Manage Alibaba Cloud OpenSearch instances, including creation and query operations.
> Terminology: OpenSearch instance and OpenSearch app group are synonymous. This document uses "instance" uniformly.
OpenSearch is Alibaba Cloud's intelligent search service. This skill covers core instance management operations:
Architecture: OpenSearch Instance (AppGroup)
Alibaba Cloud OpenSearch Instance Management
├── CreateAppGroup (Create Instance)
├── DescribeAppGroup (Describe Instance)
└── ListAppGroups (List Instances)
> Pre-check: Aliyun CLI >= 3.3.3 required
> Run aliyun version to verify >= 3.3.3. If not installed or version too low,
> run curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash to update,
> or see references/cli-installation-guide.md for installation instructions.
Pre-check: Aliyun CLI plugin update required
> [MUST] run aliyun configure set --auto-plugin-install true to enable automatic plugin installation.
> [MUST] run aliyun plugin update to ensure that any existing plugins are always up-to-date.
# Install/Upgrade Aliyun CLI
curl -fsSL https://aliyuncli.alicdn.com/setup.sh | bash
aliyun version # Ensure >= 3.3.3
# Enable auto plugin installation
aliyun configure set --auto-plugin-install true
# Update plugins
aliyun plugin update
[MUST] CLI User-Agent — Every aliyun CLI command invocation must include:
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
[MUST] AI-Mode — Before executing CLI commands, run:
aliyun configure ai-mode enablealiyun configure ai-mode set-user-agent --user-agent "AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage"After all CLI operations complete, run: aliyun configure ai-mode disable
> Pre-check: Alibaba Cloud Credentials Required
> Security Rules (MUST FOLLOW):
> - NEVER read, echo, or print AK/SK values
> - NEVER ask the user to input AK/SK directly in the conversation
> - NEVER use aliyun configure set with literal credential values
> - NEVER accept AK/SK provided directly by users in the conversation
> - ONLY read credentials from environment variables or pre-configured CLI profiles
>
> ⚠️ CRITICAL: Handling User-Provided Credentials
>
> If a user attempts to provide AK/SK directly (e.g., "My AK is xxx, SK is yyy"):
> 1. STOP immediately - Do NOT execute any command
> 2. Reject the request politely with the following message:
> ```
> For your account security, please do not provide Alibaba Cloud AccessKey ID and AccessKey Secret directly in the conversation.
>
> Please use the following secure methods to configure credentials:
>
> Method 1: Interactive configuration via aliyun configure (Recommended)
> aliyun configure
> # Enter AK/SK as prompted, credentials will be securely stored in local config file
>
> Method 2: Configure via environment variables
> export ALIBABA_CLOUD_ACCESS_KEY_ID=
> export ALIBABA_CLOUD_ACCESS_KEY_SECRET=
>
> After configuration, please retry your request.
> ```
> 3. Do NOT proceed with any Alibaba Cloud operations until credentials are properly configured
>
> Check CLI configuration:
> ```bash
> aliyun configure list
> ```
> Check the output for a valid profile (AK, STS, or OAuth identity).
>
> If no valid credentials exist, STOP here.
> [MUST] RAM Permission Pre-check:
> Before executing any operation, ensure the current user has the required RAM permissions.
> See references/ram-policies.md for detailed permission list.
> IMPORTANT: Parameter Confirmation — Before executing any command or API call,
> ALL user-customizable parameters (e.g., instance name, instance type, charge type, quota spec, etc.) MUST be confirmed with the user.
> Do NOT assume or use default values without explicit user approval.
