Back to Details

alicloud-network-alb

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese
Category: service
类别:服务

Application Load Balancer (ALB)

Application Load Balancer (ALB)

Validation

验证

bash
mkdir -p output/alicloud-network-alb
for f in skills/network/slb/alicloud-network-alb/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-network-alb/validate.txt
Pass criteria: command exits 0 and 
output/alicloud-network-alb/validate.txt
is generated.
bash
mkdir -p output/alicloud-network-alb
for f in skills/network/slb/alicloud-network-alb/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-network-alb/validate.txt
通过标准:命令执行返回0,且生成
output/alicloud-network-alb/validate.txt
文件。

Prerequisites

前置条件

bash
pip install alibabacloud_alb20200616 alibabacloud_tea_openapi alibabacloud_credentials
bash
pip install alibabacloud_alb20200616 alibabacloud_tea_openapi alibabacloud_credentials

AccessKey priority

AccessKey优先级

  1. Environment variables: 
    ALICLOUD_ACCESS_KEY_ID
    / 
    ALICLOUD_ACCESS_KEY_SECRET
  2. Also supported: 
    ALIBABA_CLOUD_ACCESS_KEY_ID
    / 
    ALIBABA_CLOUD_ACCESS_KEY_SECRET
  3. Optional STS token: 
    ALICLOUD_SECURITY_TOKEN
  4. Shared config file: 
    ~/.alibabacloud/credentials
  1. 环境变量:
    ALICLOUD_ACCESS_KEY_ID
    / 
    ALICLOUD_ACCESS_KEY_SECRET
  2. 同时支持:
    ALIBABA_CLOUD_ACCESS_KEY_ID
    / 
    ALIBABA_CLOUD_ACCESS_KEY_SECRET
  3. 可选STS令牌:
    ALICLOUD_SECURITY_TOKEN
  4. 共享配置文件:
    ~/.alibabacloud/credentials

Scripts

脚本说明

All scripts support 
--output <file>
to write results to file.
所有脚本均支持
--output <file>
参数将结果写入文件。

Load Balancer Instances

负载均衡实例

List instances
scripts/list_instances.py
bash
python3 scripts/list_instances.py --region cn-hangzhou
python3 scripts/list_instances.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_instances.py --region cn-hangzhou --address-type Internet --status Active
python3 scripts/list_instances.py --region cn-hangzhou --lb-ids alb-aaa alb-bbb --json
Instance status (tree overview / full JSON)
scripts/get_instance_status.py
bash
undefined
列出实例
scripts/list_instances.py
bash
python3 scripts/list_instances.py --region cn-hangzhou
python3 scripts/list_instances.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_instances.py --region cn-hangzhou --address-type Internet --status Active
python3 scripts/list_instances.py --region cn-hangzhou --lb-ids alb-aaa alb-bbb --json
实例状态(树形概览 / 完整JSON)
scripts/get_instance_status.py
bash
undefined

Tree overview: zones → listeners → rules

树形概览:可用区 → 监听器 → 规则

python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx

Full API response as JSON

完整API响应(JSON格式)

python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx --view detail

**Create ALB instance** — `scripts/create_load_balancer.py`

```bash
python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx --view detail

**创建ALB实例** — `scripts/create_load_balancer.py`

```bash

Internet-facing ALB in two zones

双可用区公网ALB

python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Internet
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb
python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Internet
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb

Internal ALB with deletion protection

开启删除保护的内网ALB

python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Intranet --deletion-protection
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb

**Delete ALB instance** — `scripts/delete_load_balancer.py`

```bash
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx --yes  # skip confirm
Deletion protection
scripts/deletion_protection.py
bash
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --enable
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --disable
python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Intranet --deletion-protection
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb

**删除ALB实例** — `scripts/delete_load_balancer.py`

```bash
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx --yes  # 跳过确认
删除保护设置
scripts/deletion_protection.py
bash
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --enable
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --disable

Listeners

监听器

List listeners
scripts/list_listeners.py
bash
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx --json
Get listener details (certificates, ACL, config)
scripts/get_listener_attribute.py
bash
python3 scripts/get_listener_attribute.py --region cn-hangzhou --listener-id lsn-xxx
Create listener
scripts/create_listener.py
bash
undefined
列出监听器
scripts/list_listeners.py
bash
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx --json
获取监听器详情(证书、ACL、配置)
scripts/get_listener_attribute.py
bash
python3 scripts/get_listener_attribute.py --region cn-hangzhou --listener-id lsn-xxx
创建监听器
scripts/create_listener.py
bash
undefined

HTTP listener forwarding to server group

转发至服务器组的HTTP监听器

python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx

HTTPS listener with certificate

带证书的HTTPS监听器

python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTPS --port 443 --action-type ForwardGroup
--forward-server-groups sgp-xxx --certificate-ids cert-xxx
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTPS --port 443 --action-type ForwardGroup
--forward-server-groups sgp-xxx --certificate-ids cert-xxx

