ALIYUN::NLB::SecurityPolicy类型用于创建TCPSSL监听的自定义安全策略。
语法
{
"Type": "ALIYUN::NLB::SecurityPolicy",
"Properties": {
"Ciphers": List,
"ResourceGroupId": String,
"SecurityPolicyName": String,
"TlsVersions": List,
"Tags": List
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Ciphers | List | 是 | 是 | 支持的加密套件列表。 | 具体依赖TLSVersion值。最多支持添加32个加密套件。 TLSv1.0和TLSv1.1支持:
TLSv1.2支持:
TLSv1.3支持:
|
ResourceGroupId | String | 否 | 否 | 资源组ID。 | 无 |
SecurityPolicyName | String | 否 | 是 | 安全策略名称。 | 长度为1~200个字符,支持中文和大小写英文字母,可包含数字、半角句号(.)、下划线(_)和短划线(-)。 |
TlsVersions | List | 是 | 是 | 支持的TLS协议版本。 | 取值:TLSv1.0、TLSv1.1、TLSv1.2、TLSv1.3。 |
Tags | List | 否 | 是 | 标签列表。 | 最多支持20个标签,更多信息,请参见Tags属性。 |
Tags语法
"Tags": [
{
"Value": String,
"Key": String
}
]Tags属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
Value | String | 否 | 否 | 标签值。 | 一旦传入该值,可以为空字符串。最多支持128个字符,不能以 |
Key | String | 是 | 否 | 标签键。 | 一旦传入该值,则不允许为空字符串。最多支持128个字符,不能以 |
返回值
Fn::GetAtt
SecurityPolicyId:TLS安全策略ID。
Arn:阿里云资源名称。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Ciphers:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: 'TLS 1.0 and TLS 1.1 support the following cipher suites:
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
AES128-SHA
AES256-SHA
DES-CBC3-SHA
TLS 1.2 supports the following cipher suites:
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
AES128-SHA
AES256-SHA
DES-CBC3-SHA
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-SHA256
AES256-SHA256
TLS 1.3 supports the following cipher suites:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256'
Required: false
Type: String
Description:
en: TThe supported cipher suites, which are determined by the TLS protocol version.
You can specify at most 32 cipher suites.
MaxLength: 32
MinLength: 1
Required: true
Type: Json
ResourceGroupId:
AssociationProperty: ALIYUN::ECS::ResourceGroup::ResourceGroupId
Description:
en: The ID of the resource group.
Required: false
Type: String
SecurityPolicyName:
Description:
en: 'The name of the security policy.
The name must be 1 to 200 characters in length, and can contain letters, digits,
periods (.), underscores (_), and hyphens (-).'
Required: false
Type: String
Tags:
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
ListMetadata:
Order:
- Key
- Value
Parameters:
Key:
Required: true
Type: String
Value:
Required: false
Type: String
Description:
en: Tags to attach to instance. Max support 20 tags to add during create instance.
Each tag with two properties Key and Value, and Key is required.
MaxLength: 20
Required: false
Type: Json
TlsVersions:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Required: false
Type: String
Description:
en: 'The supported versions of the Transport Layer Security (TLS) protocol.
Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.'
MaxLength: 4
MinLength: 1
Required: true
Type: Json
Resources:
SecurityPolicy:
Properties:
Ciphers:
Ref: Ciphers
ResourceGroupId:
Ref: ResourceGroupId
SecurityPolicyName:
Ref: SecurityPolicyName
Tags:
Ref: Tags
TlsVersions:
Ref: TlsVersions
Type: ALIYUN::NLB::SecurityPolicy
Outputs:
SecurityPolicyId:
Description: The ID of the security policy.
Value:
Fn::GetAtt:
- SecurityPolicy
- SecurityPolicyId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Ciphers": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "TLS 1.0 and TLS 1.1 support the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nTLS 1.2 supports the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nECDHE-ECDSA-AES128-GCM-SHA256\nECDHE-ECDSA-AES256-GCM-SHA384\nECDHE-ECDSA-AES128-SHA256\nECDHE-ECDSA-AES256-SHA384\nECDHE-RSA-AES128-GCM-SHA256\nECDHE-RSA-AES256-GCM-SHA384\nECDHE-RSA-AES128-SHA256\nECDHE-RSA-AES256-SHA384\nAES128-GCM-SHA256\nAES256-GCM-SHA384\nAES128-SHA256\nAES256-SHA256\nTLS 1.3 supports the following cipher suites:\nTLS_AES_128_GCM_SHA256\nTLS_AES_256_GCM_SHA384\nTLS_CHACHA20_POLY1305_SHA256\nTLS_AES_128_CCM_SHA256\nTLS_AES_128_CCM_8_SHA256"
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "TThe supported cipher suites, which are determined by the TLS protocol version. You can specify at most 32 cipher suites."
},
"Required": true,
"MinLength": 1,
"MaxLength": 32
},
"ResourceGroupId": {
"AssociationProperty": "ALIYUN::ECS::ResourceGroup::ResourceGroupId",
"Type": "String",
"Description": {
"en": "The ID of the resource group."
},
"Required": false
},
"SecurityPolicyName": {
"Type": "String",
"Description": {
"en": "The name of the security policy.\nThe name must be 1 to 200 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-)."
},
"Required": false
},
"TlsVersions": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3."
},
"Required": true,
"MinLength": 1,
"MaxLength": 4
},
"Tags": {
"AssociationPropertyMetadata": {
"Parameters": {
"Value": {
"Type": "String",
"Required": false
},
"Key": {
"Type": "String",
"Required": true
}
},
"ListMetadata": {
"Order": [
"Key",
"Value"
]
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Description": {
"en": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required."
},
"Required": false,
"MaxLength": 20
}
},
"Resources": {
"SecurityPolicy": {
"Type": "ALIYUN::NLB::SecurityPolicy",
"Properties": {
"Ciphers": {
"Ref": "Ciphers"
},
"ResourceGroupId": {
"Ref": "ResourceGroupId"
},
"SecurityPolicyName": {
"Ref": "SecurityPolicyName"
},
"TlsVersions": {
"Ref": "TlsVersions"
},
"Tags": {
"Ref": "Tags"
}
}
}
},
"Outputs": {
"SecurityPolicyId": {
"Description": "The ID of the security policy.",
"Value": {
"Fn::GetAtt": [
"SecurityPolicy",
"SecurityPolicyId"
]
}
}
}
}
该文章对您有帮助吗?