Allocate and Bind EIP to Existing Cloud Resources

Scenario Description

Allocate Elastic IP Address (EIP) and bind it to existing Alibaba Cloud resources for public internet access. This skill focuses on EIP product capabilities only. Supported Resource Types:

- EcsInstance: ECS instance (requires instance ID)
NetworkInterface: Elastic Network Interface/ENI (requires ENI ID + private IP address)
SlbInstance: Classic Load Balancer/CLB (requires CLB instance ID)
Nat: NAT Gateway (requires NAT Gateway ID)
HaVip: High-Availability Virtual IP (requires HaVip ID)
IpAddress: Direct IP address binding (requires VPC ID + IP address)

Key Principles:

1. ✅ Only operate on user-provided resource IDs - never query or auto-select resources
✅ Fail fast - stop immediately on unrecoverable errors
✅ No resource creation - only bind to existing resources (no new ECS/NAT/VPC creation)
✅ User confirmation - ask for key EIP parameters before allocation
✅ Cleanup on failure - release newly allocated EIPs if binding fails

Pre-checks

1. Aliyun CLI version verification (>= 3.3.2)

aliyun configure set --auto-plugin-install true
CLI_VERSION=$(aliyun version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1)
[ "$(printf '%s\n' "3.3.2" "$CLI_VERSION" | sort -V | head -n1)" != "3.3.2" ] && echo "❌ CLI < 3.3.2" && exit 1

2. Authentication credential verification

CODEBLOCK1

Workflow Overview

Key rules for ALL commands below:

- Every aliyun product command MUST include --user-agent AlibabaCloud-Agent-Skills (NOT on configure commands)
Use plugin mode (kebab-case): aliyun vpc allocate-eip-address, NOT INLINECODE4
VPC commands require INLINECODE5
CRITICAL: --biz-region-id only sets the RegionId parameter in the API request body; it does NOT control which API endpoint the CLI connects to. The API endpoint is determined by the CLI profile's configured region. Before running any VPC command, you MUST set the CLI profile region to match the target region:

  aliyun configure set --region {REGION}

- jq is NOT available — use grep to parse JSON output

Global Variables to Track:

- CREATED_EIPS: Array of EIP AllocationIds created in this session (for user-controlled cleanup on failure)
INLINECODE10: Target region (MUST be explicitly provided by user, no default)
INLINECODE11: Target resource type (EcsInstance/NetworkInterface/SlbInstance/Nat/HaVip/IpAddress)
INLINECODE12: Boolean flag (true = use existing EIP, false = create new EIP)
INLINECODE13: EIP instance ID (from existing EIP or newly allocated)

Workflow Phases:

1. Phase 1: Extract user input, validate resource, choose existing/new EIP

- Steps 1.1-1.2: Extract parameters, set CLI region - Step 1.3: Check if resource already has EIP bound (DescribeEipAddresses) - Step 1.3.5: Check if ECS has PIP/Public IP (ECS only, DescribeInstanceAttribute) - Step 1.4: User chooses existing EIP or new EIP - Step 1.5: Use existing EIP (query available EIPs, let user select) - Step 1.6: Create new EIP (confirm parameters) - Step 1.7: Pre-allocation validation (only for new EIP)

2. Phase 2: Allocate EIP (only if USE_EXISTING_EIP = false)
Phase 3: Bind EIP to target resource (actual execution)
Phase 4: Verify binding
Phase 5: Cleanup on failure (ask user to keep or release newly created EIP)

Phase 1: Extract User Input and Validate Resource

Step 1.1: Extract required parameters from user message

Required from user:

- Region: Target region (e.g., cn-beijing, cn-hangzhou) - MUST be explicitly provided, no default
Resource Type: One of: ECS / ENI / CLB / NAT / HAVIP / IP
Resource ID: Exact instance ID, ENI ID, NAT ID, etc.
Additional parameters (instance-type specific):

- If NetworkInterface: Must have PrivateIpAddress (private IP to bind) - If IpAddress: Must have VpcId (VPC ID where IP address resides) If ANY required parameter is missing, STOP and ask user:

❌ Missing: Region[REQUIRED] | ResourceType[ECS/ENI/CLB/NAT/HAVIP/IP] | ResourceID | [PrivateIP for ENI] | [VpcId for IP]

CRITICAL:

- Region MUST be explicitly provided by user. Do NOT use default region (like cn-hangzhou).
Do NOT proceed without explicit user-provided values.

