批量修改AlibabaCloud阿里云service访问控制和安全组白名单IP设置Python脚本

最新推荐文章于 2023-05-30 22:04:28 发布
最新推荐文章于 2023-05-30 22:04:28 发布
阅读量1.4k 收藏 2
点赞数
分类专栏: # Python # AlibabaCloud 文章标签: AlibabaCloud 访问控制 安全组 白名单IP变更 阿里云
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/sweeper_freedoman/article/details/100153531
版权

更新一

下文脚本已经重写并分享到GitHub,而且新的脚本同时集成了亚马逊AWS的相关操作实现,参考https://github.com/Bilery-Zoo/Cloud_Platform_Maintenance/tree/master/CloudPlatform_WhitelistIP_Switcher。而亚马逊AWS单独实现的脚本,也可以参考之后的博文https://blog.csdn.net/sweeper_freedoman/article/details/100868645

阿里云 / AlibabaCloud的若干服务(service)出于安全考虑都有访问控制(Access control)或者叫安全组(Security Group)的设计,类似白名单黑名单的功能,用于控制哪些网络 / 网络段可以访问或者不能访问该服务实例,是一种重要的安全策略。例如负载均衡SLB、内容分发网络CDN和云关系型数据库RDS等。

生产环境一般都会在这些服务的白名单里面配置本地的公网IP(公司或个人公网IP),以使得只有自己的本地网络才可以访问相关服务实例。但是如果本地公网IP发生变更,一个个地手动去修改云上配置,一方面工作比较繁复,另一方面也不安全。所以,用脚本去做是最理想的事情。

以下Python脚本即做了SLB、CDN和RDS三个service的白名单IP变更。过程分为两步:

1.向配置了旧的公网IP的白名单里面添加新的公网IP

2.从添加了新的公网IP的白名单里面删除旧的公网IP

这样可以实现平稳切换。

脚本文件定义如下:

├── functions.py

        base function of AlibabaCloud handlers module (may need OOP rewriting next time)
├── log.py

        log logging module
├── new_ip_append.py

        new IP appending call file
└── old_ip_delete.py

        odl IP deleting call file

functions.py

#!/usr/bin/env python3
# -*- coding: utf-8 -*-


"""
create_author : 蛙鳜鸡鹳狸猿
create_time   : 2019-08-30
program       : *_* base function of AlibabaCloud handlers module (may need OOP rewriting next time) *_*
"""


import re
import json
import typing

from aliyunsdkcore.client import AcsClient
from aliyunsdkslb.request.v20140515 import DescribeAccessControlListsRequest, DescribeAccessControlListAttributeRequest
from aliyunsdkslb.request.v20140515 import AddAccessControlListEntryRequest, RemoveAccessControlListEntryRequest
from aliyunsdkcdn.request.v20180510 import DescribeUserDomainsRequest, DescribeCdnDomainConfigsRequest
from aliyunsdkcdn.request.v20180510 import BatchSetCdnDomainConfigRequest
from aliyunsdkrds.request.v20140815 import DescribeDBInstancesRequest, DescribeDBInstanceIPArrayListRequest
from aliyunsdkrds.request.v20140815 import ModifySecurityIpsRequest

import log

logger = log.LOG().logger()


@log.log(logger=logger, if_exit=True)
def get_slb_gip_info(re_ip, access_key_id=None, access_key_secret=None, region_id=None, ) -> typing.Generator:
    """
    Get IP info of SLB Access Control.
    :param re_ip: IP to get info.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Dict, {"AclId": ..., }.
    """
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = DescribeAccessControlListsRequest.DescribeAccessControlListsRequest()
    response = client.do_action_with_exception(request)
    for instance in json.loads((response.decode("utf-8")))["Acls"]["Acl"]:
        request_sub = DescribeAccessControlListAttributeRequest.DescribeAccessControlListAttributeRequest()
        request_sub.set_AclId(instance["AclId"])
        response_sub = client.do_action_with_exception(request_sub)
        data_sub = json.loads((response_sub.decode("utf-8")))
        if re.search(re_ip, str(data_sub)):
            gip_info = {"AclId": data_sub["AclId"], }
            logger.info("get_slb_gip_info:\n\t{gip_info}".format(gip_info=gip_info))
            yield gip_info


