aliyun-cloudfw-manage

Name: aliyun-cloudfw-manage
Author: cinience/alicloud-skills

$npx mdskill add cinience/alicloud-skills/aliyun-cloudfw-manage

Manages Alibaba Cloud Cloud Firewall via OpenAPI/SDK for policy and resource operations

Solves tasks like firewall policy management, resource changes, and status checks
Uses Alibaba Cloud OpenAPI/SDK, OpenAPI Explorer, and API metadata endpoints
Decides actions based on user intent, region, and resource identifiers
Delivers results via API responses, status verification, and troubleshooting insights

SKILL.md

.github/skills/aliyun-cloudfw-manageView on GitHub ↗

---
name: aliyun-cloudfw-manage
description: Use when managing Alibaba Cloud Cloud Firewall (Cloudfw) via OpenAPI/SDK, including the user requests firewall policy/resource operations, change management, status checks, or troubleshooting Cloud Firewall API workflows.
version: 1.0.0
---

Category: service

# Cloud Firewall

Use Alibaba Cloud OpenAPI (RPC) with official SDKs or OpenAPI Explorer to manage resources for Cloud Firewall.

## Workflow

1) Confirm region, resource identifiers, and desired action.
2) Discover API list and required parameters (see references).
3) Call API with SDK or OpenAPI Explorer.
4) Verify results with describe/list APIs.

## AccessKey priority (must follow)

1) Environment variables: `ALIBABACLOUD_ACCESS_KEY_ID` / `ALIBABACLOUD_ACCESS_KEY_SECRET` / `ALIBABACLOUD_REGION_ID`
Region policy: `ALIBABACLOUD_REGION_ID` is an optional default. If unset, decide the most reasonable region for the task; if unclear, ask the user.
2) Shared config file: `~/.alibabacloud/credentials`

## API discovery

- Product code: `Cloudfw`
- Default API version: `2017-12-07`
- Use OpenAPI metadata endpoints to list APIs and get schemas (see references).

## High-frequency operation patterns

1) Inventory/list: prefer `List*` / `Describe*` APIs to get current resources.
2) Change/configure: prefer `Create*` / `Update*` / `Modify*` / `Set*` APIs for mutations.
3) Status/troubleshoot: prefer `Get*` / `Query*` / `Describe*Status` APIs for diagnosis.

## Minimal executable quickstart

Use metadata-first discovery before calling business APIs:

```bash
python scripts/list_openapi_meta_apis.py
```

Optional overrides:

```bash
python scripts/list_openapi_meta_apis.py --product-code <ProductCode> --version <Version>
```

The script writes API inventory artifacts under the skill output directory.

## Output policy

If you need to save responses or generated artifacts, write them under:
`output/aliyun-cloudfw-manage/`

## Validation

```bash
mkdir -p output/aliyun-cloudfw-manage
for f in skills/security/firewall/aliyun-cloudfw-manage/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-cloudfw-manage/validate.txt
```

Pass criteria: command exits 0 and `output/aliyun-cloudfw-manage/validate.txt` is generated.

## Output And Evidence

- Save artifacts, command outputs, and API response summaries under `output/aliyun-cloudfw-manage/`.
- Include key parameters (region/resource id/time range) in evidence files for reproducibility.

## Prerequisites

- Configure least-privilege Alibaba Cloud credentials before execution.
- Prefer environment variables: `ALIBABACLOUD_ACCESS_KEY_ID`, `ALIBABACLOUD_ACCESS_KEY_SECRET`, optional `ALIBABACLOUD_REGION_ID`.
- If region is unclear, ask the user before running mutating operations.

## References

- Sources: `references/sources.md`

More from cinience/alicloud-skills

Skill	Description
aliyun-adb-mysql	Use when managing Alibaba Cloud AnalyticDB for MySQL (ADB) via OpenAPI/SDK, including the user needs AnalyticDB resource lifecycle and configuration operations, status checks, or troubleshooting ADB API and cluster workflow issues.
aliyun-adb-mysql-test	Smoke test for aliyun-adb-mysql. Validate minimal authentication, API reachability, and one read-only query path.
aliyun-aicontent-generate	Use when managing Alibaba Cloud AIContent (AiContent) via OpenAPI/SDK, including the user needs AI content generation or content workflow operations in Alibaba Cloud, including listing assets, creating/updating generation configurations, checking task status, or troubleshooting failed content jobs.
aliyun-aicontent-generate-test	Smoke test for aliyun-aicontent-generate. Validate minimal authentication, API reachability, and one read-only query path.
aliyun-aimiaobi-generate	Use when managing Alibaba Cloud Quan Miao (AiMiaoBi) via OpenAPI/SDK, including the user asks for Alibaba Cloud MiaoBi content operations, including listing resources, creating/updating configurations, querying runtime status, and diagnosing API or workflow failures.
aliyun-aimiaobi-generate-test	Smoke test for aliyun-aimiaobi-generate. Validate minimal authentication, API reachability, and one read-only query path.
aliyun-airec-manage	Use when managing Alibaba Cloud AIRec (Airec) via OpenAPI/SDK, including the user needs recommendation-engine resource operations in Alibaba Cloud, including list/create/update flows, status inspection, and troubleshooting AIRec configuration or runtime issues.
aliyun-airec-manage-test	Smoke test for aliyun-airec-manage. Validate minimal authentication, API reachability, and one read-only query path.
aliyun-alb-manage	Use when managing and troubleshoot Alibaba Cloud ALB (Application Load Balancer), including the user asks to inspect, create, change, or debug ALB instances, listeners, server groups, rules, certificates, ACLs, security policies, or health checks in Alibaba Cloud.
aliyun-alb-manage-test	Smoke test for Alibaba Cloud ALB skill. Validates SDK auth, script compilation, list instances, and health check flows.