Application Load Balancer (ALB)
Application Load Balancer (ALB)
bash
mkdir -p output/alicloud-network-alb
for f in skills/network/slb/alicloud-network-alb/scripts/*.py; do
python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-network-alb/validate.txt
Pass criteria: command exits 0 and
output/alicloud-network-alb/validate.txt
is generated.
bash
mkdir -p output/alicloud-network-alb
for f in skills/network/slb/alicloud-network-alb/scripts/*.py; do
python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/alicloud-network-alb/validate.txt
通过标准:命令执行返回0,且生成
output/alicloud-network-alb/validate.txt
文件。
bash
pip install alibabacloud_alb20200616 alibabacloud_tea_openapi alibabacloud_credentials
bash
pip install alibabacloud_alb20200616 alibabacloud_tea_openapi alibabacloud_credentials
AccessKey priority
AccessKey优先级
- Environment variables: /
ALICLOUD_ACCESS_KEY_SECRET
- Also supported:
ALIBABA_CLOUD_ACCESS_KEY_ID
ALIBABA_CLOUD_ACCESS_KEY_SECRET
- Optional STS token:
- Shared config file:
~/.alibabacloud/credentials
- 环境变量: /
ALICLOUD_ACCESS_KEY_SECRET
- 同时支持:
ALIBABA_CLOUD_ACCESS_KEY_ID
ALIBABA_CLOUD_ACCESS_KEY_SECRET
- 可选STS令牌:
- 共享配置文件:
~/.alibabacloud/credentials
All scripts support
to write results to file.
Load Balancer Instances
负载均衡实例
List instances —
scripts/list_instances.py
bash
python3 scripts/list_instances.py --region cn-hangzhou
python3 scripts/list_instances.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_instances.py --region cn-hangzhou --address-type Internet --status Active
python3 scripts/list_instances.py --region cn-hangzhou --lb-ids alb-aaa alb-bbb --json
Instance status (tree overview / full JSON) —
scripts/get_instance_status.py
列出实例 —
scripts/list_instances.py
bash
python3 scripts/list_instances.py --region cn-hangzhou
python3 scripts/list_instances.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_instances.py --region cn-hangzhou --address-type Internet --status Active
python3 scripts/list_instances.py --region cn-hangzhou --lb-ids alb-aaa alb-bbb --json
实例状态(树形概览 / 完整JSON) —
scripts/get_instance_status.py
Tree overview: zones → listeners → rules
树形概览:可用区 → 监听器 → 规则
python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx
Full API response as JSON
完整API响应(JSON格式)
python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx --view detail
**Create ALB instance** — `scripts/create_load_balancer.py`
```bash
python3 scripts/get_instance_status.py --region cn-hangzhou --lb-id alb-xxx --view detail
**创建ALB实例** — `scripts/create_load_balancer.py`
```bash
Internet-facing ALB in two zones
双可用区公网ALB
python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Internet
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb
python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Internet
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb
Internal ALB with deletion protection
开启删除保护的内网ALB
python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Intranet --deletion-protection
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb
**Delete ALB instance** — `scripts/delete_load_balancer.py`
```bash
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx --yes # skip confirm
Deletion protection —
scripts/deletion_protection.py
bash
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --enable
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --disable
python3 scripts/create_load_balancer.py --region cn-hangzhou --name my-alb
--vpc-id vpc-xxx --address-type Intranet --deletion-protection
--zone cn-hangzhou-h:vsw-aaa --zone cn-hangzhou-i:vsw-bbb
**删除ALB实例** — `scripts/delete_load_balancer.py`
```bash
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/delete_load_balancer.py --region cn-hangzhou --lb-id alb-xxx --yes # 跳过确认
删除保护设置 —
scripts/deletion_protection.py
bash
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --enable
python3 scripts/deletion_protection.py --region cn-hangzhou --resource-id alb-xxx --disable
List listeners —
scripts/list_listeners.py
bash
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx --json
Get listener details (certificates, ACL, config) —
scripts/get_listener_attribute.py
bash
python3 scripts/get_listener_attribute.py --region cn-hangzhou --listener-id lsn-xxx
Create listener —
scripts/create_listener.py
列出监听器 —
scripts/list_listeners.py
bash
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_listeners.py --region cn-hangzhou --lb-id alb-xxx --json
获取监听器详情(证书、ACL、配置) —
scripts/get_listener_attribute.py
bash
python3 scripts/get_listener_attribute.py --region cn-hangzhou --listener-id lsn-xxx
创建监听器 —
scripts/create_listener.py
HTTP listener forwarding to server group
转发至服务器组的HTTP监听器
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx
HTTPS listener with certificate
带证书的HTTPS监听器
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTPS --port 443 --action-type ForwardGroup
--forward-server-groups sgp-xxx --certificate-ids cert-xxx
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTPS --port 443 --action-type ForwardGroup
--forward-server-groups sgp-xxx --certificate-ids cert-xxx
HTTP to HTTPS redirect
HTTP跳转至HTTPS
