alibabacloud-solution-deploy

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Alibaba Cloud Solution Deploy

阿里云解决方案部署

Match the user's scenario to the best execution path (Terraform or CLI), then complete the task end-to-end.

将用户场景匹配到最佳执行路径（Terraform或CLI），然后端到端完成任务。

Core Principles

核心原则

Maximum Automation

最大程度自动化

If 10 steps are needed and 9 can be automated, automate all 9. Only pause for the 1 that genuinely requires human action. Every cloud operation that has a CLI path should use it — the user came to you precisely so they don't have to click through consoles.

如果需要10个步骤，其中9个可以自动化，就把9个全部自动化。仅在确实需要人工操作的那一步暂停。所有有CLI路径的云操作都应该使用CLI——用户来找你正是因为他们不想在控制台点点点。

CLI-First, Console-Last

CLI优先，控制台兜底

Express every cloud action as a runnable

aliyun

CLI command. Only fall back to console when no CLI exists — and when you do, give a direct deep-linked URL (not a product homepage). The difference between

https://vision.aliyun.com/facebody

and

https://console.aliyun.com/

is the difference between being helpful and being useless.

将每个云操作都表述为可运行的

aliyun

CLI命令。仅当没有对应CLI时才回退到控制台——如果确实要用到控制台，请提供直接的深层链接URL（而非产品首页）。

https://vision.aliyun.com/facebody

和

https://console.aliyun.com/

的区别就是有用和没用的区别。

Never Guess — Verify First

绝不猜测——先验证

CLI syntax: Run
```
aliyun <product> <command> --help
```
before constructing commands. Parameter naming is inconsistent across products —
```
--RegionId
```
vs
```
--region-id
```
vs
```
--region
```
all exist.
Errors: Run
```
diagnose_cli_command.py
```
immediately on failure. Error messages from the Alibaba Cloud API are often cryptic — the diagnosis script calls a specialized endpoint that maps error codes to fixes.

CLI语法：构建命令前先运行
```
aliyun <product> <command> --help
```
。不同产品的参数命名不一致——
```
--RegionId
```
、
```
--region-id
```
、
```
--region
```
这几种形式都存在。
错误：命令失败时立即运行
```
diagnose_cli_command.py
```
。阿里云API返回的错误信息通常很晦涩——诊断脚本会调用专门的端点，将错误码映射为修复方案。

Workflow

工作流

Step 0: Verify Environment

步骤0：验证环境

Run this first in any new session:

Pre-check: Aliyun CLI >= 3.3.1 required
Run
aliyun version
to verify >= 3.3.1. If not installed or version too low, see installation guide for instructions.
Then run the following command to enable automatic plugin installation and set the agent user-agent:
bash
aliyun configure set --auto-plugin-install true --user-agent AlibabaCloud-Agent-Skills
This ensures product-specific CLI plugins are downloaded on first use (no manual install needed), and identifies requests as coming from this skill.

Then run the full environment check:

bash

bash {{SKILL_PATH}}/scripts/verify_env.sh

This checks: CLI version, valid credentials, auto-plugin-install, Python3 + SDK. If any check fails, tell the user what to fix and stop — a broken environment means every subsequent command will fail.

在任何新会话中优先运行以下内容：

预检查：要求Aliyun CLI >= 3.3.1
运行
aliyun version
验证版本>=3.3.1。如果未安装或版本过低，参考安装指南的说明操作。
然后运行以下命令启用自动插件安装并设置Agent用户代理：
bash
aliyun configure set --auto-plugin-install true --user-agent AlibabaCloud-Agent-Skills
这样可以确保产品专属的CLI插件在首次使用时自动下载（无需手动安装），并标识请求来自本skill。

然后运行完整环境检查：

bash

bash {{SKILL_PATH}}/scripts/verify_env.sh

这会检查：CLI版本、有效凭证、自动插件安装状态、Python3 + SDK。如果任何检查失败，告知用户需要修复的内容并停止——环境损坏意味着后续所有命令都会失败。

RAM Permission Pre-check

RAM权限预检查

Before executing any commands, verify the current user has the required permissions:

Compare the user's permissions against references/ram-policies.md
If any permission is missing, abort and prompt the user to attach the required policy

Minimum required permissions are listed in references/ram-policies.md.

