使用运维编排服务自动为ECS实例的相关资源绑定标签

背景信息

本示例中，将通过OOS自定义模板为ECS实例的相关资源（云盘、弹性网卡、弹性公网IP）自动绑定标签owner:alice。

说明 OOS模板、ECS实例、云盘、弹性网卡、弹性公网IP必须在同一地域下。

步骤一：创建RAM角色并授权

使用阿里云账号登录RAM控制台。

创建自定义权限策略OOSAutoTag，详情请参见创建自定义策略。

自定义权限策略OOSAutoTag内容如下所示：

{
    "Version": "1",
    "Statement": [
        {
            "Action": [
                "ecs:DescribeDisks",
                "ecs:DescribeInstances",
                "ecs:TagResources"
            ],
            "Resource": "*",
            "Effect": "Allow"
        },
        {
            "Action": [
                "vpc:TagResources"
            ],
            "Resource": "*",
            "Effect": "Allow"
        }
    ]
}

权限策略说明如下表所示：


权限策略	相关参数
允许查询ECS实例、弹性网卡、弹性公网IP的信息。	`ecs:DescribeInstances`
允许查询云盘的信息。	`ecs:DescribeDisks`
允许为ECS实例、云盘、弹性网卡创建并绑定标签。	`ecs:TagResources`
允许为弹性公网IP创建并绑定标签。	`vpc:TagResources`

创建RAM角色OOSServiceRole。
详情请参见创建普通服务角色。
为RAM角色OOSServiceRole授权自定义策略OOSAutoTag。
详情请参见为RAM角色授权。
为RAM角色OOSServiceRole授权系统策略AliyunOOSFullAccess。
详情请参见为RAM角色授权。