HTTP to HTTPS redirect

HTTP跳转至HTTPS

python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type Redirect
--redirect-protocol HTTPS --redirect-port 443
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type Redirect
--redirect-protocol HTTPS --redirect-port 443

Dry run

试运行(Dry run)

python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx --dry-run

**Update listener** — `scripts/update_listener.py`

```bash
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx --dry-run

**更新监听器** — `scripts/update_listener.py`

```bash

Update description

更新描述

python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--description "Production HTTP listener"
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--description "Production HTTP listener"

Change default forwarding target

修改默认转发目标

python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--forward-server-groups sgp-new
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--forward-server-groups sgp-new

Update timeouts and security policy

更新超时时间和安全策略

python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--idle-timeout 60 --request-timeout 120 --security-policy-id tls_cipher_policy_1_2
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--idle-timeout 60 --request-timeout 120 --security-policy-id tls_cipher_policy_1_2

Enable HTTP/2 and gzip

启用HTTP/2和gzip

python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--http2-enabled true --gzip-enabled true

**Start / Stop listener** — `scripts/start_listener.py` / `scripts/stop_listener.py`

```bash
python3 scripts/start_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/stop_listener.py --region cn-hangzhou --listener-id lsn-xxx
Delete listener
scripts/delete_listener.py
bash
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx --yes  # skip confirm
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--http2-enabled true --gzip-enabled true

**启动/停止监听器** — `scripts/start_listener.py` / `scripts/stop_listener.py`

```bash
python3 scripts/start_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/stop_listener.py --region cn-hangzhou --listener-id lsn-xxx
删除监听器
scripts/delete_listener.py
bash
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx --yes  # 跳过确认

Server Groups

服务器组

List server groups
scripts/list_server_groups.py
bash
python3 scripts/list_server_groups.py --region cn-hangzhou
python3 scripts/list_server_groups.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_server_groups.py --region cn-hangzhou --sg-ids sgp-aaa sgp-bbb
List backend servers in a server group
scripts/list_server_group_servers.py
bash
python3 scripts/list_server_group_servers.py --region cn-hangzhou --sg-id sgp-xxx
Create server group
scripts/create_server_group.py
bash
undefined
列出服务器组
scripts/list_server_groups.py
bash
python3 scripts/list_server_groups.py --region cn-hangzhou
python3 scripts/list_server_groups.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_server_groups.py --region cn-hangzhou --sg-ids sgp-aaa sgp-bbb
列出服务器组内的后端服务器
scripts/list_server_group_servers.py
bash
python3 scripts/list_server_group_servers.py --region cn-hangzhou --sg-id sgp-xxx
创建服务器组
scripts/create_server_group.py
bash
undefined

Basic HTTP server group

基础HTTP服务器组

python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP

With health check customization

自定义健康检查配置

python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--health-check-path /health --health-check-interval 10
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--health-check-path /health --health-check-interval 10

With sticky sessions

开启会话保持

python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--sticky-session-enabled --sticky-session-type Server --sticky-session-cookie SERVERID
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--sticky-session-enabled --sticky-session-type Server --sticky-session-cookie SERVERID

Dry run

试运行(Dry run)

python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --dry-run

**Delete server group** — `scripts/delete_server_group.py`

```bash
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx --yes  # skip confirm
Add backend servers
scripts/add_servers.py
bash
undefined
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --dry-run

**删除服务器组** — `scripts/delete_server_group.py`

```bash
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx --yes  # 跳过确认
添加后端服务器
scripts/add_servers.py
bash
undefined

Add ECS server (type:id:port[:weight[:description]])

添加ECS服务器(格式:type:id:port[:weight[:description]])

python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080

Add multiple servers with weight

添加多台带权重的服务器

python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080:100:web-1
--server ecs:i-yyy:8080:50:web-2
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080:100:web-1
--server ecs:i-yyy:8080:50:web-2

Add IP-based server (for Ip-type server group)

添加IP型服务器(适用于IP类型服务器组)

python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ip:10.0.1.100:8080

**Remove backend servers** — `scripts/remove_servers.py`

```bash
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ip:10.0.1.100:8080

**移除后端服务器** — `scripts/remove_servers.py`

```bash

Remove server (type:id:port)

移除服务器(格式:type:id:port)

python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080
python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080

Remove multiple servers

移除多台服务器

python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080 --server ecs:i-yyy:8080
undefined
python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080 --server ecs:i-yyy:8080
undefined

Forwarding Rules

转发规则

List rules
scripts/list_rules.py
bash
undefined
列出规则
scripts/list_rules.py
bash
undefined

By load balancer

按负载均衡器查询

python3 scripts/list_rules.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_rules.py --region cn-hangzhou --lb-id alb-xxx