Step 1.1.1: Input Validation (Security)

Validate inputs to prevent command injection:

- Region: ^[a-z]{2,3}-[a-z]+-\d*[a-z]*$ (e.g., cn-beijing, ap-southeast-1)
Resource IDs: INLINECODE22
IP Address: INLINECODE23

If validation fails, STOP: INLINECODE24

Step 1.2: Set CLI region to target region

Before any API operation, configure CLI region:

aliyun configure set --region {REGION}

This ensures the CLI connects to the correct regional API endpoint.

Step 1.3: Check if resource already has EIP bound

Use DescribeEipAddresses to check if the target resource already has an EIP: Map user input to InstanceType parameter:

User Input	AssociatedInstanceType Value
ECS	EcsInstance
ENI

aliyun vpc describe-eip-addresses \
  --biz-region-id {REGION} \
  --associated-instance-type {INSTANCE_TYPE} \
  --associated-instance-id {RESOURCE_ID} \
  --user-agent AlibabaCloud-Agent-Skills

Check response: If TotalCount > 0 (resource already has EIP bound):

❌ ERROR: Resource {RESOURCE_ID} already has EIP bound.
Existing EIP: {EipAddress} | ID: {AllocationId} | Bandwidth: {Bandwidth}Mbps | Status: {Status}
To bind a different EIP, first unbind existing: aliyun vpc unassociate-eip-address --biz-region-id {REGION} --allocation-id {AllocationId} --instance-id {RESOURCE_ID} --instance-type {INSTANCE_TYPE}

STOP. Do not proceed. If TotalCount = 0 (resource has no EIP bound):

✅ Resource {RESOURCE_ID} has no EIP bound. Proceeding to next validation...

Continue to Step 1.3.5.

Step 1.3.5: Check if ECS instance has PIP (Public IP) - ECS Only

This step is ONLY executed when INSTANCE_TYPE = EcsInstance.
For other resource types (ENI, CLB, NAT, HAVIP, IP), skip directly to Step 1.4.

Purpose: Check if the ECS instance already has a Public IP (PIP) assigned at creation time. PIP is different from EIP:

- EIP (Elastic IP): Can be dynamically bound/unbound to resources
PIP (Public IP): Fixed public IP assigned when ECS is created, released when ECS is deleted, cannot be unbound

Query command:

aliyun ecs describe-instance-attribute \
  --instance-id {RESOURCE_ID} \
  --user-agent AlibabaCloud-Agent-Skills

Parse response and check PublicIpAddress field: Case 1: PublicIpAddress.IpAddress is not empty (ECS has PIP):

❌ ERROR: ECS instance {RESOURCE_ID} already has a Public IP (PIP) assigned.
Public IP: {PublicIpAddress.IpAddress[0]} | Type: PIP (fixed, created with ECS)

⚠️ You CANNOT bind an EIP to an ECS instance that already has a PIP.
Options:
1. Use the existing Public IP (no action needed)
2. Convert PIP to EIP (requires ECS Stopped): aliyun vpc convert-nat-public-ip-to-eip --biz-region-id {REGION} --instance-id {RESOURCE_ID}
3. Release and recreate ECS without PIP
Operation stopped.

STOP. Do not proceed. Case 2: PublicIpAddress.IpAddress is empty (no PIP):

✅ ECS instance {RESOURCE_ID} has no Public IP (PIP). Ready to bind EIP.

Continue to Step 1.4. Case 3: API call fails (e.g., InvalidInstanceId.NotFound):

❌ ERROR: ECS instance {RESOURCE_ID} not found in region {REGION}.
Error: {ERROR_CODE} - {ERROR_MESSAGE}
Please verify: instance ID, region, and permissions.