执行任何命令前，验证当前用户拥有所需权限：

将用户权限与references/ram-policies.md对比
如果缺少任何权限，终止操作并提示用户附加所需策略

最低所需权限列在references/ram-policies.md中。

Step 1: Understand the Scenario

步骤1：理解场景

Extract from the user's request:

What they want to build or configure
Which Alibaba Cloud products are involved (or can be inferred)
Key requirements: region, instance specs, budget, HA needs, environment (dev/staging/prod)

Distill into search keywords (Chinese + English) for Step 2. For example, "我要搭个RAG知识库" → keywords:

RAG

知识库

AnalyticDB

百炼

从用户请求中提取：

他们想要构建或配置的内容
涉及（或可推断出）的阿里云产品
关键需求：地域、实例规格、预算、高可用需求、环境（开发/预发/生产）

提炼为搜索关键词（中文+英文）用于步骤2。例如，"我要搭个RAG知识库" → 关键词：

RAG

、

知识库

、

AnalyticDB

、

百炼

。

Step 2: Route to the Right Path

步骤2：路由到正确路径

Check

references/alicloud-tech-solutions-all.md

— the master catalog of 187 Alibaba Cloud tech solutions. Search by keyword match against the solution names and descriptions.

Each row has a

Terraform Module 名称

column:

Column has a value (e.g.,
```
analyticdb-rag
```
,
```
deepseek-personal-website
```
) → Path A: Terraform
Column is empty or no matching solution found → Path B: CLI-First

Also use intent-mapping.md for fuzzy keyword → solution matching (e.g., "小程序" →

develop-your-wechat-mini-program-in-10-minutes

Tell the user which path you're taking and why before proceeding.

检查

references/alicloud-tech-solutions-all.md

——187个阿里云技术解决方案的总目录。通过关键词匹配解决方案名称和描述进行搜索。

每行都有

Terraform Module 名称

列：

列有值（例如
```
analyticdb-rag
```
、
```
deepseek-personal-website
```
）→ 路径A：Terraform
列为空或未找到匹配的解决方案 → 路径B：CLI优先

也可使用intent-mapping.md实现模糊关键词到解决方案的匹配（例如"小程序"→

develop-your-wechat-mini-program-in-10-minutes

）。

继续前告知用户你选择的路径及原因。

Path A: Terraform Solution

路径A：Terraform解决方案

When a Terraform module matches, deploy through the IaCService remote runtime — no local

terraform

binary needed.

当匹配到Terraform模块时，通过IaCService远程运行时部署——无需本地

terraform

二进制文件。

A.1: Locate the Module

A.1：定位模块

Look up the Module 名称 and Module 地址 in

references/tf-plan/tf-solutions.md

. Match by:

Exact module name from the master catalog
Keyword match against the 描述 column
Intent mapping

在

references/tf-plan/tf-solutions.md

中查找模块名称和模块地址。匹配方式：

总目录中的精确模块名称
与描述列的关键词匹配
意图映射

A.2: Fetch Example Parameters

A.2：获取示例参数

Every module has a GitHub repo with tested examples. Derive the URLs:

Module 地址: https://registry.terraform.io/modules/alibabacloud-automation/<name>/alicloud/latest
GitHub repo: https://github.com/alibabacloud-automation/terraform-alicloud-<name>
Example:     https://raw.githubusercontent.com/alibabacloud-automation/terraform-alicloud-<name>/main/examples/complete/main.tf

Fetch the example

main.tf

via WebFetch. These values come from real tested deployments — they're far more reliable than generic defaults.

Parameter priority:

User explicitly specified → always use
Example
```
main.tf
```
from
```
examples/complete/
```
→ use as default
Fallback defaults (only if fetch fails): see terraform-defaults.md

每个模块都有带有测试过的示例的GitHub仓库。推导URL：

模块地址: https://registry.terraform.io/modules/alibabacloud-automation/<name>/alicloud/latest
GitHub仓库: https://github.com/alibabacloud-automation/terraform-alicloud-<name>
示例:     https://raw.githubusercontent.com/alibabacloud-automation/terraform-alicloud-<name>/main/examples/complete/main.tf

通过WebFetch获取示例

main.tf

。这些值来自实际测试过的部署——比通用默认值可靠得多。

参数优先级：

用户明确指定的→优先使用
```
examples/complete/
```
下的示例
```
main.tf
```
→作为默认值使用
兜底默认值（仅当获取失败时）：参考terraform-defaults.md

A.3: Confirm with User

A.3：与用户确认

Show the parameters and ask for confirmation. Never silently apply them — cloud resources cost real money.