@log.log(logger=logger, if_exit=True)
def get_cdn_gip_info(re_ip, access_key_id=None, access_key_secret=None, region_id=None, ) -> typing.Generator:
    """
    Get IP info of SLB Access Control.
    :param re_ip: IP to get info.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Dict, {"DomainNames": ..., }.
    """
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = DescribeUserDomainsRequest.DescribeUserDomainsRequest()
    response = client.do_action_with_exception(request)
    for instance in json.loads((response.decode("utf-8")))["Domains"]["PageData"]:
        request_sub = DescribeCdnDomainConfigsRequest.DescribeCdnDomainConfigsRequest()
        request_sub.set_DomainName(instance["DomainName"])
        response_sub = client.do_action_with_exception(request_sub)
        data_sub = json.loads((response_sub.decode("utf-8")))
        if re.search(re_ip, str(data_sub)):
            for config in data_sub["DomainConfigs"]["DomainConfig"]:
                if config["FunctionName"] == "ip_allow_list_set":
                    gip_info = {"DomainNames": instance["DomainName"],
                                "ip_allow_list_set": config["FunctionArgs"]["FunctionArg"][0]["ArgValue"]}
                    logger.info("get_cdn_gip_info:\n\t{gip_info}".format(gip_info=gip_info))
                    yield gip_info
                    break


@log.log(logger=logger, if_exit=True)
def get_rds_gip_info(re_ip, access_key_id=None, access_key_secret=None, region_id=None, ) -> typing.Generator:
    """
    Get IP info of RDS Data Security.
    :param re_ip: IP to get info.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Dict, {"DBInstanceId": ..., }.
    """
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = DescribeDBInstancesRequest.DescribeDBInstancesRequest()
    response = client.do_action_with_exception(request)
    # print(json.loads((response.decode("utf-8"))))
    for instance in json.loads((response.decode("utf-8")))["Items"]["DBInstance"]:
        request_sub = DescribeDBInstanceIPArrayListRequest.DescribeDBInstanceIPArrayListRequest()
        request_sub.set_DBInstanceId(instance["DBInstanceId"])
        response_sub = client.do_action_with_exception(request_sub)
        data_sub = json.loads((response_sub.decode("utf-8")))
        # print(data_sub)
        if re.search(re_ip, str(data_sub)):
            for config in data_sub["Items"]["DBInstanceIPArray"]:
                if re.search(re_ip, str(config)):
                    gip_info = {"DBInstanceId": instance["DBInstanceId"],
                                "DBInstanceIPArrayName": config["DBInstanceIPArrayName"],
                                "DBInstanceIPArrayAttribute": config["DBInstanceIPArrayAttribute"],
                                "WhitelistNetworkType": config["WhitelistNetworkType"],
                                "SecurityIPType": config["SecurityIPType"]}
                    logger.info("get_rds_gip_info:\n\t{gip_info}".format(gip_info=gip_info))
                    yield gip_info
                    break


@log.log(logger=logger, if_exit=True)
def add_slb_gip_info(add_entry: list, acl_id: str, access_key_id=None, access_key_secret=None, region_id=None, ):
    """
    Add IP info into SLB Access Control. See also:
        https://www.alibabacloud.com/help/zh/doc-detail/70023.htm.
    :param add_entry: List consisted of Dict, eg `[{"entry": "IP / IP block", "comment": "..."}, ]`.
    :param acl_id: AclId of SLB.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Python built-in exit code.
    """
    logger.warning("add_slb_gip_info:\n\t{info}".format(info=str(
        {"acl_id": acl_id, "add_entry": add_entry, }
    )))
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = AddAccessControlListEntryRequest.AddAccessControlListEntryRequest()
    request.set_accept_format('json')
    request.set_AclId(acl_id)
    request.set_AclEntrys(str(add_entry))
    client.do_action_with_exception(request)


