ALIYUN::NLB::SecurityPolicy

ALIYUN::NLB::SecurityPolicy类型用于创建TCPSSL监听的自定义安全策略。

语法

{
  "Type": "ALIYUN::NLB::SecurityPolicy",
  "Properties": {
    "Ciphers": List,
    "ResourceGroupId": String,
    "SecurityPolicyName": String,
    "TlsVersions": List,
    "Tags": List
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

Ciphers

List

支持的加密套件列表。

具体依赖TLSVersion值。最多支持添加32个加密套件。

TLSv1.0和TLSv1.1支持:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

TLSv1.2支持:

  • ECDHE-ECDSA-AES128-SHA

  • ECDHE-ECDSA-AES256-SHA

  • ECDHE-RSA-AES128-SHA

  • ECDHE-RSA-AES256-SHA

  • AES128-SHA

  • AES256-SHA

  • DES-CBC3-SHA

  • ECDHE-ECDSA-AES128-GCM-SHA256

  • ECDHE-ECDSA-AES256-GCM-SHA384

  • ECDHE-ECDSA-AES128-SHA256

  • ECDHE-ECDSA-AES256-SHA384

  • ECDHE-RSA-AES128-GCM-SHA256

  • ECDHE-RSA-AES256-GCM-SHA384

  • ECDHE-RSA-AES128-SHA256

  • ECDHE-RSA-AES256-SHA384

  • AES128-GCM-SHA256

  • AES256-GCM-SHA384

  • AES128-SHA256

  • AES256-SHA256

TLSv1.3支持:

  • TLS_AES_128_GCM_SHA256

  • TLS_AES_256_GCM_SHA384

  • TLS_CHACHA20_POLY1305_SHA256

  • TLS_AES_128_CCM_SHA256

  • TLS_AES_128_CCM_8_SHA256

ResourceGroupId

String

资源组ID。

SecurityPolicyName

String

安全策略名称。

长度为1~200个字符,支持中文和大小写英文字母,可包含数字、半角句号(.)、下划线(_)和短划线(-)。

TlsVersions

List

支持的TLS协议版本。

取值:TLSv1.0TLSv1.1TLSv1.2TLSv1.3

Tags

List

标签列表。

最多支持20个标签,更多信息,请参见Tags属性

Tags语法

"Tags": [
  {
    "Value": String,
    "Key": String
  }
]

Tags属性

属性名称

类型

必须

允许更新

描述

约束

Value

String

标签值。

一旦传入该值,可以为空字符串。最多支持128个字符,不能以acs:开头,不能包含http://或者https://

Key

String

标签键。

一旦传入该值,则不允许为空字符串。最多支持128个字符,不能以aliyunacs:开头,不能包含http://或者https://

返回值

Fn::GetAtt

SecurityPolicyId:TLS安全策略ID。

示例

  • YAML格式

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
      Ciphers:
        AssociationProperty: List[Parameter]
        AssociationPropertyMetadata:
          Parameter:
            Description:
              en: 'TLS 1.0 and TLS 1.1 support the following cipher suites:
    
                ECDHE-ECDSA-AES128-SHA
    
                ECDHE-ECDSA-AES256-SHA
    
                ECDHE-RSA-AES128-SHA
    
                ECDHE-RSA-AES256-SHA
    
                AES128-SHA
    
                AES256-SHA
    
                DES-CBC3-SHA
    
                TLS 1.2 supports the following cipher suites:
    
                ECDHE-ECDSA-AES128-SHA
    
                ECDHE-ECDSA-AES256-SHA
    
                ECDHE-RSA-AES128-SHA
    
                ECDHE-RSA-AES256-SHA
    
                AES128-SHA
    
                AES256-SHA
    
                DES-CBC3-SHA
    
                ECDHE-ECDSA-AES128-GCM-SHA256
    
                ECDHE-ECDSA-AES256-GCM-SHA384
    
                ECDHE-ECDSA-AES128-SHA256
    
                ECDHE-ECDSA-AES256-SHA384
    
                ECDHE-RSA-AES128-GCM-SHA256
    
                ECDHE-RSA-AES256-GCM-SHA384
    
                ECDHE-RSA-AES128-SHA256
    
                ECDHE-RSA-AES256-SHA384
    
                AES128-GCM-SHA256
    
                AES256-GCM-SHA384
    
                AES128-SHA256
    
                AES256-SHA256
    
                TLS 1.3 supports the following cipher suites:
    
                TLS_AES_128_GCM_SHA256
    
                TLS_AES_256_GCM_SHA384
    
                TLS_CHACHA20_POLY1305_SHA256
    
                TLS_AES_128_CCM_SHA256
    
                TLS_AES_128_CCM_8_SHA256'
            Required: false
            Type: String
        Description:
          en: TThe supported cipher suites, which are determined by the TLS protocol version.
            You can specify at most 32 cipher suites.
        MaxLength: 32
        MinLength: 1
        Required: true
        Type: Json
      ResourceGroupId:
        AssociationProperty: ALIYUN::ECS::ResourceGroup::ResourceGroupId
        Description:
          en: The ID of the resource group.
        Required: false
        Type: String
      SecurityPolicyName:
        Description:
          en: 'The name of the security policy.
    