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type Redirect
--redirect-protocol HTTPS --redirect-port 443
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type Redirect
--redirect-protocol HTTPS --redirect-port 443
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx --dry-run
**Update listener** — `scripts/update_listener.py`
```bash
python3 scripts/create_listener.py --region cn-hangzhou --lb-id alb-xxx
--protocol HTTP --port 80 --action-type ForwardGroup
--forward-server-groups sgp-xxx --dry-run
**更新监听器** — `scripts/update_listener.py`
```bash
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--description "Production HTTP listener"
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--description "Production HTTP listener"
Change default forwarding target
修改默认转发目标
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--forward-server-groups sgp-new
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--forward-server-groups sgp-new
Update timeouts and security policy
更新超时时间和安全策略
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--idle-timeout 60 --request-timeout 120 --security-policy-id tls_cipher_policy_1_2
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--idle-timeout 60 --request-timeout 120 --security-policy-id tls_cipher_policy_1_2
Enable HTTP/2 and gzip
启用HTTP/2和gzip
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--http2-enabled true --gzip-enabled true
**Start / Stop listener** — `scripts/start_listener.py` / `scripts/stop_listener.py`
```bash
python3 scripts/start_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/stop_listener.py --region cn-hangzhou --listener-id lsn-xxx
Delete listener —
scripts/delete_listener.py
bash
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx --yes # skip confirm
python3 scripts/update_listener.py --region cn-hangzhou --listener-id lsn-xxx
--http2-enabled true --gzip-enabled true
**启动/停止监听器** — `scripts/start_listener.py` / `scripts/stop_listener.py`
```bash
python3 scripts/start_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/stop_listener.py --region cn-hangzhou --listener-id lsn-xxx
删除监听器 —
scripts/delete_listener.py
bash
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx
python3 scripts/delete_listener.py --region cn-hangzhou --listener-id lsn-xxx --yes # 跳过确认
List server groups —
scripts/list_server_groups.py
bash
python3 scripts/list_server_groups.py --region cn-hangzhou
python3 scripts/list_server_groups.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_server_groups.py --region cn-hangzhou --sg-ids sgp-aaa sgp-bbb
List backend servers in a server group —
scripts/list_server_group_servers.py
bash
python3 scripts/list_server_group_servers.py --region cn-hangzhou --sg-id sgp-xxx
Create server group —
scripts/create_server_group.py
列出服务器组 —
scripts/list_server_groups.py
bash
python3 scripts/list_server_groups.py --region cn-hangzhou
python3 scripts/list_server_groups.py --region cn-hangzhou --vpc-id vpc-xxx
python3 scripts/list_server_groups.py --region cn-hangzhou --sg-ids sgp-aaa sgp-bbb
列出服务器组内的后端服务器 —
scripts/list_server_group_servers.py
bash
python3 scripts/list_server_group_servers.py --region cn-hangzhou --sg-id sgp-xxx
创建服务器组 —
scripts/create_server_group.py
Basic HTTP server group
基础HTTP服务器组
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
With health check customization
自定义健康检查配置
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--health-check-path /health --health-check-interval 10
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--health-check-path /health --health-check-interval 10
With sticky sessions
开启会话保持
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--sticky-session-enabled --sticky-session-type Server --sticky-session-cookie SERVERID
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --protocol HTTP
--sticky-session-enabled --sticky-session-type Server --sticky-session-cookie SERVERID
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --dry-run
**Delete server group** — `scripts/delete_server_group.py`
```bash
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx --yes # skip confirm
python3 scripts/create_server_group.py --region cn-hangzhou --name my-sg
--vpc-id vpc-xxx --dry-run
**删除服务器组** — `scripts/delete_server_group.py`
```bash
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx
python3 scripts/delete_server_group.py --region cn-hangzhou --sg-id sgp-xxx --yes # 跳过确认
Add ECS server (type:id:port[:weight[:description]])
添加ECS服务器(格式:type:id:port[:weight[:description]])
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080
Add multiple servers with weight
添加多台带权重的服务器
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080:100:web-1
--server ecs:i-yyy:8080:50:web-2
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080:100:web-1
--server ecs:i-yyy:8080:50:web-2
Add IP-based server (for Ip-type server group)
添加IP型服务器(适用于IP类型服务器组)
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ip:10.0.1.100:8080
**Remove backend servers** — `scripts/remove_servers.py`
```bash
python3 scripts/add_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ip:10.0.1.100:8080
**移除后端服务器** — `scripts/remove_servers.py`
```bash