STOP. Do not proceed.

Step 1.4: Choose between existing EIP or new EIP

Options for {RESOURCE_TYPE} {RESOURCE_ID}:
A) Use existing EIP (query available or provide ID)
B) Create new EIP (configure bandwidth, ISP, billing)
Choice (A/B):

If user selects Option A (use existing EIP), proceed to Step 1.5. If user selects Option B (create new EIP), proceed to Step 1.6.

Step 1.5: Use Existing EIP (Option A)

Step 1.5.1: Ask if user has specific EIP ID

Have specific EIP ID? (yes: provide ID / no: query available)

If user provides EIP ID:

- Save as INLINECODE31
Validate EIP exists and is Available (query with DescribeEipAddresses)
If EIP not found or not Available, show error and ask again
Skip to Phase 3 (bind existing EIP)

If user wants to see available EIPs, proceed to Step 1.5.2.

Step 1.5.2: Query available EIPs

Query all Available EIPs in the region:

aliyun vpc describe-eip-addresses \
  --biz-region-id {REGION} \
  --status Available \
  --page-size 100 \
  --user-agent AlibabaCloud-Agent-Skills

Handle pagination if needed:

- If TotalCount > 100, make multiple requests with --page-number 2, 3, ... until all Available EIPs are retrieved
Collect all Available EIPs across all pages

If no available EIPs found (TotalCount = 0):

❌ No available EIPs in {REGION}. Create new EIP? (yes/no)

If user says yes, go to Step 1.6. If no, STOP.
If available EIPs found:

Step 1.5.3: Present available EIPs to user

If 5 or fewer: Show all. If >5: Show 5 random.

Found {TOTAL_COUNT} available EIP(s) in {REGION}:
1. eip-bp1xxx | 47.1.2.3 | 5Mbps | BGP | PayByTraffic
2. eip-bp1yyy | 47.4.5.6 | 10Mbps | BGP | PayByBandwidth
...
Select: Enter number (1-5), EIP ID, or "new" for new EIP:

Wait for user selection. Validate user selection:

- If user enters number: Map to corresponding EIP from the list
If user enters EIP ID: Validate it's in the Available state
If user types "new": Go to Step 1.6
If invalid input: Ask again

Save selected EIP's AllocationId. Set USE_EXISTING_EIP = true (to skip EIP allocation in Phase 2). Skip to Phase 3 (bind existing EIP).

Step 1.6: Create New EIP (Option B)

Ask user for EIP configuration:

Create new EIP in {REGION} for {RESOURCE_TYPE} {RESOURCE_ID}.
Config (Enter for defaults): Bandwidth[5Mbps] | ISP[BGP/BGP_PRO] | Billing[PayByTraffic/PayByBandwidth] | Purpose[optional for naming]

Defaults: BANDWIDTH=5, ISP=BGP, INTERNETCHARGETYPE=PayByTraffic EIP Naming: If purpose provided, generate name: eip-{purpose}-{resource_type} (e.g., eip-web-ecs) Set USE_EXISTING_EIP = false (will allocate new EIP in Phase 2). IMPORTANT: Always create PayByTraffic (pay-by-traffic) EIP by default unless user explicitly requests PayByBandwidth. IMPORTANT: PrePaid (subscription/包年包月) EIP is NOT supported by this skill. If user requests PrePaid EIP, respond:

❌ This skill does not support creating PrePaid (subscription) EIPs.
Please create PrePaid EIPs through the Alibaba Cloud Console: https://vpc.console.aliyun.com/eip

STOP. Do NOT proceed. Continue to Phase 1.7 (pre-allocation validation) if creating new EIP.

Step 1.7: Pre-Allocation Validation (Only for New EIP)

This step is ONLY executed when USE_EXISTING_EIP = false (creating new EIP).
If using existing EIP, skip directly to Phase 3.

Step 1.7.1: Check EIP quota

Query EIP count: aliyun vpc describe-eip-addresses --biz-region-id {REGION} --page-size 100 If approaching 20 (standard limit), show quota warning. This is a soft check.