以下是基于官方示例的部署参数，请确认或修改：
• Region: cn-hangzhou
• Instance type: ecs.c7.large
• VPC CIDR: 172.16.0.0/12
• Password: (请提供)

Sensitive values like passwords and API keys: never generate them yourself. The user provides these.

展示参数并请求确认。绝不要静默应用——云资源会产生实际费用。

以下是基于官方示例的部署参数，请确认或修改：
• 地域: cn-hangzhou
• 实例规格: ecs.c7.large
• VPC CIDR: 172.16.0.0/12
• 密码: (请提供)

密码、API密钥等敏感值：绝不要自行生成，由用户提供。

A.4: Write main.tf and Deploy

A.4：编写main.tf并部署

hcl

undefined

hcl

undefined

Based on: https://github.com/alibabacloud-automation/terraform-alicloud-<name>/blob/main/examples/complete/main.tf

来源: https://github.com/alibabacloud-automation/terraform-alicloud-<name>/blob/main/examples/complete/main.tf

module "<module_name>" { source = "alibabacloud-automation/<module_name>/alicloud" version = "~> 1.0"

Parameters adjusted per user confirmation

}


Deploy using the remote runtime — see [terraform-online-runtime.md](references/terraform-online-runtime.md) for full usage:

```bash
SKILL_DIR="{{SKILL_PATH}}"
TF="${SKILL_DIR}/scripts/terraform_runtime_online.sh"
STATE_ID=$($TF apply main.tf | grep '^STATE_ID=' | cut -d= -f2)
echo "STATE_ID=$STATE_ID" >> terraform_state_ids.env

The STATE_ID is required for any future update or destroy. Losing it means you lose control over the resources.

module "<module_name>" { source = "alibabacloud-automation/<module_name>/alicloud" version = "~> 1.0"

根据用户确认调整的参数

}


使用远程运行时部署——完整用法参考[terraform-online-runtime.md](references/terraform-online-runtime.md)：

```bash
SKILL_DIR="{{SKILL_PATH}}"
TF="${SKILL_DIR}/scripts/terraform_runtime_online.sh"
STATE_ID=$($TF apply main.tf | grep '^STATE_ID=' | cut -d= -f2)
echo "STATE_ID=$STATE_ID" >> terraform_state_ids.env

STATE_ID是后续任何更新或销毁操作的必需值。丢失该值意味着你将失去对资源的控制权。

A.5: Verify and Report

A.5：验证并上报

Confirm resources exist. Provide the destroy command for cleanup.

确认资源存在。提供清理用的销毁命令。

Path B: CLI-First Execution

路径B：CLI优先执行

This path handles everything without a Terraform template. The approach: understand the architecture → decompose into steps → find the CLI command for each step → execute.

该路径处理没有Terraform模板的所有场景。方法：理解架构→分解为步骤→找到每个步骤的CLI命令→执行。

B.1: Understand the Architecture

B.1：理解架构

Before writing any commands, understand what you're building:

If the master catalog had a matching solution (just without TF Module), it still has tutorial links (部署教程 column). Fetch that page to understand the target architecture, required products, and deployment sequence. This gives you the blueprint — you'll then translate each step into CLI commands.
If no solution matched at all, reason from the user's description: what products are needed, what depends on what, what's the end state.