By listener

按监听器查询

python3 scripts/list_rules.py --region cn-hangzhou --listener-id lsn-xxx

**Create forwarding rule** — `scripts/create_rule.py`

```bash
python3 scripts/list_rules.py --region cn-hangzhou --listener-id lsn-xxx

**创建转发规则** — `scripts/create_rule.py`

```bash

Block DELETE method with 405 response

拦截DELETE方法并返回405响应

python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "block-delete" --priority 10
--condition-method DELETE
--action-fixed-response "405 Method Not Allowed"
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "block-delete" --priority 10
--condition-method DELETE
--action-fixed-response "405 Method Not Allowed"

Host-based routing to server group

基于域名路由至服务器组

python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-route" --priority 20
--condition-host "api.example.com"
--action-forward-to sgp-xxx
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-route" --priority 20
--condition-host "api.example.com"
--action-forward-to sgp-xxx

Path-based routing

基于路径路由

python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-v1-route" --priority 30
--condition-host "api.example.com" --condition-path "/v1/*"
--action-forward-to sgp-xxx
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-v1-route" --priority 30
--condition-host "api.example.com" --condition-path "/v1/*"
--action-forward-to sgp-xxx

HTTP to HTTPS redirect

HTTP跳转至HTTPS

python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "force-https" --priority 5
--action-redirect "https 443"

**Update forwarding rule** — `scripts/update_rule.py`

```bash
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "force-https" --priority 5
--action-redirect "https 443"

**更新转发规则** — `scripts/update_rule.py`

```bash

Update rule name and priority

更新规则名称和优先级

python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--name "new-name" --priority 50
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--name "new-name" --priority 50

Change forwarding target

修改转发目标

python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--action-forward-to sgp-new
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--action-forward-to sgp-new

Update conditions and actions together

同时更新条件和动作

python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--condition-host "new.example.com"
--action-forward-to sgp-new

**Delete forwarding rule** — `scripts/delete_rule.py`

```bash
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx --yes  # skip confirm
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--condition-host "new.example.com"
--action-forward-to sgp-new

**删除转发规则** — `scripts/delete_rule.py`

```bash
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx --yes  # 跳过确认

Health Check

健康检查

Check health status
scripts/check_health_status.py
bash
undefined
检查健康状态
scripts/check_health_status.py
bash
undefined

All listeners

所有监听器

python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx

Specific listener

指定监听器

python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --listener-id lsn-xxx
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --listener-id lsn-xxx

JSON output (includes rule-level health status)

JSON输出(包含规则级健康状态)

python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --json
undefined
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --json
undefined

Certificates

证书

List listener certificates
scripts/list_listener_certificates.py
bash
python3 scripts/list_listener_certificates.py --region cn-hangzhou --listener-id lsn-xxx
列出监听器证书
scripts/list_listener_certificates.py
bash
python3 scripts/list_listener_certificates.py --region cn-hangzhou --listener-id lsn-xxx

Security Policies

安全策略

List security policies
scripts/list_security_policies.py
bash
undefined
列出安全策略
scripts/list_security_policies.py
bash
undefined

Custom policies only

仅自定义策略

python3 scripts/list_security_policies.py --region cn-hangzhou
python3 scripts/list_security_policies.py --region cn-hangzhou

Include system predefined policies

包含系统预定义策略

python3 scripts/list_security_policies.py --region cn-hangzhou --system
undefined
python3 scripts/list_security_policies.py --region cn-hangzhou --system
undefined

Access Control (ACL)

访问控制(ACL)

List ACLs
scripts/list_acls.py
bash
python3 scripts/list_acls.py --region cn-hangzhou
python3 scripts/list_acls.py --region cn-hangzhou --acl-ids acl-aaa acl-bbb
List ACL entries
scripts/list_acl_entries.py
bash
python3 scripts/list_acl_entries.py --region cn-hangzhou --acl-id acl-xxx
列出ACL
scripts/list_acls.py
bash
python3 scripts/list_acls.py --region cn-hangzhou
python3 scripts/list_acls.py --region cn-hangzhou --acl-ids acl-aaa acl-bbb
列出ACL条目
scripts/list_acl_entries.py
bash
python3 scripts/list_acl_entries.py --region cn-hangzhou --acl-id acl-xxx

Async Job Polling

异步任务轮询

Most ALB write operations (create/update/delete listener, rule, ALB instance) return a 
job_id
. Use 
wait_for_job.py
to poll until the job completes.
Wait for async job
scripts/wait_for_job.py
bash
undefined
大多数ALB写入操作(创建/更新/删除监听器、规则、ALB实例)会返回
job_id
。使用
wait_for_job.py
轮询直到任务完成。
等待异步任务
scripts/wait_for_job.py
bash
undefined

Wait for a job (default 120s timeout)