Remove server (type:id:port)
移除服务器(格式:type:id:port)
python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080
python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080
Remove multiple servers
移除多台服务器
python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080 --server ecs:i-yyy:8080
python3 scripts/remove_servers.py --region cn-hangzhou --sg-id sgp-xxx
--server ecs:i-xxx:8080 --server ecs:i-yyy:8080
python3 scripts/list_rules.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_rules.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/list_rules.py --region cn-hangzhou --listener-id lsn-xxx
**Create forwarding rule** — `scripts/create_rule.py`
```bash
python3 scripts/list_rules.py --region cn-hangzhou --listener-id lsn-xxx
**创建转发规则** — `scripts/create_rule.py`
```bash
Block DELETE method with 405 response
拦截DELETE方法并返回405响应
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "block-delete" --priority 10
--condition-method DELETE
--action-fixed-response "405 Method Not Allowed"
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "block-delete" --priority 10
--condition-method DELETE
--action-fixed-response "405 Method Not Allowed"
Host-based routing to server group
基于域名路由至服务器组
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-route" --priority 20
--condition-host "api.example.com"
--action-forward-to sgp-xxx
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-route" --priority 20
--condition-host "api.example.com"
--action-forward-to sgp-xxx
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-v1-route" --priority 30
--condition-host "api.example.com" --condition-path "/v1/*"
--action-forward-to sgp-xxx
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "api-v1-route" --priority 30
--condition-host "api.example.com" --condition-path "/v1/*"
--action-forward-to sgp-xxx
HTTP to HTTPS redirect
HTTP跳转至HTTPS
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "force-https" --priority 5
--action-redirect "https 443"
**Update forwarding rule** — `scripts/update_rule.py`
```bash
python3 scripts/create_rule.py --region cn-hangzhou --listener-id lsn-xxx
--name "force-https" --priority 5
--action-redirect "https 443"
**更新转发规则** — `scripts/update_rule.py`
```bash
Update rule name and priority
更新规则名称和优先级
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--name "new-name" --priority 50
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--name "new-name" --priority 50
Change forwarding target
修改转发目标
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--action-forward-to sgp-new
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--action-forward-to sgp-new
Update conditions and actions together
同时更新条件和动作
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--condition-host "new.example.com"
--action-forward-to sgp-new
**Delete forwarding rule** — `scripts/delete_rule.py`
```bash
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx --yes # skip confirm
python3 scripts/update_rule.py --region cn-hangzhou --rule-id rule-xxx
--condition-host "new.example.com"
--action-forward-to sgp-new
**删除转发规则** — `scripts/delete_rule.py`
```bash
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx
python3 scripts/delete_rule.py --region cn-hangzhou --rule-id rule-xxx --yes # 跳过确认
Check health status —
scripts/check_health_status.py
检查健康状态 —
scripts/check_health_status.py
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --listener-id lsn-xxx
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --listener-id lsn-xxx
JSON output (includes rule-level health status)
JSON输出(包含规则级健康状态)
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --json
python3 scripts/check_health_status.py --region cn-hangzhou --lb-id alb-xxx --json
List listener certificates —
scripts/list_listener_certificates.py
bash
python3 scripts/list_listener_certificates.py --region cn-hangzhou --listener-id lsn-xxx
列出监听器证书 —
scripts/list_listener_certificates.py
bash
python3 scripts/list_listener_certificates.py --region cn-hangzhou --listener-id lsn-xxx
List security policies —
scripts/list_security_policies.py
列出安全策略 —
scripts/list_security_policies.py
Custom policies only
仅自定义策略
python3 scripts/list_security_policies.py --region cn-hangzhou
python3 scripts/list_security_policies.py --region cn-hangzhou
Include system predefined policies
包含系统预定义策略
python3 scripts/list_security_policies.py --region cn-hangzhou --system
python3 scripts/list_security_policies.py --region cn-hangzhou --system
Access Control (ACL)
访问控制(ACL)
bash
python3 scripts/list_acls.py --region cn-hangzhou
python3 scripts/list_acls.py --region cn-hangzhou --acl-ids acl-aaa acl-bbb
List ACL entries —
scripts/list_acl_entries.py
bash
python3 scripts/list_acl_entries.py --region cn-hangzhou --acl-id acl-xxx
bash
python3 scripts/list_acls.py --region cn-hangzhou
python3 scripts/list_acls.py --region cn-hangzhou --acl-ids acl-aaa acl-bbb
列出ACL条目 —
scripts/list_acl_entries.py
bash
python3 scripts/list_acl_entries.py --region cn-hangzhou --acl-id acl-xxx
Most ALB write operations (create/update/delete listener, rule, ALB instance) return a
. Use
to poll until the job completes.