编写任何命令前，先理解你要构建的内容：

如果总目录中有匹配的解决方案（只是没有TF模块），它仍然有教程链接（部署教程列）。获取该页面以了解目标架构、所需产品和部署顺序。这会给你蓝图——然后你可以将每个步骤转换为CLI命令。
如果完全没有匹配的解决方案，从用户描述推导：需要哪些产品、依赖关系是什么、最终状态是什么。

B.2: Decompose into Steps

B.2：分解为步骤

Break the goal into atomic steps ordered by dependency. Think through:

Resource creation order: VPC → VSwitch → Security Group → ECS is almost always the foundation
ID chaining: which step outputs IDs that later steps need (VpcId → CreateVSwitch, VSwitchId → RunInstances)
Async operations: some create calls return immediately but the resource takes time — you'll need to poll
What might not have a CLI: some product activations, some console-only features

将目标按依赖顺序拆分为原子步骤。考虑：

资源创建顺序：VPC→VSwitch→安全组→ECS几乎总是基础顺序
ID链式依赖：哪些步骤输出的ID是后续步骤需要的（VpcId→CreateVSwitch，VSwitchId→RunInstances）
异步操作：部分创建调用会立即返回，但资源需要时间准备——你需要轮询状态
哪些可能没有CLI：部分产品激活、部分仅控制台可用的功能

B.3: Research CLI Commands

B.3：查询CLI命令

For each step, use the scripts to find the correct API name and parameters. This is critical — don't rely on memory. Alibaba Cloud has thousands of APIs, and parameter names are inconsistent across products.

bash

python3 {{SKILL_PATH}}/scripts/lsit_products.py '<keyword>'        # Find product code + API version
python3 {{SKILL_PATH}}/scripts/search_apis.py '<what you want to do>'  # Natural language → API
python3 {{SKILL_PATH}}/scripts/search_documents.py '<topic>'       # Parameter details, valid values, constraints
python3 {{SKILL_PATH}}/scripts/lsit_api_overview.py <Product> <version>  # Full API list for a product

Run scripts in parallel when researching multiple products — don't serialize what can be parallelized.

Common CLI shortcuts that avoid console entirely:

Scenario	CLI Command	Notes
Get Bailian (百炼) API Key	`aliyun maas list-workspaces` → `aliyun maas create-api-key --WorkspaceId <id>`	Avoids console entirely. Almost every AI solution needs this.
Run commands on ECS	`aliyun ecs RunCommand --Type RunShellScript --CommandContent '<script>' --InstanceId.1 <id>`	Use Cloud Assistant instead of asking the user to SSH in.
OSS operations	`aliyun ossutil cp/ls/mb ...`	Use `ossutil` subcommand, not `oss` .

The Bailian API Key pattern is especially important — nearly every AI-related solution needs a DashScope/Bailian SK, and users often don't know it can be obtained programmatically. Whenever a plan involves 百炼/Bailian/DashScope, proactively use the

maas

commands to get the key.

对于每个步骤，使用脚本找到正确的API名称和参数。这一点至关重要——不要依赖记忆。阿里云有数千个API，不同产品的参数命名不一致。

bash

python3 {{SKILL_PATH}}/scripts/lsit_products.py '<keyword>'        # 查找产品代码+API版本
python3 {{SKILL_PATH}}/scripts/search_apis.py '<你要执行的操作>'  # 自然语言→API
python3 {{SKILL_PATH}}/scripts/search_documents.py '<主题>'       # 参数详情、有效值、约束
python3 {{SKILL_PATH}}/scripts/lsit_api_overview.py <产品> <版本>  # 某产品的完整API列表

查询多个产品时并行运行脚本——不要串行执行可以并行的任务。

完全避免使用控制台的常见CLI快捷方式：

场景	CLI命令	备注
获取百炼API Key	`aliyun maas list-workspaces` → `aliyun maas create-api-key --WorkspaceId <id>`	完全无需控制台，几乎所有AI解决方案都需要这个。
在ECS上运行命令	`aliyun ecs RunCommand --Type RunShellScript --CommandContent '<script>' --InstanceId.1 <id>`	使用云助手，无需要求用户SSH登录。
OSS操作	`aliyun ossutil cp/ls/mb ...`	使用 `ossutil` 子命令，而非 `oss` 。

百炼API Key的模式尤其重要——几乎所有AI相关的解决方案都需要DashScope/百炼SK，用户通常不知道可以通过编程方式获取。只要方案涉及百炼/Bailian/DashScope，主动使用

maas

命令获取密钥。

B.4: Present Plan and Confirm

B.4：展示计划并确认

Before running any write operations, show the complete execution plan. The plan MUST include a RAM permissions section listing all permissions the current account needs — this lets the user verify access before execution starts, avoiding mid-deploy

Forbidden.RAM

errors.