等待任务完成(默认超时120秒)

python3 scripts/wait_for_job.py --region cn-hangzhou --job-id 606f647c-xxxx-xxxx
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id 606f647c-xxxx-xxxx

Custom timeout and interval

自定义超时时间和轮询间隔

python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --timeout 300 --interval 3
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --timeout 300 --interval 3

JSON output

JSON输出

python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json

Write result to file

将结果写入文件

python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json --output result.json

Job statuses: `Processing` → `Succeeded` / `Failed`. Exit code 0 on success, 1 on failure/timeout.
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json --output result.json

任务状态:`Processing`(处理中)→ `Succeeded`(成功)/ `Failed`(失败)。任务成功时退出码为0,失败或超时为1。

Write Operations Cookbook

写入操作实践指南

Step-by-step guide to build a complete ALB from scratch. Full dependency graph: 
references/resource-dependencies.md
.
Prerequisites: VPC, VSwitches, backend instances (ECS/ENI/ECI), and SSL certificates (for HTTPS) must already exist.
从零开始构建完整ALB的分步指南。完整依赖关系图:
references/resource-dependencies.md
前置条件:VPC、虚拟交换机、后端实例(ECS/ENI/ECI)以及SSL证书(HTTPS场景)必须已存在。

Step 1: Create independent resources (parallelizable)

步骤1:创建独立资源(可并行执行)

1a. Create Server Group → yields 
ServerGroupId
python
resp = client.create_server_group(alb_models.CreateServerGroupRequest(
    server_group_name="my-sg",
    vpc_id="vpc-xxx",
    protocol="HTTP",
    scheduler="Wrr",
    health_check_config=alb_models.CreateServerGroupRequestHealthCheckConfig(
        health_check_enabled=True,
        health_check_path="/health",
        health_check_codes=["http_2xx", "http_3xx"],
    ),
))
server_group_id = resp.body.server_group_id
1b. Create ACL (if needed) → yields 
AclId
python
resp = client.create_acl(alb_models.CreateAclRequest(acl_name="my-acl"))
acl_id = resp.body.acl_id
1a. 创建服务器组 → 返回
ServerGroupId
python
resp = client.create_server_group(alb_models.CreateServerGroupRequest(
    server_group_name="my-sg",
    vpc_id="vpc-xxx",
    protocol="HTTP",
    scheduler="Wrr",
    health_check_config=alb_models.CreateServerGroupRequestHealthCheckConfig(
        health_check_enabled=True,
        health_check_path="/health",
        health_check_codes=["http_2xx", "http_3xx"],
    ),
))
server_group_id = resp.body.server_group_id
1b. 创建ACL(按需) → 返回
AclId
python
resp = client.create_acl(alb_models.CreateAclRequest(acl_name="my-acl"))
acl_id = resp.body.acl_id

Add IP entries

添加IP条目

client.add_entries_to_acl(alb_models.AddEntriesToAclRequest( acl_id=acl_id, acl_entries=[ alb_models.AddEntriesToAclRequestAclEntries(entry="10.0.0.0/8", description="internal"), alb_models.AddEntriesToAclRequestAclEntries(entry="203.0.113.1/32", description="office"), ], ))
undefined
client.add_entries_to_acl(alb_models.AddEntriesToAclRequest( acl_id=acl_id, acl_entries=[ alb_models.AddEntriesToAclRequestAclEntries(entry="10.0.0.0/8", description="internal"), alb_models.AddEntriesToAclRequestAclEntries(entry="203.0.113.1/32", description="office"), ], ))
undefined

Step 2: Add backends to Server Group

步骤2:向后端服务器组添加实例

python
client.add_servers_to_server_group(alb_models.AddServersToServerGroupRequest(
    server_group_id=server_group_id,  # ← Step 1a
    servers=[alb_models.AddServersToServerGroupRequestServers(
        server_type="Ecs",
        server_id="i-xxx",
        port=8080,
        weight=100,
    )],
))
python
client.add_servers_to_server_group(alb_models.AddServersToServerGroupRequest(
    server_group_id=server_group_id,  # ← 步骤1a
    servers=[alb_models.AddServersToServerGroupRequestServers(
        server_type="Ecs",
        server_id="i-xxx",
        port=8080,
        weight=100,
    )],
))