Step 1.7.2: Validate target resource (best-effort)

For EcsInstance: aliyun ecs describe-instances --instance-ids '["ID"]'

- Status != Running/Stopped: warning
PublicIpAddress non-empty: STOP (PIP conflict)

For NetworkInterface (ENI): aliyun ecs describe-network-interfaces --network-interface-id '["ID"]'

- Validate PrivateIpAddress exists in PrivateIpSets. STOP if not found.

For SlbInstance (CLB): aliyun slb describe-load-balancer-attribute --load-balancer-id ID

- AddressType=internet: STOP (PIP conflict). AddressType=intranet: proceed.

For Nat: aliyun vpc describe-nat-gateways --nat-gateway-id ID For HaVip: aliyun vpc describe-havips --havip-id ID For IpAddress: aliyun vpc describe-vpcs --vpc-id ID Note: If resource not found, STOP before Phase 2.

Step 1.7.3: Summary of validation results

Show user a summary:

✅ Pre-allocation validation passed!
Region: {REGION} | Target: {INSTANCE_TYPE} {RESOURCE_ID} | Status: {STATUS}
EIP Config: {BANDWIDTH}Mbps | {ISP} | {INTERNET_CHARGE_TYPE} [Name: {EIP_NAME}]
Proceeding to allocate EIP...

Phase 2: Allocate EIP (Only for New EIP)

This phase is ONLY executed when USE_EXISTING_EIP = false (creating new EIP).

If using existing EIP (USE_EXISTING_EIP = true), skip directly to Phase 3 (bind).

Step 2.1: Allocate EIP with user-confirmed parameters

Generate ClientToken for idempotency (prevents duplicate EIP on retry):

CLIENT_TOKEN=$(uuidgen | tr -d '-' | head -c 32)

Build command dynamically:

aliyun vpc allocate-eip-address \
  --biz-region-id {REGION} \
  --bandwidth {BANDWIDTH} \
  --isp {ISP} \
  --internet-charge-type {INTERNET_CHARGE_TYPE} \
  --client-token $CLIENT_TOKEN \
  [--name "{EIP_NAME}"] \
  --user-agent AlibabaCloud-Agent-Skills

Notes:

- --client-token ensures idempotency: same token within 10min returns same EIP
Only include --name parameter if EIP_NAME is not empty
Default to --internet-charge-type PayByTraffic (pay-by-traffic)

Extract from response:

- AllocationId: EIP instance ID (e.g., eip-bp1xxx)
INLINECODE56: Public IP address (e.g., 47.1.2.3)

Save to tracking variable:

CREATED_EIPS.append(AllocationId)

Step 2.2: Handle allocation errors (Fail Fast)

If QuotaExceeded.Eip: STOP. List current EIPs if user wants. Other errors (InvalidParameter, InsufficientBalance): STOP immediately.

Step 2.3: Wait for EIP to become Available

Query EIP status with maximum 30 retries (5s interval = 150s total):

for i in {1..30}; do
  aliyun vpc describe-eip-addresses \
    --biz-region-id {REGION} \
    --allocation-id {ALLOCATION_ID} \
    --user-agent AlibabaCloud-Agent-Skills

  # Check if Status = "Available"
  # If Available: break
  # If not: sleep 5 seconds and retry
done

If status is NOT "Available" after 30 retries:

❌ ERROR: EIP {ALLOCATION_ID} not Available after 150s. Status: {CURRENT_STATUS}. Cleaning up...

Trigger cleanup (go to Phase 4: Cleanup on Failure).

Step 2.4: Show allocated EIP information

✅ EIP allocated successfully!
EIP: {EipAddress} | ID: {AllocationId} | {BANDWIDTH}Mbps | {ISP} | {INTERNET_CHARGE_TYPE}
Proceeding to bind to {RESOURCE_TYPE} {RESOURCE_ID}...

