alicloud_alb_listener_acl_attachment

更新时间:

Provides a ALB Listener Acl Attachment resource. Associating ACL to listening.

For information about ALB Listener Acl Attachment and how to use it, see What is Listener Acl Attachment.

-> NOTE: Available since v1.163.0.

-> NOTE: You can associate at most three ACLs with a listener.

-> NOTE: You can only configure either a whitelist or a blacklist for listener, not at the same time.

Example Usage

Basic Usage


provider "alicloud" {
  region = "cn-shanghai"
}

variable "name" {
  default = "tf_example"
}
data "alicloud_alb_zones" "default" {}
data "alicloud_resource_manager_resource_groups" "default" {}

resource "alicloud_vpc" "default" {
  vpc_name   = var.name
  cidr_block = "10.4.0.0/16"
}

resource "alicloud_vswitch" "default" {
  count        = 2
  vpc_id       = alicloud_vpc.default.id
  cidr_block   = format("10.4.%d.0/24", count.index + 1)
  zone_id      = data.alicloud_alb_zones.default.zones[count.index + 3].id
  vswitch_name = format("${var.name}_%d", count.index + 1)
}

resource "alicloud_alb_load_balancer" "default" {
  vpc_id                 = alicloud_vpc.default.id
  address_type           = "Internet"
  address_allocated_mode = "Fixed"
  load_balancer_name     = var.name
  load_balancer_edition  = "Standard"
  resource_group_id      = data.alicloud_resource_manager_resource_groups.default.groups.0.id
  load_balancer_billing_config {
    pay_type = "PayAsYouGo"
  }
  tags = {
    Created = "TF"
  }
  zone_mappings {
    vswitch_id = alicloud_vswitch.default.0.id
    zone_id    = alicloud_vswitch.default.0.zone_id
  }
  zone_mappings {
    vswitch_id = alicloud_vswitch.default.1.id
    zone_id    = alicloud_vswitch.default.1.zone_id
  }
}

resource "alicloud_alb_server_group" "default" {
  protocol          = "HTTP"
  vpc_id            = alicloud_vpc.default.id
  server_group_name = var.name
  resource_group_id = data.alicloud_resource_manager_resource_groups.default.groups.0.id
  health_check_config {
    health_check_enabled = "false"
  }
  sticky_session_config {
    sticky_session_enabled = "false"
  }
  tags = {
    Created = "TF"
  }
}

resource "alicloud_alb_listener" "default" {
  load_balancer_id     = alicloud_alb_load_balancer.default.id
  listener_protocol    = "HTTP"
  listener_port        = 80
  listener_description = var.name
  default_actions {
    type = "ForwardGroup"
    forward_group_config {
      server_group_tuples {
        server_group_id = alicloud_alb_server_group.default.id
      }
    }
  }
}

resource "alicloud_alb_acl" "default" {
  acl_name          = var.name
  resource_group_id = data.alicloud_resource_manager_resource_groups.default.groups.0.id
}

resource "alicloud_alb_acl_entry_attachment" "default" {
  acl_id      = alicloud_alb_acl.default.id
  entry       = "10.0.0.0/24"
  description = var.name
}

resource "alicloud_alb_listener_acl_attachment" "default" {
  acl_id      = alicloud_alb_acl.default.id
  listener_id = alicloud_alb_listener.default.id
  acl_type    = "White"
}

Argument Reference

The following arguments are supported:

  • acl_id - (Required, ForceNew) The ID list of the access policy group bound by the listener.
  • acl_type - (Required, ForceNew) Access control type:
    • White: only requests from IP addresses or address segments in the selected access control list are forwarded. The whitelist applies to scenarios where only specific IP addresses are allowed to access. There are certain business risks in setting up a whitelist. Once the whitelist is set, only the IP addresses in the whitelist can access the load balancer listener. If whitelist access is enabled but no IP addresses are added to the access policy group, the server load balancer listener forwards all requests.
    • Black: All requests from IP addresses or address segments in the selected access control list are not forwarded. Blacklists are applicable to scenarios where only certain IP addresses are restricted. If blacklist access is enabled and no IP is added to the access policy group, the server load balancer listener forwards all requests.
  • listener_id - (Required, ForceNew) Listener instance ID.

Attributes Reference

The following attributes are exported:

  • id - The ID of the resource supplied above.The value is formulated as <listener_id>:<acl_id>.
  • status - Listener Status.

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

  • create - (Defaults to 5 mins) Used when create the Listener Acl Attachment.
  • delete - (Defaults to 5 mins) Used when delete the Listener Acl Attachment.

Import

ALB Listener Acl Attachment can be imported using the id, e.g.

$ terraform import alicloud_alb_listener_acl_attachment.example <listener_id>:<acl_id>