ALIYUN::SAG::ACLRule is used to add an access control list (ACL) rule.
Syntax
{
"Type": "ALIYUN::SAG::ACLRule",
"Properties": {
"Direction": String,
"Description": String,
"AclId": String,
"SourceCidr": String,
"DestCidr": String,
"Priority": Integer,
"DestPortRange": String,
"Policy": String,
"IpProtocol": String,
"SourcePortRange": String
}
}Properties
| Name | Type | Required | Editable | Description | Validity |
|---|---|---|---|---|---|
| Direction | String | Yes | Yes | The direction of traffic to match in the ACL rule. | Valid values: in and out |
| Description | String | No | Yes | The description of the ACL rule. | The description must be 1 to 512 characters in length. |
| AclId | String | Yes | No | The ID of the ACL. | None |
| SourceCidr | String | Yes | Yes | The source IP address range specified in the ACL rule. CIDR blocks and IPv4 addresses are supported. | None |
| DestCidr | String | Yes | Yes | The destination IP address range specified in the ACL rule. CIDR blocks and IPv4 addresses are supported. | None |
| Priority | Integer | No | Yes | The priority of the ACL rule. |
Valid values: 1 to 100 Default value: 1 |
| DestPortRange | String | Yes | Yes | The destination port range of the transport layer. | None |
| Policy | String | Yes | Yes | The access control policy. | Valid values: accept and drop |
| IpProtocol | String | Yes | Yes | The transport layer protocol. This parameter is not case-sensitive. | None |
| SourcePortRange | String | Yes | Yes | The source port range of the transport layer. | None |
Response parameters
Fn::GetAtt
AcrId: the ID of the ACL rule.
Examples
{
"ROSTemplateFormatVersion": "2015-09-01",
"Resources": {
"ACLRule": {
"Type": "ALIYUN::SAG::ACLRule",
"Properties": {
"Direction": {
"Ref": "Direction"
},
"Description": {
"Ref": "Description"
},
"AclId": {
"Ref": "AclId"
},
"SourceCidr": {
"Ref": "SourceCidr"
},
"DestCidr": {
"Ref": "DestCidr"
},
"Priority": {
"Ref": "Priority"
},
"DestPortRange": {
"Ref": "DestPortRange"
},
"Policy": {
"Ref": "Policy"
},
"IpProtocol": {
"Ref": "IpProtocol"
},
"SourcePortRange": {
"Ref": "SourcePortRange"
}
}
}
},
"Parameters": {
"Direction": {
"Type": "String",
"Description": "Regular direction.\nValue: in|out",
"AllowedValues": [
"in",
"out"
]
},
"Description": {
"MinLength": 1,
"Type": "String",
"Description": "Rule description, which must be 1 to 512 characters in length.",
"MaxLength": 512
},
"AclId": {
"Type": "String",
"Description": "Access control list ID."
},
"SourceCidr": {
"Type": "String",
"Description": "Source IP address range. CIDR format and IP address range in IPv4 format are supported."
},
"DestCidr": {
"Type": "String",
"Description": "Destination IP address range. CIDR format and IP address range in IPv4 format are supported."
},
"Priority": {
"Default": 1,
"Type": "Number",
"Description": "Priority, ranging from 1 to 100.\nDefault value: 1",
"MaxValue": 100,
"MinValue": 1
},
"DestPortRange": {
"Type": "String",
"Description": "Destination port range, 80/80."
},
"Policy": {
"Type": "String",
"Description": "Access: accept|drop",
"AllowedValues": [
"accept",
"drop"
]
},
"IpProtocol": {
"Type": "String",
"Description": "Protocol, not case sensitive."
},
"SourcePortRange": {
"Type": "String",
"Description": "Source port range, 80/80."
}
},
"Outputs": {
"AcrId": {
"Description": "Access control rule ID.",
"Value": {
"Fn::GetAtt": [
"ACLRule",
"AcrId"
]
}
}
}
}