ALIYUN::CLOUDFW::VpcFirewallConfigure类型用于创建VPC边界防火墙(防护通过高速通道连接的两个VPC之间的流量)。
语法
{
"Type": "ALIYUN::CLOUDFW::VpcFirewallConfigure",
"Properties": {
"FirewallSwitch": String,
"LocalVpcRegion": String,
"LocalVpcCidrTableList": List,
"LocalVpcId": String,
"PeerVpcId": String,
"PeerVpcRegion": String,
"PeerVpcCidrTableList": List,
"VpcFirewallName": String,
"MemberUid": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
FirewallSwitch | String | 是 | 是 | 设置 VPC 边界防火墙创建后的开启状态。 | 取值:
|
LocalVpcRegion | String | 是 | 否 | 本端 VPC 所属地域 ID。 | 说明 关于云防火墙支持地域的详细信息,请参见支持的地域。 |
LocalVpcCidrTableList | List | 是 | 是 | 本端 VPC 的网段列表。 | 更多信息,请参见LocalVpcCidrTableList属性。 |
LocalVpcId | String | 是 | 否 | 本端 VPC 的实例 ID。 | 无 |
PeerVpcId | String | 是 | 否 | 对端 VPC 的实例 ID。 | 无 |
PeerVpcRegion | String | 是 | 否 | 对端 VPC 所属地域 ID。 | 说明 关于云防火墙支持地域的详细信息,请参见支持的地域。 |
PeerVpcCidrTableList | List | 是 | 是 | 对端 VPC 的网段列表。 | 更多信息,请参见PeerVpcCidrTableList属性。 |
VpcFirewallName | String | 是 | 是 | VPC 边界防火墙的实例名称。 | 无 |
MemberUid | String | 否 | 否 | 阿里云成员账号的 UID。 | 无 |
LocalVpcCidrTableList语法
"LocalVpcCidrTableList": [
{
"RouteTableId": String,
"RouteEntryList": List
}
]LocalVpcCidrTableList属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
RouteTableId | String | 是 | 否 | 表示本端 VPC 的路由表 ID。 | 无 |
RouteEntryList | List | 否 | 否 | 本端 VPC 的网段列表详情。 | 更多信息,请参见RouteEntryList属性。 |
RouteEntryList语法
"RouteEntryList": [
{
"NextHopInstanceId": String,
"DestinationCidr": String
}
]RouteEntryList属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
DestinationCidr | String | 是 | 否 | 表示本端 VPC 的目标网段。 | 无 |
NextHopInstanceId | String | 否 | 否 | 表示本端 VPC 的下一跳实例 ID。 | 无 |
PeerVpcCidrTableList语法
"PeerVpcCidrTableList": [
{
"RouteTableId": String,
"RouteEntryList": List
}
]PeerVpcCidrTableList属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
RouteTableId | String | 是 | 否 | 表示对端 VPC 的路由表 ID。 | 无 |
RouteEntryList | List | 否 | 否 | 对端 VPC 的网段列表详情。 | 更多信息,请参见RouteEntryList属性。 |
返回值
Fn::GetAtt
VpcFirewallId:VPC 边界防火墙实例 ID。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
LocalVpcCidrTableList:
AssociationPropertyMetadata:
Parameter:
AssociationPropertyMetadata:
Parameters:
RouteTableId:
Type: String
Description:
en: The ID of the route table for the local VPC.
Required: true
RouteEntryList:
AssociationPropertyMetadata:
Parameter:
AssociationPropertyMetadata:
Parameters:
NextHopInstanceId:
Type: Json
Description:
en: The NextHopInstanceId parameter indicates the instance ID of the next hop for the local VPC.
Required: false
DestinationCidr:
Type: String
Description:
en: The DestinationCidr parameter indicates the destination CIDR block of the local VPC.
Required: true
Type: Json
Required: false
AssociationProperty: List[Parameter]
Type: Json
Description:
en: The value is a JSON string that contains the DestinationCidr and NextHopInstanceId parameters.
Required: false
MinLength: 1
MaxLength: 100
Type: Json
Required: false
AssociationProperty: List[Parameter]
Type: Json
Description:
en: 'The CIDR blocks of the local VPC. '
Required: true
MinLength: 1
MaxLength: 1
VpcFirewallName:
Type: String
Description:
en: The instance name of the VPC firewall.
Required: true
PeerVpcCidrTableList:
AssociationPropertyMetadata:
Parameter:
AssociationPropertyMetadata:
Parameters:
RouteTableId:
Type: String
Description:
en: The ID of the route table for the peer VPC.
Required: true
RouteEntryList:
Type: Json
Description:
en: The value is a JSON string that contains the DestinationCidr and NextHopInstanceId parameters.
Required: false
MinLength: 1
MaxLength: 100
Type: Json
Required: false
AssociationProperty: List[Parameter]
Type: Json
Description:
en: 'The CIDR blocks of the peer VPC. '
Required: true
MinLength: 1
MaxLength: 1
LocalVpcId:
Type: String
Description:
en: The ID of the local VPC.
