ALIYUN::NLB::SecurityPolicy is used to create a custom security policy for a TCP/SSL listener.
Syntax
{
"Type": "ALIYUN::NLB::SecurityPolicy",
"Properties": {
"Ciphers": List,
"ResourceGroupId": String,
"SecurityPolicyName": String,
"TlsVersions": List,
"Tags": List
}
}Properties
Property | Type | Required | Editable | Description | Constraint |
Ciphers | List | Yes | Yes | The supported cipher suites. | The valid values of Ciphers vary based on the version of the Transport Layer Security (TLS) protocol. You can specify up to 32 cipher suites. Valid values for TLS 1.0 and TLS 1.1:
Valid values for TLS 1.2:
Valid values for TLS 1.3:
|
ResourceGroupId | String | No | No | The ID of the resource group. | None. |
SecurityPolicyName | String | No | Yes | The name of the security policy. | The name must be 1 to 200 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-). |
TlsVersions | List | Yes | Yes | The supported versions of the TLS protocol. | Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3. |
Tags | List | No | Yes | The tags. | You can add up to 20 tags. For more information, see Tags properties. |
Tags syntax
"Tags": [
{
"Value": String,
"Key": String
}
]Tags properties
Property | Type | Required | Editable | Description | Constraint |
Value | String | No | No | The tag value. | The tag value can be an empty string. The tag value can be up to 128 characters in length, and cannot start with |
Key | String | Yes | No | The tag key. | The tag key cannot be an empty string. The tag key can be up to 128 characters in length, and cannot start with |
Return values
Fn::GetAtt
SecurityPolicyId: the ID of the TLS security policy.
Arn: the Alibaba Cloud Resource Name (ARN).
Examples
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Ciphers:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Description:
en: 'TLS 1.0 and TLS 1.1 support the following cipher suites:
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
AES128-SHA
AES256-SHA
DES-CBC3-SHA
TLS 1.2 supports the following cipher suites:
ECDHE-ECDSA-AES128-SHA
ECDHE-ECDSA-AES256-SHA
ECDHE-RSA-AES128-SHA
ECDHE-RSA-AES256-SHA
AES128-SHA
AES256-SHA
DES-CBC3-SHA
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES128-SHA256
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-RSA-AES128-SHA256
ECDHE-RSA-AES256-SHA384
AES128-GCM-SHA256
AES256-GCM-SHA384
AES128-SHA256
AES256-SHA256
TLS 1.3 supports the following cipher suites:
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_AES_128_CCM_SHA256
TLS_AES_128_CCM_8_SHA256'
Required: false
Type: String
Description:
en: TThe supported cipher suites, which are determined by the TLS protocol version.
You can specify at most 32 cipher suites.
MaxLength: 32
MinLength: 1
Required: true
Type: Json
ResourceGroupId:
AssociationProperty: ALIYUN::ECS::ResourceGroup::ResourceGroupId
Description:
en: The ID of the resource group.
Required: false
Type: String
SecurityPolicyName:
Description:
en: 'The name of the security policy.
The name must be 1 to 200 characters in length, and can contain letters, digits,
periods (.), underscores (_), and hyphens (-).'
Required: false
Type: String
Tags:
AssociationProperty: List[Parameters]
AssociationPropertyMetadata:
ListMetadata:
Order:
- Key
- Value
Parameters:
Key:
Required: true
Type: String
Value:
Required: false
Type: String
Description:
en: Tags to attach to instance. Max support 20 tags to add during create instance.
Each tag with two properties Key and Value, and Key is required.
MaxLength: 20
Required: false
Type: Json
TlsVersions:
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Required: false
Type: String
Description:
en: 'The supported versions of the Transport Layer Security (TLS) protocol.
Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.'
MaxLength: 4
MinLength: 1
Required: true
Type: Json
Resources:
SecurityPolicy:
Properties:
Ciphers:
Ref: Ciphers
ResourceGroupId:
Ref: ResourceGroupId
SecurityPolicyName:
Ref: SecurityPolicyName
Tags:
Ref: Tags
TlsVersions:
Ref: TlsVersions
Type: ALIYUN::NLB::SecurityPolicy
Outputs:
SecurityPolicyId:
Description: The ID of the security policy.
Value:
Fn::GetAtt:
- SecurityPolicy
- SecurityPolicyId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Ciphers": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "TLS 1.0 and TLS 1.1 support the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nTLS 1.2 supports the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nECDHE-ECDSA-AES128-GCM-SHA256\nECDHE-ECDSA-AES256-GCM-SHA384\nECDHE-ECDSA-AES128-SHA256\nECDHE-ECDSA-AES256-SHA384\nECDHE-RSA-AES128-GCM-SHA256\nECDHE-RSA-AES256-GCM-SHA384\nECDHE-RSA-AES128-SHA256\nECDHE-RSA-AES256-SHA384\nAES128-GCM-SHA256\nAES256-GCM-SHA384\nAES128-SHA256\nAES256-SHA256\nTLS 1.3 supports the following cipher suites:\nTLS_AES_128_GCM_SHA256\nTLS_AES_256_GCM_SHA384\nTLS_CHACHA20_POLY1305_SHA256\nTLS_AES_128_CCM_SHA256\nTLS_AES_128_CCM_8_SHA256"
},
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "TThe supported cipher suites, which are determined by the TLS protocol version. You can specify at most 32 cipher suites."
},
"Required": true,
"MinLength": 1,
"MaxLength": 32
},
"ResourceGroupId": {
"AssociationProperty": "ALIYUN::ECS::ResourceGroup::ResourceGroupId",
"Type": "String",
"Description": {
"en": "The ID of the resource group."
},
"Required": false
},
"SecurityPolicyName": {
"Type": "String",
"Description": {
"en": "The name of the security policy.\nThe name must be 1 to 200 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-)."
},
"Required": false
},
"TlsVersions": {
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Required": false
}
},
"AssociationProperty": "List[Parameter]",
"Type": "Json",
"Description": {
"en": "The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3."
},
"Required": true,
"MinLength": 1,
"MaxLength": 4
},
"Tags": {
"AssociationPropertyMetadata": {
"Parameters": {
"Value": {
"Type": "String",
"Required": false
},
"Key": {
"Type": "String",
"Required": true
}
},
"ListMetadata": {
"Order": [
"Key",
"Value"
]
}
},
"AssociationProperty": "List[Parameters]",
"Type": "Json",
"Description": {
"en": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required."
},
"Required": false,
"MaxLength": 20
}
},
"Resources": {
"SecurityPolicy": {
"Type": "ALIYUN::NLB::SecurityPolicy",
"Properties": {
"Ciphers": {
"Ref": "Ciphers"
},
"ResourceGroupId": {
"Ref": "ResourceGroupId"
},
"SecurityPolicyName": {
"Ref": "SecurityPolicyName"
},
"TlsVersions": {
"Ref": "TlsVersions"
},
"Tags": {
"Ref": "Tags"
}
}
}
},
"Outputs": {
"SecurityPolicyId": {
"Description": "The ID of the security policy.",
"Value": {
"Fn::GetAtt": [
"SecurityPolicy",
"SecurityPolicyId"
]
}
}
}
}