Derive the required permissions from the planned CLI commands: each

aliyun <product> <API>

call maps to a RAM action in the form

<product>:<API>

(e.g.,

aliyun vpc CreateVpc

→

vpc:CreateVpc

所需 RAM 权限:

| 云产品 | 所需权限 (Action) | 对应步骤 | 快捷策略 |
|--------|-------------------|----------|----------|
| VPC | vpc:CreateVpc, vpc:CreateVSwitch, vpc:DescribeVpcs | 步骤 1-2 | AliyunVPCFullAccess |
| ECS | ecs:RunInstances, ecs:DescribeInstances, ecs:RunCommand | 步骤 4-6 | AliyunECSFullAccess |
| EIP | vpc:AllocateEipAddress, vpc:AssociateEipAddress | 步骤 3 | AliyunEIPFullAccess |

提示: 可使用快捷策略快速授权，或按 Action 列配置最小权限自定义策略。

---

执行计划 (共 N 步, M 步 CLI 自动化, K 步需控制台):

步骤 1 — 创建 VPC
  aliyun vpc CreateVpc --RegionId cn-hangzhou --CidrBlock 172.16.0.0/12 --VpcName demo-vpc

步骤 2 — 创建交换机 (依赖: 步骤1 VpcId)
  aliyun vpc CreateVSwitch --RegionId cn-hangzhou --VpcId <步骤1> --ZoneId cn-hangzhou-h --CidrBlock 172.16.0.0/24

步骤 3 — [控制台] 开通视觉智能 API (无 CLI)
  打开: https://vision.aliyun.com/facebody → 点击 "立即开通"

Wait for user approval. Cloud resources cost money, and some operations (like deleting RDS instances) are irreversible.

运行任何写入操作前，展示完整的执行计划。计划必须包含RAM权限部分，列出当前账户需要的所有权限——这让用户可以在执行开始前验证访问权限，避免部署中途出现

Forbidden.RAM

错误。

从计划的CLI命令推导所需权限：每个

aliyun <product> <API>

调用对应一个格式为

<product>:<API>

的RAM操作（例如

aliyun vpc CreateVpc

→

vpc:CreateVpc

）。

所需RAM权限:

| 云产品 | 所需权限 (Action) | 对应步骤 | 快捷策略 |
|--------|-------------------|----------|----------|
| VPC | vpc:CreateVpc, vpc:CreateVSwitch, vpc:DescribeVpcs | 步骤 1-2 | AliyunVPCFullAccess |
| ECS | ecs:RunInstances, ecs:DescribeInstances, ecs:RunCommand | 步骤 4-6 | AliyunECSFullAccess |
| EIP | vpc:AllocateEipAddress, vpc:AssociateEipAddress | 步骤 3 | AliyunEIPFullAccess |

提示: 可使用快捷策略快速授权，或按Action列配置最小权限自定义策略。

---

执行计划 (共N步, M步CLI自动化, K步需控制台):

步骤 1 — 创建VPC
  aliyun vpc CreateVpc --RegionId cn-hangzhou --CidrBlock 172.16.0.0/12 --VpcName demo-vpc

步骤 2 — 创建交换机 (依赖: 步骤1 VpcId)
  aliyun vpc CreateVSwitch --RegionId cn-hangzhou --VpcId <步骤1> --ZoneId cn-hangzhou-h --CidrBlock 172.16.0.0/24

步骤 3 — [控制台] 开通视觉智能API (无CLI)
  打开: https://vision.aliyun.com/facebody → 点击 "立即开通"

等待用户批准。云资源需要付费，部分操作（如删除RDS实例）不可逆。

B.5: Execute

B.5：执行

For each step:

Verify syntax first:
```
aliyun <product> <api> --help
```
— catch parameter errors before they hit the API
Run the command
Verify result: poll async operations; describe the resource to confirm it exists
Capture output: save IDs, endpoints, connection strings for subsequent steps and final report

每个步骤：

先验证语法：
```
aliyun <product> <api> --help
```
——在请求API前捕获参数错误
运行命令
验证结果：轮询异步操作；查询资源确认其存在
捕获输出：保存ID、端点、连接字符串，供后续步骤和最终报告使用

B.6: Handle Errors

B.6：处理错误

When a command fails:

bash

python3 {{SKILL_PATH}}/scripts/diagnose_cli_command.py '<the full command>' '<the error message>'

The diagnosis script calls a specialized API that maps error codes to actionable fixes. Apply the fix and retry. If the same error persists after the fix, report to the user with the diagnosis — don't keep retrying blindly.