大多数ALB写入操作(创建/更新/删除监听器、规则、ALB实例)会返回
。使用
轮询直到任务完成。
Wait for a job (default 120s timeout)
等待任务完成(默认超时120秒)
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id 606f647c-xxxx-xxxx
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id 606f647c-xxxx-xxxx
Custom timeout and interval
自定义超时时间和轮询间隔
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --timeout 300 --interval 3
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --timeout 300 --interval 3
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json
Write result to file
将结果写入文件
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json --output result.json
Job statuses: `Processing` → `Succeeded` / `Failed`. Exit code 0 on success, 1 on failure/timeout.
python3 scripts/wait_for_job.py --region cn-hangzhou --job-id xxx --json --output result.json
任务状态:`Processing`(处理中)→ `Succeeded`(成功)/ `Failed`(失败)。任务成功时退出码为0,失败或超时为1。
Write Operations Cookbook
写入操作实践指南
Step-by-step guide to build a complete ALB from scratch. Full dependency graph:
references/resource-dependencies.md
.
Prerequisites: VPC, VSwitches, backend instances (ECS/ENI/ECI), and SSL certificates (for HTTPS) must already exist.
从零开始构建完整ALB的分步指南。完整依赖关系图:
references/resource-dependencies.md
。
前置条件:VPC、虚拟交换机、后端实例(ECS/ENI/ECI)以及SSL证书(HTTPS场景)必须已存在。
Step 1: Create independent resources (parallelizable)
步骤1:创建独立资源(可并行执行)
1a. Create Server Group → yields
python
resp = client.create_server_group(alb_models.CreateServerGroupRequest(
server_group_name="my-sg",
vpc_id="vpc-xxx",
protocol="HTTP",
scheduler="Wrr",
health_check_config=alb_models.CreateServerGroupRequestHealthCheckConfig(
health_check_enabled=True,
health_check_path="/health",
health_check_codes=["http_2xx", "http_3xx"],
),
))
server_group_id = resp.body.server_group_id
1b. Create ACL (if needed) → yields
python
resp = client.create_acl(alb_models.CreateAclRequest(acl_name="my-acl"))
acl_id = resp.body.acl_id
python
resp = client.create_server_group(alb_models.CreateServerGroupRequest(
server_group_name="my-sg",
vpc_id="vpc-xxx",
protocol="HTTP",
scheduler="Wrr",
health_check_config=alb_models.CreateServerGroupRequestHealthCheckConfig(
health_check_enabled=True,
health_check_path="/health",
health_check_codes=["http_2xx", "http_3xx"],
),
))
server_group_id = resp.body.server_group_id
python
resp = client.create_acl(alb_models.CreateAclRequest(acl_name="my-acl"))
acl_id = resp.body.acl_id
client.add_entries_to_acl(alb_models.AddEntriesToAclRequest(
acl_id=acl_id,
acl_entries=[
alb_models.AddEntriesToAclRequestAclEntries(entry="10.0.0.0/8", description="internal"),
alb_models.AddEntriesToAclRequestAclEntries(entry="203.0.113.1/32", description="office"),
],
))
client.add_entries_to_acl(alb_models.AddEntriesToAclRequest(
acl_id=acl_id,
acl_entries=[
alb_models.AddEntriesToAclRequestAclEntries(entry="10.0.0.0/8", description="internal"),
alb_models.AddEntriesToAclRequestAclEntries(entry="203.0.113.1/32", description="office"),
],
))
Step 2: Add backends to Server Group
步骤2:向后端服务器组添加实例
python
client.add_servers_to_server_group(alb_models.AddServersToServerGroupRequest(
server_group_id=server_group_id, # ← Step 1a
servers=[alb_models.AddServersToServerGroupRequestServers(
server_type="Ecs",
server_id="i-xxx",
port=8080,
weight=100,
)],
))
python
client.add_servers_to_server_group(alb_models.AddServersToServerGroupRequest(
server_group_id=server_group_id, # ← 步骤1a
servers=[alb_models.AddServersToServerGroupRequestServers(
server_type="Ecs",
server_id="i-xxx",
port=8080,
weight=100,
)],
))
Step 3: Create ALB instance → yields
python
resp = client.create_load_balancer(alb_models.CreateLoadBalancerRequest(
load_balancer_name="my-alb",
address_type="Internet", # Internet | Intranet
load_balancer_edition="Standard", # Basic | Standard | StandardWithWaf
vpc_id="vpc-xxx",
load_balancer_billing_config=alb_models.CreateLoadBalancerRequestLoadBalancerBillingConfig(
pay_type="PostPay",
),
zone_mappings=[
alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-h", v_switch_id="vsw-aaa"),
alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-i", v_switch_id="vsw-bbb"),
],
))
load_balancer_id = resp.body.load_balancer_id
python
resp = client.create_load_balancer(alb_models.CreateLoadBalancerRequest(
load_balancer_name="my-alb",
address_type="Internet", # Internet(公网)| Intranet(内网)
