ALIYUN::SAG::ACLRule

ALIYUN::SAG::ACLRule类型用于添加访问控制规则。

语法

{
  "Type": "ALIYUN::SAG::ACLRule",
  "Properties": {
    "Direction": String,
    "Description": String,
    "AclId": String,
    "SourceCidr": String,
    "DestCidr": String,
    "Priority": Integer,
    "DestPortRange": String,
    "Policy": String,
    "IpProtocol": String,
    "SourcePortRange": String,
    "Type": String,
    "DpiSignatureIds": List,
    "Name": String,
    "DpiGroupIds": List
  }
}

属性

属性名称

类型

必须

允许更新

描述

约束

Direction

String

访问控制规则应用方向。

取值:

  • in:入方向,表示从外部访问智能接入网关实例所在的本地分支的流量。

  • out:出方向,表示从智能接入网关实例所在的本地分支访问外部的流量。

Description

String

访问控制规则描述信息。

长度为1~512个字符。

AclId

String

访问控制实例ID。

SourceCidr

String

源网段。

源网段格式为CIDR格式。例如:192.168.1.0/24。

DestCidr

String

目的网段。

目的网段格式为CIDR格式。例如:192.168.10.0/24。

Priority

Integer

访问控制规则优先级。

取值范围:1~100。

默认值:1。

DestPortRange

String

目的端口范围。

Policy

String

访问控制规则授权策略。

取值:

  • accept:允许。

  • drop:拒绝。

IpProtocol

String

访问控制规则应用的协议。

协议格式不区分大小写。

SourcePortRange

String

源端口范围。

Type

String

访问控制规则类型。

取值:

  • LAN(默认值):私网,表示针对私网地址的流量设置访问控制规则。

  • WAN:公网,表示针对公网地址的流量设置访问控制规则。

DpiSignatureIds

List

应用ID列表。

最多支持同时指定100个应用ID。

您可以调用ListDpiSignatures查询应用ID及其对应的应用信息。

Name

String

访问控制规则的名称。

长度为2~100个字符,必须以英文字母开头。可包含英文字母、数字、下划线(_)和短划线(-)。

DpiGroupIds

List

应用组ID。

最多支持同时指定100个应用组ID。

您可以调用ListDpiGroups查查询应用组ID及其包含的应用信息。

返回值

Fn::GetAtt

AcrId:访问控制规则ID。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Direction:
    Type: String
    Description: |-
      Regular direction.
      Value: in|out
    AllowedValues:
      - in
      - out
    Default: in
  AclId:
    Type: String
    Description: Access control ID.
    Default: acl-***
  SourceCidr:
    Type: String
    Description: Source address, CIDR format and IP address range in IPv4 format.
    Default: 192.168.1.0/24
  DestCidr:
    Type: String
    Description: Destination address, CIDR format and IP address range in IPv4 format.
    Default: 192.168.1.0/24
  Priority:
    Default: 1
    Type: Number
    Description: |-
      Priority, ranging from 1 to 100.
      Default: 1
    MaxValue: 100
    MinValue: 1
  DestPortRange:
    Type: String
    Description: Destination port range, 80/80.
    Default: 80/80
  Policy:
    Type: String
    Description: 'Access: accept|drop'
    AllowedValues:
      - accept
      - drop
    Default: accept
  IpProtocol:
    Type: String
    Description: Protocol, not case sensitive.
    Default: ALL
  SourcePortRange:
    Type: String
    Description: Source port range, 80/80.
    Default: 80/80
Resources:
  ACLRule:
    Type: ALIYUN::SAG::ACLRule
    Properties:
      Direction:
        Ref: Direction
      AclId:
        Ref: AclId
      SourceCidr:
        Ref: SourceCidr
      DestCidr:
        Ref: DestCidr
      Priority:
        Ref: Priority
      DestPortRange:
        Ref: DestPortRange
      Policy:
        Ref: Policy
      IpProtocol:
        Ref: IpProtocol
      SourcePortRange:
        Ref: SourcePortRange
Outputs:
  AcrId:
    Description: Access control rule ID.
    Value:
      Fn::GetAtt:
        - ACLRule
        - AcrId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Direction": {
      "Type": "String",
      "Description": "Regular direction.\nValue: in|out",
      "AllowedValues": [
        "in",
        "out"
      ],
      "Default": "in"
    },
    "AclId": {
      "Type": "String",
      "Description": "Access control ID.",
      "Default": "acl-***"
    },
    "SourceCidr": {
      "Type": "String",
      "Description": "Source address, CIDR format and IP address range in IPv4 format.",
      "Default": "192.168.1.0/24"
    },
    "DestCidr": {
      "Type": "String",
      "Description": "Destination address, CIDR format and IP address range in IPv4 format.",
      "Default": "192.168.1.0/24"
    },
    "Priority": {
      "Default": 1,
      "Type": "Number",
      "Description": "Priority, ranging from 1 to 100.\nDefault: 1",
      "MaxValue": 100,
      "MinValue": 1
    },
    "DestPortRange": {
      "Type": "String",
      "Description": "Destination port range, 80/80.",
      "Default": "80/80"
    },
    "Policy": {
      "Type": "String",
      "Description": "Access: accept|drop",
      "AllowedValues": [
        "accept",
        "drop"
      ],
      "Default": "accept"
    },
    "IpProtocol": {
      "Type": "String",
      "Description": "Protocol, not case sensitive.",
      "Default": "ALL"
    },
    "SourcePortRange": {
      "Type": "String",
      "Description": "Source port range, 80/80.",
      "Default": "80/80"
    }
  },
  "Resources": {
    "ACLRule": {
      "Type": "ALIYUN::SAG::ACLRule",
      "Properties": {
        "Direction": {
          "Ref": "Direction"
        },
        "AclId": {
          "Ref": "AclId"
        },
        "SourceCidr": {
          "Ref": "SourceCidr"
        },
        "DestCidr": {
          "Ref": "DestCidr"
        },
        "Priority": {
          "Ref": "Priority"
        },
        "DestPortRange": {
          "Ref": "DestPortRange"
        },
        "Policy": {
          "Ref": "Policy"
        },
        "IpProtocol": {
          "Ref": "IpProtocol"
        },
        "SourcePortRange": {
          "Ref": "SourcePortRange"
        }
      }
    }
  },
  "Outputs": {
    "AcrId": {
      "Description": "Access control rule ID.",
      "Value": {
        "Fn::GetAtt": [
          "ACLRule",
          "AcrId"
        ]
      }
    }
  }
}