원클릭으로 Manus에서 모든 스킬 실행

$pwd:

alibaba-cloud-architecture

Name: Alibaba Cloud Architecture
Author: liauw-media

// Alibaba Cloud architecture patterns and best practices. Use when designing, deploying, or reviewing infrastructure on Alibaba Cloud including ECS, ACK, Function Compute, and OSS.

Manus에서 실행

$ git log --oneline --stat

stars:3

forks:2

updated:2026년 1월 11일 21:49

SKILL.md

readonly

related-skills.json

같은 저장소

web-animation.md

from "liauw-media/CodeAssist"

Build immersive, scroll-driven websites with GSAP ScrollTrigger, Lenis smooth scroll, parallax effects, and cinematic page transitions. Use when building premium corporate sites, landing pages, or marketing microsites that need motion and polish beyond static designs.

2026-03-083

code-reviewer.md

from "liauw-media/CodeAssist"

Use when reviewing pull requests, conducting code quality audits, or identifying security vulnerabilities. Invoke for PR reviews, code quality checks, refactoring suggestions.

2026-03-083

debugging-wizard.md

from "liauw-media/CodeAssist"

Use when investigating errors, analyzing stack traces, or finding root causes of unexpected behavior. Invoke for error investigation, troubleshooting, log analysis, root cause analysis.

2026-03-083

aws-architecture.md

from "liauw-media/CodeAssist"

AWS cloud architecture patterns and best practices. Use when designing, deploying, or reviewing AWS infrastructure including EC2, ECS, EKS, Lambda, RDS, S3, IAM, and VPC.

2026-01-113

azure-architecture.md

from "liauw-media/CodeAssist"

Microsoft Azure architecture patterns and best practices. Use when designing, deploying, or reviewing Azure infrastructure including AKS, App Service, Functions, CosmosDB, and Entra ID.

2026-01-113

gcp-architecture.md

from "liauw-media/CodeAssist"

Google Cloud Platform architecture patterns and best practices. Use when designing, deploying, or reviewing GCP infrastructure including GKE, Cloud Run, Cloud Functions, BigQuery, and IAM.

2026-01-113

package.json

"author": "liauw-media"

"repository": "liauw-media/CodeAssist"

GitHub 저장소 열기 Creator 저장소 보기

$ install --global

$ download --local

Manus에서 실행

$ useful --forSOC

컴퓨터 네트워크 아키텍트컴퓨터 및 수학직15-1241L4

name	alibaba-cloud-architecture
description	Alibaba Cloud architecture patterns and best practices. Use when designing, deploying, or reviewing infrastructure on Alibaba Cloud including ECS, ACK, Function Compute, and OSS.

Alibaba Cloud Architecture

Comprehensive guide for building secure, scalable infrastructure on Alibaba Cloud.

When to Use

Designing architecture for APAC-focused deployments
Deploying applications to Alibaba Cloud services
Setting up networking (VPC, security groups)
Working with ACK (Container Service for Kubernetes)
Integrating with Chinese market requirements

Core Services Overview

Compute

Service	AWS Equivalent	Use Case
ECS	EC2	Virtual machines
ACK	EKS	Managed Kubernetes
Function Compute	Lambda	Serverless functions
SAE	Fargate	Serverless containers
ECI	Fargate	Elastic container instances

Storage

Service	AWS Equivalent	Use Case
OSS	S3	Object storage
NAS	EFS	File storage
ESSD	EBS	Block storage
Tablestore	DynamoDB	NoSQL

Database

Service	AWS Equivalent	Use Case
RDS	RDS	Managed SQL
PolarDB	Aurora	Cloud-native SQL
ApsaraDB for Redis	ElastiCache	Caching
AnalyticDB	Redshift	Data warehouse

Networking

Service	AWS Equivalent	Use Case
VPC	VPC	Virtual network
SLB	ALB/NLB	Load balancing
CDN	CloudFront	Content delivery
NAT Gateway	NAT Gateway	Outbound NAT
PrivateLink	PrivateLink	Private connectivity

VPC Architecture

Terraform VPC

# Provider Configuration
provider "alicloud" {
  region     = var.region
  access_key = var.access_key
  secret_key = var.secret_key
}

