Aliyun CLI Skill
This skill teaches you how to use the Aliyun CLI to manage
Alibaba Cloud resources. You will construct and explain aliyun commands, interpret their output,
and guide users through cloud resource management tasks.
Quick Reference
| Resource | Reference File | Common Operations |
|---|
| Setup & Auth | INLINECODE1 | install, configure, switch profiles |
| ECS (Elastic Compute Service) |
references/ecs.md | list, start/stop/reboot, resize disk, create snapshot |
| VPC (Virtual Private Cloud) |
references/vpc.md | manage VPCs, VSwitches, EIPs, NAT gateways, route tables |
| OSS (Object Storage Service) |
references/oss.md | buckets, upload/download, sync, presigned URLs |
| RDS (Relational Database Service) |
references/rds.md | instances, databases, accounts, backups, IP whitelist |
| SLB / CLB (Load Balancer) |
references/slb.md | create LB, manage listeners, add/remove backend servers |
| RAM (Resource Access Management) |
references/ram.md | users, groups, roles, policies, access keys |
| DNS (AliDNS) |
references/dns.md | list domains, add/update/delete records |
| ACR (Container Registry) |
references/acr.md | instances, namespaces, repositories, image tags, docker login |
Read the relevant reference file before responding to a request.
CLI Syntax Pattern
Every aliyun command follows this structure:
CODEBLOCK0
- - Product: service name in PascalCase or lowercase (e.g.,
ecs, oss, vpc, rds, ram) - Operation: API action name in PascalCase (e.g.,
DescribeInstances, StartInstance) - Parameters: prefixed with
-- (e.g., --RegionId cn-hangzhou, --InstanceId i-xxxx)
OSS is an exception — it uses a subcommand style like aliyun oss ls, aliyun oss cp.
Always Check These First
Before constructing any command:
- 1. Region — Most operations require
--RegionId. Common regions:
-
cn-hangzhou (Hangzhou),
cn-beijing (Beijing),
cn-shanghai (Shanghai)
-
cn-shenzhen (Shenzhen),
ap-southeast-1 (Singapore),
us-west-1 (US West)
- If the user hasn't specified a region, ask or use
aliyun configure get to find the default.
- 2. Resource IDs — Most mutating operations (start, stop, delete) need a specific resource ID.
If the user hasn't provided one, first run a Describe/List command to find it.
- 3. Pagination — Describe* APIs return paginated results. Default page size is typically 10.
Use
--PageSize 100 and
--PageNumber to retrieve more. Mention this if results seem incomplete.
- 4. Dry run — Aliyun CLI does not have a universal dry-run flag. For destructive operations,
always confirm resource IDs with the user before executing.
Output Formats
The CLI supports multiple output formats via the --output flag:
- - Default: JSON (structured, good for parsing)
- INLINECODE34� — tabular output for quick scanning
- INLINECODE35� — aligned table
For human-readable summaries, use --output cols=InstanceId,InstanceName,Status style where available.
zsh gotcha: If you use rows=Instances.Instance[], the [] will be interpreted as a glob by zsh
and cause a "no matches found" error. Quote the argument to avoid this:
aliyun ecs DescribeInstances \
--output 'cols=InstanceId,InstanceName,Status' 'rows=Instances.Instance[]'
Or simply omit
rows= and use the default JSON output when tabular formatting isn't critical.
Common Workflow Pattern
When the user asks to perform an operation on a named resource (e.g., "restart my server called web-prod"):
- 1. Discover — Run a Describe command to find the resource ID
aliyun ecs DescribeInstances --RegionId cn-hangzhou
- 2. Confirm — Show the result and confirm the target with the user if there's any ambiguity
- Act — Run the mutating command with the confirmed resource ID
- Verify — Optionally run another Describe to confirm the new state
Error Handling
Common errors and what to do:
| Error | Cause | Solution |
|---|
| INLINECODE40 | Wrong or expired credentials | Run aliyun configure to reconfigure |
| INLINECODE42 |
Insufficient RAM permissions | Check RAM policy for required action |
|
IncorrectInstanceStatus | Wrong instance state for operation | Describe instance status first |
|
InvalidRegionId | Unsupported region for this product | Check product availability in that region |
|
Throttling | API rate limit hit | Add a brief delay and retry |
If the user has not yet installed or configured the CLI, read references/setup.md and guide them
through it before attempting any commands.