@log.log(logger=logger, if_exit=True)
def remove_slb_gip_info(remove_entry: list, acl_id: str, access_key_id=None, access_key_secret=None, region_id=None, ):
    """
    Remove IP info into SLB Access Control. See also:
        https://www.alibabacloud.com/help/zh/doc-detail/70055.htm.
    :param remove_entry: List consisted of Dict, eg `[{"entry": "IP / IP block", "comment": "..."}, ]`.
    :param acl_id: AclId of SLB.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Python built-in exit code.
    """
    logger.warning("remove_slb_gip_info:\n\t{info}".format(info=str(
        {"acl_id": acl_id, "remove_entry": remove_entry, }
    )))
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = RemoveAccessControlListEntryRequest.RemoveAccessControlListEntryRequest()
    request.set_accept_format('json')
    request.set_AclId(acl_id)
    request.set_AclEntrys(str(remove_entry))
    client.do_action_with_exception(request)


@log.log(logger=logger, if_exit=True)
def modify_cdn_gip_info(modify_entry: list, domain_name: str, access_key_id=None, access_key_secret=None, region_id=None, ):
    """
    Modify IP info into CDN Access Control. See also:
        https://www.alibabacloud.com/help/zh/doc-detail/90915.htm.
    :param modify_entry: List consisted of Dict, eg `[{"functionArgs": [{"argName": "ip_list", "argValue": ...}], "functionName": "ip_allow_list_set"}]`.
    :param domain_name: DomainName of CDN.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Python built-in exit code.
    """
    logger.warning("modify_cdn_gip_info:\n\t{info}".format(info=str(
        {"domain_name": domain_name, "modify_entry": modify_entry, }
    )))
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = BatchSetCdnDomainConfigRequest.BatchSetCdnDomainConfigRequest()
    request.set_accept_format('json')
    request.set_DomainNames(domain_name)
    request.set_Functions(modify_entry)
    client.do_action_with_exception(request)


@log.log(logger=logger, if_exit=True)
def modify_rds_gip_info(modify_ip: str, modify_mode: str, db_instance_id: str,
                        ip_array_name: str, ip_array_attribute: str, ip_type: str, network_type: str,
                        access_key_id=None, access_key_secret=None, region_id=None, ):
    """
    Modify IP info into RDS Data Security. See also:
        https://www.alibabacloud.com/help/zh/doc-detail/26242.htm?spm=a2c63.p38356.879954.54.6eb34542JGBoSp.
    :param modify_ip: IP address to modify.
    :param modify_mode: modify mode(valid values: Append, Delete, Cover).
    :param db_instance_id: RDS instance ID.
    :param ip_array_name: RDS instance IP array name.
    :param ip_array_attribute: RDS instance IP array attribute.
    :param ip_type: IP type.
    :param network_type: network type.
    :param access_key_id: AlibabaCloud auth access_key_id.
    :param access_key_secret: AlibabaCloud auth access_key_secret.
    :param region_id: AlibabaCloud region_id.
    :return: Python built-in exit code.
    """
    logger.warning("modify_rds_gip_info:\n\t{info}".format(info=str(
        {"db_instance_id": db_instance_id, "ip_array_name": ip_array_name,
         "modify_mode": modify_mode, "modify_ip": modify_ip, }
    )))
    client = AcsClient(access_key_id, access_key_secret, region_id)
    request = ModifySecurityIpsRequest.ModifySecurityIpsRequest()
    request.set_accept_format('json')
    request.set_SecurityIps(modify_ip)
    request.set_ModifyMode(modify_mode)
    request.set_DBInstanceId(db_instance_id)
    request.set_DBInstanceIPArrayName(ip_array_name)
    request.set_DBInstanceIPArrayAttribute(ip_array_attribute)
    request.set_SecurityIPType(ip_type)
    request.set_WhitelistNetworkType(network_type)
    client.do_action_with_exception(request)


