ALIYUN::ENS::NetworkAcl类型用于创建一条网络ACL规则。
语法
{
"Type": "ALIYUN::ENS::NetworkAcl",
"Properties": {
"AclEntries": List,
"Description": String,
"NetworkAclName": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
AclEntries | List | 否 | 是 | ACL规则列表。 | 最多支持配置40个ACL规则,更多信息,请参见AclEntries属性。 |
Description | String | 否 | 否 | 网络ACL的描述信息。 | 长度为1~256个字符,不能以 |
NetworkAclName | String | 否 | 否 | 网络ACL的名称。 | 长度为1~128个字符,不能以 |
AclEntries语法
"AclEntries": [
{
"Policy": String,
"PortRange": String,
"Description": String,
"Priority": Integer,
"CidrBlock": String,
"Protocol": String,
"NetworkAclEntryName": String,
"Direction": String
}
]AclEntries属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
CidrBlock | String | 是 | 是 | 源地址网段。 | 无 |
Direction | String | 是 | 是 | 规则方向。 | 取值:
|
Policy | String | 是 | 是 | 授权策略。 | 取值:
|
PortRange | String | 是 | 是 | 端口范围。 |
|
Priority | Integer | 是 | 是 | 规则优先级。 | 取值范围:1~100。默认值:1。 |
Protocol | String | 是 | 是 | 协议类型。 | 取值:
|
Description | String | 否 | 否 | 网络ACL的描述信息。 | 长度为1~256个字符,不能以 |
NetworkAclEntryName | String | 否 | 否 | 规则条目的名称。 | 长度为1~128个字符,不能以 |
返回值
Fn::GetAtt
NetworkAclId:关联资源的网络ACL的ID。
示例
YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
AclEntries:
AssociationPropertyMetadata:
Parameters:
Policy:
Type: String
Description:
en: |-
The action that is performed on network traffic that matches the rule. Valid values:
accept: allows network traffic.
drop: blocks network traffic.
AllowedValues:
- accept
- drop
Required: true
PortRange:
Type: String
Description:
en: The port range.If you set Protocol to all or icmp, set this parameter to -1/-1, which specifies all ports.If you set Protocol to tcp or udp, the port can be 1 to 65535. You can set this parameter to 1/200 or 80/80, which specifies ports 1 to 200 or port 80.
Required: true
Description:
AssociationProperty: TextArea
Type: String
Description:
en: The description of the network ACL. The description must be 1 to 256 characters in length and cannot start with http:// or https://.
Required: false
Priority:
Type: Number
Description:
en: 'The priority of the rule. Valid values: 1 to 100. Default value: 1.'
Required: true
MinValue: 1
MaxValue: 100
CidrBlock:
Type: String
Description:
en: The source CIDR block.
Required: true
NetworkAclEntryName:
Type: String
Description:
en: The name of the rule. The name must be 1 to 128 characters in length and cannot start with http:// or https://.
Required: false
Protocol:
Type: String
Description:
en: |-
The protocol. Valid values: icmp: ICMP
tcp: TCP
udp: UDP
all: all protocols
AllowedValues:
- icmp
- tcp
- udp
- all
Required: true
Direction:
Type: String
Description:
en: |-
Specifies whether the ACL rule controls inbound or outbound access requests. Valid values:
ingress
egress
AllowedValues:
- ingress
- egress
Required: true
AssociationProperty: List[Parameters]
Type: Json
Description:
en: The entry of Network ACL.
Required: false
MaxLength: 40
NetworkAclName:
Type: String
Description:
en: |-
Enter a name for the network ACL.
The name must be 1 to 128 characters in length and cannot start with http:// or https://.
Required: false
Resources:
NetworkAcl:
Type: ALIYUN::ENS::NetworkAcl
Properties:
AclEntries:
Ref: AclEntries
NetworkAclName:
Ref: NetworkAclName
Outputs:
NetworkAclId:
Description: The ID of the network ACL.
Value:
Fn::GetAtt:
- NetworkAcl
- NetworkAclId
JSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"AclEntries": {
"AssociationPropertyMetadata": {
"Parameters": {
"Policy": {
"Type": "String",
"Description": {
"en": "The action that is performed on network traffic that matches the rule. Valid values: \naccept: allows network traffic.\ndrop: blocks network traffic."
},
"AllowedValues": [
"accept",
"drop"
],
"Required": true
},
"PortRange": {
"Type": "String",
"Description": {
"en": "The port range.If you set Protocol to all or icmp, set this parameter to -1/-1, which specifies all ports.If you set Protocol to tcp or udp, the port can be 1 to 65535. You can set this parameter to 1/200 or 80/80, which specifies ports 1 to 200 or port 80."
},
"Required": true
},
"Description": {
"AssociationProperty": "TextArea",
"Type": "String",
"Description": {
"en": "The description of the network ACL. The description must be 1 to 256 characters in length and cannot start with http:// or https://."
},
"Required": false
},
"Priority": {
"Type": "Number",
"Description": {
"en": "The priority of the rule. Valid values: 1 to 100. Default value: 1."
},
"Required": true,
"MinValue": 1,
"MaxValue": 100
},
"CidrBlock": {
"Type": "String",
"Description": {
"en": "The source CIDR block."
},
"Required": true
},
"NetworkAclEntryName": {
"Type": "String",
"Description": {
"en": "The name of the rule. The name must be 1 to 128 characters in length and cannot start with http:// or https://."
},
"Required": false
},
"Protocol": {
"Type": "String",
"Description": {
"en": "The protocol. Valid values: icmp: ICMP\ntcp: TCP\nudp: UDP\nall: all protocols"
},
"AllowedValues": [
"icmp",
"tcp",
"udp",
"all"
],
"Required": true
},
"Direction": {
"Type": "String",
"Description": {
"en": "Specifies whether the ACL rule controls inbound or outbound access requests. Valid values: \ningress\negress"
},
"AllowedValues": [
"ingress",
"egress"
],
"Required": true
}
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Description": {
"en": "The entry of Network ACL."
},
"Required": false,
"MaxLength": 40
},
"NetworkAclName": {
"Type": "String",
"Description": {
"en": "Enter a name for the network ACL.\nThe name must be 1 to 128 characters in length and cannot start with http:// or https://."
},
"Required": false
}
},
"Resources": {
"NetworkAcl": {
"Type": "ALIYUN::ENS::NetworkAcl",
"Properties": {
"AclEntries": {
"Ref": "AclEntries"
},
"NetworkAclName": {
"Ref": "NetworkAclName"
}
}
}
},
"Outputs": {
"NetworkAclId": {
"Description": "The ID of the network ACL.",
"Value": {
"Fn::GetAtt": [
"NetworkAcl",
"NetworkAclId"
]
}
}
}
}
反馈
- 本页导读 (1)