ALIYUN::ECS::SecurityGroupIngress类型用于创建安全组入方向的访问规则。
语法
{
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"SourceGroupOwnerId": String,
"Description": String,
"PortRange": String,
"SecurityGroupId": String,
"NicType": String,
"Ipv6SourceCidrIp": String,
"Priority": Integer,
"SourceGroupId": String,
"Policy": String,
"IpProtocol": String,
"SourcePortRange": String,
"SourceCidrIp": String,
"SourcePrefixListId": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
IpProtocol | String | 是 | 否 | IP协议。 | 取值:
|
PortRange | String | 是 | 否 | 目的端安全组开放的传输层协议相关的端口范围。 | 取值:
|
SourcePrefixListId | String | 否 | 否 | 需要设置入方向访问权限的目的端前缀列表ID。 | 您可以调用云服务ECS的DescribePrefixLists查询可以使用的前缀列表ID。 安全组的网络类型为经典网络时,不支持设置前缀列表。 当您指定了SourceCidrIp、Ipv6SourceCidrIp与SourceFroupId参数中的任意一个时,将忽略该参数。 |
SourceGroupId | String | 否 | 否 | 需要设置访问权限的源端安全组ID。 | 至少设置SourceGroupId或者SourceCidrIp其中一项。 如果指定SourceGroupId,但未指定SourceCidrIp,则参数NicType取值为intranet。 如果同时指定SourceGroupId和SourceCidrIp,则默认以SourceCidrIp的设置为准。 |
SecurityGroupId | String | 否 | 否 | 需要创建入规则的安全组ID。 | 无 |
NicType | String | 否 | 否 | 网络类型。 | 取值:
当设置安全组之间互相访问时,即指定DestGroupId但未指定DestCidrIp时,该参数取值为intranet。 |
Priority | Integer | 否 | 否 | 安全组规则优先级。 | 取值范围:1~100。 默认值:1。 |
SourceCidrIp | String | 否 | 否 | 源端IPv4 CIDR地址段。 | 仅支持IPv4格式的IP地址范围。 |
Policy | String | 否 | 否 | 访问权限。 | 取值:
|
SourceGroupOwnerId | String | 否 | 否 | 跨账户设置安全组规则时,源端安全组所属的阿里云账户ID。 | 如果SourceGroupOwnerId未设置,则默认设置您其他安全组的访问权限。 如果已经设置SourceCidrIp,则SourceGroupOwnerId的设置无效。 |
Description | String | 否 | 是 | 安全组规则的描述信息。 | 长度为1~512个字符。 |
SourcePortRange | String | 否 | 否 | 源端安全组开放的传输层协议相关的端口范围。 | 取值:
|
Ipv6SourceCidrIp | String | 否 | 否 | 源端IPv6 CIDR地址段。 | 支持CIDR格式和IPv6格式的IP地址范围。仅支持VPC类型的IP地址。 |
返回值
Fn::GetAtt
无。
示例
场景 1 :选择已有安全组并开放入方向3306端口。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 选择已有安全组并开放入方向3306端口。
en: Choose an existing security group and open inbound port 3306.
Parameters:
SecurityGroupId:
Type: String
Label:
en: Business Security Group ID
zh-cn: 业务安全组ID
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
Resources:
SecurityGroupIngress_3306:
Type: ALIYUN::ECS::SecurityGroupIngress
Properties:
SecurityGroupId:
Ref: SecurityGroupId
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
NicType: intranet
PortRange: 3306/3306
Outputs: {}
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "选择已有安全组并开放入方向3306端口。",
"en": "Choose an existing security group and open inbound port 3306."
},
"Parameters": {
"SecurityGroupId": {
"Type": "String",
"Label": {
"en": "Business Security Group ID",
"zh-cn": "业务安全组ID"
},
"AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId"
}
},
"Resources": {
"SecurityGroupIngress_3306": {
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"SecurityGroupId": {
"Ref": "SecurityGroupId"
},
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "3306/3306"
}
}
},
"Outputs": {
},
"Metadata": {
}
}场景 2 :创建安全组并开放入方向80端口。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建安全组开放入方向80端口。
en: Create an ECS security group to open inbound port 80.
Parameters:
ZoneId:
Type: String
Label:
en: Availability Zone
zh-cn: 可用区ID
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
Resources:
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock: 192.168.0.0/16
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId
VpcId:
Ref: Vpc
CidrBlock: 192.168.0.0/24
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
SecurityGroupIngress_80:
Type: ALIYUN::ECS::SecurityGroupIngress
Properties:
SecurityGroupId:
Ref: SecurityGroup
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
NicType: intranet
PortRange: 80/80
Outputs: {}
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "创建安全组开放入方向80端口。",
"en": "Create an ECS security group to open inbound port 80."
