Tair DevToolset — Instance Creation and Public Network Configuration

VPC + VSwitch + Tair Enterprise Instance + Public Endpoint

1. Installation

Pre-check: Aliyun CLI >= 3.3.1 required Run

aliyun version

to verify >= 3.3.1. If not installed or version too low, see

references/cli-installation-guide.md

for installation instructions. Then [MUST] run

aliyun configure set --auto-plugin-install true

to enable automatic plugin installation.

# Verify CLI version
aliyun version

# Enable automatic plugin installation
aliyun configure set --auto-plugin-install true

# Verify jq
jq --version

brew install jq   # macOS

2. Authentication

Pre-check: Alibaba Cloud Credentials Required

All credential configurations follow existing aliyun CLI settings, no separate configuration needed in scripts.

Security Rules:

• NEVER read, echo, or print AK/SK values (e.g.,

  echo $ALIBABA_CLOUD_ACCESS_KEY_ID

  is FORBIDDEN)
• NEVER ask the user to input AK/SK directly in the conversation or command line
• NEVER use

  aliyun configure set

  with literal credential values
• ONLY use

  aliyun configure list

  to check credential status

bash

aliyun configure list

Check the output for a valid profile (AK, STS, or OAuth identity).

If no valid profile exists, STOP here.

1. Obtain credentials from Alibaba Cloud Console
2. Configure credentials outside of this session (via

   aliyun configure

   in terminal or environment variables in shell profile)
3. Return and re-run after

   aliyun configure list

   shows a valid profile

3. RAM Policy

r-kvstore:CreateTairInstance

r-kvstore:DescribeInstanceAttribute

r-kvstore:ModifySecurityIps

r-kvstore:AllocateInstancePublicConnection

r-kvstore:DescribeDBInstanceNetInfo

[MUST] Permission Failure Handling: When any command or API call fails due to permission errors at any point during execution, follow this process:

1. Read

   references/ram-policies.md

   to get the full list of permissions required by this SKILL
2. Use

   ram-permission-diagnose

   skill to guide the user through requesting the necessary permissions
3. Pause and wait until the user confirms that the required permissions have been granted

4. Parameter Confirmation

IMPORTANT: Parameter Confirmation — Before executing any command or API call, ALL user-customizable parameters (e.g., RegionId, instance names, CIDR blocks, passwords, domain names, resource specifications, etc.) MUST be confirmed with the user. Do NOT assume or use default values without explicit user approval.

vpc-bp1xxx

vsw-bp1xxx

cn-hangzhou

cn-hangzhou-h

tair_rdb

tair.rdb.1g

tair-benchmark-<timestamp>

Common Specifications

Standard Architecture

5. Core Workflow

[MUST] Execution Constraints

• MUST and ONLY use

  scripts/create-and-connect-test.sh

  script to complete instance creation, whitelist configuration, public endpoint allocation, etc.
• DO NOT bypass the script to directly call

  aliyun r-kvstore

  CLI commands for the above operations
• DO NOT write or concatenate aliyun CLI commands to replace script functionality
• Model's responsibility is: collect parameters → set environment variables → run script. No improvisation allowed.

export VPC_ID="<user-confirmed VPC_ID>"
export VSWITCH_ID="<user-confirmed VSWITCH_ID>"

# Optional parameters
export REGION_ID="cn-hangzhou"
export ZONE_ID="cn-hangzhou-h"
export INSTANCE_TYPE="tair_rdb"
export INSTANCE_CLASS="tair.rdb.1g"
# For NAT environment, manually set public IP
# export MY_PUBLIC_IP="your-public-ip"

bash scripts/create-and-connect-test.sh

6. Success Verification

aliyun r-kvstore describe-instance-attribute \
  --instance-id "${INSTANCE_ID}" \
  --user-agent AlibabaCloud-Agent-Skills

InstanceStatus

Normal

7. Troubleshooting

allocate-instance-public-connection

8. Best Practices

1. Use pay-as-you-go (PostPaid) for testing
2. Only add test machine's public IP to whitelist, follow least privilege principle

9. Reference Links