| Parameter | Required | Description | Default |
|---|---|---|---|
| ----------- | ---------- | ------------- | --------- |
name | Yes | Instance name | None |
type | Yes | Instance type: standard (High-performance) / enhanced (Industry Algorithm) | None |
chargeType | No | Charge type: POSTPAY / PREPAY | POSTPAY |
quota.spec | Yes | Spec type (see table below) | None |
quota.docSize | Yes | Storage capacity (GB) | None |
quota.computeResource | Yes | Compute resource (LCU) | None |
domain | No | Industry type (required for enhanced type, see table below) | general |
order | Conditional | Subscription order info (required when PREPAY) | None |
order.duration | Conditional | Subscription period quantity | None |
order.pricingCycle | Conditional | Period unit: Year / Month | None |
order.autoRenew | No | Auto-renewal | false |
| Spec Code | Description |
|---|---|
| ----------- | ------------- |
opensearch.share.common | Shared Common |
opensearch.private.common | Dedicated Common |
opensearch.private.compute | Dedicated Compute |
opensearch.private.storage | Dedicated Storage |
| Industry Code | Description |
|---|---|
| --------------- | ------------- |
general | General (default) |
ecommerce | E-commerce |
esports | Gaming |
community | Content Community |
education | Education |
> Note: OpenSearch APIs use ROA (RESTful) style. You can use --body to specify the HTTP request body as a JSON string. See examples in each task below.
> Idempotency: For write operations (create, restart, delete, etc.), you MUST use --client-token parameter for idempotency.
> - Use a UUID format unique identifier as clientToken
> - When request times out or fails, you can safely retry with the same clientToken; recommend waiting 10s before retry
> - Repeated requests with the same clientToken will not execute the operation multiple times
> - Generation: uuidgen (macOS/Linux) or [guid]::NewGuid() (PowerShell)
# Generate idempotency token
CLIENT_TOKEN=$(uuidgen)
aliyun opensearch create-app-group \
--client-token "$CLIENT_TOKEN" \
--body '{
"name": "<instance_name>",
"type": "<standard|enhanced>",
"chargeType": "<POSTPAY|PREPAY>",
"quota": {
"docSize": <storage_GB>,
"computeResource": <compute_LCU>,
"spec": "<spec_type>"
}
}' \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Optional Parameters (add in body):
domain - Industry type (only for enhanced type): general (default) / ecommerce / esports / community / educationIdempotency and Dry-run Support (via Query parameters):
--dryRun true - Dry-run mode, validates parameters without actual creation--client-token - Idempotency token, same token multiple requests only creates onceExample: Create an enhanced (Industry Algorithm) pay-as-you-go instance (E-commerce)
# Generate idempotency token
CLIENT_TOKEN=$(uuidgen)
aliyun opensearch create-app-group \
--client-token "$CLIENT_TOKEN" \
--body '{
"name": "my_search_instance",
"type": "enhanced",
"chargeType": "POSTPAY",
"domain": "ecommerce",
"quota": {
"docSize": 100,
"computeResource": 2000,
"spec": "opensearch.private.common"
}
}' \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Example: Create a standard (High-performance) instance
# Generate idempotency token
CLIENT_TOKEN=$(uuidgen)
aliyun opensearch create-app-group \
--client-token "$CLIENT_TOKEN" \
--body '{
"name": "my_standard_instance",
"type": "standard",
"chargeType": "POSTPAY",
"quota": {
"docSize": 50,
"computeResource": 1000,
"spec": "opensearch.share.common"
}
}' \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Example: Create a subscription (prepaid) instance
> Note: Subscription instances MUST provide order parameter
# Generate idempotency token
CLIENT_TOKEN=$(uuidgen)
aliyun opensearch create-app-group \
--client-token "$CLIENT_TOKEN" \
--body '{
"name": "my_prepay_instance",
"type": "enhanced",
"chargeType": "PREPAY",
"domain": "ecommerce",
"quota": {
"docSize": 100,
"computeResource": 2000,
"spec": "opensearch.private.common"
},
"order": {
"duration": 1,
"pricingCycle": "Year",
"autoRenew": true
}
}' \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Dry-run Mode Example (validates parameters only, no actual creation):
aliyun opensearch create-app-group \
--dryRun true \
--body '{
"name": "my_search_instance",
"type": "enhanced",
"chargeType": "POSTPAY",
"quota": {
"docSize": 100,
"computeResource": 2000,
"spec": "opensearch.private.common"
}
}' \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Idempotent Creation Example (prevents duplicate creation):
# Generate idempotency token
CLIENT_TOKEN=$(uuidgen)
aliyun opensearch create-app-group \
--client-token "$CLIENT_TOKEN" \
--body '{
"name": "my_search_instance",
"type": "enhanced",
"chargeType": "POSTPAY",
"quota": {
"docSize": 100,
"computeResource": 2000,
"spec": "opensearch.private.common"
}
}' \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
aliyun opensearch list-app-groups \
--engine-type ha3 \
--page-number <page> \
--page-size <size> \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Supported Filter Parameters:
--engine-type ha3 - Engine type (default ha3, must specify)--name - Filter by name--instance-id - Filter by instance ID--type - Filter by typestandard: High-performanceenhanced: Industry Algorithm--sort-by - Sort fieldExample: List instances
aliyun opensearch list-app-groups \
--engine-type ha3 \
--page-number 1 \
--page-size 10 \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
aliyun opensearch describe-app-group \
--app-group-identity <instance_name_or_id> \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Example: Get instance details
aliyun opensearch describe-app-group \
--app-group-identity my_search_instance \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Response includes:
For operation verification, see references/verification-method.md
Verify Instance Creation:
aliyun opensearch describe-app-group \
--app-group-identity <instance_name> \
--connect-timeout 3 \
--read-timeout 10 \
--user-agent AlibabaCloud-Agent-Skills/alibabacloud-opensearch-app-manage
Check if result.instanceId field is non-empty; if non-empty, instance creation succeeded.
