alicloud_cloud_firewall_control_policy
更新时间:
Provides a Cloud Firewall Control Policy resource.
For information about Cloud Firewall Control Policy and how to use it, see What is Control Policy.
-> NOTE: Available since v1.129.0.
Example Usage
Basic Usage
variable "name" {
default = "terraform-example"
}
resource "alicloud_cloud_firewall_control_policy" "default" {
direction = "in"
application_name = "ANY"
description = var.name
acl_action = "accept"
source = "127.0.0.1/32"
source_type = "net"
destination = "127.0.0.2/32"
destination_type = "net"
proto = "ANY"
}
Argument Reference
The following arguments are supported:
direction- (Required, ForceNew) The direction of the traffic to which the access control policy applies. Valid values:in,out.description- (Required) The description of the access control policy.acl_action- (Required) The action that Cloud Firewall performs on the traffic. Valid values:accept,drop,log.source- (Required) The source address in the access control policy.source_type- (Required) The type of the source address in the access control policy. Valid values:net,group,location.destination- (Required) The destination address in the access control policy.destination_type- (Required) The type of the destination address in the access control policy. Valid values:net,group,domain,location.proto- (Required) The protocol type supported by the access control policy. Valid values:ANY,TCP,UDP,ICMP.application_name- (Optional) The application type supported by the access control policy. Valid values:ANY,HTTP,HTTPS,MQTT,Memcache,MongoDB,MySQL,RDP,Redis,SMTP,SMTPS,SSH,SSL,VNC. -> NOTE: Ifprotois set toTCP, you can setapplication_nameto any valid value. Ifprotois set toUDP,ICMP, orANY, you can only setapplication_nametoANY.dest_port- (Optional) The destination port in the access control policy. Note: Ifdest_port_typeis set toport, you must specifydest_port.dest_port_group- (Optional) The name of the destination port address book in the access control policy. Note: Ifdest_port_typeis set togroup, you must specifydest_port_group.dest_port_type- (Optional) The type of the destination port in the access control policy. Valid values:port,group.ip_version- (Optional, ForceNew) The IP version supported by the access control policy. Default value:4. Valid values:4: IPv4.6: IPv6.
domain_resolve_type- (Optional, Available since v1.232.0) The domain name resolution method of the access control policy. Valid values:FQDN: Fully qualified domain name (FQDN)-based resolution.DNS: DNS-based dynamic resolution.FQDN_AND_DNS: FQDN and DNS-based dynamic resolution.
repeat_type- (Optional, Available since v1.232.0) The recurrence type for the access control policy to take effect. Default value:Permanent. Valid values:Permanent: The policy always takes effect.None: The policy takes effect for only once.Daily: The policy takes effect on a daily basis.Weekly: The policy takes effect on a weekly basis.Monthly: The policy takes effect on a monthly basis.
start_time- (Optional, Int, Available since v1.232.0) The time when the access control policy starts to take effect. The value is a UNIX timestamp. Unit: seconds. The value must be on the hour or on the half hour, and at least 30 minutes earlier than the end time.end_time- (Optional, Int, Available since v1.232.0) The time when the access control policy stops taking effect. The value is a UNIX timestamp. Unit: seconds. The value must be on the hour or on the half hour, and at least 30 minutes later than the start time. -> NOTE: Ifrepeat_typeis set toNone,Daily,Weekly, orMonthly,start_timeandend_timemust be set.repeat_start_time- (Optional, Available since v1.232.0) The point in time when the recurrence starts. Example:08:00. The start time must be on the hour or on the half hour, and at least 30 minutes earlier than the end time.repeat_end_time- (Optional, Available since v1.232.0) The point in time when the recurrence ends. Example:23:30. The end time must be on the hour or on the half hour, and at least 30 minutes later than the start time. -> NOTE: Ifrepeat_typeis set toDaily,Weekly, orMonthly,repeat_start_timeandrepeat_end_timemust be set.repeat_days- (Optional, List, Available since v1.232.0) The days of a week or of a month on which the access control policy takes effect. Valid values:- If
repeat_typeis set toWeekly. Valid values:0to6. - If
repeat_typeis set toMonthly. Valid values:1to31. -> NOTE: Ifrepeat_typeis set toWeekly, orMonthly,repeat_daysmust be set.
- If
application_name_list- (Optional, List, Available since v1.232.0) The application types supported by the access control policy. -> NOTE: Ifprotois set toTCP, you can setapplication_name_listto any valid value. Ifprotois set toUDP,ICMP, orANY, you can only setapplication_name_listto["ANY"]. From version 1.232.0, You must specify at least one of theapplication_name_listandapplication_name. If you specify bothapplication_name_listandapplication_name, only theapplication_name_listtakes effect.release- (Optional) The status of the access control policy. Valid values:true,false.source_ip- (Optional) The source IP address of the request.lang- (Optional) The language of the content within the request and response. Valid values:zh,en.
Attributes Reference
The following attributes are exported:
id- The resource ID in terraform of Control Policy. It formats as<acl_uuid>:<direction>.acl_uuid- (Available since v1.148.0) The unique ID of the access control policy.create_time- (Available since v1.232.0) The time when the access control policy was created.
Timeouts
-> NOTE: Available since v1.232.0.
The timeouts block allows you to specify timeouts for certain actions:
create- (Defaults to 5 mins) Used when create the Control Policy.update- (Defaults to 5 mins) Used when update the Control Policy.delete- (Defaults to 5 mins) Used when delete the Control Policy.
Import
Cloud Firewall Control Policy can be imported using the id, e.g.
$ terraform import alicloud_cloud_firewall_control_policy.example <acl_uuid>:<direction>
该文章对您有帮助吗?