模板名稱
ACS-ECS-RevokeSecurityGroupRules 刪除安全組規則
模板描述
刪除安全組規則
模板類型
自動化
所有者
Alibaba Cloud
輸入參數
參數名稱 | 描述 | 類型 | 是否必填 | 默認值 | 約束 |
securityGroupId | 安全組ID | String | 是 | ||
direction | 安全組規則授權方向 | String | 是 | ||
policy | 安全組規則訪問權限 | String | 是 | ||
portRange | 端口范圍 | String | 是 | ||
sourceCidrIp | 源端IPv4 CIDR地址塊 | String | 是 | ||
regionId | 地域ID | String | 否 | {{ ACS::RegionId }} | |
OOSAssumeRole | OOS扮演的RAM角色 | String | 否 | “” |
輸出參數
無
執行此模板需要的權限策略
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:DescribeSecurityGroupAttribute",
"ecs:RevokeSecurityGroup"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
詳情
ACS-ECS-RevokeSecurityGroupRules詳情
模板內容
FormatVersion: OOS-2019-06-01
Description:
en: Del the security gorup rule
zh-cn: 刪除安全組規則
name-en: ACS-ECS-RevokeSecurityGroupRules
name-zh-cn: 刪除安全組規則
categories:
- instance_manage
- computenest
Parameters:
regionId:
Label:
en: RegionId
zh-cn: 地域ID
Type: String
AssociationProperty: RegionId
Default: '{{ ACS::RegionId }}'
securityGroupId:
Label:
en: SecurityGroupId
zh-cn: 安全組ID
Type: String
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
AssociationPropertyMetadata:
regionId: regionId
direction:
Label:
en: Direction
zh-cn: 安全組規則授權方向
Description:
en: <ul class="ul">
<li class="li" >egress: security group outbound direction</li>
<li class="li" >ingress: security group incoming direction</li>
<li class="li">all: direction-insensitive</li></ul>
zh-cn: <ul class="ul">
<li class="li" >egress:安全組出方向</li>
<li class="li" >ingress:安全組入方向</li>
<li class="li">all:不區分方向</li></ul>
Type: String
AllowedValues:
- egress
- ingress
- all
policy:
Label:
en: Policy
zh-cn: 安全組規則訪問權限
Description:
en: <ul class="ul">
<li class="li">Accept:Accept access</li>
<li class="li">Arop:Access denied</li>
</ul>
zh-cn: <ul class="ul">
<li class="li">Accept:接受訪問</li>
<li class="li">Arop:拒絕訪問</li>
</ul>
Type: String
AllowedValues:
- Accept
- Drop
portRange:
Label:
en: PortRange
zh-cn: 端口范圍
Description:
en: 'Use a slash (/) to separate the start and end ports. Example: 1/200, -1/-1, 22/22'
zh-cn: 使用斜線(/)隔開起始端口和終止端口。例如:1/200,-1/-1,22/22
Type: String
sourceCidrIp:
Label:
en: SourceCidrIp
zh-cn: 源端IPv4 CIDR地址塊
Description:
en: 'Example: 10.0.0.0/8,10.0.0.0/0'
zh-cn: 例如:10.0.0.0/8,0.0.0.0/0
Type: String
OOSAssumeRole:
Label:
en: OOSAssumeRole
zh-cn: OOS扮演的RAM角色
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: describeSecurityGroupRules
Action: ACS::ExecuteAPI
Description:
en: Get security group rules
zh-cn: 獲取安全組規則
Properties:
Service: ECS
API: DescribeSecurityGroupAttribute
Parameters:
RegionId: '{{ regionId }}'
SecurityGroupId: '{{ securityGroupId }}'
Direction: '{{ direction }}'
Outputs:
rules:
Type: Json
ValueSelector: .Permissions.Permission | map( select(.Policy == "{{ policy }}") ) | map( select(.PortRange == "{{ portRange }}") ) | map( select(.SourceCidrIp == "{{ sourceCidrIp }}") )
- Name: delSecurityGroupRule
Action: ACS::ExecuteAPI
Description:
en: Delete security group rule
zh-cn: 刪除安全組規則
Properties:
Service: ECS
API: RevokeSecurityGroup
Parameters:
SecurityGroupId: '{{ securityGroupId }}'
RegionId: '{{ regionId }}'
Policy:
Fn::Select:
- Policy
- '{{ ACS::TaskLoopItem }}'
PortRange:
Fn::Select:
- PortRange
- '{{ ACS::TaskLoopItem }}'
SourceCidrIp:
Fn::Select:
- SourceCidrIp
- '{{ ACS::TaskLoopItem }}'
IpProtocol:
Fn::Select:
- IpProtocol
- '{{ ACS::TaskLoopItem }}'
Loop:
Items: '{{ describeSecurityGroupRules.rules }}'
RateControl:
MaxErrors: 0
Mode: Concurrency
Concurrency: 1
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- direction
- policy
- portRange
- sourceCidrIp
Label:
default:
zh-cn: 設置參數
en: Configure Parameters
- Parameters:
- regionId
- securityGroupId
Label:
default:
zh-cn: 選擇安全組
en: Select Security Group
- Parameters:
- OOSAssumeRole
Label:
default:
zh-cn: 高級選項
en: Control Options文檔內容是否對您有幫助?