AliyunCloudOpenAPI Component - Security Center - Alibaba Cloud Documentation Center

The Alibaba Cloud Product OpenAPI component lets you call any Alibaba Cloud service API from within a Security Center SOAR playbook, using a RAM role to authenticate the request.

Available action

Action	Description
`assumeApi`	Call an Alibaba Cloud OpenAPI by assuming a RAM role

Prerequisites

Before you begin, make sure you have:

A Security Center SOAR playbook open in the canvas editor
The RAM role AliyunSiemSoarExecutionDefaultRole created — if it does not exist yet, complete Step 4: Grant API permissions before configuring the component
The required access policy attached to that role

Important

After you select an API operation, verify that the required access policy is attached to the execution role. If it is not, the playbook action will fail at runtime.

Configure the component

Step 1: Select an Alibaba Cloud service

In the Component Actions area, click Cloud Service Component.
In the Cloud Service Component dialog box, select an Alibaba Cloud native product.
Note
Do not select Threat Intelligence here. For threat intelligence lookups, use the AliyunThreatIntelligence component instead.

Step 2: Select an API operation

On the canvas, click the Alibaba Cloud Product Component. In the Action area, select the API operation to call.

Step 3: Configure API parameters

After selecting an API operation, the parameter configuration page opens automatically. Click the API configuration button to reopen it at any time.

The configuration page has four sections:

Account

The Alibaba Cloud account defaults to the ID of the currently logged-on account. Use the expression ${event._tenant_id} to retrieve it dynamically.

To target a member account instead, enter the member account's UID. To find a member account UID:

See Multi-account security management, or
Call the DescribeMonitorAccounts API operation.

Endpoint

Click Recommended Address to get a system-suggested endpoint. Endpoints follow one of these formats:

Format	Example
`[ProductCode].[RegionId].aliyuncs.com`	`ecs.cn-hangzhou.aliyuncs.com`
`[ProductCode].aliyuncs.com`	`ram.aliyuncs.com`

Important

Recommended addresses are for reference only. For accurate endpoint information, check the Alibaba Cloud official documentation for the specific service.

API parameters

The system automatically retrieves request parameters from the API reference for the selected operation. Enter the parameter values as described in the documentation.

Note

Click in the lower-left corner to open the API reference directly.

Advanced configuration: Pagination

If the API operation returns paginated results, configure pagination in the advanced settings. Two modes are available:

Choose automatic paging when the API returns a total count and uses page number and page size parameters.

Choose automatic scrolling when the API returns a cursor token (such as NextToken) instead of a total count.

Automatic paged query

Field	Description
Maximum number of requests	Maximum number of recursive API calls
Total count path	JSONPath to the total count field in the response
Page mapping field	Request parameter that maps to the page number, e.g., `PageNumber`
Items per page mapping field	Request parameter that maps to the page size, e.g., `PageSize`

For Total count path, use JSONPath dot-notation (.fieldName):

Single-layer response — use .FieldName, for example .TotalCount:
```
{
  "TotalCount": 1,
  "PageNumber": 1,
  "PageSize": 10
}
```

Nested response — concatenate each level with ., for example .Page.TotalCount:

{
  "Page": {
    "TotalCount": 22,
    "PageNumber": 1,
    "PageSize": 10
  }
}

Automatic scrolling query

Field	Description
Maximum number of requests	Maximum number of recursive API calls
Cursor field mapping	Request parameter that maps to the cursor, e.g., `NextToken`
Cursor retrieval path	JSONPath to the cursor value in the response

For Cursor retrieval path, use JSONPath dot-notation (.fieldName):

Single-layer response — use .FieldName, for example .NextToken:

{
  "CurrentPage": 1,
  "PageSize": 10,
  "TotalCount": 202,
  "Count": 4,
  "NextToken": "B604532DEF982B875E8360A6EFA3B***"
}

Nested response — concatenate each level with ., for example .PageInfo.NextToken:

{
  "PageInfo": {
    "CurrentPage": 1,
    "PageSize": 10,
    "TotalCount": 202,
    "Count": 4,
    "NextToken": "B604532DEF982B875E8360A6EFA3B***"
  },
  "Success": true,
  "Code": 200,
  "Message": "successful",
  "RequestId": "CB414DB5-F692-5DAB-9F0F-975C060AF***",
  "HttpStatusCode": 200
}

Recursive invocation

Set the interval (in seconds) between recursive calls to avoid triggering API throttling.

Step 4: Grant API permissions

The system displays the role name and access policy required to call the selected API operation.

Create the execution role (skip if already created)

Go to the RAM console and complete the quick authorization to create the role. On the Resource Access Management quick authorization page, click Confirm Authorization.

Important

If you do not have permission to create a role, contact a RAM administrator — a RAM user with Resource Management permissions, or the root account — to create the role in the RAM console and attach a trust policy. For details, see Create a RAM role for a trusted Alibaba Cloud service. Use the following values:

Parameter	Value
Principal type	Alibaba Cloud Service
Principal name	`cloudsiem.sas.aliyuncs.com`
Role name	`AliyunSiemSoarExecutionDefaultRole`

Attach API permissions (skip if already attached)

Click Attach Policy. In the access policy selection dialog box, select the System-recommended Policy.
Note
If no suitable policy is listed, create a custom one in the RAM console. For details, see Create custom policies.
Click OK. On the Resource Access Management authorization page, click Confirm Authorization.

Important

If you do not have permission to attach policies, contact a RAM administrator to attach the System-recommended Policy to the AliyunSiemSoarExecutionDefaultRole role. For details, see Manage permissions for a RAM role.