if __name__ == "__main__":
    """
    SLB
    """
    # for i in get_slb_gip_info():
    #     print(i)
    # add_slb_gip_info("acl-......",
    #                  [{"entry": "127.0.0.0/32", "comment": "テストの為IP"}, ]
    #                  )
    # remove_slb_gip_info("acl-......",
    #                     [{"entry": "127.0.0.0/32", }, ]
    #                     )
    """
    CDN
    """
    # for i in get_cdn_gip_info():
    #     print(i)
    # modify_cdn_gip_info("www.ip_switch.test.com", [
    #     {"functionArgs": [{"argName": "ip_list", "argValue": "127.0.0.0/32,127.0.0.1/32"}],
    #  "functionName": "ip_allow_list_set"}])
    """
    RDS
    """
    # for i in get_rds_gip_info():
    #     print(i)
    # modify_rds_gip_info("127.0.0.0", "Delete", "rm-......", "test", '', "IPv4", "MIX")

log.py

#!/usr/bin/env python3.6
# -*- coding: utf-8 -*-


"""
create_author : 蛙鳜鸡鹳狸猿
create_time   : 2019-08-30
program       : *_* log logging module *_*
"""


import os
import sys
import logging
import functools


class LOG(object):
    """
    Log logging definition.
    """

    def __init__(self, level=logging.INFO, stream=sys.stdout, filemode='a',
                 filename=os.path.dirname(os.path.abspath(__file__)) + '/' + "log",
                 datefmt="%Y-%m-%d %H:%M:%S",
                 format="%(asctime)s\t%(levelname)s\t< Module: %(module)s, Function: %(funcName)s >\t%(message)s",
                 **kwargs):
        """
        LOG init.
        :param level: arg pass to standard library logging.basicConfig().
        :param stream: arg pass to standard library logging.basicConfig().
        :param filemode: arg pass to standard library logging.basicConfig().
        :param filename: arg pass to standard library logging.basicConfig().
        :param datefmt: arg pass to standard library logging.basicConfig().
        :param format: arg pass to standard library logging.basicConfig().
        :param kwargs: arg pass to standard library logging.basicConfig().
        """
        self.level = level
        self.stream = stream
        self.filename = filename
        self.filemode = filemode
        self.datefmt = datefmt
        self.format = format
        self.kwargs = kwargs

    def logger(self, name=__name__):
        """
        Logger object generates.
        :param name: Logger name(parameters pass to standard library logging.getLogger()).
        :return: Logger object.
        """
        args = {
            "level": self.level,
            "stream": self.stream,
            "filename": self.filename,
            "filemode": self.filemode,
            "datefmt": self.datefmt,
            "format": self.format,
        }
        try:
            if self.stream and self.filename:
                del args["stream"]
        except KeyError:
            pass
        logging.basicConfig(**args, **self.kwargs)
        return logging.getLogger(name)


def raise_log(raised_except, msg=''):
    """
    Raise exception by hand to escape error exit caused by built-in [raise].
    :param raised_except: Exception object.
    :param msg: Exception feedback message.
    :return: Python's built-in exit code.
        Output Exception of [raised_except].
    """
    try:
        raise raised_except(msg)
    except raised_except as E:
        logging.exception(E)


def log(logger=None, exc_msg='', if_exit=False, exit_msg='', result_check=False, check_except=None, check_msg=''):
    """
    Log logging decorator function.
    :param logger: Logger object(see also logging.getLogger()).
    :param exc_msg: extra message to return when exceptions catch.
    :param if_exit: Boolean.
        Whether to exit or not when catching exception.
    :param exit_msg: extra message to return when exceptions catch and exit.
    :param result_check: Boolean.
        Whether or not to check Python's False status result of [func]'s return.
    :param check_except: Exception object to raise when [result_check].
    :param check_msg: Exception feedback message to return when [result_check].
    :return: decorated function [func]'s return.
    """
    if not logger:
        logger = LOG().logger()

    def decorator(func):
        @functools.wraps(func)
        def wrapper(*args, **kwargs):
            result = None
            try:
                result = func(*args, **kwargs)
            except BaseException:
                logger.exception(exc_msg)
                if if_exit:
                    sys.exit(exit_msg)
            finally:
                if result_check:
                    if not result:
                        raise_log(check_except, check_msg)
                return result
        return wrapper
    return decorator


if __name__ == "__main__":
    LOG_Test = LOG
    # LOG().logger().info("INFO:Come...")
    # LOG().logger().error("ERROR:Come...")