Required: true
AssociationProperty: ALIYUN::ECS::VPC::VPCId
PeerVpcId:
Type: String
Description:
en: The ID of the peer VPC.
Required: true
AssociationProperty: ALIYUN::ECS::VPC::VPCId
FirewallSwitch:
Type: String
Description:
en: |-
The status of the VPC firewall after you create the firewall. Valid values:
open: After you create the VPC firewall, the VPC firewall is automatically enabled. This is the default value.
close: After you create the VPC firewall, the VPC firewall is disabled. To enable the firewall, you can call the ModifyVpcFirewallSwitchStatus operation.
AllowedValues:
- open
- close
Required: true
Default: open
Resources:
ExtensionResource:
Type: ALIYUN::CLOUDFW::VpcFirewallConfigure
Properties:
PeerVpcId:
Ref: PeerVpcId
PeerVpcRegion:
Ref: ALIYUN::Region
LocalVpcRegion:
Ref: ALIYUN::Region
LocalVpcCidrTableList:
Ref: LocalVpcCidrTableList
VpcFirewallName:
Ref: VpcFirewallName
PeerVpcCidrTableList:
Ref: PeerVpcCidrTableList
LocalVpcId:
Ref: LocalVpcId
FirewallSwitch:
Ref: FirewallSwitch
Outputs:
VpcFirewallId:
Description: The instance ID of the VPC firewall.
Value:
Fn::GetAtt:
- ExtensionResource
- VpcFirewallId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"LocalVpcCidrTableList": {
"AssociationPropertyMetadata": {
"Parameter": {
"AssociationPropertyMetadata": {
"Parameters": {
"RouteTableId": {
"Type": "String",
"Description": {
"en": "The ID of the route table for the local VPC."
},
"Required": true
},
"RouteEntryList": {
"AssociationPropertyMetadata": {
"Parameter": {
"AssociationPropertyMetadata": {
"Parameters": {
"NextHopInstanceId": {
"Type": "Json",
"Description": {
"en": "The NextHopInstanceId parameter indicates the instance ID of the next hop for the local VPC."
},
"Required": false
},
"DestinationCidr": {
"Type": "String",
"Description": {
"en": "The DestinationCidr parameter indicates the destination CIDR block of the local VPC."
},
"Required": true
}
}
},
"Type": "Json",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The value is a JSON string that contains the DestinationCidr and NextHopInstanceId parameters."
},
"Required": false,
"MinLength": 1,
"MaxLength": 100
}
}
},
"Type": "Json",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The CIDR blocks of the local VPC. "
},
"Required": true,
"MinLength": 1,
"MaxLength": 1
},
"VpcFirewallName": {
"Type": "String",
"Description": {
"en": "The instance name of the VPC firewall."
},
"Required": true
},
"PeerVpcCidrTableList": {
"AssociationPropertyMetadata": {
"Parameter": {
"AssociationPropertyMetadata": {
"Parameters": {
"RouteTableId": {
"Type": "String",
"Description": {
"en": "The ID of the route table for the peer VPC."
},
"Required": true
},
"RouteEntryList": {
"Type": "Json",
"Description": {
"en": "The value is a JSON string that contains the DestinationCidr and NextHopInstanceId parameters."
},
"Required": false,
"MinLength": 1,
"MaxLength": 100
}
}
},
"Type": "Json",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The CIDR blocks of the peer VPC. "
},
"Required": true,
"MinLength": 1,
"MaxLength": 1
},
"LocalVpcId": {
"Type": "String",
"Description": {
"en": "The ID of the local VPC."
},
"Required": true,
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"PeerVpcId": {
"Type": "String",
"Description": {
"en": "The ID of the peer VPC."
},
"Required": true,
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"FirewallSwitch": {
"Type": "String",
"Description": {
"en": "The status of the VPC firewall after you create the firewall. Valid values:\nopen: After you create the VPC firewall, the VPC firewall is automatically enabled. This is the default value.\nclose: After you create the VPC firewall, the VPC firewall is disabled. To enable the firewall, you can call the ModifyVpcFirewallSwitchStatus operation."
},
"AllowedValues": [
"open",
"close"
],
"Required": true,
"Default": "open"
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::CLOUDFW::VpcFirewallConfigure",
"Properties": {
"PeerVpcId": {
"Ref": "PeerVpcId"
},
"PeerVpcRegion": {
"Ref": "ALIYUN::Region"
},
"LocalVpcRegion": {
"Ref": "ALIYUN::Region"
},
"LocalVpcCidrTableList": {
"Ref": "LocalVpcCidrTableList"
},
"VpcFirewallName": {
"Ref": "VpcFirewallName"
},
"PeerVpcCidrTableList": {
"Ref": "PeerVpcCidrTableList"
},
"LocalVpcId": {
"Ref": "LocalVpcId"
},
"FirewallSwitch": {
"Ref": "FirewallSwitch"
}
}
}
},
"Outputs": {
"VpcFirewallId": {
"Description": "The instance ID of the VPC firewall.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"VpcFirewallId"
]
}
}
}
}
该文章对您有帮助吗?