为了安全着想，需要在阿里云的安全组上面限制只能我们公司的ip才能访问某些端口，由于公司的ip是动态变化的，每次手动修改都很繁琐，就有了下面这个脚本自动来修改规则：

• 先安装阿里云的python sdk包

pip3 install aliyunsdkcore
pip3 install aliyun-python-sdk-core-v3
pip3 install aliyun-python-sdk-ecs

• shell脚本内容如下，主要用来调用python脚本来执行规则

#!/bin/bash
CURRENTTIME=`date +%Y%m%d%H%M%S`
old_ip=`cat /opt/sh/oldip.txt`
real_ip=`curl  ifconfig.io`

if [ ${real_ip} != ${old_ip} ]
then
    /usr/bin/python3 /opt/sh/aliyunapi_delete.py 22/22 ${old_ip}/32 安全组ID_name  # 先删除原来的规则
    /usr/bin/python3 /opt/sh/aliyunapi_add.py 22/22 ${real_ip}/32 ssh 安全组ID_name # 再添加新的规则
    echo "${real_ip}" > /opt/sh/oldip.txt # 修改完成之后，用新的ip来替换调原来旧的ip
    echo "现在的时间是： ${CURRENTTIME}" >> /opt/sh/changeAliFirewalld.log
    echo "ip已经改变: 原ip为：${old_ip};变更后的ip为${real_ip}" >> /opt/sh/changeAliFirewalld.log
    echo "------------------------------------------------------------" >> /opt/sh/changeAliFirewalld.log
else
    echo "现在的时间是： ${CURRENTTIME}" >> /opt/sh/changeAliFirewalld.log
    echo "ip无变化，ip为：${old_ip}" >> /opt/sh/changeAliFirewalld.log
    echo "------------------------------------------------------------" >> /opt/sh/changeAliFirewalld.log
fi

• aliyunapi_add.py 脚本的内容如下，用来添加ip规则，如果原来已经存在的相同规则的规则，阿里就不会再添加

#!/usr/bin/python3
# coding = utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526 import AuthorizeSecurityGroupRequest
import sys
import json


class AliGroup:
    def __init__(self, access_key, access_secret, region_id):
        self.access_key = access_key
        self.access_secret = access_secret
        self.region_id = region_id

    def client(self):
        client = AcsClient(self.access_key, self.access_secret, self.region_id)
        return client

    def authorizeSecurityGroupRequest(self, port_range, source_cidr_ip, description, securitygroupid, priority =1 , ip_protocol='tcp'):
        request = AuthorizeSecurityGroupRequest.AuthorizeSecurityGroupRequest()
        request.set_SecurityGroupId(securitygroupid)
        request.set_IpProtocol(ip_protocol)
        request.set_PortRange(port_range)
        request.set_SourceCidrIp(source_cidr_ip)
        request.set_Priority(priority)
        request.set_Description(description)
        request.set_Policy('accept')
        request.set_accept_format(json)
        return request


if __name__ == '__main__':
    ali = AliGroup("your_access_key", "your_access_secret", "your_region_id")
    clt = ali.client()
    add = ali.authorizeSecurityGroupRequest(sys.argv[1], sys.argv[2], sys.argv[3], sys.argv[4])
    res = clt.do_action_with_exception(add)
    print(res)

• aliyunapi_delete.py 的内容如下，主要用来删除规则，只有满足条件的才会被删除

#!/usr/bin/python3
# coding = utf-8

from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526 import RevokeSecurityGroupRequest
import sys
import json


class AliGroup:
    def __init__(self, access_key, access_secret, region_id):
        self.access_key = access_key
        self.access_secret = access_secret
        self.region_id = region_id

    def client(self):
        client = AcsClient(self.access_key, self.access_secret, self.region_id)
        return client

    def revokeSecurityGroupRequest(self, port_range, source_cidr_ip, securitygroupid, ip_protocol='tcp'):
        request = RevokeSecurityGroupRequest.RevokeSecurityGroupRequest()
        request.set_SecurityGroupId(securitygroupid)
        request.set_IpProtocol(ip_protocol)
        request.set_PortRange(port_range)
        request.set_SourceCidrIp(source_cidr_ip)
        request.set_Policy('accept')
        request.set_accept_format(json)
        return request


if __name__ == '__main__':
    ali = AliGroup("your_access_key", "your_access_secret", "your_region_id")
    clt = ali.client()
    rem = ali.revokeSecurityGroupRequest(sys.argv[1], sys.argv[2], sys.argv[3])
    res = clt.do_action_with_exception(rem)
    print(res)

• oldip.txt 这个里面的内容就是获取到的一个ip

you_ip_address

• 最后再将shell脚本写入到计划任务就可以了