    # @log()
    # def get(a, b):
    #     return a / b
    # get(a=1, b=0)

new_ip_append.py

#!/usr/bin/env python3.6
# -*- coding: utf-8 -*-


"""
create_author : 蛙鳜鸡鹳狸猿
create_time   : 2019-08-30
program       : *_* new IP appending call file *_*
"""


import re
import functions


"""
*******************************************************************************
Unit test button
                        |\_/|
                        | ・x・ |
               \_____/    |
                 |         |
                \       ノ 
             ((( (/ ̄ ̄ ̄ ̄(/ヽ)
"""
UT_FLAG = True
"""
Default `True` for script testing
Set to `False` when production using
*******************************************************************************
"""


new_gip = ""
old_gip = "127.0.0.0" if UT_FLAG else ""
re_ip = re.compile(r"127[.]0[.]0[.]0") if UT_FLAG else re.compile(r"127[.]0[.]0[.]11")

sbcloud_region = ["ap-northeast-1",
                  "cn-qingdao",
                  "cn-beijing",
                  "cn-zhangjiakou",
                  "cn-huhehaote",
                  "cn-hangzhou",
                  "cn-shanghai",
                  "cn-shenzhen",
                  "cn-chengdu",
                  "cn-hongkong",
                  "ap-southeast-1",
                  "ap-southeast-2",
                  "ap-southeast-3",
                  "ap-southeast-5",
                  "ap-south-1",
                  "us-west-1",
                  "us-east-1",
                  "eu-central-1",
                  "eu-west-1",
                  "me-east-1",
                  ]
SBCloud_Access_Key = {"access_key_id": "",
                      "access_key_secret": "",
                      "region_id": sbcloud_region[0],
                      }


# append new IP into SLB
for slb_gip_info in functions.get_slb_gip_info(re_ip, **SBCloud_Access_Key):
    slb_append_info = ([{"entry": "{new_gip}/32".format(new_gip=new_gip), "comment": "汐留GIP"}, ],
                       slb_gip_info["AclId"], )
    functions.add_slb_gip_info(*slb_append_info, **SBCloud_Access_Key)


# append new IP into CDN
for cdn_gip_info in functions.get_cdn_gip_info(re_ip, **SBCloud_Access_Key):
    ip_append_info = re.sub(re_ip, "{old_gip}/32,{new_gip}".format(old_gip=old_gip, new_gip=new_gip),
                            cdn_gip_info["ip_allow_list_set"])
    cdn_append_info = ([{"functionArgs": [{"argName": "ip_list",
                                           "argValue": "{ip_append_info}".format(ip_append_info=ip_append_info)}],
                         "functionName": "ip_allow_list_set"}],
                       cdn_gip_info["DomainNames"], )
    functions.modify_cdn_gip_info(*cdn_append_info, **SBCloud_Access_Key)


# append new IP into RDS
for rds_gip_info in functions.get_rds_gip_info(re_ip, **SBCloud_Access_Key):
    rds_append_info = (new_gip, "Append", rds_gip_info["DBInstanceId"],
                       rds_gip_info["DBInstanceIPArrayName"], rds_gip_info["DBInstanceIPArrayAttribute"],
                       rds_gip_info["SecurityIPType"], rds_gip_info["WhitelistNetworkType"], )
    functions.modify_rds_gip_info(*rds_append_info, **SBCloud_Access_Key)

old_ip_delete.py

#!/usr/bin/env python3.6
# -*- coding: utf-8 -*-


"""
create_author : 蛙鳜鸡鹳狸猿
create_time   : 2019-08-30
program       : *_* odl IP deleting call file *_*
"""


import re
import functions


"""
*******************************************************************************
Unit test button
                        |\_/|
                        | ・x・ |
               \_____/    |
                 |         |
                \       ノ 
             ((( (/ ̄ ̄ ̄ ̄(/ヽ)
"""
UT_FLAG = True
"""
Default `True` for script testing
Set to `False` when production using
*******************************************************************************
"""


old_gip = "127.0.0.0" if UT_FLAG else ""
re_ip = re.compile(r"127[.]0[.]0[.]0") if UT_FLAG else re.compile(r"127[.]0[.]0[.]11")