load_balancer_edition="Standard", # Basic(基础版)| Standard(标准版)| StandardWithWaf(标准版带WAF)
vpc_id="vpc-xxx",
load_balancer_billing_config=alb_models.CreateLoadBalancerRequestLoadBalancerBillingConfig(
pay_type="PostPay",
),
zone_mappings=[
alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-h", v_switch_id="vsw-aaa"),
alb_models.CreateLoadBalancerRequestZoneMappings(zone_id="cn-hangzhou-i", v_switch_id="vsw-bbb"),
],
))
load_balancer_id = resp.body.load_balancer_id
⚠️ Async operation — poll GetLoadBalancerAttribute until LoadBalancerStatus == "Active"
⚠️ 异步操作 — 轮询GetLoadBalancerAttribute直到LoadBalancerStatus == "Active"
Step 4: Enable Access Log (optional)
步骤4:启用访问日志(可选)
python
client.enable_load_balancer_access_log(alb_models.EnableLoadBalancerAccessLogRequest(
load_balancer_id=load_balancer_id, # ← Step 3
log_project="my-sls-project",
log_store="alb-access-log",
))
python
client.enable_load_balancer_access_log(alb_models.EnableLoadBalancerAccessLogRequest(
load_balancer_id=load_balancer_id, # ← 步骤3
log_project="my-sls-project",
log_store="alb-access-log",
))
Step 5: Create Listener → yields
HTTPS Listener (for HTTP, omit the certificates parameter)
HTTPS监听器(HTTP场景可省略certificates参数)
resp = client.create_listener(alb_models.CreateListenerRequest(
load_balancer_id=load_balancer_id, # ← Step 3
listener_protocol="HTTPS",
listener_port=443,
default_actions=[alb_models.CreateListenerRequestDefaultActions(
type="ForwardGroup",
forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig(
server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples(
server_group_id=server_group_id, # ← Step 1a
)],
),
)],
certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")],
))
listener_id = resp.body.listener_id
resp = client.create_listener(alb_models.CreateListenerRequest(
load_balancer_id=load_balancer_id, # ← 步骤3
listener_protocol="HTTPS",
listener_port=443,
default_actions=[alb_models.CreateListenerRequestDefaultActions(
type="ForwardGroup",
forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig(
server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples(
server_group_id=server_group_id, # ← 步骤1a
)],
),
)],
certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")],
))
listener_id = resp.body.listener_id
⚠️ Async operation — poll GetListenerAttribute until ListenerStatus == "Running"
⚠️ 异步操作 — 轮询GetListenerAttribute直到ListenerStatus == "Running"
Step 6: Configure Listener sub-resources (parallelizable)
步骤6:配置监听器子资源(可并行执行)
6a. Create Forwarding Rule
python
client.create_rule(alb_models.CreateRuleRequest(
listener_id=listener_id, # ← Step 5
rule_name="api-route",
priority=10,
rule_conditions=[alb_models.CreateRuleRequestRuleConditions(
type="Host",
host_config=alb_models.CreateRuleRequestRuleConditionsHostConfig(values=["api.example.com"]),
)],
rule_actions=[alb_models.CreateRuleRequestRuleActions(
type="ForwardGroup",
order=1,
forward_group_config=alb_models.CreateRuleRequestRuleActionsForwardGroupConfig(
server_group_tuples=[alb_models.CreateRuleRequestRuleActionsForwardGroupConfigServerGroupTuples(
server_group_id=server_group_id, # ← Step 1a (or another ServerGroup)
)],
),
)],
))
6b. Associate ACL
python
client.associate_acls_with_listener(alb_models.AssociateAclsWithListenerRequest(
listener_id=listener_id, # ← Step 5
acl_type="White", # White (whitelist) | Black (blacklist)
acl_ids=[acl_id], # ← Step 1b
))
6a. 创建转发规则
python
client.create_rule(alb_models.CreateRuleRequest(
listener_id=listener_id, # ← 步骤5
rule_name="api-route",
priority=10,
rule_conditions=[alb_models.CreateRuleRequestRuleConditions(
type="Host",
host_config=alb_models.CreateRuleRequestRuleConditionsHostConfig(values=["api.example.com"]),
)],
rule_actions=[alb_models.CreateRuleRequestRuleActions(
type="ForwardGroup",
order=1,
forward_group_config=alb_models.CreateRuleRequestRuleActionsForwardGroupConfig(
server_group_tuples=[alb_models.CreateRuleRequestRuleActionsForwardGroupConfigServerGroupTuples(
server_group_id=server_group_id, # ← 步骤1a(或其他服务器组)
)],
),
)],
))
6b. 关联ACL
python
client.associate_acls_with_listener(alb_models.AssociateAclsWithListenerRequest(
listener_id=listener_id, # ← 步骤5
acl_type="White", # White(白名单)| Black(黑名单)
acl_ids=[acl_id], # ← 步骤1b
))
Teardown (reverse order)
资源清理(反向顺序)
Must delete from leaf resources first. See
references/resource-dependencies.md
for the full deletion sequence.
