ALIYUN::ALB::SecurityPolicy

ALIYUN::ALB::SecurityPolicy类型用于创建自定义安全策略。

语法

{
  "Type": "ALIYUN::ALB::SecurityPolicy",
  "Properties": {
    "Ciphers": List,
    "ResourceGroupId": String,
    "TLSVersions": List,
    "SecurityPolicyName": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

Ciphers

List

支持的加密套件。

取值:

  • TLSv1.0和TLSv1.1 支持:

    • ECDHE-ECDSA-AES128-SHA

    • ECDHE-ECDSA-AES256-SHA

    • ECDHE-RSA-AES128-SHA

    • ECDHE-RSA-AES256-SHA

    • AES128-SHA

    • AES256-SHA

    • DES-CBC3-SHA

  • TLSv1.2支持:

    • ECDHE-ECDSA-AES128-SHA

    • ECDHE-ECDSA-AES256-SHA

    • ECDHE-RSA-AES128-SHA

    • ECDHE-RSA-AES256-SHA

    • AES128-SHA

    • AES256-SHA

    • DES-CBC3-SHA

    • ECDHE-ECDSA-AES128-GCM-SHA256

    • ECDHE-ECDSA-AES256-GCM-SHA384

    • ECDHE-ECDSA-AES128-SHA256

    • ECDHE-ECDSA-AES256-SHA384

    • ECDHE-RSA-AES128-GCM-SHA256

    • ECDHE-RSA-AES256-GCM-SHA384

    • ECDHE-RSA-AES128-SHA256

    • ECDHE-RSA-AES256-SHA384

    • AES128-GCM-SHA256

    • AES256-GCM-SHA384

    • AES128-SHA256

    • AES256-SHA256

  • TLSv1.3支持:

    • TLS_AES_128_GCM_SHA256

    • TLS_AES_256_GCM_SHA384

    • TLS_CHACHA20_POLY1305_SHA256

    • TLS_AES_128_CCM_SHA256

    • TLS_AES_128_CCM_8_SHA256

说明

当TLSVersions取值支持Ciphers时,该参数才生效。

SecurityPolicyName

String

安全策略名称。

长度为2~128个英文或中文字符,必须以大小字母或中文开头,可包含数字、半角句号(.)、下划线(_)和短划线(-)。

TLSVersions

List

支持的TLS协议版本。

取值:

  • TLSv1.0

  • TLSv1.1

  • TLSv1.2

  • TLSv1.3

ResourceGroupId

String

资源组ID。

返回值

Fn::GetAtt

SecurityPolicyId:安全策略ID。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Ciphers:
    Description: 'The supported cipher suites, which are determined by the TLS protocol
      version.

      The specified cipher suites must be supported by at least one TLS protocol version
      that you specify.

      Note For example, if you set the TLSVersions parameter to TLSv1.3, you must
      specify cipher suites that are supported by TLS 1.3.'
    MaxLength: 20
    MinLength: 1
    Type: Json
  SecurityPolicyName:
    Description: 'The name of the security policy.

      The name must be 2 to 128 characters in length, and can contain letters, digits,
      periods

      (.), underscores (_), and hyphens (-). The name must start with a letter.'
    Type: String
  TLSVersions:
    Description: 'The supported versions of the Transport Layer Security (TLS) protocol.
      Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3 and so on.'
    MaxLength: 5
    MinLength: 1
    Type: Json
Resources:
  SecurityPolicy:
    Properties:
      Ciphers:
        Ref: Ciphers
      SecurityPolicyName:
        Ref: SecurityPolicyName
      TLSVersions:
        Ref: TLSVersions
    Type: ALIYUN::ALB::SecurityPolicy
Outputs:
  SecurityPolicyId:
    Description: The ID of the security policy.
    Value:
      Fn::GetAtt:
      - SecurityPolicy
      - SecurityPolicyId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Ciphers": {
      "Type": "Json",
      "Description": "The supported cipher suites, which are determined by the TLS protocol version.\nThe specified cipher suites must be supported by at least one TLS protocol version that you specify.\nNote For example, if you set the TLSVersions parameter to TLSv1.3, you must specify cipher suites that are supported by TLS 1.3.",
      "MinLength": 1,
      "MaxLength": 20
    },
    "TLSVersions": {
      "Type": "Json",
      "Description": "The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3 and so on.",
      "MinLength": 1,
      "MaxLength": 5
    },
    "SecurityPolicyName": {
      "Type": "String",
      "Description": "The name of the security policy.\nThe name must be 2 to 128 characters in length, and can contain letters, digits, periods\n(.), underscores (_), and hyphens (-). The name must start with a letter."
    }
  },
  "Resources": {
    "SecurityPolicy": {
      "Type": "ALIYUN::ALB::SecurityPolicy",
      "Properties": {
        "Ciphers": {
          "Ref": "Ciphers"
        },
        "TLSVersions": {
          "Ref": "TLSVersions"
        },
        "SecurityPolicyName": {
          "Ref": "SecurityPolicyName"
        }
      }
    }
  },
  "Outputs": {
    "SecurityPolicyId": {
      "Description": "The ID of the security policy.",
      "Value": {
        "Fn::GetAtt": [
          "SecurityPolicy",
          "SecurityPolicyId"
        ]
      }
    }
  }
}