全部产品
Search

搜索本产品

    CloudOps Orchestration Service:ACS-VPC-BulkyDeleteForwardEntry

    文档中心

    CloudOps Orchestration Service:ACS-VPC-BulkyDeleteForwardEntry

    更新时间:Dec 21, 2025

    Nama template

    Template ACS-VPC-BulkyDeleteForwardEntry menghapus Port berisiko tinggi yang diidentifikasi sebagai ancaman dari pemetaan DNAT pada NAT Gateway.

    Jalankan Sekarang

    Deskripsi template

    Menghapus Port berisiko tinggi yang dipetakan melalui entri DNAT pada NAT Gateway.

    Tipe template

    Otomatis

    Pemilik

    Alibaba Cloud

    Parameter input

    Parameter

    Deskripsi

    Tipe

    Diperlukan

    Nilai default

    Batas

    instanceId

    ID dari gateway NAT.

    String

    Ya

    port

    Port berisiko tinggi.

    List

    Ya

    regionId

    ID wilayah.

    String

    Tidak

    {{ ACS::RegionId }}

    rateControl

    Laju konkurensi eksekusi task

    Json

    Tidak

    {'Mode': 'Concurrency', 'MaxErrors': 0, 'Concurrency': 10}

    OOSAssumeRole

    Peran Resource Access Management (RAM) yang diasumsikan oleh CloudOps Orchestration Service (OOS).

    String

    Tidak

    ""

    Parameter output

    Tidak ada.

    Kebijakan izin yang diperlukan untuk mengeksekusi template

    {
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "vpc:DeleteForwardEntry",
                "vpc:DescribeForwardTableEntries",
                "vpc:DescribeNatGateways"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

    Detail

    Untuk informasi lebih lanjut, lihat ACS-VPC-BulkyDeleteForwardEntry.yml di GitHub.

    Konten Template

    FormatVersion: OOS-2019-06-01
Description:
  en: Deletes the specified high-risk ports mapped on the DNAT table.
  zh-cn: Deletes the specified high-risk ports mapped on the DNAT table.
  name-en: ACS-VPC-BulkyDeleteForwardEntry
  name-zh-cn: ACS-VPC-BulkyDeleteForwardEntry
  categories:
    - security
Parameters:
  regionId:
    Label:
      en: Region ID
      zh-cn: Region ID
    Type: String
    AssociationProperty: RegionId
    Default: '{{ ACS::RegionId }}'
  instanceId:
    Label:
      en: The instance ID of the NAT Gateway.
      zh-cn: The instance ID of the NAT Gateway.
    Type: String
  port:
    Label:
      en: The high-risk port (backend port)
      zh-cn: The high-risk port (backend port)
    Type: List
  rateControl:
    Label:
      en: Rate Control
      zh-cn: Concurrency rate for task execution
    Type: Json
    AssociationProperty: RateControl
    Default:
      Mode: Concurrency
      MaxErrors: 0
      Concurrency: 10
  OOSAssumeRole:
    Label:
      en: OOSAssumeRole
      zh-cn: The RAM role that OOS assumes
    Type: String
    Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
  - Name: describeNatGateways
    Action: ACS::ExecuteAPI
    Description:
      en: Queries the DNAT table ID of the NAT Gateway instance.
      zh-cn: Queries the DNAT table ID of the NAT Gateway instance.
    Properties:
      Service: VPC
      API: DescribeNatGateways
      Parameters:
        RegionId: '{{ regionId }}'
        NatGatewayId: '{{ instanceId }}'
    Outputs:
      ForwardTableIds:
        Type: String
        ValueSelector: .NatGateways.NatGateway[].ForwardTableIds.ForwardTableId[]
  - Name: describeForwardTableEntries
    Action: ACS::ExecuteAPI
    Description:
      en: Queries the IDs of DNAT entries that match the high-risk ports.
      zh-cn: Queries the IDs of DNAT entries that match the high-risk ports.
    Properties:
      Service: VPC
      API: DescribeForwardTableEntries
      Parameters:
        RegionId: '{{ regionId }}'
        ForwardTableId: '{{ describeNatGateways.ForwardTableIds }}'
        InternalPort: '{{ ACS::TaskLoopItem }}'
    Loop:
      RateControl: '{{ rateControl }}'
      Items: '{{ port }}'
      Outputs:
        ForwardEntryId-all:
          AggregateType: Fn::ListJoin
          AggregateField: ForwardEntryId
    Outputs:
      ForwardEntryId:
        Type: Json
        ValueSelector: .ForwardTableEntries.ForwardTableEntry[].ForwardEntryId
  - Name: deleteForwardEntry
    Action: ACS::ExecuteAPI
    Description:
      en: Deletes the specified high-risk ports mapped on the DNAT table.
      zh-cn: Deletes the specified high-risk ports mapped on the DNAT table.
    Properties:
      Service: VPC
      API: DeleteForwardEntry
      Parameters:
        RegionId: '{{ regionId }}'
        ForwardEntryId: '{{ ACS::TaskLoopItem }}'
        ForwardTableId: '{{ describeNatGateways.ForwardTableIds }}'
    Loop:
      Items:
        'Fn::Jq':
          - All
          - '.[] | (select(. != null))'
          - '{{ describeForwardTableEntries.ForwardEntryId-all }}'
      RateControl:
        Mode: Concurrency
        MaxErrors: 0
        Concurrency: 1
Metadata:
  ALIYUN::OOS::Interface:
    ParameterGroups:
      - Parameters:
          - port
        Label:
          default:
            zh-cn: Configure Parameters
            en: Configure Parameters
      - Parameters:
          - regionId
          - instanceId
        Label:
          default:
            zh-cn: Select Instance
            en: Select Instance
      - Parameters:
          - rateControl
          - OOSAssumeRole
        Label:
          default:
            zh-cn: Advanced Options
            en: Advanced Options