Nama Template
ACS-ECS-ApproveROSCreateInstances digunakan untuk menyetujui pembuatan instance ECS melalui Resource Orchestration Service (ROS).
Deskripsi Template
Menggunakan Resource Orchestration Service (ROS) untuk membuat instance Elastic Compute Service (ECS) setelah persetujuan.
Tipe Template
Otomatis
Pemilik
Alibaba Cloud
Parameter Input
Parameter | Deskripsi | Tipe | Diperlukan | Nilai default | Batasan |
imageId | ID dari image yang digunakan untuk membuat ECS instance. | String | Ya | ||
instanceType | Tipe instance dari ECS instance yang akan dibuat. | String | Ya | ||
zoneId | ID dari zona di mana vSwitch akan dibuat. | String | Ya | ||
webHookUrl | URL webhook dari chatbot DingTalk. | String | Ya | ||
atMobiles | Nomor ponsel anggota kelompok DingTalk yang disebut dalam notifikasi persetujuan. | List | Ya | ||
approvers | Pengguna yang dapat menyetujui tugas. | List | Ya | ||
instancesCount | Jumlah ECS instance yang akan dibuat. | Number | Ya | ||
regionId | ID region. | String | Tidak | {{ ACS::RegionId }} | |
atAll | Menentukan apakah akan memberi tahu semua anggota grup ketika notifikasi persetujuan dikirim ke grup DingTalk tertentu. | String | Tidak | false | |
minRequiredApprovals | Jumlah minimum pemberi persetujuan yang diperlukan untuk menyetujui tugas. | Number | Tidak | 1 | |
OOSAssumeRole | Peran Resource Access Management (RAM) yang diasumsikan oleh CloudOps Orchestration Service (OOS). | String | Tidak | "" |
Parameter Keluaran
Parameter | Deskripsi | Tipe |
instanceIds | List |
Kebijakan Izin yang Diperlukan untuk Menjalankan Template
{
"Version": "1",
"Statement": [
{
"Action": [
"ros:CreateStack",
"ros:DeleteStack",
"ros:GetStack"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ecs:AddTags",
"ecs:AllocatePublicIpAddress",
"ecs:AttachKeyPair",
"ecs:AuthorizeSecurityGroup",
"ecs:AuthorizeSecurityGroupEgress",
"ecs:ConfigureSecurityGroupPermissions",
"ecs:CreateSecurityGroup",
"ecs:DeleteInstance",
"ecs:DeleteSecurityGroup",
"ecs:DescribeAvailableResource",
"ecs:DescribeDedicatedHosts",
"ecs:DescribeDisks",
"ecs:DescribeImageSupportInstanceTypes",
"ecs:DescribeImages",
"ecs:DescribeInstanceAutoRenewAttribute",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstances",
"ecs:DescribeKeyPairs",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribePrice",
"ecs:DescribeSecurityGroupAttribute",
"ecs:DescribeSecurityGroups",
"ecs:DescribeSnapshots",
"ecs:DescribeUserData",
"ecs:DetachKeyPair",
"ecs:JoinResourceGroup",
"ecs:ModifyDiskSpec",
"ecs:ModifyInstanceAttribute",
"ecs:ModifyInstanceChargeType",
"ecs:ModifySecurityGroupEgressRule",
"ecs:ModifySecurityGroupRule",
"ecs:RemoveTags",
"ecs:ReplaceSystemDisk",
"ecs:ResizeDisk",
"ecs:RunInstances",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:TagResources",
"ecs:UntagResources"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"quotas:ListProductQuotas"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"ram:GetRole"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"rds:DescribeDBInstances"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:DescribeLoadBalancers"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:AssociateVpcCidrBlock",
"vpc:CreateVSwitch",
"vpc:CreateVpc",
"vpc:DeleteVSwitch",
"vpc:DeleteVpc",
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs",
"vpc:DescribeVpnGateways",
"vpc:DescribeZones",
"vpc:ModifyVSwitchAttribute",
"vpc:ModifyVpcAttribute",
"vpc:TagResources",
"vpc:UnTagResources"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
Rincian
Detail ACS-ECS-ApproveROSCreateInstances
Konten Template
FormatVersion: OOS-2019-06-01
Description:
en: Create ECS instances by ROS with approval
zh-cn: Create ECS instances by ROS with approval
name-en: ACS-ECS-ApproveROSCreateInstances
name-zh-cn: ACS-ECS-ApproveROSCreateInstances
categories:
- cost_manage
Parameters:
regionId:
Type: String
Label:
en: RegionId
zh-cn: RegionId
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
imageId:
Label:
en: ImageId
zh-cn: ImageId
Type: String
AssociationProperty: 'ALIYUN::ECS::Image::ImageId'
AssociationPropertyMetadata:
RegionId: regionId
instanceType:
Label:
en: InstanceType
zh-cn: InstanceType
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
zoneId:
Label:
en: ZoneId
zh-cn: ZoneId
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
Type: String
AssociationPropertyMetadata:
RegionId: regionId
webHookUrl:
Label:
en: WebHookUrl
zh-cn: WebHookUrl
Description:
en: >-
For example, https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414. For more information about how to obtain a DingTalk webhook, see https://www.alibabacloud.com/help/document_detail/144679.html#h2--2-webhook-5.
