Tipe resource ALIYUN::VPC::NatGateway digunakan untuk membuat NAT Gateway.
Sintaks
{
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"Description": String,
"NatGatewayName": String,
"InstanceChargeType": String,
"VSwitchId": String,
"DeletionProtection": Boolean,
"InternetChargeType": String,
"NatType": String,
"DeletionForce": Boolean,
"VpcId": String,
"Tags": List,
"NetworkType": String,
"EipBindMode": String,
"IcmpReplyEnabled": Boolean,
"SecurityProtectionEnabled": Boolean
}
}Properti
Nama properti | Tipe | Wajib | Dapat Diperbarui | Deskripsi | Batasan |
Description | String | No | No | Deskripsi NAT Gateway. | Deskripsi harus terdiri dari 2 hingga 256 karakter. Tidak boleh diawali dengan |
NatGatewayName | String | No | No | Nama NAT Gateway. | Nama harus terdiri dari 2 hingga 128 karakter. Harus diawali dengan huruf atau karakter Tionghoa. Tidak boleh diawali dengan Jika Anda tidak menentukan properti ini, sistem akan menggunakan ID NAT Gateway sebagai nama. |
InstanceChargeType | String | No | No | Metode penagihan untuk NAT Gateway. | Nilai yang valid:
|
VSwitchId | String | Yes | No | ID vSwitch dari NAT Gateway. | Saat membuat enhanced NAT Gateway, Anda harus menentukan vSwitch. Sistem akan menetapkan alamat IP pribadi yang tidak digunakan dari vSwitch tersebut ke enhanced NAT Gateway.
Anda dapat memanggil operasi ListEnhanhcedNatGatewayAvailableZones untuk mengkueri zona yang mendukung enhanced NAT Gateway. Anda dapat memanggil operasi DescribeVSwitches untuk mengkueri jumlah alamat IP yang tersedia di vSwitch. |
DeletionProtection | Boolean | No | Yes | Menentukan apakah perlindungan penghapusan diaktifkan. | Nilai yang valid:
|
InternetChargeType | String | No | No | Metode penagihan NAT Gateway. | Tetapkan properti ini ke PayByLcu untuk penagihan berdasarkan penggunaan. |
NatType | String | No | No | Jenis NAT Gateway. | Tetapkan properti ini ke Enhanced untuk membuat enhanced NAT Gateway. |
DeletionForce | Boolean | No | No | Menentukan apakah penghapusan NAT Gateway dilakukan secara paksa. | Nilai yang valid:
|
VpcId | String | Yes | No | ID virtual private cloud (VPC) tempat Anda ingin membuat NAT Gateway. | Jika Anda membuat standard NAT Gateway, pastikan tabel rute VPC tidak berisi entri rute yang blok CIDR tujuannya adalah 0.0.0.0/0. Jika entri tersebut ada, hapus terlebih dahulu. Catatan Batasan ini tidak berlaku untuk enhanced NAT Gateway. |
NetworkType | String | No | No | Jenis jaringan NAT Gateway. | Nilai yang valid:
|
Tags | List | No | Yes | Tag | Anda dapat menyambungkan hingga 20 tag. Untuk informasi selengkapnya, lihat Sintaks Tags dan Properti Tags. |
EipBindMode | String | No | No | Mode binding EIP untuk NAT Gateway. | Nilai yang valid:
|
IcmpReplyEnabled | Boolean | No | No | Menentukan apakah balasan echo ICMP dinonaktifkan. | Nilai yang valid:
|
SecurityProtectionEnabled | Boolean | No | No | Menentukan apakah fitur firewall diaktifkan. | Nilai yang valid:
|
Sintaks Tags
"Tags": [
{
"Key": String,
"Value": String
}
]Properti Tags
Nama properti | Tipe | Wajib | Izinkan Pembaruan | Deskripsi | Batasan |
Key | String | Yes | No | Kunci tag. | Kunci harus terdiri dari 1 hingga 64 karakter. Harus diawali dengan huruf atau karakter Tionghoa. Tidak boleh diawali dengan |
Value | String | No | No | Nilai tag. | Nilai dapat terdiri dari 0 hingga 128 karakter. Harus diawali dengan huruf atau karakter Tionghoa. Tidak boleh diawali dengan |
Nilai kembalian
Fn::GetAtt
NatGatewayId: ID NAT Gateway.
