ALIYUN::WAF3::TGW_资源编排(ROS)-阿里云帮助中心

ALIYUN::WAF3::TGW类型用于创建透明资产。

语法

{
  "Type": "ALIYUN::WAF3::TGW",
  "Properties": {
    "InstanceId": String,
    "Listen": Map,
    "ResourceGroupId": String,
    "Redirect": Map
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
InstanceId	String	是	否	WAF 实例的 ID。	无
Listen	Map	是	是	配置监听信息。	更多信息，请参见Listen属性。
ResourceGroupId	String	否	是	资源组 ID。	无
Redirect	Map	否	是	配置转发信息。	无

Listen语法

"Listen": {
  "CustomCiphers": List,
  "TLSVersion": String,
  "Http2Enabled": Boolean,
  "CipherSuite": Integer,
  "EnableTLSv3": Boolean,
  "Port": Integer,
  "ResourceProduct": String,
  "Certificates": List,
  "Protocol": String,
  "ResourceInstanceId": String
}

Listen属性

属性名称	类型	必须	允许更新	描述	约束
Port	Integer	是	否	监听端口。	无
Protocol	String	是	否	协议类型。	无
ResourceProduct	String	是	否	访问WAF的云产品。	无
ResourceInstanceId	String	是	否	连接到WAF的云产品实例ID。	无
CustomCiphers	List	否	是	自定义加密套件列表。	此参数仅在CipherSuite设置为99时使用。最多支持配置5个自定义加密套件。
CipherSuite	Integer	否	是	加密套件类型。	取值： 1：表示添加全部加密套件。 2：表示添加强加密套件。 99：表示添加自定义加密套件。
Certificates	List	否	是	绑定到证书的域名。	最多支持绑定10个证书。
EnableTLSv3	Boolean	否	是	是否支持 TLS1.3 版本。	取值： true：表示支持 TLS1.3 版本。 false：表示不支持 TLS1.3 版本。
Http2Enabled	Boolean	否	是	是否开启 HTTP2。	取值： true：表示开启 HTTP2。 false：表示不开启 HTTP2。
TLSVersion	String	否	是	TLS 的版本。	取值： tlsv1 tlsv1.1 tlsv1.2

Certificates语法

"Certificates": [
  {
    "AppliedType": String,
    "CertificateId": String
  }
]

Certificates属性

属性名称

类型

必须

允许更新

描述

约束

AppliedType

String

否

是

HTTPS协议的证书类型。

有效值：

default: 表示默认证书。
extension: 表示扩展证书。

CertificateId

String

否

是

已添加证书的ID。

无

Redirect语法

"Redirect": {
  "XffHeaders": List,
  "WriteTimeout": Integer,
  "XffHeaderMode": Integer,
  "Keepalive": Boolean,
  "RequestHeaders": List,
  "KeepaliveRequests": Integer,
  "KeepaliveTimeout": Integer,
  "ReadTimeout": Integer,
  "XffProto": Boolean
}

Redirect属性

属性名称	类型	必须	允许更新	描述	约束
Keepalive	Boolean	否	是	是否保持长连接。	取值： true（默认）：表示保持长连接。 false：表示不保持长连接。
KeepaliveRequests	Integer	否	是	多路复用长连接的请求次数。	取值范围：60~1000，单位：次。
KeepaliveTimeout	Integer	否	是	空闲长连接超时时间。	取值范围：1~60，默认值为15，单位：秒。
RequestHeaders	List	否	是	域名的流量标签字段和值。	用于标记由WAF处理的流量。
ReadTimeout	Integer	否	是	读取超时时长。	单位：秒。取值范围：1~3600。
WriteTimeout	Integer	否	是	写入超时时长。	单位：秒。取值范围：1~3600。
XffHeaders	List	否	是	设置用于获取客户端IP的自定义字段列表。	格式表达为["header1", "header2", ...]。最多支持配置20个自定义字段。
XffHeaderMode	Integer	否	是	WAF 获取客户端真实 IP 的方式。	取值： 0：表示客户端访问流量到 WAF 前没有经过其他七层代理转发。 1：表示 WAF 读取请求头中 X-Forwarded-For（XFF）字段的第一个值作为客户端 IP。 2：表示 WAF 读取请求头中由您设置的自定义字段值作为客户端 IP。
XffProto	Boolean	否	是	X-Forward-For-Proto 传递 WAF 的协议。	取值： true（默认）：表示传递 WAF 的协议。 false：表示不传递 WAF 的协议。

RequestHeaders语法

"RequestHeaders": [
  {
    "Value": String,
    "Key": String
  }
]

RequestHeaders属性

属性名称	类型	必须	允许更新	描述	约束
Key	String	否	是	指定的自定义请求头部字段。	无
Value	String	否	是	指定的自定义请求头部字段设定的值。	无

