ALIYUN::SAG::ACLRule is used to add an access control list (ACL) rule.
Syntax
{
"Type": "ALIYUN::SAG::ACLRule",
"Properties": {
"Direction": String,
"Description": String,
"AclId": String,
"SourceCidr": String,
"DestCidr": String,
"Priority": Integer,
"DestPortRange": String,
"Policy": String,
"IpProtocol": String,
"SourcePortRange": String,
"Type": String,
"DpiSignatureIds": List,
"Name": String,
"DpiGroupIds": List
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
---|---|---|---|---|---|
Direction | String | Yes | Yes | The direction of traffic that the ACL rule controls. | Valid values:
|
Description | String | No | Yes | The description of the ACL rule. | The description must be 1 to 512 characters in length. |
AclId | String | Yes | No | The ID of the ACL rule. | None |
SourceCidr | String | Yes | Yes | The source CIDR block. | Specify the value of this property in CIDR notation. Example: 192.168.1.0/24. |
DestCidr | String | Yes | Yes | The destination CIDR block. | Specify the value of this property in CIDR notation. Example: 192.168.10.0/24. |
Priority | Integer | No | Yes | The priority of the ACL rule. |
Valid values: 1 to 100. Default value: 1. |
DestPortRange | String | Yes | Yes | The destination port range. | None |
Policy | String | Yes | Yes | The policy that determines whether the ACL rule allows traffic. | Valid values:
|
IpProtocol | String | Yes | Yes | The protocol based on which the ACL rule is applied. | The value of this property is not case-sensitive. |
SourcePortRange | String | Yes | Yes | The source port range. | None |
Type | String | No | Yes | The type of the ACL rule. | Default value: LAN. Valid values:
|
DpiSignatureIds | List | No | Yes | The list of application IDs. | You can specify up to 100 application IDs.
You can call the ListDpiSignatures operation to query the ID and details of the application. |
Name | String | No | Yes | The name of the ACL rule. | The name must be 2 to 100 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter. |
DpiGroupIds | List | No | Yes | The IDs of the application groups. | You can specify up to 100 application group IDs.
You can call the ListDpiGroups operation to query the ID and details of the application group. |
Return value
Fn::GetAtt
AcrId: the ID of the ACL rule.
Examples
{
"ROSTemplateFormatVersion": "2015-09-01",
"Resources": {
"ACLRule": {
"Type": "ALIYUN::SAG::ACLRule",
"Properties": {
"Direction": {
"Ref": "Direction"
},
"Description": {
"Ref": "Description"
},
"AclId": {
"Ref": "AclId"
},
"SourceCidr": {
"Ref": "SourceCidr"
},
"DestCidr": {
"Ref": "DestCidr"
},
"Priority": {
"Ref": "Priority"
},
"DestPortRange": {
"Ref": "DestPortRange"
},
"Policy": {
"Ref": "Policy"
},
"IpProtocol": {
"Ref": "IpProtocol"
},
"SourcePortRange": {
"Ref": "SourcePortRange"
}
}
}
},
"Parameters": {
"Direction": {
"Type": "String",
"Description": "Regular direction.\nValue: in|out",
"AllowedValues": [
"in",
"out"
]
},
"Description": {
"MinLength": 1,
"Type": "String",
"Description": "Rule description information, ranging from 1 to 512 characters.",
"MaxLength": 512
},
"AclId": {
"Type": "String",
"Description": "Access control ID."
},
"SourceCidr": {
"Type": "String",
"Description": "Source address, CIDR format and IP address range in IPv4 format."
},
"DestCidr": {
"Type": "String",
"Description": "Destination address, CIDR format and IP address range in IPv4 format."
},
"Priority": {
"Default": 1,
"Type": "Number",
"Description": "Priority, ranging from 1 to 100.\nDefault: 1",
"MaxValue": 100,
"MinValue": 1
},
"DestPortRange": {
"Type": "String",
"Description": "Destination port range, 80/80."
},
"Policy": {
"Type": "String",
"Description": "Access: accept|drop",
"AllowedValues": [
"accept",
"drop"
]
},
"IpProtocol": {
"Type": "String",
"Description": "Protocol, not case sensitive."
},
"SourcePortRange": {
"Type": "String",
"Description": "Source port range, 80/80."
}
},
"Outputs": {
"AcrId": {
"Description": "Access control rule ID.",
"Value": {
"Fn::GetAtt": [
"ACLRule",
"AcrId"
]
}
}
}
}
For more examples, visit ACL.json and ACL.yml. In the examples, the ALIYUN::SAG::ACL and ALIYUN::SAG::ACLRule resource types are used.