ACS-SLB-BulkyModifyAccessControlListEntry - CloudOps Orchestration Service

Template name

ACS-SLB-BulkyModifyAccessControlListEntry

Execute Now

Template description

Modifies IP entries in multiple access control lists (ACLs) at a time.

Template type

Automated

Owner

Alibaba Cloud

Input parameters

Parameter	Description	Type	Required	Default value	Limit
action	The modification method.	String	Yes
aclIds	The ACL IDs.	List	Yes
aclEntrys	The IP entries in the ACL.	String	Yes
regionId	The region ID.	String	No	{{ ACS::RegionId }}
rateControl	The rate control settings.	Json	No	{'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}
OOSAssumeRole	The Resource Access Management (RAM) role that is assumed by CloudOps Orchestration Service (OOS).	String	No	""

Output parameters

None

Permission policy that is required to execute the template

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "slb:AddAccessControlListEntry",
                "slb:RemoveAccessControlListEntry"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

References

For more information, see ACS-SLB-BulkyModifyAccessControlListEntry at GitHub.

Template content

FormatVersion: OOS-2019-06-01
Description:
  en: Bulky modify access control list entry
  name-en: ACS-SLB-BulkyModifyAccessControlListEntry
  categories:
    - computenest
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  action:
    Label:
      en: Action
    Type: String
    AllowedValues:
      - Add
      - Remove
  aclIds:
    Label:
      en: AclIds
    AssociationProperty: ALIYUN::SLB::ACL::ACLId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: List
  aclEntrys:
    Label:
      en: AclEntrys
    Description:
      en: <ul class= "UL" >
        <li class= "li" > format:[{"entry":"10.0.******/24", "comment":"privaterule1" },{ "entry":"192.168.******/16","comment":"privaterule2" } ]</li>
        <li class= "li" >entry:IP entries to be added in the access control policy group. You can specify IP address segments (CIDR blocks). Multiple IP address segments are separated by commas</ Li>
        <li class= "li" >comment:notes of access control policy group</ Li>
        </ul>
    Type: String
  rateControl:
    Label:
      en: RateControl
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: addAccessControlListEntrys
  When:
    'Fn::Equals':
      - '{{ action }}'
      - Add
  Action: ACS::ExecuteApi
  Description:
    en: Add access control list entry
  Properties:
    Service: SLB
    API: AddAccessControlListEntry
    Parameters:
      RegionId: '{{ regionId }}'
      AclId: '{{ ACS::TaskLoopItem }}'
      AclEntrys: '{{ aclEntrys }}'
  Loop:
    RateControl: '{{ rateControl }}'
    Items: '{{ aclIds }}'
- Name: removeAccessControlListEntry
  When:
    'Fn::Equals':
      - '{{ action }}'
      - Remove
  Action: ACS::ExecuteApi
  Description:
    en: Remove access control list entry
  Properties:
    Service: SLB
    API: RemoveAccessControlListEntry
    Parameters:
      RegionId: '{{ regionId }}'
      AclId: '{{ ACS::TaskLoopItem }}'
      AclEntrys: '{{ aclEntrys }}'
  Loop:
    RateControl: '{{ rateControl }}'
    Items: '{{ aclIds }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - action
          - aclIds
          - aclEntrys
        Label:
          default:
            en: Configure Parameters
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            en: Control Options