sbcloud_region = ["ap-northeast-1",
                  "cn-qingdao",
                  "cn-beijing",
                  "cn-zhangjiakou",
                  "cn-huhehaote",
                  "cn-hangzhou",
                  "cn-shanghai",
                  "cn-shenzhen",
                  "cn-chengdu",
                  "cn-hongkong",
                  "ap-southeast-1",
                  "ap-southeast-2",
                  "ap-southeast-3",
                  "ap-southeast-5",
                  "ap-south-1",
                  "us-west-1",
                  "us-east-1",
                  "eu-central-1",
                  "eu-west-1",
                  "me-east-1",
                  ]
SBCloud_Access_Key = {"access_key_id": "LTAIhY89cQ2i0gdi",
                      "access_key_secret": "cXkEFvWUjpQvl0d4F0Le0dr2SI9d1o",
                      "region_id": sbcloud_region[0],
                      }


# delete old IP into SLB
for slb_gip_info in functions.get_slb_gip_info(re_ip, **SBCloud_Access_Key):
    slb_remove_info = ([{"entry": "{old_gip}/32".format(old_gip=old_gip), }, ],
                       slb_gip_info["AclId"], )
    functions.remove_slb_gip_info(*slb_remove_info, **SBCloud_Access_Key)


# delete old IP into CDN
for cdn_gip_info in functions.get_cdn_gip_info(re_ip, **SBCloud_Access_Key):
    ip_remove_info = re.sub("{old_gip}/32,".format(old_gip=old_gip), '', cdn_gip_info["ip_allow_list_set"])
    cdn_remove_info = ([{"functionArgs": [{"argName": "ip_list",
                                           "argValue": "{ip_remove_info}".format(ip_remove_info=ip_remove_info)}],
                         "functionName": "ip_allow_list_set"}],
                       cdn_gip_info["DomainNames"], )
    functions.modify_cdn_gip_info(*cdn_remove_info, **SBCloud_Access_Key)


# delete old IP into RDS
for rds_gip_info in functions.get_rds_gip_info(re_ip, **SBCloud_Access_Key):
    rds_remove_info = (old_gip, "Delete", rds_gip_info["DBInstanceId"],
                       rds_gip_info["DBInstanceIPArrayName"], rds_gip_info["DBInstanceIPArrayAttribute"],
                       rds_gip_info["SecurityIPType"], rds_gip_info["WhitelistNetworkType"], )
    functions.modify_rds_gip_info(*rds_remove_info, **SBCloud_Access_Key)

 

