ALIYUN::CLOUDFW::TrFirewall_资源编排(ROS)-阿里云帮助中心

ALIYUN::CLOUDFW::TrFirewall类型用于创建TR防火墙。

语法

{
  "Type": "ALIYUN::CLOUDFW::TrFirewall",
  "Properties": {
    "CenId": String,
    "FirewallName": String,
    "RouteMode": String,
    "RegionNo": String,
    "TransitRouterId": String,
    "FirewallDescription": String,
    "FirewallVpcId": String,
    "FirewallSubnetCidr": String,
    "FirewallVpcCidr": String,
    "FirewallVswitchId": String,
    "TrAttachmentMasterZone": String,
    "TrAttachmentMasterCidr": String,
    "TrAttachmentSlaveCidr": String,
    "TrAttachmentSlaveZone": String
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
CenId	String	是	否	云企业网实例 ID。	无
FirewallName	String	是	是	云防火墙的名称。	无
RouteMode	String	是	否	路由模式。	取值： managed：表示自动模式 manual：表示手动模式
RegionNo	String	是	否	转发路由器实例 I 的地域 ID。	无
TransitRouterId	String	是	否	转发路由器实例 ID。	无
FirewallDescription	String	否	否	防火墙描述。	无
FirewallVpcId	String	否	否	手动模式下创建防火墙 ENI 的 VPC ID。	无
FirewallSubnetCidr	String	否	否	自动模式下防火墙 VPC 中存放防火墙 ENI 的子网网段。	无
FirewallVpcCidr	String	否	否	自动模式下防火墙 VPC 网段。	无
FirewallVswitchId	String	否	否	手动模式下创建防火墙 ENI 的 VSW ID。	无
TrAttachmentMasterZone	String	否	否	交换机主可用区。	无
TrAttachmentMasterCidr	String	否	否	自动模式下防火墙 VPC 中用于连接 TR 的子网主用网段。	无
TrAttachmentSlaveCidr	String	否	否	自动模式下防火墙 VPC 中用于连接 TR 的子网备用网段。	无
TrAttachmentSlaveZone	String	否	否	交换机备可用区。	无

返回值

Fn::GetAtt

FirewallId：VPC 边界防火墙实例 ID。

示例

YAML

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  RouteMode:
    Type: String
    Description:
      en: |-
        The routing mode of the VPC firewall. Valid values:
        managed: automatic mode
        manual: manual mode
    AllowedValues:
      - managed
      - manual
    Required: true
    Default: manual
  FirewallVpcId:
    Type: Number
    Description:
      en: The ID of the VPC in which the ENI associated with the VPC firewall is created in manual mode.
    Required: false
    AssociationProperty: ALIYUN::ECS::VPC::VPCId
  FirewallName:
    Type: String
    Description:
      en: The name of the firewall.
    Required: true
  FirewallVswitchId:
    Type: String
    Description:
      en: The ID of the vSwitch that is used to create the ENI in manual mode.
    Required: false
    AssociationProperty: ALIYUN::ECS::VSwitch
    AssociationPropertyMetadata:
      VpcId: ${FirewallVpcId}
  CenId:
    Type: String
    Description:
      en: The ID of the Cloud Enterprise Network (CEN) instance.
    Required: true
    AssociationProperty: ALIYUN::CEN::Instance::CenId
  TransitRouterId:
    Type: String
    Description:
      en: The ID of the transit router.
    Required: true
Resources:
  ExtensionResource:
    Type: ALIYUN::CLOUDFW::TrFirewall
    Properties:
      RouteMode:
        Ref: RouteMode
      RegionNo:
        Ref: ALIYUN::Region
      FirewallVpcId:
        Ref: FirewallVpcId
      FirewallName:
        Ref: FirewallName
      FirewallVswitchId:
        Ref: FirewallVswitchId
      CenId:
        Ref: CenId
      TransitRouterId:
        Ref: TransitRouterId
Outputs:
  FirewallId:
    Description: The instance ID of the VPC firewall.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - FirewallId

JSON

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "RouteMode": {
      "Type": "String",
      "Description": {
        "en": "The routing mode of the VPC firewall. Valid values:\nmanaged: automatic mode\nmanual: manual mode"
      },
      "AllowedValues": [
        "managed",
        "manual"
      ],
      "Required": true,
      "Default": "manual"
    },
    "FirewallVpcId": {
      "Type": "Number",
      "Description": {
        "en": "The ID of the VPC in which the ENI associated with the VPC firewall is created in manual mode."
      },
      "Required": false,
      "AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
    },
    "FirewallName": {
      "Type": "String",
      "Description": {
        "en": "The name of the firewall."
      },
      "Required": true
    },
    "FirewallVswitchId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the vSwitch that is used to create the ENI in manual mode."
      },
      "Required": false,
      "AssociationProperty": "ALIYUN::ECS::VSwitch",
      "AssociationPropertyMetadata": {
        "VpcId": "${FirewallVpcId}"
      }
    },
    "CenId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the Cloud Enterprise Network (CEN) instance."
      },
      "Required": true,
       "AssociationProperty": "ALIYUN::CEN::Instance::CenId"
    },
    "TransitRouterId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the transit router."
      },
      "Required": true
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::CLOUDFW::TrFirewall",
      "Properties": {
        "RouteMode": {
          "Ref": "RouteMode"
        },
        "RegionNo": {
          "Ref": "ALIYUN::Region"
        },
        "FirewallVpcId": {
          "Ref": "FirewallVpcId"
        },
        "FirewallName": {
          "Ref": "FirewallName"
        },
        "FirewallVswitchId": {
          "Ref": "FirewallVswitchId"
        },
        "CenId": {
          "Ref": "CenId"
        },
        "TransitRouterId": {
          "Ref": "TransitRouterId"
        }
      }
    }
  },
  "Outputs": {
    "FirewallId": {
      "Description": "The instance ID of the VPC firewall.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "FirewallId"
        ]
      }
    }
  }
}