步骤二：创建并执行OOS模板

登录OOS控制台。
在顶部菜单栏左上角处，选择地域。
在左侧导航栏，单击我的模板。

创建自定义模板。

单击创建模板。
选择空白模板，单击选取。

单击JSON页签，编辑模板，并在右侧填写模板名称AutoTag，模板编辑完成后单击创建模板。

JSON模板代码示例如下所示：

{
  "FormatVersion": "OOS-2019-06-01",
  "Description": {
    "en": "When instance is labeled with the specified tag, Tags will be propagated to the related resources.",
    "zh-cn": "当实例绑定特定标签时，传播标签到与实例相关的云盘、弹性网卡、弹性公网IP资源",
    "name-zh-cn": "当实例绑定特定标签时，传播标签到与实例相关的云盘、弹性网卡、弹性公网IP资源",
    "categories": [
      "event-trigger"
    ]
  },
  "Parameters": {
    "TagKey": {
      "Type": "String",
      "Description": "Tag key for tag instance"
    },
    "TagValue": {
      "Type": "String",
      "Description": "Tag value for tag instance"
    },
    "OOSAssumeRole": {
      "Description": {
        "en": "The RAM role to be assumed by OOS.",
        "zh-cn": "OOS扮演的RAM角色"
      },
      "Type": "String",
      "Default": "OOSServiceRole"
    }
  },
  "RamRole": "{{ OOSAssumeRole }}",
  "Tasks": [
    {
      "Name": "eventTrigger",
      "Description": {
        "en": "Monitor the ECS instance TAG event.",
        "zh-cn": "监控实例标签变化"
      },
      "Action": "ACS::EventTrigger",
      "Properties": {
        "Product": "tag",
        "Name": [
          "Tag:ChangeOnResource"
        ],
        "Level": [
          "INFO"
        ],
        "Content": {
          "product": [
            "ecs"
          ],
          "resourceType": [
            "instance"
          ]
        }
      },
      "Outputs": {
        "instanceId": {
          "ValueSelector": ".content.resourceId",
          "Type": "String"
        },
        "isTag": {
          "ValueSelector": ".content.addedTags|select(.{{TagKey}}==\"{{TagValue}}\") |[.] |all|tostring",
          "Type": "String"
        }
      }
    },
    {
      "Name": "whetherNeedTag",
      "Action": "ACS::Choice",
      "Description": {
        "zh-cn": "判断是否需要传播的标签",
        "en": "Determine whether the tag needs to be propagated"
      },
      "Properties": {
        "DefaultTask": "describeInstancesFinally",
        "Choices": [
          {
            "When": {
              "Fn::Equals": [
                "true",
                "{{ eventTrigger.isTag }}"
              ]
            },
            "NextTask": "describeInstances"
          }
        ]
      }
    },
    {
      "Name": "describeInstances",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "zh-cn": "查询实例，获取与实例相关的弹性网卡、弹性公网IP资源",
        "en": "Query the instance to obtain the network interface and elastic public network IP resources related to the instance."
      },
      "Properties": {
        "Service": "ECS",
        "API": "DescribeInstances",
        "Parameters": {
          "RegionId": "{{ ACS::RegionId }}",
          "InstanceIds": [
            "{{ eventTrigger.instanceId }}"
          ]
        }
      },
      "Outputs": {
        "eips": {
          "Type": "List",
          "ValueSelector": "Instances.Instance[].EipAddress.AllocationId"
        },
        "enis": {
          "Type": "List",
          "ValueSelector": "Instances.Instance[].NetworkInterfaces.NetworkInterface[].NetworkInterfaceId"
        }
      }
    },
    {
      "Name": "describeDisks",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "zh-cn": "根据实例ID获取云盘信息",
        "en": "Obtain disk ids based on instance id."
      },
      "Properties": {
        "Service": "ECS",
        "API": "DescribeDisks",
        "Parameters": {
          "RegionId": "{{ ACS::RegionId }}",
          "InstanceId": "{{ eventTrigger.instanceId }}"
        }
      },
      "Outputs": {
        "diskIds": {
          "Type": "List",
          "ValueSelector": "Disks.Disk[].DiskId"
        }
      }
    },
    {
      "Name": "tagResourcesDisks",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "zh-cn": "标记云盘",
        "en": "Tag disks"
      },
      "Properties": {
        "Service": "ECS",
        "API": "TagResources",
        "Parameters": {
          "RegionId": "{{ ACS::RegionId }}",
          "ResourceIds": [
            "{{ ACS::TaskLoopItem }}"
          ],
          "ResourceType": "disk",
          "Tags": [
            {
              "Key": "{{TagKey}}",
              "Value": "{{TagValue}}"
            }
          ]
        }
      },
      "Loop": {
        "RateControl": {
          "Mode": "Batch",
          "MaxErrors": 0,
          "Batch": [
            50
          ],
          "BatchPauseOption": "Automatic",
          "ConcurrencyInBatches": [
            1
          ]
        },
        "Items": "{{ describeDisks.diskIds }}"
      }
    },
    {
      "Name": "tagResourcesEnis",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "zh-cn": "标记弹性网卡",
        "en": "Tag network interface."
      },
      "Properties": {
        "Service": "ECS",
        "API": "TagResources",
        "Parameters": {
          "RegionId": "{{ ACS::RegionId }}",
          "ResourceIds": [
            "{{ ACS::TaskLoopItem }}"
          ],
          "ResourceType": "eni",
          "Tags": [
            {
              "Key": "{{TagKey}}",
              "Value": "{{TagValue}}"
            }
          ]
        }
      },
      "Loop": {
        "RateControl": {
          "Mode": "Batch",
          "MaxErrors": 0,
          "Batch": [
            50
          ],
          "BatchPauseOption": "Automatic",
          "ConcurrencyInBatches": [
            1
          ]
        },
        "Items": "{{ describeInstances.enis }}"
      }
    },
    {
      "Name": "tagResourcesEips",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "zh-cn": "标记弹性公网IP",
        "en": "Tag eips"
      },
      "Properties": {
        "Service": "VPC",
        "API": "TagResources",
        "Parameters": {
          "RegionId": "{{ ACS::RegionId }}",
          "ResourceIds": [
            "{{ ACS::TaskLoopItem }}"
          ],
          "ResourceType": "eip",
          "Tags": [
            {
              "Key": "{{TagKey}}",
              "Value": "{{TagValue}}"
            }
          ]
        }
      },
      "Loop": {
        "RateControl": {
          "Mode": "Batch",
          "MaxErrors": 1,
          "Batch": [
            50
          ],
          "BatchPauseOption": "Automatic",
          "ConcurrencyInBatches": [
            1
          ]
        },
        "Items": "{{ describeInstances.eips }}"
      }
    },
    {
      "Name": "describeInstancesFinally",
      "Action": "ACS::ExecuteAPI",
      "Description": {
        "zh-cn": "查询实例状态",
        "en": "Views the ECS instances Status."
      },
      "Properties": {
        "Service": "ECS",
        "API": "DescribeInstances",
        "Parameters": {
          "RegionId": "{{ ACS::RegionId }}",
          "InstanceIds": [
            "{{ eventTrigger.instanceId }}"
          ]
        }
      },
      "Outputs": {
        "status": {
          "Type": "String",
          "ValueSelector": "Instances.Instance[].Status"
        }
      }
    }
  ],
  "Outputs": {
    "instanceId": {
      "Value": "{{ eventTrigger.instanceId}}",
      "Type": "String"
    },
    "diskIds": {
      "Value": "{{ describeDisks.diskIds }}",
      "Type": "String"
    },
    "eips": {
      "Value": "{{ describeInstances.eips  }}",
      "Type": "String"
    },
    "enis": {
      "Value": "{{ describeInstances.enis  }}",
      "Type": "String"
    }
  }
}

执行自定义模板。
1. 在左侧导航栏，单击我的模板，找到自定义模板AutoTag，在操作列，单击创建执行。
2. 保持默认设置，单击下一步：设置参数。
3. 填写参数，并单击下一步：确定。
  本示例中填写的参数如下：
  - TagKey：输入标签键owner。
  - TagValue：输入标签值alice。
  - OOSAssumeRole：选择RAM角色OOSServiceRole。
4. 单击创建。

步骤三：为ECS实例绑定标签

登录ECS管理控制台。
在左侧导航栏，单击实例与镜像 > 实例。
在顶部菜单栏左上角处，选择地域。
在实例列表中，找到目标ECS实例，在标签列单击标签图标，为其绑定标签owner:alice。

执行结果

为ECS绑定标签的事件会自动触发OOS模板AutoTag的执行，该ECS实例下的云盘、弹性网卡、弹性公网IP会自动绑定标签owner:alice。