Step 3: Create ALB instance → yields 
LoadBalancerId

步骤3:创建ALB实例 → 返回
LoadBalancerId

python
resp = client.create_load_balancer(alb_models.CreateLoadBalancerRequest(
    load_balancer_name="my-alb",
    address_type="Internet",       # Internet | Intranet
    load_balancer_edition="Standard",  # Basic | Standard | StandardWithWaf
    vpc_id="vpc-xxx",
    load_balancer_billing_config=alb_models.CreateLoadBalancerRequestLoadBalancerBillingConfig(
        pay_type="PostPay",
    ),
    zone_mappings=[
        alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-h", v_switch_id="vsw-aaa"),
        alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-i", v_switch_id="vsw-bbb"),
    ],
))
load_balancer_id = resp.body.load_balancer_id
python
resp = client.create_load_balancer(alb_models.CreateLoadBalancerRequest(
    load_balancer_name="my-alb",
    address_type="Internet",       # Internet(公网)| Intranet(内网)
    load_balancer_edition="Standard",  # Basic(基础版)| Standard(标准版)| StandardWithWaf(标准版带WAF)
    vpc_id="vpc-xxx",
    load_balancer_billing_config=alb_models.CreateLoadBalancerRequestLoadBalancerBillingConfig(
        pay_type="PostPay",
    ),
    zone_mappings=[
        alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-h", v_switch_id="vsw-aaa"),
        alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-i", v_switch_id="vsw-bbb"),
    ],
))
load_balancer_id = resp.body.load_balancer_id

⚠️ Async operation — poll GetLoadBalancerAttribute until LoadBalancerStatus == "Active"

⚠️ 异步操作 — 轮询GetLoadBalancerAttribute直到LoadBalancerStatus == "Active"

undefined
undefined

Step 4: Enable Access Log (optional)

步骤4:启用访问日志(可选)

python
client.enable_load_balancer_access_log(alb_models.EnableLoadBalancerAccessLogRequest(
    load_balancer_id=load_balancer_id,  # ← Step 3
    log_project="my-sls-project",
    log_store="alb-access-log",
))
python
client.enable_load_balancer_access_log(alb_models.EnableLoadBalancerAccessLogRequest(
    load_balancer_id=load_balancer_id,  # ← 步骤3
    log_project="my-sls-project",
    log_store="alb-access-log",
))

Step 5: Create Listener → yields 
ListenerId

步骤5:创建监听器 → 返回
ListenerId

python
undefined
python
undefined

HTTPS Listener (for HTTP, omit the certificates parameter)

HTTPS监听器(HTTP场景可省略certificates参数)

resp = client.create_listener(alb_models.CreateListenerRequest( load_balancer_id=load_balancer_id, # ← Step 3 listener_protocol="HTTPS", listener_port=443, default_actions=[alb_models.CreateListenerRequestDefaultActions( type="ForwardGroup", forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig( server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples( server_group_id=server_group_id, # ← Step 1a )], ), )], certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")], )) listener_id = resp.body.listener_id
resp = client.create_listener(alb_models.CreateListenerRequest( load_balancer_id=load_balancer_id, # ← 步骤3 listener_protocol="HTTPS", listener_port=443, default_actions=[alb_models.CreateListenerRequestDefaultActions( type="ForwardGroup", forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig( server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples( server_group_id=server_group_id, # ← 步骤1a )], ), )], certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")], )) listener_id = resp.body.listener_id

⚠️ Async operation — poll GetListenerAttribute until ListenerStatus == "Running"

⚠️ 异步操作 — 轮询GetListenerAttribute直到ListenerStatus == "Running"

undefined
undefined

Step 6: Configure Listener sub-resources (parallelizable)

步骤6:配置监听器子资源(可并行执行)

6a. Create Forwarding Rule
python
client.create_rule(alb_models.CreateRuleRequest(
    listener_id=listener_id,  # ← Step 5
    rule_name="api-route",
    priority=10,
    rule_conditions=[alb_models.CreateRuleRequestRuleConditions(
        type="Host",
        host_config=alb_models.CreateRuleRequestRuleConditionsHostConfig(values=["api.example.com"]),
    )],
    rule_actions=[alb_models.CreateRuleRequestRuleActions(
        type="ForwardGroup",
        order=1,
        forward_group_config=alb_models.CreateRuleRequestRuleActionsForwardGroupConfig(
            server_group_tuples=[alb_models.CreateRuleRequestRuleActionsForwardGroupConfigServerGroupTuples(
                server_group_id=server_group_id,  # ← Step 1a (or another ServerGroup)
            )],
        ),
    )],
))
6b. Associate ACL
python
client.associate_acls_with_listener(alb_models.AssociateAclsWithListenerRequest(
    listener_id=listener_id,  # ← Step 5
    acl_type="White",          # White (whitelist) | Black (blacklist)
    acl_ids=[acl_id],          # ← Step 1b
))
6a. 创建转发规则
python
client.create_rule(alb_models.CreateRuleRequest(
    listener_id=listener_id,  # ← 步骤5
    rule_name="api-route",
    priority=10,
    rule_conditions=[alb_models.CreateRuleRequestRuleConditions(
        type="Host",
        host_config=alb_models.CreateRuleRequestRuleConditionsHostConfig(values=["api.example.com"]),
    )],
    rule_actions=[alb_models.CreateRuleRequestRuleActions(
        type="ForwardGroup",
        order=1,
        forward_group_config=alb_models.CreateRuleRequestRuleActionsForwardGroupConfig(
            server_group_tuples=[alb_models.CreateRuleRequestRuleActionsForwardGroupConfigServerGroupTuples(
                server_group_id=server_group_id,  # ← 步骤1a(或其他服务器组)
            )],
        ),
    )],
))
6b. 关联ACL
python
client.associate_acls_with_listener(alb_models.AssociateAclsWithListenerRequest(
    listener_id=listener_id,  # ← 步骤5
    acl_type="White",          # White(白名单)| Black(黑名单)
    acl_ids=[acl_id],          # ← 步骤1b
))