            The name must be 1 to 200 characters in length, and can contain letters, digits,
            periods (.), underscores (_), and hyphens (-).'
        Required: false
        Type: String
      Tags:
        AssociationProperty: List[Parameters]
        AssociationPropertyMetadata:
          ListMetadata:
            Order:
            - Key
            - Value
          Parameters:
            Key:
              Required: true
              Type: String
            Value:
              Required: false
              Type: String
        Description:
          en: Tags to attach to instance. Max support 20 tags to add during create instance.
            Each tag with two properties Key and Value, and Key is required.
        MaxLength: 20
        Required: false
        Type: Json
      TlsVersions:
        AssociationProperty: List[Parameter]
        AssociationPropertyMetadata:
          Parameter:
            Required: false
            Type: String
        Description:
          en: 'The supported versions of the Transport Layer Security (TLS) protocol.
            Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.'
        MaxLength: 4
        MinLength: 1
        Required: true
        Type: Json
    Resources:
      SecurityPolicy:
        Properties:
          Ciphers:
            Ref: Ciphers
          ResourceGroupId:
            Ref: ResourceGroupId
          SecurityPolicyName:
            Ref: SecurityPolicyName
          Tags:
            Ref: Tags
          TlsVersions:
            Ref: TlsVersions
        Type: ALIYUN::NLB::SecurityPolicy
    Outputs:
      SecurityPolicyId:
        Description: The ID of the security policy.
        Value:
          Fn::GetAtt:
          - SecurityPolicy
          - SecurityPolicyId
                            
  • JSON格式

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "Ciphers": {
          "AssociationPropertyMetadata": {
            "Parameter": {
              "Type": "String",
              "Description": {
                "en": "TLS 1.0 and TLS 1.1 support the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nTLS 1.2 supports the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nECDHE-ECDSA-AES128-GCM-SHA256\nECDHE-ECDSA-AES256-GCM-SHA384\nECDHE-ECDSA-AES128-SHA256\nECDHE-ECDSA-AES256-SHA384\nECDHE-RSA-AES128-GCM-SHA256\nECDHE-RSA-AES256-GCM-SHA384\nECDHE-RSA-AES128-SHA256\nECDHE-RSA-AES256-SHA384\nAES128-GCM-SHA256\nAES256-GCM-SHA384\nAES128-SHA256\nAES256-SHA256\nTLS 1.3 supports the following cipher suites:\nTLS_AES_128_GCM_SHA256\nTLS_AES_256_GCM_SHA384\nTLS_CHACHA20_POLY1305_SHA256\nTLS_AES_128_CCM_SHA256\nTLS_AES_128_CCM_8_SHA256"
              },
              "Required": false
            }
          },
          "AssociationProperty": "List[Parameter]",
          "Type": "Json",
          "Description": {
            "en": "TThe supported cipher suites, which are determined by the TLS protocol version. You can specify at most 32 cipher suites."
          },
          "Required": true,
          "MinLength": 1,
          "MaxLength": 32
        },
        "ResourceGroupId": {
          "AssociationProperty": "ALIYUN::ECS::ResourceGroup::ResourceGroupId",
          "Type": "String",
          "Description": {
            "en": "The ID of the resource group."
          },
          "Required": false
        },
        "SecurityPolicyName": {
          "Type": "String",
          "Description": {
            "en": "The name of the security policy.\nThe name must be 1 to 200 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-)."
          },
          "Required": false
        },
        "TlsVersions": {
          "AssociationPropertyMetadata": {
            "Parameter": {
              "Type": "String",
              "Required": false
            }
          },
          "AssociationProperty": "List[Parameter]",
          "Type": "Json",
          "Description": {
            "en": "The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3."
          },
          "Required": true,
          "MinLength": 1,
          "MaxLength": 4
        },
        "Tags": {
          "AssociationPropertyMetadata": {
            "Parameters": {
              "Value": {
                "Type": "String",
                "Required": false
              },
              "Key": {
                "Type": "String",
                "Required": true
              }
            },
            "ListMetadata": {
              "Order": [
                "Key",
                "Value"
              ]
            }
          },
          "AssociationProperty": "List[Parameters]",
          "Type": "Json",
          "Description": {
            "en": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required."
          },
          "Required": false,
          "MaxLength": 20
        }
      },
      "Resources": {
        "SecurityPolicy": {
          "Type": "ALIYUN::NLB::SecurityPolicy",
          "Properties": {
            "Ciphers": {
              "Ref": "Ciphers"
            },
            "ResourceGroupId": {
              "Ref": "ResourceGroupId"
            },
            "SecurityPolicyName": {
              "Ref": "SecurityPolicyName"
            },
            "TlsVersions": {
              "Ref": "TlsVersions"
            },
            "Tags": {
              "Ref": "Tags"
            }
          }
        }
      },
      "Outputs": {
        "SecurityPolicyId": {
          "Description": "The ID of the security policy.",
          "Value": {
            "Fn::GetAtt": [
              "SecurityPolicy",
              "SecurityPolicyId"
            ]
          }
        }
      }
    }