Phase 3: Bind EIP to Target Resource

Step 3.1: Build AssociateEipAddress command

Base command structure:

aliyun vpc associate-eip-address \
  --biz-region-id {REGION} \
  --allocation-id {ALLOCATION_ID} \
  --instance-id {RESOURCE_ID} \
  --instance-type {INSTANCE_TYPE} \
  [--private-ip-address {PRIVATE_IP}] \
  [--vpc-id {VPC_ID}] \
  --user-agent AlibabaCloud-Agent-Skills

Instance Type Mapping:

User Input	CLI --instance-type Value	Additional Required Params
ECS	EcsInstance	None
ENI

- If INSTANCE_TYPE = NetworkInterface and PRIVATE_IP is empty: ERROR - PrivateIpAddress REQUIRED. STOP.
If INSTANCE_TYPE = IpAddress and VPC_ID is empty: ERROR - VpcId REQUIRED. STOP.

Step 3.2: Execute binding

Execute the constructed command. Success response: Extract RequestId and proceed to verification.

Step 3.3: Handle binding errors (Fail Fast)

Common binding errors:

Error Code	Meaning	Action
INLINECODE64	ECS already has system-assigned public IP (PIP)	STOP. Show error. Trigger cleanup. PIP and EIP are mutually exclusive.
INLINECODE65

❌ ERROR: Failed to bind EIP to {RESOURCE_TYPE} {RESOURCE_ID}
Error: {ERROR_CODE} - {ERROR_MESSAGE}
Possible causes: Resource not exist, already has EIP bound, wrong state, invalid parameters.
Cleaning up...

Trigger cleanup (Phase 4). CRITICAL: Do NOT retry indefinitely. Do NOT query resources to "fix" the issue. Fail fast and cleanup.

Phase 4: Verify Binding

Step 4.1: Query EIP status to confirm binding

Wait briefly (5 seconds), then query:

aliyun vpc describe-eip-addresses \
  --biz-region-id {REGION} \
  --allocation-id {ALLOCATION_ID} \
  --user-agent AlibabaCloud-Agent-Skills

Expected response:

- Status: INLINECODE73
INLINECODE74: Matches INLINECODE75
INLINECODE76: Matches INLINECODE77

If verification passes:

✅ SUCCESS: EIP binding completed!
EIP: {EipAddress} | ID: {AllocationId} | Bound to: {INSTANCE_TYPE} {RESOURCE_ID} | Region: {REGION} | Status: InUse

Remove from cleanup tracking:

CREATED_EIPS.remove(AllocationId)  # Binding successful, no cleanup needed

If verification fails (Status != InUse or wrong InstanceId):

⚠️ WARNING: Binding command succeeded but verification failed.
Expected: Status=InUse, InstanceId={RESOURCE_ID}
Actual: Status={ACTUAL_STATUS}, InstanceId={ACTUAL_INSTANCE_ID}
Please check EIP status manually in Console.

Do NOT trigger cleanup in this case (binding may be in progress).

Phase 5: Cleanup on Failure

This phase is ONLY executed when an unrecoverable error occurs during Phase 2 or Phase 3.
IMPORTANT: Only applies to newly created EIPs (USE_EXISTING_EIP = false). Do NOT release user's existing EIPs.

Step 5.1: Ask user about cleanup

If binding failed and CREATED_EIPS is not empty (newly created EIP in this session):

List the newly created EIPs:

aliyun vpc describe-eip-addresses \
  --biz-region-id {REGION} \
  --allocation-id {ALLOCATION_ID} \
  --user-agent AlibabaCloud-Agent-Skills

Show user the information and ask:

❌ ERROR: EIP binding failed. Error: {ERROR_CODE} - {ERROR_MESSAGE}
Newly Created EIP: {EipAddress} | ID: {AllocationId} | {BANDWIDTH}Mbps | {ISP}
⚠️ This EIP was created but binding failed.
Options: A) Keep EIP (bind later) | B) Release EIP (avoid charges)
Your choice (A/B):

Wait for user decision.