SNatTableId: ID entri SNAT.
ForwardTableId: ID entri DNAT.
Contoh
Skenario 1: Membuat NAT Gateway.
ROSTemplateFormatVersion: '2015-09-01'
Description: Test ECS NatGateway
Parameters:
VPC:
AssociationProperty: ALIYUN::ECS::VPC::VPCId
Type: String
Label:
zh-cn: Existing VPC Instance ID
en: Existing VPC Instance ID
VSwitch:
AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
Type: String
Label:
zh-cn: VSwitch ID
en: VSwitch ID
AssociationPropertyMetadata:
VpcId: VPC
Resources:
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
NatGatewayName: mytest
VpcId:
Ref: VPC
VSwitchId:
Ref: VSwitch
Outputs:
NatGatewayId:
Value:
Fn::GetAtt:
- NatGateway
- NatGatewayId
BandwidthPackageId:
Value:
Fn::GetAtt:
- BandwidthPackage
- BandwidthPackageId
BandwidthPackageIps:
Value:
Fn::GetAtt:
- CommonBandwidthPackageIp
- IpAddresses{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Test ECS NatGateway",
"Parameters": {
"VPC": {
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
"Type": "String",
"Label": {
"zh-cn": "Existing VPC Instance ID",
"en": "Existing VPC Instance ID"
}
},
"VSwitch": {
"AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
"Type": "String",
"Label": {
"zh-cn": "VSwitch ID",
"en": "VSwitch ID"
},
"AssociationPropertyMetadata": {
"VpcId": "VPC"
}
}
},
"Resources": {
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": "mytest",
"VpcId": {
"Ref": "VPC"
},
"VSwitchId": {
"Ref": "VSwitch"
}
}
}
},
"Outputs": {
"NatGatewayId": {
"Value": {
"Fn::GetAtt": [
"NatGateway",
"NatGatewayId"
]
}
},
"BandwidthPackageId": {
"Value": {
"Fn::GetAtt": [
"BandwidthPackage",
"BandwidthPackageId"
]
}
},
"BandwidthPackageIps": {
"Value": {
"Fn::GetAtt": [
"CommonBandwidthPackageIp",
"IpAddresses"
]
}
}
}
}Skenario 2: Membuat EIP yang ditagih berdasarkan bandwidth dan mengikatnya ke NAT Gateway.
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
ZoneId:
Type: String
AssociationProperty: ZoneId
VpcId:
Type: String
AssociationProperty: ALIYUN::ECS::VPC::VPCId
VSwitchId:
Type: String
AssociationProperty: ALIYUN::VPC::VSwitch::VSwitchId
AssociationPropertyMetadata:
VpcId: ${VpcId}
ZoneId: ${ZoneId}
Resources:
NatGateway:
Type: ALIYUN::VPC::NatGateway
Properties:
NatGatewayName: example-ngw
VSwitchId:
Ref: VSwitchId
NatType: Enhanced
VpcId:
Ref: VpcId
ZoneId:
Ref: ZoneId
Eip:
Type: ALIYUN::VPC::EIP
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: ALIYUN::VPC::EIPAssociation
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"ZoneId": {
"Type": "String",
"AssociationProperty": "ZoneId"
},
"VpcId": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"VSwitchId": {
"Type": "String",
"AssociationProperty": "ALIYUN::VPC::VSwitch::VSwitchId",
"AssociationPropertyMetadata": {
"VpcId": "${VpcId}",
"ZoneId": "${ZoneId}"
}
}
},
"Resources": {
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": "example-ngw",
"VSwitchId": {
"Ref": "VSwitchId"
},
"NatType": "Enhanced",
"VpcId": {
"Ref": "VpcId"
},
"ZoneId": {
"Ref": "ZoneId"
}
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
}
}
}Skenario 3: Men-deploy Internet NAT Gateway untuk membuat egress terpusat bagi akses jaringan publik berbasis cloud.