Teardown (reverse order)

资源清理(反向顺序)

Must delete from leaf resources first. See 
references/resource-dependencies.md
for the full deletion sequence.
python
undefined
必须从叶子资源开始删除。完整删除顺序请参考
references/resource-dependencies.md
python
undefined

1. Detach Listener sub-resources

1. 解绑监听器子资源

client.dissociate_acls_from_listener(alb_models.DissociateAclsFromListenerRequest( listener_id="lsn-xxx", acl_ids=["acl-xxx"], )) client.delete_rule(alb_models.DeleteRuleRequest(rule_id="rule-xxx"))
client.dissociate_acls_from_listener(alb_models.DissociateAclsFromListenerRequest( listener_id="lsn-xxx", acl_ids=["acl-xxx"], )) client.delete_rule(alb_models.DeleteRuleRequest(rule_id="rule-xxx"))

2. Delete Listener

2. 删除监听器

client.delete_listener(alb_models.DeleteListenerRequest(listener_id="lsn-xxx"))
client.delete_listener(alb_models.DeleteListenerRequest(listener_id="lsn-xxx"))

3. Delete ALB (disable deletion protection first)

3. 删除ALB(需先关闭删除保护)

client.disable_deletion_protection(alb_models.DisableDeletionProtectionRequest(resource_id="alb-xxx")) client.delete_load_balancer(alb_models.DeleteLoadBalancerRequest(load_balancer_id="alb-xxx"))
client.disable_deletion_protection(alb_models.DisableDeletionProtectionRequest(resource_id="alb-xxx")) client.delete_load_balancer(alb_models.DeleteLoadBalancerRequest(load_balancer_id="alb-xxx"))

4. Delete independent resources

4. 删除独立资源

client.remove_servers_from_server_group(alb_models.RemoveServersFromServerGroupRequest( server_group_id="sgp-xxx", servers=[alb_models.RemoveServersFromServerGroupRequestServers( server_type="Ecs", server_id="i-xxx", port=8080, )], )) client.delete_server_group(alb_models.DeleteServerGroupRequest(server_group_id="sgp-xxx")) client.delete_acl(alb_models.DeleteAclRequest(acl_id="acl-xxx"))
undefined
client.remove_servers_from_server_group(alb_models.RemoveServersFromServerGroupRequest( server_group_id="sgp-xxx", servers=[alb_models.RemoveServersFromServerGroupRequestServers( server_type="Ecs", server_id="i-xxx", port=8080, )], )) client.delete_server_group(alb_models.DeleteServerGroupRequest(server_group_id="sgp-xxx")) client.delete_acl(alb_models.DeleteAclRequest(acl_id="acl-xxx"))
undefined

Common operations

常见操作

python
undefined
python
undefined

Start / Stop Listener

启动/停止监听器

client.start_listener(alb_models.StartListenerRequest(listener_id="lsn-xxx")) client.stop_listener(alb_models.StopListenerRequest(listener_id="lsn-xxx"))
client.start_listener(alb_models.StartListenerRequest(listener_id="lsn-xxx")) client.stop_listener(alb_models.StopListenerRequest(listener_id="lsn-xxx"))

Disable Access Log

关闭访问日志

client.disable_load_balancer_access_log(alb_models.DisableLoadBalancerAccessLogRequest( load_balancer_id="alb-xxx", ))
undefined
client.disable_load_balancer_access_log(alb_models.DisableLoadBalancerAccessLogRequest( load_balancer_id="alb-xxx", ))
undefined