# VPC
resource "alicloud_vpc" "main" {
  vpc_name   = "${var.project}-vpc"
  cidr_block = "10.0.0.0/16"

  tags = local.common_tags
}

# VSwitches (Subnets)
resource "alicloud_vswitch" "app" {
  count        = length(var.availability_zones)
  vswitch_name = "${var.project}-app-${count.index}"
  vpc_id       = alicloud_vpc.main.id
  cidr_block   = cidrsubnet("10.0.0.0/16", 8, count.index)
  zone_id      = var.availability_zones[count.index]

  tags = local.common_tags
}

resource "alicloud_vswitch" "db" {
  count        = length(var.availability_zones)
  vswitch_name = "${var.project}-db-${count.index}"
  vpc_id       = alicloud_vpc.main.id
  cidr_block   = cidrsubnet("10.0.0.0/16", 8, count.index + 10)
  zone_id      = var.availability_zones[count.index]

  tags = local.common_tags
}

# NAT Gateway
resource "alicloud_nat_gateway" "main" {
  vpc_id           = alicloud_vpc.main.id
  nat_gateway_name = "${var.project}-nat"
  payment_type     = "PayAsYouGo"
  nat_type         = "Enhanced"
  vswitch_id       = alicloud_vswitch.app[0].id

  tags = local.common_tags
}

resource "alicloud_eip_address" "nat" {
  address_name         = "${var.project}-nat-eip"
  bandwidth            = 100
  internet_charge_type = "PayByTraffic"
}

resource "alicloud_eip_association" "nat" {
  allocation_id = alicloud_eip_address.nat.id
  instance_id   = alicloud_nat_gateway.main.id
}

resource "alicloud_snat_entry" "main" {
  count             = length(alicloud_vswitch.app)
  snat_table_id     = alicloud_nat_gateway.main.snat_table_ids
  source_vswitch_id = alicloud_vswitch.app[count.index].id
  snat_ip           = alicloud_eip_address.nat.ip_address
}

Security Groups

resource "alicloud_security_group" "app" {
  name        = "${var.project}-app-sg"
  vpc_id      = alicloud_vpc.main.id
  description = "Security group for application servers"

  tags = local.common_tags
}

resource "alicloud_security_group_rule" "app_http" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = "80/80"
  priority          = 1
  security_group_id = alicloud_security_group.app.id
  cidr_ip           = "0.0.0.0/0"
}

resource "alicloud_security_group_rule" "app_https" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = "443/443"
  priority          = 1
  security_group_id = alicloud_security_group.app.id
  cidr_ip           = "0.0.0.0/0"
}

resource "alicloud_security_group" "db" {
  name        = "${var.project}-db-sg"
  vpc_id      = alicloud_vpc.main.id
  description = "Security group for databases"

  tags = local.common_tags
}

resource "alicloud_security_group_rule" "db_mysql" {
  type                     = "ingress"
  ip_protocol              = "tcp"
  nic_type                 = "intranet"
  policy                   = "accept"
  port_range               = "3306/3306"
  priority                 = 1
  security_group_id        = alicloud_security_group.db.id
  source_security_group_id = alicloud_security_group.app.id
}

RAM (Resource Access Management)

Service Role

# RAM Role for ECS
resource "alicloud_ram_role" "app" {
  name        = "${var.project}-app-role"
  document    = jsonencode({
    Version = "1"
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = {
        Service = ["ecs.aliyuncs.com"]
      }
    }]
  })
  description = "Role for application ECS instances"
}

# RAM Policy
resource "alicloud_ram_policy" "oss_access" {
  policy_name     = "${var.project}-oss-policy"
  policy_document = jsonencode({
    Version = "1"
    Statement = [
      {
        Effect   = "Allow"
        Action   = ["oss:GetObject", "oss:PutObject", "oss:DeleteObject"]
        Resource = ["acs:oss:*:*:${var.project}-data/*"]
      },
      {
        Effect   = "Allow"
        Action   = ["oss:ListBucket"]
        Resource = ["acs:oss:*:*:${var.project}-data"]
      }
    ]
  })
}

resource "alicloud_ram_role_policy_attachment" "oss" {
  policy_name = alicloud_ram_policy.oss_access.name
  policy_type = alicloud_ram_policy.oss_access.type
  role_name   = alicloud_ram_role.app.name
}

ACK (Container Service for Kubernetes)

Managed Kubernetes Cluster

resource "alicloud_cs_managed_kubernetes" "main" {
  name                 = "${var.project}-ack"
  cluster_spec         = "ack.pro.small"
  version              = var.kubernetes_version
  worker_vswitch_ids   = alicloud_vswitch.app[*].id
  pod_vswitch_ids      = alicloud_vswitch.app[*].id
  service_cidr         = "172.16.0.0/16"
  new_nat_gateway      = false

  worker_instance_types = ["ecs.g6.xlarge"]
  worker_number         = 3

  worker_disk_category = "cloud_essd"
  worker_disk_size     = 100

  install_cloud_monitor = true

  addons {
    name = "terway-eniip"
  }

  addons {
    name = "csi-plugin"
  }

  addons {
    name = "csi-provisioner"
  }

  tags = local.common_tags
}

# Node Pool
resource "alicloud_cs_kubernetes_node_pool" "app" {
  cluster_id           = alicloud_cs_managed_kubernetes.main.id
  name                 = "app-pool"
  vswitch_ids          = alicloud_vswitch.app[*].id
  instance_types       = ["ecs.g6.2xlarge"]

  scaling_config {
    min_size = 2
    max_size = 10
  }

  system_disk_category = "cloud_essd"
  system_disk_size     = 100

  labels = {
    "pool" = "app"
  }

  tags = local.common_tags
}

ECS (Elastic Compute Service)