蛙鳜鸡鹳狸猿
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
esg-update-public-in:阿里云ecs安全组自动更新可访问ip脚本
03-08
功能 阿里云上对服务器设置名单,但是部分IP不是固定IP,路由被重启后就不会被重新随机分配一个IP,因此弄了简单的内容可以进行更新。 注意 需要自己申请阿里云相关的权限 # -c 配置文件 -f 已有的ip地址文件 -p 进程pid文件 nohup esg -c config.yml -f public_ip > ./log 2>&1 & # config.yml testUrl: 可选,测试公共IP的地址,http get 请求直接返回IP地址, 默认: http://ifconfig.me updateUrl: 可选,当IP地址发生变化后,会调用的地址,http get 请求,会增加一个ip的query参数,待实现 waitSeconds: 可选,刷新周期,单位秒,默认:300 regionId: cn-hangzhou 阿里的区域 accessKeyId: 权限keyid acc
利用python批量给云主机配置安全组的方法教程
12-24
前言 这几年对运维人员来说最大的变化可能就是公有云的出现了,我相信可能很多小伙伴公司业务就跑在公有云上,  因为公司业务关系,我个人接触公有云非常的早,大概在12年左右就是开始使用亚马逊云,后来逐渐接触到国内的阿里,腾讯云等,随着公司业务往国内发展,这几年我们也使用了很多国内的公有云厂商,所以在云运维方面也积累了一些经验,从传统的物理机到公有云运维,我个人认为最大的问题就是你能不能用公有云的思路去思考去实现一个安全稳定、可伸缩和经济的业务构架,云运维是有别与传统运维的,比如说了解公有云的都知道安全组的概念,安全组跟防火墙功能很相似,那我的机器是要设置iptables还是要设置安全组呢?设置了安
阿里云Python-SDK管理安全组和RDS实例IP名单
GiveMeFive_Y的博客
12-01 2470
安装SDK #pip install aliyun-python-sdk-rds #pip install aliyun-python-sdk-ecs 代码示例: #!/usr/bin/env python # coding=utf-8 from aliyunsdkcore import client from aliyunsdkecs.request.v20140526 import Descr
安全组技术
晓峰博客笔记
07-11 1288
安全组
云服务器ECS安全组实践(一)
weixin_34309435的博客
02-20 143
应用上云除了对资源生命周期管理和应用交付是一个转变,更重要是思维方式的转变。本篇文章就简单介绍下上云的一个重要概念安全组(Security Group)。本文是安全组系列的第一篇,主要介绍安全组的基本概念、约束和如何配置入网规则。 安全组的基本概念和约束 安全组在云端提供类似虚拟防火墙功能,用于设置单个或多个 ECS 实例的网络访问控制,它是重要的安全隔...
阿里云的名单规则如何实现IP限制和访问控制
聚搜云_上海聚搜信息技术有限公司
05-30 2356
总之,通过运用阿里云的名单规则,企业可以实现有针对性的IP限制和访问控制,提高网络安全水平。在应用过程中,需合理设置名单,并定期进行检查和更新,以保持访问策略的有效性。1. 对内部资源进行访问保护:企业可以通过设置名单,仅允许内部员工IP访问特定资源,以防止未经授权的外部访问。2. 客户端访问限制:针对面向客户的应用,将可信任客户端IP列入名单,只允许这些客户端访问相应服务。1. 定期检查和更新名单:随着企业业务的发展和变化,可能需要定期更新允许访问IP地址。1. 阿里云名单规则的基本原理。
阿里云主机不能用IP访问网站的解决方法(配置安全组规则搞定)
09-29
刚买了一台阿里云主机,迫不待及的试试速度,怎知网站访问不了,用IP或绑定域名都无法访问,后来提交工单才知道,需要配置安全组规则才行。针对同样像我一样的新手,本文就介绍一下如何在开通阿里云主机后配置安全组...
阿里云腾讯云自动配置安全组脚本(php版)
最新发布
02-29
此功能用于,我们日常开发中,连接服务器,又不想22022端口暴露,则需要针对开发环境的IP配置安全组,又因为我们的Ip经常会变,此脚本则是配置好阿里云,以及腾讯云相关参数之后运行起来,则可以自动针对开发环境的...
cloudflare目前找到的ip名单,可用于设置ip名单以免网站访问受限
01-08
cloudflare目前找到的ip名单,可用于设置ip名单以免网站访问受限
Python脚本修改阿里云的访问控制列表
weixin_34101229的博客
03-06 164
需求 对于部署在阿里云上的重要系统一般是不让其他人访问的,所以会在负载均衡(SLB)上加上访问控制列表。而使用ASDL拨号上网的宽带来说一般公网IP都不会固定的,会随时变更公网IP,所以此脚本正是解决此需求。 说明 脚本运行前需要先安装aliyun-python-sdk-core 和aliyun-python-sdk-slb 2个sdk,并且在阿里云账户里面创建access_key和access_...
Golang/Python添加阿里云安全组:将本机外网IP添加为IP名单
运维技术栈
06-18 710
应用场景 每次去阿里云控制台 将自己的外网IP添加为名单操作过于繁琐,一切可以自动化的事情应该要自动化,所以我们需要一个 自动将本机外网IP添加为安全组规则的脚本。 前置条件 拥有可以操作 AuthorizeSecurityGroup API 的 AccessKey 前往 AccessKey 管理 添加 accessKey。 添加一个子账号,创建 AccessKey 给该 AccessKey 授权一个最小的权限:AuthorizeSecurityGroup,只能添加安全组的入方向规则。 准备好了