Update operations

更新操作

Update Listener (timeout, security policy, HTTP/2)
python
client.update_listener_attribute(alb_models.UpdateListenerAttributeRequest(
    listener_id="lsn-xxx",
    idle_timeout=60,                # seconds
    request_timeout=120,            # seconds
    security_policy_id="tls_cipher_policy_1_2",  # HTTPS only
    http_2enabled=True,             # HTTPS only
))
Update Server Group (health check, scheduler, sticky session)
python
client.update_server_group_attribute(alb_models.UpdateServerGroupAttributeRequest(
    server_group_id="sgp-xxx",
    scheduler="Wrr",                # Wrr | Wlc | Sch | Uch
    health_check_config=alb_models.UpdateServerGroupAttributeRequestHealthCheckConfig(
        health_check_enabled=True,
        health_check_path="/health",
        health_check_interval=5,
        healthy_threshold=3,
        unhealthy_threshold=3,
        health_check_codes=["http_2xx", "http_3xx"],
    ),
    sticky_session_config=alb_models.UpdateServerGroupAttributeRequestStickySessionConfig(
        sticky_session_enabled=True,
        sticky_session_type="Server",  # Server | Insert
        cookie="SERVERID",
    ),
))
Update backend server weight (blue-green, canary)
python
client.update_server_group_servers_attribute(alb_models.UpdateServerGroupServersAttributeRequest(
    server_group_id="sgp-xxx",
    servers=[alb_models.UpdateServerGroupServersAttributeRequestServers(
        server_type="Ecs",
        server_id="i-xxx",
        port=8080,
        weight=50,  # adjust weight for traffic shifting
    )],
))
Update forwarding rule (blue-green weight switching)
python
client.update_rule_attribute(alb_models.UpdateRuleAttributeRequest(
    rule_id="rule-xxx",
    rule_actions=[alb_models.UpdateRuleAttributeRequestRuleActions(
        type="ForwardGroup",
        order=1,
        forward_group_config=alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfig(
            server_group_tuples=[
                alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
                    server_group_id="sgp-blue", weight=80,
                ),
                alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
                    server_group_id="sgp-green", weight=20,
                ),
            ],
        ),
    )],
))
更新监听器(超时时间、安全策略、HTTP/2)
python
client.update_listener_attribute(alb_models.UpdateListenerAttributeRequest(
    listener_id="lsn-xxx",
    idle_timeout=60,                # 秒
    request_timeout=120,            # 秒
    security_policy_id="tls_cipher_policy_1_2",  # 仅HTTPS支持
    http_2enabled=True,             # 仅HTTPS支持
))
更新服务器组(健康检查、调度算法、会话保持)
python
client.update_server_group_attribute(alb_models.UpdateServerGroupAttributeRequest(
    server_group_id="sgp-xxx",
    scheduler="Wrr",                # Wrr(加权轮询)| Wlc(加权最小连接)| Sch(源IP哈希)| Uch(一致性哈希)
    health_check_config=alb_models.UpdateServerGroupAttributeRequestHealthCheckConfig(
        health_check_enabled=True,
        health_check_path="/health",
        health_check_interval=5,
        healthy_threshold=3,
        unhealthy_threshold=3,
        health_check_codes=["http_2xx", "http_3xx"],
    ),
    sticky_session_config=alb_models.UpdateServerGroupAttributeRequestStickySessionConfig(
        sticky_session_enabled=True,
        sticky_session_type="Server",  # Server(服务器端会话保持)| Insert(插入Cookie)
        cookie="SERVERID",
    ),
))
更新后端服务器权重(蓝绿发布、灰度发布)
python
client.update_server_group_servers_attribute(alb_models.UpdateServerGroupServersAttributeRequest(
    server_group_id="sgp-xxx",
    servers=[alb_models.UpdateServerGroupServersAttributeRequestServers(
        server_type="Ecs",
        server_id="i-xxx",
        port=8080,
        weight=50,  # 调整权重实现流量切换
    )],
))
更新转发规则(蓝绿权重切换)
python
client.update_rule_attribute(alb_models.UpdateRuleAttributeRequest(
    rule_id="rule-xxx",
    rule_actions=[alb_models.UpdateRuleAttributeRequestRuleActions(
        type="ForwardGroup",
        order=1,
        forward_group_config=alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfig(
            server_group_tuples=[
                alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
                    server_group_id="sgp-blue", weight=80,
                ),
                alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
                    server_group_id="sgp-green", weight=20,
                ),
            ],
        ),
    )],
))

HTTP → HTTPS redirect pattern

HTTP → HTTPS跳转配置

python
undefined
python
undefined

Create HTTP:80 listener that redirects all traffic to HTTPS:443

创建HTTP:80监听器,将所有流量跳转至HTTPS:443

client.create_listener(alb_models.CreateListenerRequest( load_balancer_id=load_balancer_id, listener_protocol="HTTP", listener_port=80, default_actions=[alb_models.CreateListenerRequestDefaultActions( type="Redirect", redirect_config=alb_models.CreateListenerRequestDefaultActionsRedirectConfig( protocol="HTTPS", port="443", http_redirect_code="301", ), )], ))
undefined
client.create_listener(alb_models.CreateListenerRequest( load_balancer_id=load_balancer_id, listener_protocol="HTTP", listener_port=80, default_actions=[alb_models.CreateListenerRequestDefaultActions( type="Redirect", redirect_config=alb_models.CreateListenerRequestDefaultActionsRedirectConfig( protocol="HTTPS", port="443", http_redirect_code="301", ), )], ))
undefined