Resume from the failed step. Never re-run steps that already succeeded — those resources already exist and re-running would either fail (duplicate) or create unwanted duplicates.

命令失败时：

bash

python3 {{SKILL_PATH}}/scripts/diagnose_cli_command.py '<完整命令>' '<错误信息>'

诊断脚本会调用专门的API，将错误码映射为可执行的修复方案。应用修复方案并重试。如果修复后仍然出现相同错误，将诊断结果上报给用户——不要盲目反复重试。

从失败的步骤恢复执行。绝不要重新运行已经成功的步骤——这些资源已经存在，重新运行要么会失败（重复），要么会创建不必要的重复资源。

B.7: Report

B.7：报告

Summarize:

Resources created (with IDs)
Access endpoints / connection strings
How to use what was built
Cleanup commands (delete in reverse dependency order: ECS → Security Group → VSwitch → VPC)

总结：

已创建的资源（带ID）
访问端点/连接字符串
已构建内容的使用方法
清理命令（按依赖倒序删除：ECS→安全组→VSwitch→VPC）

Script Reference

脚本参考

Script	Purpose	Example
`verify_env.sh`	Environment check	`bash {{SKILL_PATH}}/scripts/verify_env.sh`
`lsit_products.py`	Find product code + version	`python3 {{SKILL_PATH}}/scripts/lsit_products.py 'ECS'`
`search_apis.py`	Natural language → API	`python3 {{SKILL_PATH}}/scripts/search_apis.py '创建ECS实例'`
`search_documents.py`	Doc search for details	`python3 {{SKILL_PATH}}/scripts/search_documents.py 'ECS实例规格'`
`lsit_api_overview.py`	Full API list for a product	`python3 {{SKILL_PATH}}/scripts/lsit_api_overview.py Ecs 2014-05-26`
`diagnose_cli_command.py`	Diagnose CLI errors	`python3 {{SKILL_PATH}}/scripts/diagnose_cli_command.py '<cmd>' '<err>'`
`terraform_runtime_online.sh`	Remote TF execution	See terraform-online-runtime.md

脚本	用途	示例
`verify_env.sh`	环境检查	`bash {{SKILL_PATH}}/scripts/verify_env.sh`
`lsit_products.py`	查找产品代码+版本	`python3 {{SKILL_PATH}}/scripts/lsit_products.py 'ECS'`
`search_apis.py`	自然语言→API	`python3 {{SKILL_PATH}}/scripts/search_apis.py '创建ECS实例'`
`search_documents.py`	文档查询详情	`python3 {{SKILL_PATH}}/scripts/search_documents.py 'ECS实例规格'`
`lsit_api_overview.py`	某产品的完整API列表	`python3 {{SKILL_PATH}}/scripts/lsit_api_overview.py Ecs 2014-05-26`
`diagnose_cli_command.py`	诊断CLI错误	`python3 {{SKILL_PATH}}/scripts/diagnose_cli_command.py '<cmd>' '<err>'`
`terraform_runtime_online.sh`	远程TF执行	参考terraform-online-runtime.md

References

参考资料

Intent Mapping — keyword → solution mapping
Terraform Defaults — default parameter values
Terraform Online Runtime — IaCService script usage
All Tech Solutions Catalog — 187 solutions with TF Module availability
TF Solutions Detail — 48 Terraform modules with Registry addresses

意图映射 — 关键词→解决方案映射
Terraform默认值 — 默认参数值
Terraform在线运行时 — IaCService脚本用法
所有技术解决方案目录 — 187个解决方案及TF模块可用性
TF解决方案详情 — 48个带Registry地址的Terraform模块