全部产品
Search

搜索本产品

    CloudOps Orchestration Service:ACS-ECS-BulkyEncryptSystemDisk

    文档中心

    CloudOps Orchestration Service:ACS-ECS-BulkyEncryptSystemDisk

    更新时间:Dec 21, 2025

    Nama Template

    ACS-ECS-BulkyEncryptSystemDisk: Enkripsi massal disk sistem

    Eksekusi Sekarang

    Deskripsi Template

    Mengenkripsi disk sistem dari beberapa instance Elastic Compute Service (ECS) secara bersamaan.

    Tipe Template

    Otomatis

    Pemilik

    Alibaba Cloud

    Parameter Input

    Parameter

    Deskripsi

    Tipe

    Diperlukan

    Nilai Default

    Batasan

    targets

    Target instance

    Json

    Ya

    KMSKeyId

    ID Key Management Service (KMS) key yang ingin Anda gunakan untuk mengenkripsi disk sistem.

    String

    Ya

    regionId

    ID wilayah.

    String

    Tidak

    {{ ACS::RegionId }}

    rateControl

    Rasio konkurensi eksekusi task

    Json

    Tidak

    {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}

    OOSAssumeRole

    Peran Resource Access Management (RAM) yang diasumsikan oleh CloudOps Orchestration Service (OOS).

    String

    Tidak

    ""

    Parameter Output

    Parameter

    Deskripsi

    Tipe

    systemDiskEncryptedInstances

    Json

    Kebijakan Izin yang Diperlukan untuk Menjalankan Template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:CopyImage",
                "ecs:CreateImage",
                "ecs:CreateSnapshot",
                "ecs:DeleteImage",
                "ecs:DeleteSnapshot",
                "ecs:DescribeDisks",
                "ecs:DescribeImages",
                "ecs:DescribeInstances",
                "ecs:DescribeSnapshots",
                "ecs:ReplaceSystemDisk",
                "ecs:StartInstance",
                "ecs:StopInstance"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "oos:GetApplicationGroup"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Detail

    Untuk informasi lebih lanjut, lihat ACS-ECS-BulkyEncryptSystemDisk.yml di GitHub.

    Konten Template

    FormatVersion: OOS-2019-06-01
Description:
  en: Bulky encrypt the system disks
  zh-cn: Bulky encrypt the system disks
  name-en: ACS-ECS-BulkyEncryptSystemDisk
  name-zh-cn: ACS-ECS-BulkyEncryptSystemDisk
  categories:
    - security
Parameters:
  regionId:
    Type: String
    Label:
      en: RegionId
      zh-cn: Region ID
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  targets:
    Type: Json
    Label:
      en: TargetInstance
      zh-cn: Target Instance
    AssociationProperty: Targets
    AssociationPropertyMetadata:
      ResourceType: 'ALIYUN::ECS::Instance'
      RegionId: regionId
  KMSKeyId:
    Label:
      en: KMSKeyId
      zh-cn: The ID of the KMS key used for image encryption
    AssociationProperty: ALIYUN::KMS::Key::KeyId
    AssociationPropertyMetadata:
      RegionId: regionId
    Type: String
  rateControl:
    Label:
      en: RateControl
      zh-cn: The concurrency rate for task execution
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: The RAM role that OOS assumes
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getInstance
  Description:
    en: Views the ECS instances
    zh-cn: Views the ECS instances
  Action: ACS::SelectTargets
  Properties:
    ResourceType: ALIYUN::ECS::Instance
    RegionId: '{{ regionId }}'
    Filters:
      - '{{ targets }}'
  Outputs:
    instanceIds:
      Type: List
      ValueSelector: Instances.Instance[].InstanceId
- Name: encryptSystemDisk
  Action: ACS::ECS::EncryptSystemDisk
  Description:
    en: Bulky encrypt the system disks
    zh-cn: Bulky encrypt the system disks
  Properties:
    regionId: '{{ regionId }}'
    instanceId: '{{ ACS::TaskLoopItem }}'
    KMSKeyId: '{{ KMSKeyId }}'
  Outputs:
    systemDiskEncryptedInstance:
      Type: String
      ValueSelector: .systemDiskEncryptedInstance
  Loop:
    RateControl: '{{ rateControl }}'
    Items: '{{ getInstance.instanceIds }}'
    Outputs:
      systemDiskEncryptedInstances:
        AggregateType: Fn::ListJoin
        AggregateField: systemDiskEncryptedInstance
Outputs:
  systemDiskEncryptedInstances:
    Type: Json
    Value:
      Fn::Jq:
        - First
        - '[.[][]]|.|= map(select(.))'
        - '{{ encryptSystemDisk.systemDiskEncryptedInstances }}'
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - regionId
          - targets
          - instancePassword
        Label:
          default:
            zh-cn: Select ECS Instances
            en: Select Ecs Instances
      - Parameters:
          - KMSKeyId
        Label:
          default:
            zh-cn: Configure KMS Key
            en: Configure KMSKey
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: Advanced Options
            en: Control Options