Category: service
Security Center
Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Security Center.
Workflow
1) Confirm region, resource identifiers, and desired action.
2) Discover API list and required parameters (see references).
3) Call API with SDK or OpenAPI Explorer.
4) Verify results with describe/list APIs.
AccessKey priority (must follow)
1) Environment variables: ALICLOUD_ACCESS_KEY_ID / ALICLOUD_ACCESS_KEY_SECRET / ALICLOUD_REGION_ID
Region policy: ALICLOUD_REGION_ID is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
2) Shared config file: �INLINECODE4
API discovery
- - Product code: �INLINECODE5
- Default API version: �INLINECODE6
- Use OpenAPI metadata endpoints to list APIs and get schemas (see references).
High-frequency operation patterns
1) Inventory/list: prefer List* / Describe* APIs to get current resources.
2) Change/configure: prefer Create* / Update* / Modify* / Set* APIs for mutations.
3) Status/troubleshoot: prefer Get* / Query* / Describe*Status APIs for diagnosis.
Minimal executable quickstart
Use metadata-first discovery before calling business APIs:
CODEBLOCK0
Optional overrides:
CODEBLOCK1
The script writes API inventory artifacts under the skill output directory.
Output policy
If you need to save responses or generated artifacts, write them under:
�INLINECODE16
Validation
CODEBLOCK2
Pass criteria: command exits 0 and output/aliyun-sas-manage/validate.txt is generated.
Output And Evidence
- - Save artifacts, command outputs, and API response summaries under
output/aliyun-sas-manage/. - Include key parameters (region/resource id/time range) in evidence files for reproducibility.
Prerequisites
- - Configure least-privilege Alibaba Cloud credentials before execution.
- Prefer environment variables:
ALICLOUD_ACCESS_KEY_ID, ALICLOUD_ACCESS_KEY_SECRET, optional ALICLOUD_REGION_ID. - If region is unclear, ask the user before running mutating operations.
References
技能名称: aliyun-sas-manage
详细描述:
类别: 服务
安全中心
使用阿里云OpenAPI(RPC)配合官方SDK或OpenAPI Explorer管理安全中心资源。
工作流程
1) 确认地域、资源标识符及所需操作。
2) 发现API列表及所需参数(参见参考资料)。
3) 通过SDK或OpenAPI Explorer调用API。
4) 使用describe/list类API验证结果。
AccessKey优先级(必须遵循)
1) 环境变量:ALICLOUDACCESSKEYID / ALICLOUDACCESSKEYSECRET / ALICLOUDREGIONID
地域策略:ALICLOUDREGIONID为可选默认值。若未设置,则自行判断任务最合理的地域;若不确定,则询问用户。
2) 共享配置文件:~/.alibabacloud/credentials
API发现
- - 产品代码:Sas
- 默认API版本:2021-01-14
- 使用OpenAPI元数据端点列出API并获取架构(参见参考资料)。
高频操作模式
1) 清单/列表:优先使用List / Describe类API获取当前资源。
2) 变更/配置:优先使用Create / Update / Modify / Set类API进行变更操作。
3) 状态/故障排查:优先使用Get / Query / Describe*Status类API进行诊断。
最小可执行快速启动
在调用业务API前,优先通过元数据发现:
bash
python scripts/listopenapimeta_apis.py
可选覆盖参数:
bash
python scripts/listopenapimeta_apis.py --product-code <产品代码> --version <版本>
该脚本会将API清单产物写入技能输出目录。
输出策略
如需保存响应或生成的产物,请写入以下目录:
output/aliyun-sas-manage/
验证
bash
mkdir -p output/aliyun-sas-manage
for f in skills/security/host/aliyun-sas-manage/scripts/*.py; do
python3 -m py_compile $f
done
echo pycompileok > output/aliyun-sas-manage/validate.txt
通过标准:命令退出码为0,且生成output/aliyun-sas-manage/validate.txt文件。
输出与证据
- - 将产物、命令输出及API响应摘要保存至output/aliyun-sas-manage/目录。
- 在证据文件中包含关键参数(地域/资源ID/时间范围),以确保可复现性。
前提条件
- - 执行前配置最小权限的阿里云凭证。
- 优先使用环境变量:ALICLOUDACCESSKEYID、ALICLOUDACCESSKEYSECRET,可选ALICLOUDREGIONID。
- 若地域不明确,在执行变更操作前请询问用户。
参考资料
- - 来源:references/sources.md