阿里云导出云数据库RDS实例-python
weixin_46335835的博客
09-26 593
前言 阿里云工作台支持调用openapi完成一系列操作,因为公司需要定期导出实例配置统计,所以尝试写了个python脚本。 api调用:DescribeDBInstanceAttribute:此api查询条件为实例ID,所以调用DescribeDBInstances获取 获取实例ID 说明: aliyun_Client模块未自定义模块,可以参考https://blog.csdn.net/weixin_46335835/article/details/120264405?spm=1001.2014.3001
Python实现阿里云DDNS动态域名解析
nonlinearthink的博客
10-25 1473
想要更好的阅读体验,可以转我的个人博客。 DDNS 简介 DDNS(Dynamic Domain Name Server),它的作用是将用户的动态IP绑定到一个域名上去。 这样就算你的服务器IP发生了变化,用户仍然可以使用你的域名找到你的服务器。 阿里云提供了一套API,可以让你用编程的方式实现 DDNS,但是需要你的域名是在阿里云上申请的。 感谢我的室友借用给我测试用的域名。 一些可能用到的库 pip install aliyun-python-sdk-core pip install aliyun-
解决:阿里云 OSS 存储访问报错 AccessDenied
热门推荐
liuzhen007的专栏
03-20 1万+
使用阿里云的 OSS 的客户端 SDK上传了一个文件,访问存储地址时遇到如下报错信息: <Error> <Code>AccessDenied</Code> <Message>You have no right to access this object because of bucket acl.</Message> <RequestId>622FF5149849B43239F0C519</RequestId> &l..
python实现添加阿里云IP名单
w2909526的博客
09-09 990
由于公司业务需求 原本需手动添加sftp名单 现通过python实现自动添加 #!/usr/bin/python # -*- coding: utf-8 -* # 执行前先安装阿里云sdk pip install aliyun-python-sdk-ecs from aliyunsdkcore.client import AcsClient from aliyunsdkecs.request...
python如何调用阿里云接口_python 调用阿里云云解析api添加记录
weixin_39931146的博客
12-06 601
首先安装阿里云SDKpip install aliyun-python-sdk-corepip install aliyun-python-sdk-alidns可以配合jenkins传递参数#!/usr/bin/python3# -*- coding: utf-8 -*-# @Time : 2018/1/24 0024 13:42# @Author : sanmuyan# @FileNam...
【DDNS】Python实现阿里云域名DDNS
qq_37744229的博客
06-21 3677
第一步:拥有阿里云域名,设置阿里云域名管理账号 转载自:https://www.jianshu.com/p/b8e01206f58c 第二步:新建加载运行python文件 参考:https://blog.zeruns.tech/archives/507.html 实际使用时会遇到请求超时等情况. 作出了一些代码的修改:(目前只修改ipv4,ipv6自行参考修改~) 1.在超时时不再请求。 2.断网重连 ...
python如何调用阿里云接口_python调用阿里云产品接口
weixin_39800990的博客
12-06 740
#功能:定时分析日志,发现异常IP则调用slb接口进行封禁ip,同时邮件通知相关人员,被封ip俩个小时后解封from aliyunsdkcore.client importAcsClientfrom aliyunsdkcore.acs_exception.exceptions importClientExceptionfrom aliyunsdkcore.acs_exception.excepti...
阿里云域名动态IP解析Shell小脚本
艾小米
06-29 2148
当你手里面有一个闲置的域名,有一个漂浮不定的外网ip,你又想在外网ip变更后自动解析到域名上,此情此景此脚本可能会帮上你。 更新日志 2020-09-29 支持IPV6解析(支持设置解析记录类型:A、NS、MX、TXT、CNAME、SRV、AAAA、CAA、REDIRECT_URL、FORWARD_URL) 使用步骤: 在阿里云域名管理中解析自己的域名 记录类型:A 主机记录:按你需要输入 解析路线:默认(随你) 记录值:随便输入一个Ip地址(运行脚本后会自动更新到正确的) TTL值
阿里云访问公网ip地址需要在实例安全组名单中增加
11-11
阿里云访问公网IP地址需要在实例安全组名单中增加。 阿里云提供的实例安全组是一种防火墙规则集合,用于控制入站和出站流量。当我们在阿里云上创建虚拟机实例时,默认情况下,实例的安全组是没有开放外部访问的。...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值