ALIYUN::VPC::ForwardEntry - Resource Orchestration Service

ALIYUN::VPC::ForwardEntry is used to add a DNAT entry to a DNAT table.

Syntax

{
  "Type": "ALIYUN::VPC::ForwardEntry",
  "Properties": {
    "ExternalPort": String,
    "ExternalIp": String,
    "IpProtocol": String,
    "PortBreak": Boolean,
    "InternalPort": String,
    "ForwardEntryName": String,
    "InternalIp": String,
    "ForwardTableId": String
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
ExternalPort	String	Yes	No	The external port or port range.	The value is the external port or port range that is used for port forwarding when you configure a DNAT entry for an Internet NAT gateway. Valid values: 1 to 65535. To specify a port range, separate the first port and the last port with a forward slash (/), such as `10/20`. If you set ExternalPort to a port range, you must also set InternalPort to a port range. The number of ports in the port ranges must be the same. For example, if you set ExternalPort to `10/20`, you can set InternalPort to `80/90`. The value is the port that can be accessed by external networks when you configure a DNAT entry for a virtual private cloud (VPC) NAT gateway. Valid values: 1 to 65535.
ExternalIp	String	Yes	No	The IP address.	The value is the elastic IP address (EIP) that can be accessed over the Internet when you configure a DNAT entry for an Internet NAT gateway. The value is the NAT IP address that can be accessed by external networks when you configure a DNAT entry for a VPC NAT gateway.
IpProtocol	String	Yes	No	The protocol type.	Valid values: TCP: forwards TCP packets. UDP: forwards UDP packets. Any: forwards packets of all protocols. If you set IpProtocol to Any, you must also set ExternalPort and InternalPort to Any to implement DNAT IP mapping.
PortBreak	Boolean	No	No	Specifies whether to remove limits on the port range.	Valid values: true false (default) Note If an SNAT entry and a DNAT entry use the same public IP address and you want to specify a port number greater than 1024, you must set PortBreak to true.
InternalPort	String	Yes	No	The internal port or port range.	The value is the internal port or port range that is used for port forwarding when you configure a DNAT entry for an Internet NAT gateway. Valid values: 1 to 65535. The value is the port of the destination ECS instance to be mapped when you configure a DNAT entry for a VPC NAT gateway. Valid values: 1 to 65535.
ForwardEntryName	String	No	No	The name of the DNAT entry.	None.
InternalIp	String	Yes	No	The private IP address.	The value is the private IP address of the ECS instance that needs to communicate with the Internet when you configure a DNAT entry for an Internet NAT gateway. The private IP address must meet the following requirements: The private IP address must belong to the CIDR block of the VPC where the NAT gateway resides. The DNAT entry takes effect only when the private IP address is used by an ECS instance and the ECS instance is not associated with an EIP. The value is the private IP address that uses a DNAT entry for communication when you configure a DNAT entry for a VPC NAT gateway.
ForwardTableId	String	Yes	No	The ID of the DNAT table.	None.

Return values

Fn::GetAtt

ForwardEntryId: the ID of the DNAT entry.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Metadata:
  ALIYUN::ROS::Interface:
    ParameterGroups:
    - Label:
        default:
          en: DNAT Configure
          zh-cn: "DNAT\u8BBE\u7F6E"
      Parameters:
      - ForwardTableId
      - PortBreak
      - ForwardEntryName
    - Label:
        default:
          en: Network Configure
          zh-cn: "\u7F51\u7EDC\u8BBE\u7F6E"
      Parameters:
      - ExternalIp
      - InternalIp
      - ExternalPort
      - InternalPort
      - IpProtocol
    - Label:
        default:
          en: Other Configure
          zh-cn: "\u5176\u4ED6\u8BBE\u7F6E"
      Parameters: []
Parameters:
  ExternalIp:
    Description:
      en: Source IP, must belongs to bandwidth package internet IP
    Label:
      zh-cn: "\u516C\u7F51IP\u5730\u5740"
    Required: true
    Type: String
  ExternalPort:
    Description:
      en: Source port, now support [1-65535]|Any|x/y
    Label:
      zh-cn: "\u516C\u7F51\u7AEF\u53E3"
    Required: true
    Type: String
  ForwardEntryName:
    Description:
      en: the name of the DNAT rule is 2-128 characters long and must start with a
        letter or Chinese, but cannot begin with HTTP:// or https://.
    Label:
      zh-cn: "DNAT\u89C4\u5219\u7684\u540D\u79F0"
    Required: false
    Type: String
  ForwardTableId:
    Description:
      en: Create forward entry in specified forward table.
    Label:
      zh-cn: "DNAT\u8868\u7684ID"
    Required: true
    Type: String
  InternalIp:
    Description:
      en: Destination IP, must belong to VPC private IP
    Label:
      zh-cn: "\u79C1\u7F51IP\u5730\u5740"
    Required: true
    Type: String
  InternalPort:
    Description:
      en: Destination port, now support [1-65535]|Any|x/y
    Label:
      zh-cn: "\u79C1\u7F51\u7AEF\u53E3"
    Required: true
    Type: String
  IpProtocol:
    AllowedValues:
    - TCP
    - UDP
    - Any
    Description:
      en: Supported protocol, Now support 'TCP|UDP|Any'
    Label:
      zh-cn: "\u534F\u8BAE\u7C7B\u578B"
    Required: true
    Type: String
  PortBreak:
    Description:
      en: Specifies whether to remove limits on the port range.
    Label:
      zh-cn: "\u662F\u5426\u5F00\u542F\u7AEF\u53E3\u7A81\u7834"
    Required: false
    Type: Boolean
Resources:
  ForwardTableEntry:
    Properties:
      ExternalIp:
        Ref: ExternalIp
      ExternalPort:
        Ref: ExternalPort
      ForwardEntryName:
        Ref: ForwardEntryName
      ForwardTableId:
        Ref: ForwardTableId
      InternalIp:
        Ref: InternalIp
      InternalPort:
        Ref: InternalPort
      IpProtocol:
        Ref: IpProtocol
      PortBreak:
        Ref: PortBreak
    Type: ALIYUN::VPC::ForwardEntry
Outputs:
  ForwardEntryId:
    Description: The id of created forward entry.
    Value:
      Fn::GetAtt:
      - ForwardTableEntry
      - ForwardEntryId