ROSTemplateFormatVersion: '2015-09-01'
Description:
en: Create a Virtual Private Cloud (VPC) environment, configure dual-Availability Zone Elastic Compute Service (ECS) instances, and deploy a public-facing NAT Gateway to establish a unified cloud Internet access gateway.
Parameters:
CommonName:
Type: String
Default: unified-egress
ZoneId1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId2
Label:
en: Zone 1
ZoneId2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId1
Label:
en: Zone 2
InstanceType1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId}
Label:
en: ECS Instance Type 1
InstanceType2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId}
Label:
en: ECS Instance Type 2
InstancePassword:
NoEcho: true
Type: String
Description:
en: >-
The server login password. It must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
Label:
en: Instance Password
ConstraintDescription:
en: >-
The password must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
AssociationProperty: 'ALIYUN::ECS::Instance::Password'
Default: null
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName:
Fn::Sub: ${CommonName}-vpc
VSwitch1:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-app1-vsw
VSwitch2:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.2.0/24
ZoneId:
Ref: ZoneId2
VSwitchName:
Fn::Sub: ${CommonName}-app2-vsw
VSwitch3:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.3.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-pub-vsw
SecurityGroup:
Type: 'ALIYUN::ECS::SecurityGroup'
Properties:
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-sg
SecurityGroupIngress:
- PortRange: 443/443
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 80/80
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
EcsInstance1:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_20231219.vhd
InstanceName:
Fn::Sub: ${CommonName}-ecs-1
InstanceType:
Ref: InstanceType1
SystemDiskCategory: cloud_essd
MaxAmount: 1
InternetMaxBandwidthOut: 0
Password:
Ref: InstancePassword
EcsInstance2:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId2
VSwitchId:
Ref: VSwitch2
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_20231219.vhd
InstanceName:
Fn::Sub: ${CommonName}-ecs-2
InstanceType:
Ref: InstanceType2
SystemDiskCategory: cloud_essd
MaxAmount: 1
InternetMaxBandwidthOut: 0
Password:
Ref: InstancePassword
NatGateway:
Type: 'ALIYUN::VPC::NatGateway'
Properties:
NatGatewayName:
Fn::Sub: ${CommonName}-ngw
VSwitchId:
Ref: VSwitch3
NatType: Enhanced
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId1
Eip:
Type: 'ALIYUN::VPC::EIP'
Properties:
DeletionProtection: false
Isp: BGP
Bandwidth: 200
InternetChargeType: PayByTraffic
EipAssociation:
Type: 'ALIYUN::VPC::EIPAssociation'
Properties:
InstanceId:
Ref: NatGateway
AllocationId:
Ref: Eip
SNat:
Type: 'ALIYUN::VPC::SnatEntry'
DependsOn: EipAssociation
Properties:
SnatTableId:
Fn::GetAtt:
- NatGateway
- SNatTableId
SnatEntryName:
Fn::Sub: ${CommonName}-snat
SourceVSwitchIds:
- Ref: VSwitch1
- Ref: VSwitch2
SnatIp:
Fn::GetAtt:
- Eip
- EipAddress
Outputs:
EcsLoginAddress1:
Description:
en: ECS1 login address.
Value:
Fn::Sub: >-
https://ecs-workbench.aliyun.com/?from=EcsConsole
&instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance1}
EcsLoginAddress2:
Description:
en: ECS2 login address.
Value:
Fn::Sub: >-
https://ecs-workbench.aliyun.com/?from=EcsConsole
&instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance2}
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- ZoneId1
- ZoneId2
Label:
default:
en: VSwitch Zone Configuration
- Parameters:
- InstanceType1
- InstanceType2
- InstancePassword
Label:
default:
en: ECS Instance Configuration
TemplateTags:
- acs:technical-solution:network:implement-centralized-egress-with-internet-nat-gateway-tech_solu_134
Hidden:
- CommonName{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"en": "Create a Virtual Private Cloud (VPC) environment, configure dual-Availability Zone Elastic Compute Service (ECS) instances, and deploy a public-facing NAT Gateway to establish a unified cloud Internet access gateway."
