ALIYUN::GA::AclsListenerAssociation

ALIYUN::GA::AclsListenerAssociation类型用于将访问控制策略组(ACL)关联到监听。

语法

{
  "Type": "ALIYUN::GA::AclsListenerAssociation",
  "Properties": {
    "AclType": String,
    "AclIds": List,
    "ListenerId": String
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

AclType

String

访问控制类型。

取值:

  • white:仅转发来自所选访问控制策略组中设置的IP地址或地址段的请求,白名单适用于只允许特定IP访问的场景。设置白名单存在一定业务风险。一旦设置白名单,就只有白名单中的IP可以访问全球加速监听。如果开启了白名单访问,但访问策略组中没有添加任何IP,则全球加速监听会转发全部请求。

  • black:来自所选访问控制策略组中设置的IP地址或地址段的所有请求都不会转发,黑名单适用于只限制某些特定IP访问的场景。如果开启了黑名单访问,但访问策略组中没有添加任何IP,则全球加速监听会转发全部请求。

AclIds

List

访问控制策略组ID。

最多支持关联2个访问控制策略组ID。

ListenerId

String

监听ID。

返回值

Fn::GetAtt

  • AclIds:访问控制策略组ID。

  • ListenerId:监听ID。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  AclType:
    Type: String
    Description:
      en: |-
        The type of ACL. Valid values:white: a whitelist. Only requests from the IP addresses or CIDR blocks in the ACL are forwarded. Whitelists apply to scenarios in which you want to allow only specific IP addresses to access an application. Your service may be adversely affected if the whitelist is not properly configured. After you configure a whitelist for a listener, only requests from the IP addresses that are added to the whitelist are forwarded by the listener. If the whitelist is enabled but no IP addresses are added to it, the listener does not forward requests.
        black: a blacklist. All requests from the IP addresses or CIDR blocks in the ACL are denied. Blacklists apply to scenarios in which you want to deny access from specific IP addresses to an application. If the blacklist is enabled but no IP addresses are added to it, the listener forwards all requests.
    AllowedValues:
      - white
      - black
    Required: true
  AclIds:
    AssociationPropertyMetadata:
      Parameter:
        Type: String
        Description:
          en: 'The ID of the ACL. '
        Required: false
    AssociationProperty: List[Parameter]
    Type: Json
    Description:
      en: The ID of the ACL. You can associate up to two ACL IDs.
    Required: true
    MinLength: 1
    MaxLength: 2
  ListenerId:
    Type: String
    Description:
      en: The ID of the listener.
    Required: true
Resources:
  ExtensionResource:
    Type: ALIYUN::GA::AclsListenerAssociation
    Properties:
      AclType:
        Ref: AclType
      AclIds:
        Ref: AclIds
      ListenerId:
        Ref: ListenerId
Outputs:
  AclIds:
    Description: 'The IDs of the ACL. '
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AclIds
  ListenerId:
    Description: The ID of the listener.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - ListenerId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "AclType": {
      "Type": "String",
      "Description": {
        "en": "The type of ACL. Valid values:white: a whitelist. Only requests from the IP addresses or CIDR blocks in the ACL are forwarded. Whitelists apply to scenarios in which you want to allow only specific IP addresses to access an application. Your service may be adversely affected if the whitelist is not properly configured. After you configure a whitelist for a listener, only requests from the IP addresses that are added to the whitelist are forwarded by the listener. If the whitelist is enabled but no IP addresses are added to it, the listener does not forward requests.\nblack: a blacklist. All requests from the IP addresses or CIDR blocks in the ACL are denied. Blacklists apply to scenarios in which you want to deny access from specific IP addresses to an application. If the blacklist is enabled but no IP addresses are added to it, the listener forwards all requests."
      },
      "AllowedValues": [
        "white",
        "black"
      ],
      "Required": true
    },
    "AclIds": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "The ID of the ACL. "
          },
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The ID of the ACL. You can associate up to two ACL IDs."
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 2
    },
    "ListenerId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the listener."
      },
      "Required": true
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::GA::AclsListenerAssociation",
      "Properties": {
        "AclType": {
          "Ref": "AclType"
        },
        "AclIds": {
          "Ref": "AclIds"
        },
        "ListenerId": {
          "Ref": "ListenerId"
        }
      }
    }
  },
  "Outputs": {
    "AclIds": {
      "Description": "The IDs of the ACL. ",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AclIds"
        ]
      }
    },
    "ListenerId": {
      "Description": "The ID of the listener.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "ListenerId"
        ]
      }
    }
  }
}