Detects stack-related operation risks and returns missing permissions and the causes of the risks.
Operation description
The ListStackOperationRisks operation is suitable for the following scenarios:
- You want to detect high risks that may arise in resources when you delete a stack that contains the resources, and query the cause of each risk in a resource.
- When you create a stack, the creation may fail. In this case, you can call this operation to check which types of permissions that are required to create stacks are missing.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
RegionId | string | Yes | The region ID of the stack. You can call the DescribeRegions operation to query the most recent region list. | cn-hangzhou |
StackId | string | No | The ID of the stack. | 4a6c9851-3b0f-4f5f-b4ca-a14bf691**** |
OperationType | string | Yes | The type of the operation of which you want to detect risks. Valid values:
| DeleteStack |
ClientToken | string | No | The client token that is used to ensure the idempotence of the request. You can use the client to generate the token, but you must make sure that the token is unique among different requests. The token can be up to 64 characters in length, and can contain letters, digits, hyphens (-), and underscores (_). For more information, see How to ensure idempotence. | 123e4567-e89b-12d3-a456-42665544**** |
RamRoleName | string | No | The name of the RAM role.
The name of the RAM role can be up to 64 bytes in length. | test-role |
RetainAllResources | boolean | No | Specifies whether to retain all resources in the stack. Valid values:
Note
This parameter takes effect only if you set OperationType to DeleteStack.
| false |
RetainResources | array | No | The list of resources to retain. Note
This parameter takes effect only if you set OperationType to DeleteStack.
| |
string | No | The resource that you want to retain. | instance | |
TemplateBody | string | No | The structure that contains the template body. The template body must be 1 to 524,288 bytes in length. If the length of the template body exceeds the upper limit, we recommend that you add parameters to the HTTP POST request body to prevent request failures caused by excessively long URLs. Note
You must and can specify only one of the following parameters: TemplateBody, TemplateURL, TemplateId, and TemplateScratchId.
| {"ROSTemplateFormatVersion":"2015-09-01"} |
TemplateURL | string | No | The URL of the file that contains the template body. The URL must point to a template that is located on an HTTP or HTTPS web server or in an Object Storage Service (OSS) bucket, such as oss://ros/stack-policy/demo and oss://ros/stack-policy/demo?RegionId=cn-hangzhou. The template body can be up to 524,288 bytes in length. If you do not specify RegionId in the URL, the region ID of the stack is used. Note
You must specify one of TemplateBody, TemplateURL, TemplateId, and TemplateScratchId.
| oss://ros-template/demo |
TemplateId | string | No | The ID of the template. This parameter applies to shared and private templates. Note
You must specify one of TemplateBody, TemplateURL, TemplateId, and TemplateScratchId.
| 5ecd1e10-b0e9-4389-a565-e4c15efc**** |
TemplateVersion | string | No | The version of the template. Note
This parameter takes effect only if you specify TemplateId.
| v1 |
Response parameters
Examples
Sample success responses
JSON
format
{
"RequestId": "72108E7A-E874-4A5E-B22C-A61E94AD12CD",
"RiskResources": [
{
"LogicalResourceId": "MySG",
"PhysicalResourceId": "sg-bp1dpioafqphedg9****",
"RequestId": "DF4296CF-F45F-4845-A72B-BE617601DB25",
"ResourceType": "ALIYUN::ECS::SecurityGroup",
"Code": "NoPermission",
"Message": "You are not authorized to complete this action.",
"RiskType": "Referenced",
"Reason": "There are some ECS instances (i-bp18el96s4wq635e****) depending on the security group."
}
],
"MissingPolicyActions": [
"[\"ecs:DescribeInstance\", \"ros:CreateStack\"]"
]
}
Error codes
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation |
---|---|---|
2024-01-12 | The internal configuration of the API is changed, but the call is not affected | View Change Details |