},
"Parameters": {
"CommonName": {
"Type": "String",
"Default": "unified-egress"
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId2"
]
},
"Label": {
"en": "Zone 1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "Zone 2"
}
},
"InstanceType1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId}"
},
"Label": {
"en": "ECS Instance Type 1"
}
},
"InstanceType2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId}"
},
"Label": {
"en": "ECS Instance Type 2"
}
},
"InstancePassword": {
"NoEcho": true,
"Type": "String",
"Description": {
"en": "The server login password. It must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/"
},
"Label": {
"en": "Instance Password"
},
"ConstraintDescription": {
"en": "The password must be 8 to 30 characters long and contain characters from at least three of the following categories: uppercase letters, lowercase letters, digits, and special characters: ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/"
},
"AssociationProperty": "ALIYUN::ECS::Instance::Password",
"Default": null
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-app1-vsw"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.2.0/24",
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-app2-vsw"
}
}
},
"VSwitch3": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.3.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-pub-vsw"
}
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-sg"
},
"SecurityGroupIngress": [
{
"PortRange": "443/443",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "80/80",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
}
]
}
},
"EcsInstance1": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_20231219.vhd",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs-1"
},
"InstanceType": {
"Ref": "InstanceType1"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"InternetMaxBandwidthOut": 0,
"Password": {
"Ref": "InstancePassword"
}
}
},
"EcsInstance2": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchId": {
"Ref": "VSwitch2"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_20231219.vhd",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs-2"
},
"InstanceType": {
"Ref": "InstanceType2"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"InternetMaxBandwidthOut": 0,
"Password": {
"Ref": "InstancePassword"
}
}
},
"NatGateway": {
"Type": "ALIYUN::VPC::NatGateway",
"Properties": {
"NatGatewayName": {
"Fn::Sub": "${CommonName}-ngw"
},
"VSwitchId": {
"Ref": "VSwitch3"
},
"NatType": "Enhanced",
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
}
}
},
"Eip": {
"Type": "ALIYUN::VPC::EIP",
"Properties": {
"DeletionProtection": false,
"Isp": "BGP",
"Bandwidth": 200,
"InternetChargeType": "PayByTraffic"
}
},
"EipAssociation": {
"Type": "ALIYUN::VPC::EIPAssociation",
"Properties": {
"InstanceId": {
"Ref": "NatGateway"
},
"AllocationId": {
"Ref": "Eip"
}
}
},
"SNat": {
"Type": "ALIYUN::VPC::SnatEntry",
"DependsOn": "EipAssociation",
"Properties": {
"SnatTableId": {
"Fn::GetAtt": [
"NatGateway",
"SNatTableId"
]
},
"SnatEntryName": {
"Fn::Sub": "${CommonName}-snat"
},
"SourceVSwitchIds": [
{
"Ref": "VSwitch1"
},
{
"Ref": "VSwitch2"
}
],
"SnatIp": {
"Fn::GetAtt": [
"Eip",
"EipAddress"
]
}
}
}
},
"Outputs": {
"EcsLoginAddress1": {
"Description": {
"en": "ECS1 login address."
},
"Value": {
"Fn::Sub": "https://ecs-workbench.aliyun.com/?from=EcsConsole &instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance1}"
}
},
"EcsLoginAddress2": {
"Description": {
"en": "ECS2 login address."
},
"Value": {
"Fn::Sub": "https://ecs-workbench.aliyun.com/?from=EcsConsole &instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance2}"
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"ZoneId1",
"ZoneId2"
],
"Label": {
"default": {
"en": "VSwitch Zone Configuration"
}
}
},
{
"Parameters": [
"InstanceType1",
"InstanceType2",
"InstancePassword"
],
"Label": {
"default": {
"en": "ECS Instance Configuration"
}
}
}
],
"TemplateTags": [
"acs:technical-solution:network:implement-centralized-egress-with-internet-nat-gateway-tech_solu_134"
],
"Hidden": [
"CommonName"
]
}
}
}Untuk contoh lainnya, lihat templat publik yang mencakup resource ini.