必须从叶子资源开始删除。完整删除顺序请参考
references/resource-dependencies.md
。
1. Detach Listener sub-resources
1. 解绑监听器子资源
client.dissociate_acls_from_listener(alb_models.DissociateAclsFromListenerRequest(
listener_id="lsn-xxx", acl_ids=["acl-xxx"],
))
client.delete_rule(alb_models.DeleteRuleRequest(rule_id="rule-xxx"))
client.dissociate_acls_from_listener(alb_models.DissociateAclsFromListenerRequest(
listener_id="lsn-xxx", acl_ids=["acl-xxx"],
))
client.delete_rule(alb_models.DeleteRuleRequest(rule_id="rule-xxx"))
2. Delete Listener
2. 删除监听器
client.delete_listener(alb_models.DeleteListenerRequest(listener_id="lsn-xxx"))
client.delete_listener(alb_models.DeleteListenerRequest(listener_id="lsn-xxx"))
3. Delete ALB (disable deletion protection first)
3. 删除ALB(需先关闭删除保护)
client.disable_deletion_protection(alb_models.DisableDeletionProtectionRequest(resource_id="alb-xxx"))
client.delete_load_balancer(alb_models.DeleteLoadBalancerRequest(load_balancer_id="alb-xxx"))
client.disable_deletion_protection(alb_models.DisableDeletionProtectionRequest(resource_id="alb-xxx"))
client.delete_load_balancer(alb_models.DeleteLoadBalancerRequest(load_balancer_id="alb-xxx"))
4. Delete independent resources
4. 删除独立资源
client.remove_servers_from_server_group(alb_models.RemoveServersFromServerGroupRequest(
server_group_id="sgp-xxx",
servers=[alb_models.RemoveServersFromServerGroupRequestServers(
server_type="Ecs", server_id="i-xxx", port=8080,
)],
))
client.delete_server_group(alb_models.DeleteServerGroupRequest(server_group_id="sgp-xxx"))
client.delete_acl(alb_models.DeleteAclRequest(acl_id="acl-xxx"))
client.remove_servers_from_server_group(alb_models.RemoveServersFromServerGroupRequest(
server_group_id="sgp-xxx",
servers=[alb_models.RemoveServersFromServerGroupRequestServers(
server_type="Ecs", server_id="i-xxx", port=8080,
)],
))
client.delete_server_group(alb_models.DeleteServerGroupRequest(server_group_id="sgp-xxx"))
client.delete_acl(alb_models.DeleteAclRequest(acl_id="acl-xxx"))
Start / Stop Listener
启动/停止监听器
client.start_listener(alb_models.StartListenerRequest(listener_id="lsn-xxx"))
client.stop_listener(alb_models.StopListenerRequest(listener_id="lsn-xxx"))
client.start_listener(alb_models.StartListenerRequest(listener_id="lsn-xxx"))
client.stop_listener(alb_models.StopListenerRequest(listener_id="lsn-xxx"))
client.disable_load_balancer_access_log(alb_models.DisableLoadBalancerAccessLogRequest(
load_balancer_id="alb-xxx",
))
client.disable_load_balancer_access_log(alb_models.DisableLoadBalancerAccessLogRequest(
load_balancer_id="alb-xxx",
))
Update Listener (timeout, security policy, HTTP/2)
python
client.update_listener_attribute(alb_models.UpdateListenerAttributeRequest(
listener_id="lsn-xxx",
idle_timeout=60, # seconds
request_timeout=120, # seconds
security_policy_id="tls_cipher_policy_1_2", # HTTPS only
http_2enabled=True, # HTTPS only
))
Update Server Group (health check, scheduler, sticky session)
python
client.update_server_group_attribute(alb_models.UpdateServerGroupAttributeRequest(
server_group_id="sgp-xxx",
scheduler="Wrr", # Wrr | Wlc | Sch | Uch
health_check_config=alb_models.UpdateServerGroupAttributeRequestHealthCheckConfig(
health_check_enabled=True,
health_check_path="/health",
health_check_interval=5,
healthy_threshold=3,
unhealthy_threshold=3,
health_check_codes=["http_2xx", "http_3xx"],
),
sticky_session_config=alb_models.UpdateServerGroupAttributeRequestStickySessionConfig(
sticky_session_enabled=True,
sticky_session_type="Server", # Server | Insert
cookie="SERVERID",
),
))
Update backend server weight (blue-green, canary)
python
client.update_server_group_servers_attribute(alb_models.UpdateServerGroupServersAttributeRequest(