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Metadata": {
    "ALIYUN::ROS::Interface": {
      "ParameterGroups": [
        {
          "Parameters": [
            "ForwardTableId",
            "PortBreak",
            "ForwardEntryName"
          ],
          "Label": {
            "default": {
              "en": "DNAT Configure",
               
            }
          }
        },
        {
          "Parameters": [
            "ExternalIp",
            "InternalIp",
            "ExternalPort",
            "InternalPort",
            "IpProtocol"
          ],
          "Label": {
            "default": {
              "en": "Network Configure",
               
            }
          }
        },
        {
          "Parameters": [],
          "Label": {
            "default": {
              "en": "Other Configure",
               
            }
          }
        }
      ]
    }
  },
  "Parameters": {
    "ExternalPort": {
      "Type": "String",
      "Description": {
        "en": "Source port, now support [1-65535]|Any|x/y"
      },
      "Required": true,
      "Label": {
         
      }
    },
    "ExternalIp": {
      "Type": "String",
      "Description": {
        "en": "Source IP, must belongs to bandwidth package internet IP"
      },
      "Required": true,
      "Label": {
         
      }
    },
    "IpProtocol": {
      "Type": "String",
      "AllowedValues": [
        "TCP",
        "UDP",
        "Any"
      ],
      "Description": {
        "en": "Supported protocol, Now support 'TCP|UDP|Any'"
      },
      "Required": true,
      "Label": {
         
      }
    },
    "PortBreak": {
      "Type": "Boolean",
      "Description": {
        "en": "Specifies whether to remove limits on the port range."
      },
      "Required": false,
      "Label": {
         
      }
    },
    "InternalPort": {
      "Type": "String",
      "Description": {
        "en": "Destination port, now support [1-65535]|Any|x/y"
      },
      "Required": true,
      "Label": {
         
      }
    },
    "ForwardEntryName": {
      "Type": "String",
      "Description": {
        "en": "the name of the DNAT rule is 2-128 characters long and must start with a letter or Chinese, but cannot begin with HTTP:// or https://."
      },
      "Required": false,
      "Label": {
         
      }
    },
    "InternalIp": {
      "Type": "String",
      "Description": {
        "en": "Destination IP, must belong to VPC private IP"
      },
      "Required": true,
      "Label": {
         
      }
    },
    "ForwardTableId": {
      "Type": "String",
      "Description": {
        "en": "Create forward entry in specified forward table."
      },
      "Required": true,
      "Label": {
         
      }
    }
  },
  "Resources": {
    "ForwardTableEntry": {
      "Type": "ALIYUN::VPC::ForwardEntry",
      "Properties": {
        "ExternalPort": {
          "Ref": "ExternalPort"
        },
        "ExternalIp": {
          "Ref": "ExternalIp"
        },
        "IpProtocol": {
          "Ref": "IpProtocol"
        },
        "PortBreak": {
          "Ref": "PortBreak"
        },
        "InternalPort": {
          "Ref": "InternalPort"
        },
        "ForwardEntryName": {
          "Ref": "ForwardEntryName"
        },
        "InternalIp": {
          "Ref": "InternalIp"
        },
        "ForwardTableId": {
          "Ref": "ForwardTableId"
        }
      }
    }
  },
  "Outputs": {
    "ForwardEntryId": {
      "Description": "The id of created forward entry.",
      "Value": {
        "Fn::GetAtt": [
          "ForwardTableEntry",
          "ForwardEntryId"
        ]
      }
    }
  }
}