Auto Scaling Group

resource "alicloud_ess_scaling_group" "app" {
  scaling_group_name = "${var.project}-app-asg"
  min_size           = var.environment == "prod" ? 2 : 1
  max_size           = 10
  vswitch_ids        = alicloud_vswitch.app[*].id

  removal_policies = ["OldestInstance", "NewestInstance"]

  tags = local.common_tags
}

resource "alicloud_ess_scaling_configuration" "app" {
  scaling_group_id  = alicloud_ess_scaling_group.app.id
  image_id          = data.alicloud_images.ubuntu.images[0].id
  instance_type     = "ecs.g6.large"
  security_group_id = alicloud_security_group.app.id

  system_disk_category = "cloud_essd"
  system_disk_size     = 50

  user_data = base64encode(file("${path.module}/scripts/user-data.sh"))

  tags = local.common_tags
}

resource "alicloud_ess_scaling_rule" "cpu_scale_out" {
  scaling_group_id = alicloud_ess_scaling_group.app.id
  scaling_rule_name = "cpu-scale-out"
  scaling_rule_type = "TargetTrackingScalingRule"

  target_tracking_configuration {
    metric_name  = "CpuUtilization"
    target_value = 70
  }
}

SLB (Server Load Balancer)

Application Load Balancer

resource "alicloud_slb_load_balancer" "app" {
  load_balancer_name = "${var.project}-slb"
  load_balancer_spec = "slb.s2.small"
  vswitch_id         = alicloud_vswitch.app[0].id
  address_type       = "intranet"

  tags = local.common_tags
}

resource "alicloud_slb_listener" "https" {
  load_balancer_id          = alicloud_slb_load_balancer.app.id
  backend_port              = 8080
  frontend_port             = 443
  protocol                  = "https"
  bandwidth                 = -1
  server_certificate_id     = alicloud_slb_server_certificate.main.id
  health_check              = "on"
  health_check_uri          = "/health"
  health_check_connect_port = 8080
  healthy_threshold         = 3
  unhealthy_threshold       = 3
  health_check_timeout      = 5
  health_check_interval     = 10
  sticky_session            = "on"
  sticky_session_type       = "insert"
  cookie_timeout            = 3600
}

resource "alicloud_slb_server_group" "app" {
  load_balancer_id = alicloud_slb_load_balancer.app.id
  name             = "${var.project}-app-servers"
}

resource "alicloud_slb_backend_server" "app" {
  load_balancer_id = alicloud_slb_load_balancer.app.id

  dynamic "backend_servers" {
    for_each = alicloud_instance.app
    content {
      server_id = backend_servers.value.id
      weight    = 100
    }
  }
}

RDS (ApsaraDB for RDS)

PostgreSQL Instance

resource "alicloud_db_instance" "main" {
  engine               = "PostgreSQL"
  engine_version       = "15.0"
  instance_type        = var.environment == "prod" ? "pg.n2.medium.2c" : "pg.n2.small.1"
  instance_storage     = 100
  instance_charge_type = var.environment == "prod" ? "Prepaid" : "Postpaid"
  instance_name        = "${var.project}-postgres"
  vswitch_id           = alicloud_vswitch.db[0].id
  security_ips         = [alicloud_vswitch.app[0].cidr_block, alicloud_vswitch.app[1].cidr_block]

  db_instance_storage_type = "cloud_essd"

  parameters {
    name  = "log_connections"
    value = "on"
  }

  parameters {
    name  = "log_disconnections"
    value = "on"
  }

  tags = local.common_tags
}

resource "alicloud_db_database" "main" {
  instance_id = alicloud_db_instance.main.id
  name        = var.database_name
  character_set = "UTF8"
}

resource "alicloud_db_account" "app" {
  db_instance_id   = alicloud_db_instance.main.id
  account_name     = "app"
  account_password = random_password.db.result
  account_type     = "Normal"
}

resource "alicloud_db_account_privilege" "app" {
  instance_id  = alicloud_db_instance.main.id
  account_name = alicloud_db_account.app.account_name
  privilege    = "ReadWrite"
  db_names     = [alicloud_db_database.main.name]
}

OSS (Object Storage Service)