zh-cn: >-
For example, https://oapi.dingtalk.com/robot/send?access_token=1234zxcvaksdq31414. For more information about how to obtain a DingTalk webhook, see https://www.alibabacloud.com/help/document_detail/144679.html#h2--2-webhook-5.
Type: String
atMobiles:
Label:
en: AtMobiles
zh-cn: AtMobiles
Type: List
atAll:
Label:
en: AtAll
zh-cn: AtAll
Type: String
Default: 'false'
approvers:
Label:
en: Approvers
zh-cn: Approvers
Description:
en: >-
The username is the part of the RAM user's name that precedes the at sign (@). For example, if the RAM user's name is user001@companyAlias.onaliyun.com, enter user001.
zh-cn: >-
The username is the part of the RAM user's name that precedes the at sign (@). For example, if the RAM user's name is user001@companyAlias.onaliyun.com, enter user001.
Type: List
AssociationProperty: ALIYUN::RAM::User
minRequiredApprovals:
Label:
en: MinRequiredApprovals
zh-cn: MinRequiredApprovals
Type: Number
Default: 1
instancesCount:
Label:
en: InstancesCount
zh-cn: InstancesCount
Type: Number
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: approveCreateInstances
Action: 'ACS::Approve'
Description:
en: Requests approval to create multiple ECS instances.
zh-cn: Requests approval to create multiple ECS instances.
Properties:
Approvers: '{{approvers}}'
MinRequiredApprovals: '{{minRequiredApprovals}}'
NotifyType: WebHook
WebHook:
URI: '{{webhookUrl}}'
Headers:
Content-Type: application/json
Content:
msgtype: text
text:
content: >-
Notify: Please approve the task execution to create ECS instance sent by
{{ACS::RegionId}} oos {{ACS::ExecutionId}}.
at:
atMobiles: '{{atMobiles}}'
isAtAll: '{{atAll}}'
- Name: createStack
Action: 'ACS::ExecuteAPI'
Description:
en: Creates a resource stack.
zh-cn: Creates a resource stack.