server_group_id="sgp-xxx",
servers=[alb_models.UpdateServerGroupServersAttributeRequestServers(
server_type="Ecs",
server_id="i-xxx",
port=8080,
weight=50, # adjust weight for traffic shifting
)],
))
Update forwarding rule (blue-green weight switching)
python
client.update_rule_attribute(alb_models.UpdateRuleAttributeRequest(
rule_id="rule-xxx",
rule_actions=[alb_models.UpdateRuleAttributeRequestRuleActions(
type="ForwardGroup",
order=1,
forward_group_config=alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfig(
server_group_tuples=[
alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
server_group_id="sgp-blue", weight=80,
),
alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
server_group_id="sgp-green", weight=20,
),
],
),
)],
))
更新监听器(超时时间、安全策略、HTTP/2)
python
client.update_listener_attribute(alb_models.UpdateListenerAttributeRequest(
listener_id="lsn-xxx",
idle_timeout=60, # 秒
request_timeout=120, # 秒
security_policy_id="tls_cipher_policy_1_2", # 仅HTTPS支持
http_2enabled=True, # 仅HTTPS支持
))
更新服务器组(健康检查、调度算法、会话保持)
python
client.update_server_group_attribute(alb_models.UpdateServerGroupAttributeRequest(
server_group_id="sgp-xxx",
scheduler="Wrr", # Wrr(加权轮询)| Wlc(加权最小连接)| Sch(源IP哈希)| Uch(一致性哈希)
health_check_config=alb_models.UpdateServerGroupAttributeRequestHealthCheckConfig(
health_check_enabled=True,
health_check_path="/health",
health_check_interval=5,
healthy_threshold=3,
unhealthy_threshold=3,
health_check_codes=["http_2xx", "http_3xx"],
),
sticky_session_config=alb_models.UpdateServerGroupAttributeRequestStickySessionConfig(
sticky_session_enabled=True,
sticky_session_type="Server", # Server(服务器端会话保持)| Insert(插入Cookie)
cookie="SERVERID",
),
))
更新后端服务器权重(蓝绿发布、灰度发布)
python
client.update_server_group_servers_attribute(alb_models.UpdateServerGroupServersAttributeRequest(
server_group_id="sgp-xxx",
servers=[alb_models.UpdateServerGroupServersAttributeRequestServers(
server_type="Ecs",
server_id="i-xxx",
port=8080,
weight=50, # 调整权重实现流量切换
)],
))
更新转发规则(蓝绿权重切换)
python
client.update_rule_attribute(alb_models.UpdateRuleAttributeRequest(
rule_id="rule-xxx",
rule_actions=[alb_models.UpdateRuleAttributeRequestRuleActions(
type="ForwardGroup",
order=1,
forward_group_config=alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfig(
server_group_tuples=[
alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
server_group_id="sgp-blue", weight=80,
),
alb_models.UpdateRuleAttributeRequestRuleActionsForwardGroupConfigServerGroupTuples(
server_group_id="sgp-green", weight=20,
),
],
),
)],
))
HTTP → HTTPS redirect pattern
HTTP → HTTPS跳转配置
Create HTTP:80 listener that redirects all traffic to HTTPS:443
创建HTTP:80监听器,将所有流量跳转至HTTPS:443
client.create_listener(alb_models.CreateListenerRequest(
load_balancer_id=load_balancer_id,
listener_protocol="HTTP",
listener_port=80,
default_actions=[alb_models.CreateListenerRequestDefaultActions(
type="Redirect",
redirect_config=alb_models.CreateListenerRequestDefaultActionsRedirectConfig(
protocol="HTTPS",
port="443",
http_redirect_code="301",
),
)],
))
client.create_listener(alb_models.CreateListenerRequest(
load_balancer_id=load_balancer_id,
listener_protocol="HTTP",
listener_port=80,
default_actions=[alb_models.CreateListenerRequestDefaultActions(
type="Redirect",
redirect_config=alb_models.CreateListenerRequestDefaultActionsRedirectConfig(
protocol="HTTPS",
port="443",
http_redirect_code="301",
),
)],
))
QUIC listener (requires an existing HTTPS listener on the same ALB)
QUIC监听器(要求同一ALB下已存在HTTPS监听器)
client.create_listener(alb_models.CreateListenerRequest(
load_balancer_id=load_balancer_id,
listener_protocol="QUIC",
listener_port=443,