Safety Guidelines
- - For destructive operations (delete instance, release EIP, drop RDS database), always:
1. Show the user what will be deleted with a Describe command first
2. Explicitly ask for confirmation before running the delete command
- - For cost-incurring operations (create ECS, purchase bandwidth), mention the cost implications
- Never expose or log AccessKey secrets — remind users to use RAM roles or environment variables
instead of hardcoding credentials
Parallelism
When the user needs to operate on multiple resources (e.g., "list all instances in all regions"),
you can run several commands and combine the results. For shell loops:
CODEBLOCK3
Aliyun CLI 技能
本技能将教你如何使用 Aliyun CLI 管理阿里云资源。你将构建并解释 aliyun 命令,解读其输出,并引导用户完成云资源管理任务。
快速参考
| 资源 | 参考文件 | 常用操作 |
|---|
| 设置与认证 | references/setup.md | 安装、配置、切换配置文件 |
| ECS(弹性计算服务) |
references/ecs.md | 列出、启动/停止/重启、扩容磁盘、创建快照 |
| VPC(专有网络) | references/vpc.md | 管理 VPC、VSwitch、EIP、NAT 网关、路由表 |
| OSS(对象存储服务) | references/oss.md | 存储桶、上传/下载、同步、预签名 URL |
| RDS(关系型数据库服务) | references/rds.md | 实例、数据库、账号、备份、IP 白名单 |
| SLB / CLB(负载均衡) | references/slb.md | 创建负载均衡、管理监听器、添加/移除后端服务器 |
| RAM(资源访问管理) | references/ram.md | 用户、用户组、角色、策略、访问密钥 |
| DNS(阿里云 DNS) | references/dns.md | 列出域名、添加/更新/删除解析记录 |
| ACR(容器镜像服务) | references/acr.md | 实例、命名空间、仓库、镜像标签、Docker 登录 |
在响应请求前,请先阅读相关的参考文件。
CLI 语法模式
每个 aliyun 命令都遵循以下结构:
aliyun <产品> <操作> [--参数 值 ...]
- - 产品:服务名称,使用帕斯卡命名法或小写(例如 ecs、oss、vpc、rds、ram)
- 操作:API 动作名称,使用帕斯卡命名法(例如 DescribeInstances、StartInstance)
- 参数:以 -- 为前缀(例如 --RegionId cn-hangzhou、--InstanceId i-xxxx)
OSS 是一个例外——它使用子命令风格,例如 aliyun oss ls、aliyun oss cp。
始终优先检查以下内容
在构建任何命令之前:
- 1. 地域 — 大多数操作需要 --RegionId。常见地域:
- cn-hangzhou(杭州)、cn-beijing(北京)、cn-shanghai(上海)
- cn-shenzhen(深圳)、ap-southeast-1(新加坡)、us-west-1(美国西部)
- 如果用户未指定地域,请询问或使用 aliyun configure get 查找默认地域。
- 2. 资源 ID — 大多数变更操作(启动、停止、删除)需要特定的资源 ID。
如果用户未提供,请先运行 Describe/List 命令查找。
- 3. 分页 — Describe* API 返回分页结果。默认每页大小通常为 10。
使用 --PageSize 100 和 --PageNumber 获取更多结果。如果结果看起来不完整,请提及这一点。
- 4. 试运行 — Aliyun CLI 没有通用的试运行标志。对于破坏性操作,
在执行前始终与用户确认资源 ID。
输出格式
CLI 通过 --output 标志支持多种输出格式:
- - 默认:JSON(结构化,适合解析)
- --output cols=<列1>,<列2> — 表格输出,便于快速浏览
- --output table — 对齐表格
对于人类可读的摘要,在可用时使用 --output cols=InstanceId,InstanceName,Status 风格。
zsh 注意事项:如果使用 rows=Instances.Instance[],[] 会被 zsh 解释为通配符,
导致 no matches found 错误。请对参数加引号以避免此问题:
bash
aliyun ecs DescribeInstances \
--output cols=InstanceId,InstanceName,Status rows=Instances.Instance[]
或者,在表格格式不重要时,直接省略 rows= 并使用默认的 JSON 输出。
常见工作流模式
当用户要求对命名资源执行操作时(例如,重启我名为 web-prod 的服务器):
- 1. 发现 — 运行 Describe 命令查找资源 ID
bash
aliyun ecs DescribeInstances --RegionId cn-hangzhou
- 2. 确认 — 显示结果,如果存在歧义,与用户确认目标
- 执行 — 使用确认的资源 ID 运行变更命令
- 验证 — 可选地运行另一个 Describe 命令确认新状态
错误处理
常见错误及处理方法:
| 错误 | 原因 | 解决方案 |
|---|
| InvalidAccessKeyId | 凭证错误或已过期 | 运行 aliyun configure 重新配置 |
| Forbidden.RAM |
RAM 权限不足 | 检查 RAM 策略中是否包含所需操作 |
| IncorrectInstanceStatus | 实例状态不适合该操作 | 先 Describe 实例状态 |
| InvalidRegionId | 该产品不支持此地域 | 检查该地域的产品可用性 |
| Throttling | API 限流 | 稍作延迟后重试 |
如果用户尚未安装或配置 CLI,请先阅读 references/setup.md 并引导用户完成配置,然后再尝试任何命令。
安全指南
- - 对于破坏性操作(删除实例、释放 EIP、删除 RDS 数据库),始终:
1. 先用 Describe 命令向用户展示将要删除的内容
2. 在执行删除命令前明确请求用户确认
- - 对于产生费用的操作(创建 ECS、购买带宽),提及费用影响
- 切勿暴露或记录 AccessKey 密钥——提醒用户使用 RAM 角色或环境变量
而不是硬编码凭证
并行操作
当用户需要对多个资源进行操作时(例如,列出所有地域的所有实例),
可以运行多个命令并合并结果。对于 shell 循环:
bash
for region in cn-hangzhou cn-beijing cn-shanghai cn-shenzhen ap-southeast-1; do
echo === $region ===
aliyun ecs DescribeInstances --RegionId $region
done