Properties:
Service: ROS
API: CreateStack
Parameters:
RegionId: '{{ regionId }}'
StackName: 'OOS-{{ACS::ExecutionId}}'
TimeoutInMinutes: 10
DisableRollback: false
Parameters:
- ParameterKey: instanceType
ParameterValue: '{{ instanceType }}'
- ParameterKey: zoneId
ParameterValue: '{{ zoneId }}'
- ParameterKey: regionId
ParameterValue: '{{ regionId }}'
- ParameterKey: imageId
ParameterValue: '{{imageId}}'
- ParameterKey: executionId
ParameterValue: '{{ ACS::ExecutionId }}'
- ParameterKey: instancesCount
ParameterValue: '{{ instancesCount }}'
TemplateBody: |
{
"Description": "Create VPC ECS instance",
"Parameters": {
"imageId": {
"Type": "String"
},
"instanceType": {
"Type": "String"
},
"executionId": {
"Type": "String"
},
"instancesCount": {
"Type": "String"
},
"zoneId": {
"Type": "String"
},
"regionId": {
"Type": "String"
},
"resourcePrefix": {
"Type": "String",
"Default": "oos-generated"
}
},
"ROSTemplateFormatVersion": "2015-09-01",
"Outputs": {
"ecs_instance_id": {
"Value": {
"Fn::GetAtt": [
"ecs",
"InstanceIds"
]
}
}
},
"Resources": {
"vswitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "vpc"
},
"Description": {
"Fn::Join": [
" ",
[
"OOS execution id is",
{
"Ref": "executionId"
}
]
]
},
"ZoneId": {
"Ref": "zoneId"
},
"CidrBlock": "192.168.0.0/16"
}
},
"sg": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"Tags": [
{
"Key": "oos-generated",
"Value": {
"Ref": "executionId"
}
},
{
"Key": "region",
"Value": {
"Ref": "regionId"
}
}
],
"VpcId": {
"Ref": "vpc"
},
"SecurityGroupName": {
"Fn::Join": [
"-",
[
{
"Ref": "resourcePrefix"
},
"sg"
]
]
},
"SecurityGroupEgress": [
{
"PortRange": "-1/-1",
"Priority": 1,
"IpProtocol": "all",
"DestCidrIp": "0.0.0.0/0",
"NicType": "intranet"
}
]
}
},
"vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"Description": {
"Fn::Join": [
" ",
[
"OOS execution id is",
{
"Ref": "executionId"
}
]
]
},
"VpcName": {
"Fn::Join": [
"-",
[
{
"Ref": "resourcePrefix"
},
"vpc"
]
]
}
}
},
"ecs": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"ImageId": {
"Ref": "imageId"
},
"SecurityGroupId": {
"Ref": "sg"
},
"VpcId": {
"Ref": "vpc"
},
"VSwitchId": {
"Ref": "vswitch"
},
"InstanceType": {
"Ref": "instanceType"
},
"MinAmount": {
"Ref": "instancesCount"
},
"MaxAmount": {
"Ref": "instancesCount"
},
"Tags": [
{
"Key": "oos-generated",
"Value": {
"Ref": "executionId"
}
},
{
"Key": "region",
"Value": {
"Ref": "regionId"
}
}
]
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"TemplateTags": [
"acs:integrate:oos:ecs_approve_ros_create_instances"
]
}
}
}
Outputs:
StackId:
Type: String
ValueSelector: StackId
- Name: untilStackReady
OnSuccess: ACS::END
OnError: queryStackStatusReason
Action: 'ACS::WaitFor'
Description:
en: Waits until the stack is in the CREATE_COMPLETE state.
zh-cn: Waits until the stack is in the CREATE_COMPLETE state.
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
DesiredValues:
- CREATE_COMPLETE
StopRetryValues:
- CREATE_FAILED
- CHECK_FAILED
- ROLLBACK_FAILED
- ROLLBACK_COMPLETE
- CREATE_ROLLBACK_COMPLETE
PropertySelector: Status
Outputs:
instanceIds:
Type: String
ValueSelector: 'Outputs[0].OutputValue'
- Name: queryStackStatusReason
Action: ACS::ExecuteAPI
OnError: deleteStack
OnSuccess: deleteStack
Description:
en: Queries the reason why the stack failed to be created.
zh-cn: Queries the reason why the stack failed to be created.
Properties:
Service: ROS
API: GetStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
Outputs:
statusReason:
Type: String
ValueSelector: 'StatusReason'
- Name: deleteStack
Action: 'ACS::ExecuteApi'
Description:
en: Deletes the resource stack.
zh-cn: Deletes the resource stack.
Properties:
Service: ROS
API: DeleteStack
Parameters:
RegionId: '{{ regionId }}'
StackId: '{{createStack.StackId}}'
Outputs:
instanceIds:
Type: List
Value: '{{ untilStackReady.instanceIds }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- webHookUrl
- atMobiles
- atAll
- approvers
- minRequiredApprovals
Label:
default:
zh-cn: Configure Approval
en: Configure Approval
- Parameters:
- regionId
- zoneId
- imageId
- instanceType
- instancesCount
Label:
default:
zh-cn: Configure ECS Instance
en: Configure ECS Instance
- Parameters:
- OOSAssumeRole
Label:
default:
zh-cn: Advanced Options
en: Advanced Options