Step 5.2: Execute cleanup if user chooses to release

If Option B: Check EIP status, unbind if InUse, then release:

# If InUse: aliyun vpc unassociate-eip-address --allocation-id {ALLOCATION_ID} --instance-id {INSTANCE_ID} --instance-type {INSTANCE_TYPE}
# Release: aliyun vpc release-eip-address --allocation-id {ALLOCATION_ID}

Success: ✅ Released EIP {AllocationId} Fail: INLINECODE81

Step 5.3: If user chooses to keep EIP

If user chooses Option A (keep EIP):

✅ EIP {AllocationId} ({EipAddress}) kept. Bind later with: aliyun vpc associate-eip-address --allocation-id {AllocationId} --instance-id <ID> --instance-type <TYPE>

Step 5.4: Final summary

Operation aborted. Binding: Failed | Error: {ERROR_CODE} | EIP: {AllocationId} | Cleanup: [Kept/Released]

Error Recovery Reference
Error Code Action
INLINECODE82 STOP. User resolves quota manually.
INLINECODE83
STOP. ECS has PIP (caught in Step 1.7.2). |

Error Code	Action
INLINECODE82	STOP. User resolves quota manually.
INLINECODE83

Best Practices

1. Region Must Be Explicit: No default region
Pre-check EIP Binding: DescribeEipAddresses before proceeding
Pre-check ECS PIP: DescribeInstanceAttribute for ECS
PIP vs EIP: Mutually exclusive (PIP fixed, EIP dynamic)
User Choice: Existing EIP or new EIP
User-Controlled Cleanup: ASK user, never auto-release
Only Cleanup New EIPs: Never release pre-existing EIPs
Default PayByTraffic: Unless user requests PayByBandwidth. PrePaid (subscription) is NOT supported.
30 Retry Limit: 150s total for status checks
Security: Never read/echo AK/SK values

Reference Documentation
Document Description
references/cli-commands.md CLI command examples for all EIP operations
AssociateEipAddress API
Official API documentation for EIP binding |

Document	Description
references/cli-commands.md	CLI command examples for all EIP operations
AssociateEipAddress API

分配并绑定弹性公网IP到现有云资源

场景描述

分配弹性公网IP（EIP）并将其绑定到现有阿里云资源，以实现公网访问。本技能仅专注于EIP产品能力。 支持的资源类型：

- EcsInstance：ECS实例（需要实例ID）
NetworkInterface：弹性网卡/ENI（需要ENI ID + 私网IP地址）
SlbInstance：传统型负载均衡/CLB（需要CLB实例ID）
Nat：NAT网关（需要NAT网关ID）
HaVip：高可用虚拟IP（需要HaVip ID）
IpAddress：直接IP地址绑定（需要VPC ID + IP地址）

关键原则：

1. ✅ 仅操作用户提供的资源ID - 绝不查询或自动选择资源
✅ 快速失败 - 遇到不可恢复错误立即停止
✅ 不创建资源 - 仅绑定到现有资源（不创建新的ECS/NAT/VPC）
✅ 用户确认 - 分配前询问关键EIP参数
✅ 失败时清理 - 如果绑定失败，释放新分配的EIP

预检查

1. Aliyun CLI版本验证（>= 3.3.2）

bash aliyun configure set --auto-plugin-install true CLI_VERSION=$(aliyun version 2>/dev/null | grep -oE [0-9]+\.[0-9]+\.[0-9]+ | head -1) [ $(printf %s\n 3.3.2 $CLI_VERSION | sort -V | head -n1) != 3.3.2 ] && echo ❌ CLI < 3.3.2 && exit 1

2. 认证凭据验证

bash aliyun configure list # 检查有效配置（AK/STS/OAuth）。绝不回显AK/SK。

工作流程概览

以下所有命令的关键规则：

- 每个aliyun产品命令必须包含--user-agent AlibabaCloud-Agent-Skills（configure命令除外）
使用插件模式（短横线命名）：aliyun vpc allocate-eip-address，而非AllocateEipAddress
VPC命令需要--biz-region-id
关键：--biz-region-id仅设置API请求体中的RegionId参数；它不控制CLI连接的API端点。 API端点由CLI配置的region决定。在执行任何VPC命令之前，必须将CLI配置region设置为目标region：

bash aliyun configure set --region {REGION}

- jq不可用 - 使用grep解析JSON输出

需要跟踪的全局变量：

- CREATEDEIPS：本次会话中创建的EIP AllocationId数组（用于用户控制的失败清理）
REGION：目标区域（必须由用户明确提供，无默认值）
INSTANCETYPE：目标资源类型（EcsInstance/NetworkInterface/SlbInstance/Nat/HaVip/IpAddress）
USEEXISTINGEIP：布尔标志（true = 使用现有EIP，false = 创建新EIP）
ALLOCATION_ID：EIP实例ID（来自现有EIP或新分配的EIP）