返回值

Fn::GetAtt

InstanceId：WAF 实例的 ID。
Port：访问WAF的云产品端口。
ResourceProduct：访问WAF的云产品。
TgwId：透明访问资源的保护对象ID。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  InstanceId:
    Type: String
    Description:
      en: The ID of the WAF instance.
    Required: true
  Listen:
    AssociationPropertyMetadata:
      Parameters:
        CustomCiphers:
          Type: Json
          Description:
            en: Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99.
          Required: false
          MinLength: 0
          MaxLength: 5
        TLSVersion:
          Type: String
          Description:
            en: |-
              The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
              tlsv1
              tlsv1.1
              tlsv1.2
          AllowedValues:
            - tlsv1
            - tlsv1.1
            - tlsv1.2
          Required: false
        Http2Enabled:
          Type: Boolean
          Description:
            en: |-
              Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
              true: Enable HTTP2.
              false (default): Disable HTTP2.
          Required: false
        CipherSuite:
          Type: Number
          Description:
            en: |-
              The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
              1: Indicates adding all encryption suites.
              2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.
              99: Indicates adding a custom encryption suite.
          Required: false
        EnableTLSv3:
          Type: Boolean
          Description:
            en: |-
              Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:
              true: indicates that TSL1.3 version is supported.
              false: indicates that TSL1.3 version is not supported.
          Required: false
        Port:
          Type: Number
          Description:
            en: Access the cloud product port of WAF.
          Required: true
        ResourceProduct:
          Type: String
          Description:
            en: Access to WAF cloud products.
          Required: true
        Certificates:
          AssociationPropertyMetadata:
            Parameters:
              AppliedType:
                Type: String
                Description:
                  en: |-
                    The certificate type for the HTTPS protocol. Valid values:
                    default: Indicates the default certificate.
                    extension: Indicates an extended certificate.
                AllowedValues:
                  - default
                  - extension
                Required: false
              CertificateId:
                Type: String
                Description:
                  en: The ID of the certificate that was added.
                Required: false
          AssociationProperty: List[Parameters]
          Type: Json
          Description:
            en: The domain name bound to the certificate.
          Required: false
          MinLength: 0
          MaxLength: 10
        Protocol:
          Type: String
          Description:
            en: Protocol type
          Required: true
        ResourceInstanceId:
          Type: String
          Description:
            en: The instance ID of the cloud product connected to WAF.
          Required: true
    Type: Json
    Description:
      en: Listening information.
    Required: true
Resources:
  ExtensionResource:
    Type: ALIYUN::WAF3::TGW
    Properties:
      InstanceId:
        Ref: InstanceId
      Listen:
        Ref: Listen
Outputs:
  InstanceId:
    Description: The ID of the WAF instance.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - InstanceId
  Port:
    Description: Access the cloud product port of WAF.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - Port
  ResourceProduct:
    Description: Access to WAF cloud products.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - ResourceProduct
  TgwId:
    Description: The protection object ID of the transparent access resource.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TgwId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "InstanceId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the WAF instance."
      },
      "Required": true
    },
    "Listen": {
      "AssociationPropertyMetadata": {
        "Parameters": {
          "CustomCiphers": {
            "Type": "Json",
            "Description": {
              "en": "Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99."
            },
            "Required": false,
            "MinLength": 0,
            "MaxLength": 5
          },
          "TLSVersion": {
            "Type": "String",
            "Description": {
              "en": "The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntlsv1\ntlsv1.1\ntlsv1.2"
            },
            "AllowedValues": [
              "tlsv1",
              "tlsv1.1",
              "tlsv1.2"
            ],
            "Required": false
          },
          "Http2Enabled": {
            "Type": "Boolean",
            "Description": {
              "en": "Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntrue: Enable HTTP2.\nfalse (default): Disable HTTP2."
            },
            "Required": false
          },
          "CipherSuite": {
            "Type": "Number",
            "Description": {
              "en": "The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\n1: Indicates adding all encryption suites.\n2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.\n99: Indicates adding a custom encryption suite."
            },
            "Required": false
          },
          "EnableTLSv3": {
            "Type": "Boolean",
            "Description": {
              "en": "Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:\ntrue: indicates that TSL1.3 version is supported.\nfalse: indicates that TSL1.3 version is not supported."
            },
            "Required": false
          },
          "Port": {
            "Type": "Number",
            "Description": {
              "en": "Access the cloud product port of WAF."
            },
            "Required": true
          },
          "ResourceProduct": {
            "Type": "String",
            "Description": {
              "en": "Access to WAF cloud products."
            },
            "Required": true
          },
          "Certificates": {
            "AssociationPropertyMetadata": {
              "Parameters": {
                "AppliedType": {
                  "Type": "String",
                  "Description": {
                    "en": "The certificate type for the HTTPS protocol. Valid values:\ndefault: Indicates the default certificate.\nextension: Indicates an extended certificate."
                  },
                  "AllowedValues": [
                    "default",
                    "extension"
                  ],
                  "Required": false
                },
                "CertificateId": {
                  "Type": "String",
                  "Description": {
                    "en": "The ID of the certificate that was added."
                  },
                  "Required": false
                }
              }
            },
            "AssociationProperty": "List[Parameters]",
            "Type": "Json",
            "Description": {
              "en": "The domain name bound to the certificate."
            },
            "Required": false,
            "MinLength": 0,
            "MaxLength": 10
          },
          "Protocol": {
            "Type": "String",
            "Description": {
              "en": "Protocol type"
            },
            "Required": true
          },
          "ResourceInstanceId": {
            "Type": "String",
            "Description": {
              "en": "The instance ID of the cloud product connected to WAF."
            },
            "Required": true
          }
        }
      },
      "Type": "Json",
      "Description": {
        "en": "Listening information."
      },
      "Required": true
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::WAF3::TGW",
      "Properties": {
        "InstanceId": {
          "Ref": "InstanceId"
        },
        "Listen": {
          "Ref": "Listen"
        }
      }
    }
  },
  "Outputs": {
    "InstanceId": {
      "Description": "The ID of the WAF instance.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "InstanceId"
        ]
      }
    },
    "Port": {
      "Description": "Access the cloud product port of WAF.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "Port"
        ]
      }
    },
    "ResourceProduct": {
      "Description": "Access to WAF cloud products.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "ResourceProduct"
        ]
      }
    },
    "TgwId": {
      "Description": "The protection object ID of the transparent access resource.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TgwId"
        ]
      }
    }
  }
}