文档

为指定VPC防火墙策略组添加访问控制策略

更新时间:

本文介绍如何使用Terraform为指定VPC防火墙策略组添加访问控制策略。

注意事项

前提条件

  • 已创建阿里云账号和访问密钥(AccessKey)。具体操作,请参见创建AccessKey

  • 已经安装并配置了Terraform。

为指定VPC防火墙策略组添加访问控制策略

  1. 在Terraform执行目录下的terraform.tf文件中,配置如下内容。

    代码示例如下:

    provider "alicloud" {
      version = "~> 1.203.0"
    }
    
    resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
      order            = "1"
      destination      = "192.XX.XX.2/32"
      application_name = "ANY"
      description      = "Created_by_Terraform"
      source_type      = "net"
      dest_port        = "80/88"
      acl_action       = "accept"
      lang             = "zh"
      destination_type = "net"
      source           = "192.XX.XX.1/32"
      dest_port_type   = "port"
      proto            = "TCP"
      release          = true
      member_uid       = "141518928482****"
      vpc_firewall_id  = "vfw-d7b8ce273791475b****"
    }

  1. 运行terraform init,对环境进行初始化。

    代码示例如下:

    Initializing the backend...
    
    Initializing provider plugins...
    - Checking for available provider plugins...
    - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.203.0...
    
    
    Warning: registry.terraform.io: For users on Terraform 0.13 or greater, this provider has moved to aliyun/alicloud. Please update your source in required_providers.
    
    
    Terraform has been successfully initialized!
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.

  1. 运行terraform apply出现如下配置信息后,确认配置信息并输入yes,开始创建。

    代码示例如下:

    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    
      # alicloud_cloud_firewall_vpc_firewall_control_policy.default will be created
      + resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
          + acl_action              = "accept"
          + acl_uuid                = (known after apply)
          + application_id          = (known after apply)
          + application_name        = "ANY"
          + description             = "Created_by_Terraform"
          + dest_port               = "80/88"
          + dest_port_group_ports   = (known after apply)
          + dest_port_type          = "port"
          + destination             = "192.XX.XX.2/32"
          + destination_group_cidrs = (known after apply)
          + destination_group_type  = (known after apply)
          + destination_type        = "net"
          + hit_times               = (known after apply)
          + id                      = (known after apply)
          + lang                    = "zh"
          + member_uid              = "141518928482****"
          + order                   = 1
          + proto                   = "TCP"
          + release                 = true
          + source                  = "192.XX.XX.1/32"
          + source_group_cidrs      = (known after apply)
          + source_group_type       = (known after apply)
          + source_type             = "net"
          + vpc_firewall_id         = "vfw-d7b8ce273791475b****"
        }
    
    Plan: 1 to add, 0 to change, 0 to destroy.
    
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
    
      Enter a value: yes
    
    alicloud_cloud_firewall_vpc_firewall_control_policy.default: Creating...
    alicloud_cloud_firewall_vpc_firewall_control_policy.default: Creation complete after 2s [id=vfw-d7b8ce273791475b****:ba164e52-acd2-4899-bf72-6816b13a****]
    
    Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

    创建成功后,可以返回指定的VPC防火墙ID:vfw-d7b8ce273791475b****,添加的访问控制策略ID为:ba164e52-acd2-4899-bf72-6816b13a****。

  2. 查看结果。

    • 运行terraform show查看VPC防火墙访问控制策略详细信息。

      # alicloud_cloud_firewall_vpc_firewall_control_policy.default:
      resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
          acl_action              = "accept"
          acl_uuid                = "ba164e52-acd2-4899-bf72-6816b13a****"
          application_id          = "0"
          application_name        = "ANY"
          description             = "Created_by_Terraform"
          dest_port               = "80/88"
          dest_port_group_ports   = []
          dest_port_type          = "port"
          destination             = "192.XX.XX.2/32"
          destination_group_cidrs = []
          destination_type        = "net"
          hit_times               = 0
          id                      = "vfw-d7b8ce273791475b****:ba164e52-acd2-4899-bf72-6816b13a****"
          lang                    = "zh"
          member_uid              = "1415189284827****"
          order                   = 1
          proto                   = "TCP"
          release                 = true
          source                  = "192.XX.XX..1/32"
          source_group_cidrs      = []
          source_type             = "net"
          vpc_firewall_id         = "vfw-d7b8ce273791475b****"
      }
    • 登录云防火墙控制台,在访问控制>VPC边界页面,查看VPC边界防火墙访问控制策略详细信息。

      image..png