default_actions=[alb_models.CreateListenerRequestDefaultActions(
type="ForwardGroup",
forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig(
server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples(
server_group_id=server_group_id,
)],
),
)],
certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")],
))
client.create_listener(alb_models.CreateListenerRequest(
load_balancer_id=load_balancer_id,
listener_protocol="QUIC",
listener_port=443,
default_actions=[alb_models.CreateListenerRequestDefaultActions(
type="ForwardGroup",
forward_group_config=alb_models.CreateListenerRequestDefaultActionsForwardGroupConfig(
server_group_tuples=[alb_models.CreateListenerRequestDefaultActionsForwardGroupConfigServerGroupTuples(
server_group_id=server_group_id,
)],
),
)],
certificates=[alb_models.CreateListenerRequestCertificates(certificate_id="cert-xxx")],
))
Note: QUIC Client Hello must be ≥ 1024 bytes; see troubleshooting doc for details
注意:QUIC Client Hello报文长度必须≥1024字节;详情请参考故障排查文档
Health Check Template
健康检查模板
Create a reusable health check template
创建可复用的健康检查模板
resp = client.create_health_check_template(alb_models.CreateHealthCheckTemplateRequest(
health_check_template_name="standard-http-check",
health_check_protocol="HTTP",
health_check_path="/health",
health_check_method="HEAD",
health_check_codes=["http_2xx", "http_3xx"],
health_check_interval=5,
health_check_timeout=3,
healthy_threshold=3,
unhealthy_threshold=3,
))
template_id = resp.body.health_check_template_id
resp = client.create_health_check_template(alb_models.CreateHealthCheckTemplateRequest(
health_check_template_name="standard-http-check",
health_check_protocol="HTTP",
health_check_path="/health",
health_check_method="HEAD",
health_check_codes=["http_2xx", "http_3xx"],
health_check_interval=5,
health_check_timeout=3,
healthy_threshold=3,
unhealthy_threshold=3,
))
template_id = resp.body.health_check_template_id
Apply template to a server group
将模板应用至服务器组
client.apply_health_check_template_to_server_group(
alb_models.ApplyHealthCheckTemplateToServerGroupRequest(
server_group_id="sgp-xxx",
health_check_template_id=template_id,
)
)
client.apply_health_check_template_to_server_group(
alb_models.ApplyHealthCheckTemplateToServerGroupRequest(
server_group_id="sgp-xxx",
health_check_template_id=template_id,
)
)
ALB access log analysis is handled by the
alicloud-observability-sls-log-query
skill.
AccessLogConfig.LogProject
- → SLS Logstore
Common query templates: see
references/log-analysis.md
.
ALB访问日志分析由
alicloud-observability-sls-log-query
技能处理。
AccessLogConfig.LogProject
- → SLS日志库
常用查询模板:参考
references/log-analysis.md
。
See
references/troubleshooting.md
for:
- Cannot access service / connectivity checklist
- High latency diagnosis
- Health check failures (first-time config, iptables blocking, source IPs)
- HTTP status codes — full ALB error reference (400/405/408/414/463/499/500/502/503/504)
- Certificate & HTTPS issues (expiry, wildcard rules, SNI, WAF sync)
- Forwarding rule conflicts
- ACL access control issues
- Request limits (URI, header, body, keep-alive)
- WAF integration (2.0 vs 3.0)
- EIP & bandwidth
references/troubleshooting.md
包含以下内容:
- 服务无法访问 / 连通性检查清单
- 高延迟诊断
- 健康检查失败(首次配置、iptables拦截、源IP)
- HTTP状态码 — 完整ALB错误参考(400/405/408/414/463/499/500/502/503/504)
- 证书与HTTPS问题(过期、通配符规则、SNI、WAF同步)
- 转发规则冲突
- ACL访问控制问题
- 请求限制(URI、Header、Body、长连接)
- WAF集成(2.0 vs 3.0)
- EIP与带宽
Full API list:
references/api_quick_map.md
.
完整API列表:
references/api_quick_map.md
。
- Save outputs under
output/alicloud-network-alb/
- Keep command parameters and region scope in evidence files.
- 将输出保存至
output/alicloud-network-alb/
- 证据文件中需保留命令参数和地域范围。