QUIC listener

QUIC监听器

python
undefined
python
undefined

QUIC listener (requires an existing HTTPS listener on the same ALB)

QUIC监听器(要求同一ALB下已存在HTTPS监听器)

client.create_listener(alb_models.CreateListenerRequest( load_balancer_id=load_balancer_id, listener_protocol="QUIC", listener_port=443, default_actions=[alb_models.CreateListenerRequestDefaultActions( type="ForwardGroup", forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig( server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples( server_group_id=server_group_id, )], ), )], certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")], ))
client.create_listener(alb_models.CreateListenerRequest( load_balancer_id=load_balancer_id, listener_protocol="QUIC", listener_port=443, default_actions=[alb_models.CreateListenerRequestDefaultActions( type="ForwardGroup", forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig( server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples( server_group_id=server_group_id, )], ), )], certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")], ))

Note: QUIC Client Hello must be ≥ 1024 bytes; see troubleshooting doc for details

注意:QUIC Client Hello报文长度必须≥1024字节;详情请参考故障排查文档

undefined
undefined

Health Check Template

健康检查模板

python
undefined
python
undefined

Create a reusable health check template

创建可复用的健康检查模板

resp = client.create_health_check_template(alb_models.CreateHealthCheckTemplateRequest( health_check_template_name="standard-http-check", health_check_protocol="HTTP", health_check_path="/health", health_check_method="HEAD", health_check_codes=["http_2xx", "http_3xx"], health_check_interval=5, health_check_timeout=3, healthy_threshold=3, unhealthy_threshold=3, )) template_id = resp.body.health_check_template_id
resp = client.create_health_check_template(alb_models.CreateHealthCheckTemplateRequest( health_check_template_name="standard-http-check", health_check_protocol="HTTP", health_check_path="/health", health_check_method="HEAD", health_check_codes=["http_2xx", "http_3xx"], health_check_interval=5, health_check_timeout=3, healthy_threshold=3, unhealthy_threshold=3, )) template_id = resp.body.health_check_template_id

Apply template to a server group

将模板应用至服务器组

client.apply_health_check_template_to_server_group( alb_models.ApplyHealthCheckTemplateToServerGroupRequest( server_group_id="sgp-xxx", health_check_template_id=template_id, ) )
undefined
client.apply_health_check_template_to_server_group( alb_models.ApplyHealthCheckTemplateToServerGroupRequest( server_group_id="sgp-xxx", health_check_template_id=template_id, ) )
undefined

Log Analysis

日志分析

ALB access log analysis is handled by the 
alicloud-observability-sls-log-query
skill.
Get log config from 
GetLoadBalancerAttribute
:
  • AccessLogConfig.LogProject
    → SLS Project
  • AccessLogConfig.LogStore
    → SLS Logstore
Common query templates: see 
references/log-analysis.md
.
ALB访问日志分析由
alicloud-observability-sls-log-query
技能处理。
GetLoadBalancerAttribute
获取日志配置:
  • AccessLogConfig.LogProject
    → SLS项目
  • AccessLogConfig.LogStore
    → SLS日志库
常用查询模板:参考
references/log-analysis.md

Troubleshooting

故障排查

See 
references/troubleshooting.md
for:
  1. Cannot access service / connectivity checklist
  2. High latency diagnosis
  3. Health check failures (first-time config, iptables blocking, source IPs)
  4. HTTP status codes — full ALB error reference (400/405/408/414/463/499/500/502/503/504)
  5. Certificate & HTTPS issues (expiry, wildcard rules, SNI, WAF sync)
  6. Forwarding rule conflicts
  7. ACL access control issues
  8. Request limits (URI, header, body, keep-alive)
  9. WAF integration (2.0 vs 3.0)
  10. EIP & bandwidth
references/troubleshooting.md
包含以下内容:
  1. 服务无法访问 / 连通性检查清单
  2. 高延迟诊断
  3. 健康检查失败(首次配置、iptables拦截、源IP)
  4. HTTP状态码 — 完整ALB错误参考(400/405/408/414/463/499/500/502/503/504)
  5. 证书与HTTPS问题(过期、通配符规则、SNI、WAF同步)
  6. 转发规则冲突
  7. ACL访问控制问题
  8. 请求限制(URI、Header、Body、长连接)
  9. WAF集成(2.0 vs 3.0)
  10. EIP与带宽

API Reference

API参考

Full API list: 
references/api_quick_map.md
.
完整API列表:
references/api_quick_map.md

Output And Evidence

输出与证据

  • Save outputs under 
    output/alicloud-network-alb/
    .
  • Keep command parameters and region scope in evidence files.
  • 将输出保存至
    output/alicloud-network-alb/
    目录下。
  • 证据文件中需保留命令参数和地域范围。