ALIYUN::CLOUDFW::Instance is used to create an instance of Cloud Firewall.
Syntax
{
"Type": "ALIYUN::CLOUDFW::Instance",
"Properties": {
"VpcBandwidth": Integer,
"AclExtension": Integer,
"NatFirewallNum": Integer,
"NatBandwidth": Integer,
"IpNum": Integer,
"AutoRenew": Boolean,
"Period": Integer,
"PayType": String,
"AutoPay": Boolean,
"LogStorage": Integer,
"LogAnalysis": Boolean,
"VpcFirewallNum": Integer,
"AccountNum": Integer,
"MultiAccountManagement": Boolean,
"Bandwidth": Integer,
"Spec": String,
"PeriodUnit": String,
"IgnoreExisting": Boolean
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
VpcBandwidth | Integer | No | No | The capability to process virtual private cloud (VPC) traffic. | Valid values: 1000 to 15000. Unit: Mbit/s. |
AclExtension | Integer | No | No | The additional quota on access control policies. If the default quota on access control policies supported by your edition is insufficient, you can use this property to purchase an additional quota. | The additional quota on access control policies can be shared by the access control lists (ACLs) of Internet firewalls and VPC firewalls. Valid values: 0 to 300000. |
NatFirewallNum | Integer | No | No | The number of NAT firewalls. | Each NAT gateway corresponds to a NAT firewall. By default, Premium Edition is not configured with NAT firewalls, Enterprise Edition is configured with one NAT firewall, and Ultimate Edition is configured with two NAT firewalls. Valid values: 0 to 20. |
NatBandwidth | Integer | No | No | The capability that a NAT firewall supports to process private network traffic. | The bandwidth for private network traffic that can be protected by a NAT firewall. The default value for Enterprise Edition is 10, and the default value for Ultimate Edition is 20. Valid values: 0 to 1000. Unit: Mbit/s. |
IpNum | Integer | No | No | The number of public IP addresses that can be protected. | Valid values: 20 to 4000. |
AutoRenew | Boolean | No | No | Specifies whether to enable auto-renewal if the instance uses the subscription billing method. | Valid values:
|
Period | Integer | No | No | The subscription duration. | Valid values when PeriodUnit is set to Month: 1, 3, and 6. Valid values when PeriodUnit is set to Year: 1 to 3. |
PayType | String | Yes | No | The billing method. |
|
AutoPay | Boolean | No | No | Specifies whether to enable automatic payment. | Valid values:
|
LogStorage | Integer | No | No | The log storage capacity. | If your Internet bandwidth is 10 Mbit/s and you want to store logs for six months, we recommend that you purchase 1,000 GB of log storage capacity. Valid values: 1000 to 500000. |
LogAnalysis | Boolean | No | No | Specifies whether to purchase the log analysis feature. | By default, Cloud Firewall stores logs for seven days for free. If you want to store logs for a longer period of time or meet classified protection requirements, we recommend that you purchase the log analysis feature. |
VpcFirewallNum | Integer | No | No | The number of VPC firewalls that you want to create. | If your VPCs are connected by using Enterprise Edition transit routers of Cloud Enterprise Network (CEN), each transit router corresponds to a VPC firewall. If your VPCs are connected by using Basic Edition transit routers of CEN, a VPC corresponds to a VPC firewall. If your VPCs are connected by using Express Connect circuits, each VPC peering connection corresponds to a VPC firewall. Valid values: 2 to 500. |
AccountNum | Integer | No | No | The number of accounts that you want to manage by using the multi-account management feature. | You can increase the number of accounts based on your business requirements. A free quota of one account is provided. Valid values: 1 to 1000. |
MultiAccountManagement | Boolean | No | No | The multi-account management feature. | If you have multiple cloud accounts in your enterprise and you want to manage the accounts in a centralized and safe manner, you can purchase the multi-account management feature. Before you disable the multi-account management feature, disable firewall protection for the assets of managed members and delete the members in the Cloud Firewall console. |
Bandwidth | Integer | No | No | The capability to process Internet traffic. | |
Spec | String | No | No | The edition of Cloud Firewall. | Valid values:
|
PeriodUnit | String | No | No | The unit of the auto-renewal period. | Valid values:
|
IgnoreExisting | Boolean | No | No | Specifies whether to ignore an existing instance of Cloud Firewall. | Valid values:
If the existing instance of Cloud Firewall is not created by ROS, ROS ignores the instance when you update or delete the new instance of Cloud Firewall.
|
Return values
Fn::GetAtt
InstanceId: the instance ID.