},
"Parameters": {
"ZoneId": {
"Type": "String",
"Label": {
"en": "Availability Zone",
"zh-cn": "可用区ID"
},
"AssociationProperty": "ALIYUN::ECS::Instance:ZoneId"
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16"
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"ZoneId": {
"Ref": "ZoneId"
},
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.0.0/24"
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
}
}
},
"SecurityGroupIngress_80": {
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "80/80"
}
}
},
"Outputs": {
},
"Metadata": {
}
}场景 3 :创建ECS并开放入方向3000端口做为Flowise应用服务端口。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建Ubuntu 22.04 ECS实例,配置安全组与网络,自动安装Node.js与Flowise AI代理服务,提供外部访问URL。
en: Create an Ubuntu 22.04 ECS instance, configure security groups and networking, automate the installation of Node.js alongside the Flowise AI agent service, and provision an external access URL.
Parameters:
SystemDiskCategory:
Default: cloud_essd
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
LocaleKey: DiskCategory
AutoChangeType: false
InstanceType: ${InstanceType}
AutoSelectFirst: true
ZoneId: ${ZoneId}
Type: String
Label:
zh-cn: 系统盘类型
en: System Disk Type
InstanceType:
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
DefaultValueStrategy: recent
ZoneId: ${ZoneId}
Type: String
Label:
zh-cn: 实例类型
en: Instance Type
InstancePassword:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
Description:
zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)。
en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in).
Default: Null
Type: String
Label:
zh-cn: 实例密码
en: Instance Password
NoEcho: true
AssociationProperty: ALIYUN::ECS::Instance::Password
ConstraintDescription:
zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)。
en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in).
ZoneId:
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
Type: String
Description:
zh-cn: <b><font color='blue'>本模板会使用Git工具从GitHub上克隆(clone)FlowiseAI/Flowise仓库,在国内地域使用可能会有网络问题,可切换至海外地域。</font></b>
en: <b><font color='blue'>This template will clone the FlowiseAI/Flowise repository from GitHub using the Git tool. There may be network problems when using it in domestic regions. You can switch to overseas regions.</font></b>
Label:
zh-cn: 可用区ID
en: Availability Zone
Outputs:
FlowiseUrl:
Description: Flowise default address.
Value:
Fn::Sub:
- http://${IP}:3000
- IP:
Fn::Jq:
- First
- if .[0].PublicIpAddress != [] then .[0].PublicIpAddress[0] else .[0].EipAddress.IpAddress end
- Fn::GetAtt:
- DS_Instances
- Instances
Resources:
SecurityGroupIngress_3000:
Type: ALIYUN::ECS::SecurityGroupIngress
Properties:
IpProtocol: tcp
SecurityGroupId:
Ref: SecurityGroup
NicType: intranet
SourceCidrIp: 0.0.0.0/0
PortRange: 3000/3000
InstanceGroup:
Type: ALIYUN::ECS::InstanceGroup
Properties:
SystemDiskCategory:
Ref: SystemDiskCategory
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
ImageId: ubuntu_22_04
IoOptimized: optimized
VSwitchId:
Ref: VSwitch
Password:
Ref: InstancePassword
InstanceName: Flowise
InstanceType:
Ref: InstanceType
MaxAmount: 1
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
DS_Instances:
Type: DATASOURCE::ECS::Instances
Properties:
InstanceIds:
Fn::GetAtt:
- InstanceGroup
- InstanceIds
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock: 192.168.0.0/16
InstallFlowise:
Type: ALIYUN::ECS::RunCommand
Properties:
CommandContent: |
#!/bin/bash
echo "#########################"
echo "# Install NodeJS"
echo "#########################"
git clone https://github.com/nvm-sh/nvm.git /opt/nvm && cd /opt/nvm
ret_code=$?
if [ $ret_code -ne 0 ]; then
echo "Git clone https://github.com/nvm-sh/nvm.git failed. Exiting."
exit $ret_code
fi
./install.sh
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
nvm install 22
npm config set registry https://registry.npmmirror.com
npm i -g pnpm
echo "#########################"
echo "# Install Flowise"
echo "#########################"
git clone --depth 1 https://github.com/FlowiseAI/Flowise.git /opt/Flowise && cd /opt/Flowise
ret_code=$?
if [ $ret_code -ne 0 ]; then
echo "Git clone https://github.com/FlowiseAI/Flowise.git failed. Exiting."
exit $ret_code
fi
pnpm install
pnpm build
nohup pnpm start > flowise.log 2>&1 &
Type: RunShellScript
Sync: true
InstanceIds:
Fn::GetAtt:
- InstanceGroup
- InstanceIds
Timeout: 1800
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.0.0/24
ZoneId:
Ref: ZoneId
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "创建Ubuntu 22.04 ECS实例,配置安全组与网络,自动安装Node.js与Flowise AI代理服务,提供外部访问URL。",
"en": "Create an Ubuntu 22.04 ECS instance, configure security groups and networking, automate the installation of Node.js alongside the Flowise AI agent service, and provision an external access URL."
