ rateControl }}'
    Items: '{{ aclIds }}'
- Name: removeAccessControlListEntry
  When: Remove
  Action: ACS::ExecuteApi
  Description:
    en: Remove access control list entry
  Properties:
    Service: SLB
    API: RemoveAccessControlListEntry
    Parameters:
      RegionId: '{{ regionId }}'
      AclId: '{{ ACS::TaskLoopItem }}'
      AclEntrys: '{{ aclEntrys }}'
  Loop:
    RateControl: '{{ rateControl }}'
    Items: '{{ aclIds }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - action
          - aclIds
          - aclEntrys
        Label:
          default:
            en: Configure Parameters
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            en: Control Options