ALIYUN::ENS::NetworkAcl類型用于創建一條網絡ACL規則。
語法
{
"Type": "ALIYUN::ENS::NetworkAcl",
"Properties": {
"AclEntries": List,
"Description": String,
"NetworkAclName": String
}
}
屬性
屬性名稱 | 類型 | 必須 | 允許更新 | 描述 | 約束 |
AclEntries | List | 否 | 是 | ACL規則列表。 | 最多支持配置40個ACL規則,更多信息,請參見AclEntries屬性。 |
Description | String | 否 | 否 | 網絡ACL的描述信息。 | 長度為1~256個字符,不能以 |
NetworkAclName | String | 否 | 否 | 網絡ACL的名稱。 | 長度為1~128個字符,不能以 |
AclEntries語法
"AclEntries": [
{
"Policy": String,
"PortRange": String,
"Description": String,
"Priority": Integer,
"CidrBlock": String,
"Protocol": String,
"NetworkAclEntryName": String,
"Direction": String
}
]
AclEntries屬性
屬性名稱 | 類型 | 必須 | 允許更新 | 描述 | 約束 |
CidrBlock | String | 是 | 是 | 源地址網段。 | 無 |
Direction | String | 是 | 是 | 規則方向。 | 取值:
|
Policy | String | 是 | 是 | 授權策略。 | 取值:
|
PortRange | String | 是 | 是 | 端口范圍。 |
|
Priority | Integer | 是 | 是 | 規則優先級。 | 取值范圍:1~100。默認值:1。 |
Protocol | String | 是 | 是 | 協議類型。 | 取值:
|
Description | String | 否 | 否 | 網絡ACL的描述信息。 | 長度為1~256個字符,不能以 |
NetworkAclEntryName | String | 否 | 否 | 規則條目的名稱。 | 長度為1~128個字符,不能以 |
返回值
Fn::GetAtt
NetworkAclId:關聯資源的網絡ACL的ID。
示例
YAML
格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AclEntries:
AssociationPropertyMetadata:
Parameters:
Policy:
Type: String
Description:
en: |-
The action that is performed on network traffic that matches the rule. Valid values:
accept: allows network traffic.
drop: blocks network traffic.
AllowedValues:
- accept
- drop
Required: true
PortRange:
Type: String
Description:
en: The port range.If you set Protocol to all or icmp, set this parameter to -1/-1, which specifies all ports.If you set Protocol to tcp or udp, the port can be 1 to 65535. You can set this parameter to 1/200 or 80/80, which specifies ports 1 to 200 or port 80.
Required: true
Description:
AssociationProperty: TextArea
Type: String
Description:
en: The description of the network ACL. The description must be 1 to 256 characters in length and cannot start with http:// or https://.
Required: false
Priority:
Type: Number
Description:
en: 'The priority of the rule. Valid values: 1 to 100. Default value: 1.'
Required: true
MinValue: 1
MaxValue: 100
CidrBlock:
Type: String
Description:
en: The source CIDR block.
Required: true
NetworkAclEntryName:
Type: String
Description:
en: The name of the rule. The name must be 1 to 128 characters in length and cannot start with http:// or https://.
Required: false
Protocol:
Type: String
Description:
en: |-
The protocol. Valid values: icmp: ICMP
tcp: TCP
udp: UDP
all: all protocols
AllowedValues:
- icmp
- tcp
- udp
- all
Required: true
Direction:
Type: String
Description:
en: |-
Specifies whether the ACL rule controls inbound or outbound access requests. Valid values:
ingress
egress
AllowedValues:
- ingress
- egress
Required: true
AssociationProperty: List[Parameters]
Type: Json
Description:
en: The entry of Network ACL.
Required: false
MaxLength: 40
NetworkAclName:
Type: String
Description:
en: |-
Enter a name for the network ACL.
The name must be 1 to 128 characters in length and cannot start with http:// or https://.
Required: false
Resources:
NetworkAcl:
Type: ALIYUN::ENS::NetworkAcl
Properties:
AclEntries:
Ref: AclEntries
NetworkAclName:
Ref: NetworkAclName
Outputs:
NetworkAclId:
Description: The ID of the network ACL.
Value:
Fn::GetAtt:
- NetworkAcl
- NetworkAclId
JSON
格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"AclEntries": {
"AssociationPropertyMetadata": {
"Parameters": {
"Policy": {
"Type": "String",
"Description": {
"en": "The action that is performed on network traffic that matches the rule. Valid values: \naccept: allows network traffic.\ndrop: blocks network traffic."
},
"AllowedValues": [
"accept",
"drop"
],
"Required": true
},
"PortRange": {
"Type": "String",
"Description": {
"en": "The port range.If you set Protocol to all or icmp, set this parameter to -1/-1, which specifies all ports.If you set Protocol to tcp or udp, the port can be 1 to 65535. You can set this parameter to 1/200 or 80/80, which specifies ports 1 to 200 or port 80."
},
"Required": true
},
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of the network ACL. The description must be 1 to 256 characters in length and cannot start with http:// or https://."
},
"Required": false
},
"Priority": {
"Type": "Number",
"Description": {
"en": "The priority of the rule. Valid values: 1 to 100. Default value: 1."
},
"Required": true,
"MinValue": 1,
"MaxValue": 100
},
"CidrBlock": {
"Type": "String",
"Description": {
"en": "The source CIDR block."
},
"Required": true
},
"NetworkAclEntryName": {
"Type": "String",
"Description": {
"en": "The name of the rule. The name must be 1 to 128 characters in length and cannot start with http:// or https://."
},
"Required": false
},
"Protocol": {
"Type": "String",
"Description": {
"en": "The protocol. Valid values: icmp: ICMP\ntcp: TCP\nudp: UDP\nall: all protocols"
},
"AllowedValues": [
"icmp",
"tcp",
"udp",
"all"
],
"Required": true
},
"Direction": {
"Type": "String",
"Description": {
"en": "Specifies whether the ACL rule controls inbound or outbound access requests. Valid values: \ningress\negress"
},
"AllowedValues": [
"ingress",
"egress"
],
"Required": true
}
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Description": {
"en": "The entry of Network ACL."
},
"Required": false,
"MaxLength": 40
},
"NetworkAclName": {
"Type": "String",
"Description": {
"en": "Enter a name for the network ACL.\nThe name must be 1 to 128 characters in length and cannot start with http:// or https://."
},
"Required": false
}
},
"Resources": {
"NetworkAcl": {
"Type": "ALIYUN::ENS::NetworkAcl",
"Properties": {
"AclEntries": {
"Ref": "AclEntries"
},
"NetworkAclName": {
"Ref": "NetworkAclName"
}
}
}
},
"Outputs": {
"NetworkAclId": {
"Description": "The ID of the network ACL.",
"Value": {
"Fn::GetAtt": [
"NetworkAcl",
"NetworkAclId"
]
}
}
}
}