工作流程阶段：

1. 阶段1：提取用户输入，验证资源，选择现有/新EIP

- 步骤1.1-1.2：提取参数，设置CLI区域 - 步骤1.3：检查资源是否已绑定EIP（DescribeEipAddresses） - 步骤1.3.5：检查ECS是否有PIP/公网IP（仅ECS，DescribeInstanceAttribute） - 步骤1.4：用户选择现有EIP或新EIP - 步骤1.5：使用现有EIP（查询可用EIP，让用户选择） - 步骤1.6：创建新EIP（确认参数） - 步骤1.7：分配前验证（仅对新EIP）

2. 阶段2：分配EIP（仅当USEEXISTINGEIP = false时）
阶段3：将EIP绑定到目标资源（实际执行）
阶段4：验证绑定
阶段5：失败时清理（询问用户保留或释放新创建的EIP）

阶段1：提取用户输入并验证资源

步骤1.1：从用户消息中提取必需参数

用户需要提供：

- Region：目标区域（例如cn-beijing、cn-hangzhou）- 必须明确提供，无默认值
Resource Type：以下之一：ECS / ENI / CLB / NAT / HAVIP / IP
Resource ID：精确的实例ID、ENI ID、NAT ID等
附加参数（实例类型特定）：

- 如果是NetworkInterface：必须提供PrivateIpAddress（要绑定的私网IP） - 如果是IpAddress：必须提供VpcId（IP地址所在的VPC ID） 如果缺少任何必需参数，停止并询问用户：

❌ 缺少：Region[必需] | ResourceType[ECS/ENI/CLB/NAT/HAVIP/IP] | ResourceID | [ENI的PrivateIP] | [IP的VpcId]

关键：

- Region必须由用户明确提供。不要使用默认区域（如cn-hangzhou）。
没有用户明确提供的值，不要继续。

步骤1.1.1：输入验证（安全）

验证输入以防止命令注入：

- Region：^[a-z]{2,3}-[a-z]+-\d[a-z]$（例如cn-beijing、ap-southeast-1）
资源ID：^(i|eni|lb|ngw|havip|eip|vpc)-[a-z0-9]+$
IP地址：^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$

如果验证失败，停止： ❌ 输入格式无效

步骤1.2：将CLI区域设置为目标区域

在任何API操作之前，配置CLI区域： bash aliyun configure set --region {REGION}

这确保CLI连接到正确的区域API端点。

步骤1.3：检查资源是否已绑定EIP

使用DescribeEipAddresses检查目标资源是否已有EIP： 将用户输入映射到InstanceType参数：

用户输入	AssociatedInstanceType值
ECS	EcsInstance
ENI

NetworkInterface | | CLB | SlbInstance | | NAT | Nat | | HAVIP | HaVip | | IP | IpAddress | 查询命令： bash aliyun vpc describe-eip-addresses \ --biz-region-id {REGION} \ --associated-instance-type {INSTANCE_TYPE} \ --associated-instance-id {RESOURCE_ID} \ --user-agent AlibabaCloud-Agent-Skills

检查响应：
如果TotalCount > 0（资源已绑定EIP）：

❌ 错误：资源{RESOURCE_ID}已绑定EIP。
现有EIP：{EipAddress} | ID：{AllocationId} | 带宽：{Bandwidth}Mbps | 状态：{Status}
要绑定不同的EIP，请先解绑现有EIP：aliyun vpc unassociate-eip-address --biz-region-id {REGION} --allocation-id {AllocationId} --instance-id {RESOURCEID} --instance-type {INSTANCETYPE}

停止。不要继续。
如果TotalCount = 0（资源未绑定EIP）：

✅ 资源{RESOURCE_ID}未绑定EIP。继续下一步验证...

