All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::ApiGateway::AccessControl

    Document Center

    Resource Orchestration Service:ALIYUN::ApiGateway::AccessControl

    Last Updated:Apr 09, 2026

    The ALIYUN::ApiGateway::AccessControl type creates an access control list (ACL).

    Syntax

    {
  "Type": "ALIYUN::ApiGateway::AccessControl",
  "Properties": {
    "AccessControlListName": String,
    "AddressIpVersion": String,
    "AclEntrys": List
  }
}

    Properties

    Parameter

    Type

    Required

    Update allowed

    Description

    Constraints

    AccessControlListName

    String

    Yes

    No

    The name of the access control list (ACL).

    The name must be 1 to 30 characters long and can contain letters, digits, periods (.), hyphens (-), forward slashes (/), and underscores (_). The name must be unique within the region.

    AclEntrys

    List

    No

    Yes

    A list of ACL entries.

    The list can contain 1 to 50 entries. Each entry must be a unique CIDR block. If an entry already exists, it is ignored. For more information, see AclEntrys properties.

    AddressIpVersion

    String

    No

    No

    The IP version of the ACL.

    Valid values:

    • ipv4

    • ipv6

    AclEntrys syntax

    "AclEntrys": [
  {
    "AclEntryComment": String,
    "AclEntryIp": String
  }
]

    AclEntrys properties

    Parameter

    Type

    Required

    Update allowed

    Description

    Constraints

    AclEntryComment

    String

    No

    Yes

    The description of the ACL entry.

    None

    AclEntryIp

    String

    No

    Yes

    The CIDR block for the ACL entry.

    The entry must be a CIDR block.

    Return values

    Fn::GetAtt

    • AddressIpVersion: The IP version of the ACL.

    • AccessControlListName: The name of the ACL.

    • AclEntrys: The list of entries in the ACL.

    • AclId: The ID of the access control list (ACL).

    Examples

    ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  AddressIpVersion:
    Type: String
    Description: 'The IP version. Valid values: ipv4 and ipv6.'
    AllowedValues:
      - ipv4
      - ipv6
    Required: false
  AccessControlListName:
    Type: String
    Description: The name of the ACL. The name must be 1 to 30 characters long, and can contain letters, digits, periods (.), hyphens (-), forward slashes (/), and underscores (_). The name must be unique within the region.
    Required: true
    MinLength: 1
    MaxLength: 30
  AclEntrys:
    AssociationPropertyMetadata:
      Parameters:
        AclEntryComment:
          Type: String
          Description: The description of the ACL entry.
          Required: false
        AclEntryIp:
          Type: String
          Description: A single IP address or CIDR block to add to the ACL.
          Required: false
    AssociationProperty: List[Parameters]
    Type: Json
    Description: A list of access control entries. You can add up to 50 IP addresses or CIDR blocks to an ACL in each call. If an IP address or CIDR block already exists in the ACL, it is ignored. The entries that you add must be CIDR blocks.
    Required: false
    MinLength: 1
    MaxLength: 50
Resources:
  ExtensionResource:
    Type: ALIYUN::ApiGateway::AccessControl
    Properties:
      AddressIpVersion:
        Ref: AddressIpVersion
      AccessControlListName:
        Ref: AccessControlListName
      AclEntrys:
        Ref: AclEntrys
Outputs:
  AddressIpVersion:
    Description: 'The IP version. Valid values: ipv4 and ipv6.'
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AddressIpVersion
  AccessControlListName:
    Description: The name of the ACL.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AccessControlListName
  AclEntrys:
    Description: A list of access control entries.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AclEntrys
  AclId:
    Description: The ID of the access control list (ACL).
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - AclId

    {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "AddressIpVersion": {
      "Type": "String",
      "Description": "The IP version. Valid values: ipv4 and ipv6.",
      "AllowedValues": [
        "ipv4",
        "ipv6"
      ],
      "Required": false
    },
    "AccessControlListName": {
      "Type": "String",
      "Description": "The name of the ACL. The name must be 1 to 30 characters long, and can contain letters, digits, periods (.), hyphens (-), forward slashes (/), and underscores (_). The name must be unique within the region.",
      "Required": true,
      "MinLength": 1,
      "MaxLength": 30
    },
    "AclEntrys": {
      "AssociationPropertyMetadata": {
        "Parameters": {
          "AclEntryComment": {
            "Type": "String",
            "Description": "The description of the ACL entry.",
            "Required": false
          },
          "AclEntryIp": {
            "Type": "String",
            "Description": "A single IP address or CIDR block to add to the ACL.",
            "Required": false
          }
        }
      },
      "AssociationProperty": "List[Parameters]",
      "Type": "Json",
      "Description": "A list of access control entries. You can add up to 50 IP addresses or CIDR blocks to an ACL in each call. If an IP address or CIDR block already exists in the ACL, it is ignored. The entries that you add must be CIDR blocks.",
      "Required": false,
      "MinLength": 1,
      "MaxLength": 50
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::ApiGateway::AccessControl",
      "Properties": {
        "AddressIpVersion": {
          "Ref": "AddressIpVersion"
        },
        "AccessControlListName": {
          "Ref": "AccessControlListName"
        },
        "AclEntrys": {
          "Ref": "AclEntrys"
        }
      }
    }
  },
  "Outputs": {
    "AddressIpVersion": {
      "Description": "The IP version. Valid values: ipv4 and ipv6.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AddressIpVersion"
        ]
      }
    },
    "AccessControlListName": {
      "Description": "The name of the ACL.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AccessControlListName"
        ]
      }
    },
    "AclEntrys": {
      "Description": "A list of access control entries.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AclEntrys"
        ]
      }
    },
    "AclId": {
      "Description": "The ID of the access control list (ACL).",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "AclId"
        ]
      }
    }
  }
}