Secure Bucket

resource "alicloud_oss_bucket" "data" {
  bucket = "${var.project}-data"
  acl    = "private"

  versioning {
    status = "Enabled"
  }

  server_side_encryption_rule {
    sse_algorithm = "KMS"
    kms_master_key_id = alicloud_kms_key.oss.id
  }

  lifecycle_rule {
    id      = "archive"
    enabled = true
    prefix  = ""

    transitions {
      days          = 90
      storage_class = "IA"
    }

    transitions {
      days          = 180
      storage_class = "Archive"
    }

    expiration {
      days = 365
    }
  }

  logging {
    target_bucket = alicloud_oss_bucket.logs.id
    target_prefix = "oss-logs/"
  }

  tags = local.common_tags
}

# Block public access
resource "alicloud_oss_bucket_public_access_block" "data" {
  bucket                          = alicloud_oss_bucket.data.bucket
  block_public_access             = true
  ignore_public_acls              = true
  restrict_public_buckets         = true
}

Function Compute

Serverless Function

resource "alicloud_fc_service" "main" {
  name        = "${var.project}-service"
  description = "Function Compute Service"

  role = alicloud_ram_role.fc.arn

  vpc_config {
    vswitch_ids         = alicloud_vswitch.app[*].id
    security_group_id   = alicloud_security_group.app.id
  }

  log_config {
    project  = alicloud_log_project.main.name
    logstore = alicloud_log_store.fc.name
  }
}

resource "alicloud_fc_function" "api" {
  service     = alicloud_fc_service.main.name
  name        = "api-handler"
  description = "API Handler Function"
  runtime     = "nodejs18"
  handler     = "index.handler"
  memory_size = 512
  timeout     = 30

  filename = data.archive_file.function.output_path
  code_checksum = data.archive_file.function.output_base64sha256

  environment_variables = {
    NODE_ENV     = "production"
    DATABASE_URL = alicloud_db_instance.main.connection_string
  }
}

resource "alicloud_fc_trigger" "http" {
  service    = alicloud_fc_service.main.name
  function   = alicloud_fc_function.api.name
  name       = "http-trigger"
  type       = "http"

  config = jsonencode({
    authType = "anonymous"
    methods  = ["GET", "POST", "PUT", "DELETE"]
  })
}

CLI Reference

# Configure CLI
aliyun configure

# ECS
aliyun ecs DescribeInstances
aliyun ecs StartInstance --InstanceId i-xxx
aliyun ecs StopInstance --InstanceId i-xxx

# ACK
aliyun cs GET /clusters
aliyun cs GET /k8s/clusters/{ClusterId}/user_config

# OSS
aliyun oss ls oss://bucket-name/
aliyun oss cp local.txt oss://bucket-name/
aliyun oss sync ./folder oss://bucket-name/folder

# RDS
aliyun rds DescribeDBInstances
aliyun rds DescribeDatabases --DBInstanceId rm-xxx

# Function Compute
aliyun fc GET /services
aliyun fc POST /services/{serviceName}/functions/{functionName}/invocations

Regional Considerations

China Regions

Requires ICP license for public websites
Different regulatory requirements
Separate Alibaba Cloud account (China vs International)

International Regions

Singapore, Hong Kong, Japan, etc.
No ICP requirements
Same account as global cloud

Security Checklist

Integration

Works with:

/terraform - Alibaba Cloud provider
/k8s - ACK deployments
/devops - CI/CD pipelines
/security - Security review

alibaba-cloud-architecture

이 저장소의 다른 Skills

이 저장소의 다른 Skills

Alibaba Cloud Architecture

When to Use

Core Services Overview

Compute

Storage

Database

Networking

VPC Architecture

Terraform VPC

Security Groups

RAM (Resource Access Management)

Service Role

ACK (Container Service for Kubernetes)

Managed Kubernetes Cluster

ECS (Elastic Compute Service)

Auto Scaling Group

SLB (Server Load Balancer)

Application Load Balancer

RDS (ApsaraDB for RDS)

PostgreSQL Instance

OSS (Object Storage Service)

Secure Bucket

Function Compute

Serverless Function

CLI Reference

Regional Considerations

China Regions

International Regions

Security Checklist

Integration

Alibaba Cloud Architecture

When to Use

Core Services Overview

Compute

Storage

Database

Networking

VPC Architecture

Terraform VPC

Security Groups

RAM (Resource Access Management)

Service Role

ACK (Container Service for Kubernetes)

Managed Kubernetes Cluster

ECS (Elastic Compute Service)

Auto Scaling Group

SLB (Server Load Balancer)

Application Load Balancer

RDS (ApsaraDB for RDS)

PostgreSQL Instance

OSS (Object Storage Service)

Secure Bucket

Function Compute

Serverless Function

CLI Reference

Regional Considerations

China Regions

International Regions

Security Checklist

Integration