继续步骤1.3.5。

步骤1.3.5：检查ECS实例是否有PIP（公网IP）- 仅ECS

此步骤仅在INSTANCE_TYPE = EcsInstance时执行。
对于其他资源类型（ENI、CLB、NAT、HAVIP、IP），直接跳到步骤1.4。

目的： 检查ECS实例在创建时是否已分配公网IP（PIP）。PIP与EIP不同：

- EIP（弹性公网IP）：可以动态绑定/

alibabacloud-network-eip-associate弹性公网IP绑定

alibabacloud-network-eip-associate

Allocate and Bind EIP to Existing Cloud Resources

Scenario Description

Pre-checks

1. Aliyun CLI version verification (>= 3.3.2)

2. Authentication credential verification

Workflow Overview

Phase 1: Extract User Input and Validate Resource

Step 1.1: Extract required parameters from user message

Step 1.1.1: Input Validation (Security)

Step 1.2: Set CLI region to target region

Step 1.3: Check if resource already has EIP bound

Step 1.3.5: Check if ECS instance has PIP (Public IP) - ECS Only

Step 1.4: Choose between existing EIP or new EIP

Step 1.5: Use Existing EIP (Option A)

Step 1.5.1: Ask if user has specific EIP ID

Step 1.5.2: Query available EIPs

Step 1.5.3: Present available EIPs to user

Step 1.6: Create New EIP (Option B)

Step 1.7: Pre-Allocation Validation (Only for New EIP)

Step 1.7.1: Check EIP quota

Step 1.7.2: Validate target resource (best-effort)

Step 1.7.3: Summary of validation results

Phase 2: Allocate EIP (Only for New EIP)

Step 2.1: Allocate EIP with user-confirmed parameters

Step 2.2: Handle allocation errors (Fail Fast)

Step 2.3: Wait for EIP to become Available

Step 2.4: Show allocated EIP information

Phase 3: Bind EIP to Target Resource

Step 3.1: Build AssociateEipAddress command

Step 3.2: Execute binding

Step 3.3: Handle binding errors (Fail Fast)

Phase 4: Verify Binding

Step 4.1: Query EIP status to confirm binding

Phase 5: Cleanup on Failure

Step 5.1: Ask user about cleanup

Step 5.2: Execute cleanup if user chooses to release

Step 5.3: If user chooses to keep EIP

Step 5.4: Final summary

Error Recovery ReferenceError CodeActionINLINECODE82STOP. User resolves quota manually.INLINECODE83 STOP. ECS has PIP (caught in Step 1.7.2). |

Best Practices

Reference DocumentationDocumentDescriptionreferences/cli-commands.mdCLI command examples for all EIP operationsAssociateEipAddress API Official API documentation for EIP binding |

分配并绑定弹性公网IP到现有云资源

场景描述

预检查

1. Aliyun CLI版本验证（>= 3.3.2）

2. 认证凭据验证

工作流程概览

阶段1：提取用户输入并验证资源

步骤1.1：从用户消息中提取必需参数

步骤1.1.1：输入验证（安全）

步骤1.2：将CLI区域设置为目标区域

步骤1.3：检查资源是否已绑定EIP

步骤1.3.5：检查ECS实例是否有PIP（公网IP）- 仅ECS

标签

通过对话安装

方式一：安装 SkillHub 和技能

方式二：设置 SkillHub 为优先技能安装源

通过命令行安装

下载

相关推荐

self-improvement

self-improvement

self-improvement

self-improvement

Error Recovery Reference
Error Code Action
INLINECODE82 STOP. User resolves quota manually.
INLINECODE83
STOP. ECS has PIP (caught in Step 1.7.2). |

Reference Documentation
Document Description
references/cli-commands.md CLI command examples for all EIP operations
AssociateEipAddress API
Official API documentation for EIP binding |