To delete instances, please use OpenSearch Console.
For complete API list, see references/related-apis.md
| Operation | CLI Command | API Action |
|---|---|---|
| ----------- | ------------ | ------------ |
| Create Instance | aliyun opensearch create-app-group | CreateAppGroup |
| List Instances | aliyun opensearch list-app-groups | ListAppGroups |
| Describe Instance | aliyun opensearch describe-app-group | DescribeAppGroup |
> Important: Before executing write operations (create instance, etc.), you MUST confirm the following parameters with the user:
Pre-creation Confirmation Checklist:
| Parameter | Description | Example |
|---|---|---|
| ----------- | ------------- | --------- |
| Region | Instance region | cn-hangzhou / cn-shanghai / cn-beijing |
| Instance Name (name) | User-specified name (lowercase, numbers, underscores) | my_search_instance |
| Instance Type (type) | High-performance / Industry Algorithm | standard / enhanced |
| Charge Type (chargeType) | Pay-as-you-go / Subscription | POSTPAY / PREPAY |
| Spec Type (quota.spec) | Shared / Dedicated | opensearch.share.common |
| Storage (quota.docSize) | In GB | 100 |
| Compute (quota.computeResource) | In LCU | 2000 |
| Industry (domain) | Only for enhanced type | ecommerce / general |
| Subscription Period (order) | Only for PREPAY | 1 Year / 6 Months |
Confirmation Flow Example:
You are about to create the following OpenSearch instance, please confirm:
- Region: cn-hangzhou (China East 1)
- Instance Name: my_search_instance
- Instance Type: Industry Algorithm (enhanced)
- Industry: E-commerce (ecommerce)
- Charge Type: Pay-as-you-go (POSTPAY)
- Spec Type: Dedicated Common (opensearch.private.common)
- Storage: 100 GB
- Compute: 2000 LCU
Confirm creation? (yes/no)
For write operations (create, restart, delete), follow these idempotency best practices:
uuidgen to generate UUID# Example: Safe retry pattern
CLIENT_TOKEN=$(uuidgen)
echo "Using clientToken: $CLIENT_TOKEN"
# First attempt
aliyun opensearch create-app-group --client-token $CLIENT_TOKEN ...
# If timeout, retry with same Token
aliyun opensearch create-app-group --client-token $CLIENT_TOKEN ...
my_search_instance, video_search, product_search_2024my-search-instance, My_Search, 123_searchorder parameter (including duration and pricingCycle)standard): Suitable for general search scenariosenhanced): Suitable for specific industry scenarios, requires domain parameterecommerceesportscommunityeducationgeneral (default)| Document | Description |
|---|---|
| ---------- | ------------- |
| references/related-apis.md | Complete API List |
| references/ram-policies.md | RAM Policies |
| references/verification-method.md | Verification Methods |
| references/cli-installation-guide.md | CLI Installation Guide |
| references/acceptance-criteria.md | Acceptance Criteria |
共 1 个版本