},
"Parameters": {
"SystemDiskCategory": {
"Default": "cloud_essd",
"AssociationProperty": "ALIYUN::ECS::Disk::SystemDiskCategory",
"AssociationPropertyMetadata": {
"LocaleKey": "DiskCategory",
"AutoChangeType": false,
"InstanceType": "${InstanceType}",
"AutoSelectFirst": true,
"ZoneId": "${ZoneId}"
},
"Type": "String",
"Label": {
"zh-cn": "系统盘类型",
"en": "System Disk Type"
}
},
"InstanceType": {
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"DefaultValueStrategy": "recent",
"ZoneId": "${ZoneId}"
},
"Type": "String",
"Label": {
"zh-cn": "实例类型",
"en": "Instance Type"
}
},
"InstancePassword": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"Description": {
"zh-cn": "服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)。",
"en": "Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)."
},
"Default": null,
"Type": "String",
"Label": {
"zh-cn": "实例密码",
"en": "Instance Password"
},
"NoEcho": true,
"AssociationProperty": "ALIYUN::ECS::Instance::Password",
"ConstraintDescription": {
"zh-cn": "长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)。",
"en": "Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)."
}
},
"ZoneId": {
"AssociationProperty": "ALIYUN::ECS::Instance:ZoneId",
"Type": "String",
"Description": {
"zh-cn": "<b><font color='blue'>本模板会使用Git工具从GitHub上克隆(clone)FlowiseAI/Flowise仓库,在国内地域使用可能会有网络问题,可切换至海外地域。</font></b>",
"en": "<b><font color='blue'>This template will clone the FlowiseAI/Flowise repository from GitHub using the Git tool. There may be network problems when using it in domestic regions. You can switch to overseas regions.</font></b>"
},
"Label": {
"zh-cn": "可用区ID",
"en": "Availability Zone"
}
}
},
"Outputs": {
"FlowiseUrl": {
"Description": "Flowise default address.",
"Value": {
"Fn::Sub": [
"http://${IP}:3000",
{
"IP": {
"Fn::Jq": [
"First",
"if .[0].PublicIpAddress != [] then .[0].PublicIpAddress[0] else .[0].EipAddress.IpAddress end",
{
"Fn::GetAtt": [
"DS_Instances",
"Instances"
]
}
]
}
}
]
}
}
},
"Resources": {
"SecurityGroupIngress_3000": {
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp",
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"NicType": "intranet",
"SourceCidrIp": "0.0.0.0/0",
"PortRange": "3000/3000"
}
},
"InstanceGroup": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"SystemDiskCategory": {
"Ref": "SystemDiskCategory"
},
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "ubuntu_22_04",
"IoOptimized": "optimized",
"VSwitchId": {
"Ref": "VSwitch"
},
"Password": {
"Ref": "InstancePassword"
},
"InstanceName": "Flowise",
"InstanceType": {
"Ref": "InstanceType"
},
"MaxAmount": 1
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
}
}
},
"DS_Instances": {
"Type": "DATASOURCE::ECS::Instances",
"Properties": {
"InstanceIds": {
"Fn::GetAtt": [
"InstanceGroup",
"InstanceIds"
]
}
}
},
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16"
}
},
"InstallFlowise": {
"Type": "ALIYUN::ECS::RunCommand",
"Properties": {
"CommandContent": "#!/bin/bash\necho \"#########################\"\necho \"# Install NodeJS\"\necho \"#########################\"\ngit clone https://github.com/nvm-sh/nvm.git /opt/nvm && cd /opt/nvm\nret_code=$?\nif [ $ret_code -ne 0 ]; then\n echo \"Git clone https://github.com/nvm-sh/nvm.git failed. Exiting.\"\n exit $ret_code\nfi\n./install.sh\nexport NVM_DIR=\"$HOME/.nvm\"\n[ -s \"$NVM_DIR/nvm.sh\" ] && \\. \"$NVM_DIR/nvm.sh\"\n[ -s \"$NVM_DIR/bash_completion\" ] && \\. \"$NVM_DIR/bash_completion\"\nnvm install 22\nnpm config set registry https://registry.npmmirror.com\nnpm i -g pnpm\n\necho \"#########################\"\necho \"# Install Flowise\"\necho \"#########################\"\ngit clone --depth 1 https://github.com/FlowiseAI/Flowise.git /opt/Flowise && cd /opt/Flowise\nret_code=$?\nif [ $ret_code -ne 0 ]; then\n echo \"Git clone https://github.com/FlowiseAI/Flowise.git failed. Exiting.\"\n exit $ret_code\nfi\npnpm install\npnpm build\nnohup pnpm start > flowise.log 2>&1 &\n",
"Type": "RunShellScript",
"Sync": true,
"InstanceIds": {
"Fn::GetAtt": [
"InstanceGroup",
"InstanceIds"
]
},
"Timeout": 1800
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.0.0/24",
"ZoneId": {
"Ref": "ZoneId"
}
}
}
},
"Metadata": {
}
}更多示例,请参考包含此资源的公共模板。
该文章对您有帮助吗?