The ALIYUN::ALB::Listener resource type creates an HTTP, HTTPS, or QUIC listener for an Application Load Balancer (ALB) instance.
Syntax
{
"Type": "ALIYUN::ALB::Listener",
"Properties": {
"RequestTimeout": Integer,
"ListenerPort": Integer,
"Http2Enabled": Boolean,
"DefaultActions": List,
"Certificates": List,
"IdleTimeout": Integer,
"LoadBalancerId": String,
"ListenerProtocol": String,
"QuicConfig": Map,
"GzipEnabled": Boolean,
"SecurityPolicyId": String,
"ListenerDescription": String,
"XForwardedForConfig": Map,
"CaEnabled": Boolean,
"CaCertificates": List,
"ListenerStatus": String,
"LogConfig": Map
}
}Properties
Property name | Type | Required | Update allowed | Description | Constraint |
DefaultActions | List | Yes | Yes | A list of rule actions. | Example value: For more information, see DefaultActions property. |
ListenerPort | Integer | Yes | No | The listening port. | Valid values: 1 to 65535. |
ListenerProtocol | String | Yes | No | The listening protocol. | Valid values:
|
LoadBalancerId | String | Yes | No | The ID of the Application Load Balancer (ALB) instance. | None |
CaCertificates | List | No | Yes | CA certificate information. | For more information, see CaCertificates property. |
CaEnabled | Boolean | No | Yes | Specifies whether to enable mutual authentication. | Valid values:
|
Certificates | List | No | Yes | Certificate | For more information, see Certificates property. |
GzipEnabled | Boolean | No | Yes | Specifies whether to enable Gzip compression for specific file types. | Valid values:
|
Http2Enabled | Boolean | No | Yes | Specifies whether to enable HTTP/2. | Valid values:
Note This parameter is supported only for HTTPS listeners. |
IdleTimeout | Integer | No | Yes | The connection idle timeout period. | Valid values: 1 to 60. Default value: 15. Unit: seconds. If no request arrives within the timeout period, the load balancer temporarily closes the current connection. The load balancer reestablishes a new connection when the next request arrives. |
ListenerDescription | String | No | Yes | The description of the listener. | Length: 2 to 256 characters. |
ListenerStatus | String | No | Yes | The status of the listener. | Valid values:
|
LogConfig | Map | No | Yes | The log configuration. | For more information, see LogConfig property. |
QuicConfig | Map | No | Yes | The configuration of the associated QUIC listener. | For more information, see QuicConfig property. |
RequestTimeout | Integer | No | Yes | The request timeout period. | Valid values: 1 to 180. Default value: 60. Unit: seconds. If the backend server does not respond within the timeout period, the load balancer stops waiting and returns HTTP error code 504 to the client. |
SecurityPolicyId | String | No | Yes | The ID of the security policy. | You can use system-defined or custom security policies. Default value: tls_cipher_policy_1_0, which indicates a system-defined security policy. Note This parameter is supported only for HTTPS listeners. |
XForwardedForConfig | Map | No | Yes | The X-Forwarded-For header field configuration. | For more information, see XForwardedForConfig property. |
DefaultActions syntax
"DefaultActions": [
{
"Type": String,
"ForwardGroupConfig": Map
}
]DefaultActions property
Property name | Type | Required | Update allowed | Description | Constraint |
ForwardGroupConfig | Map | Yes | Yes | The configuration for the forwarding action. | For more information, see ForwardGroupConfig property. |
Type | String | Yes | Yes | The action type. | Set this parameter to ForwardGroup to forward requests to multiple vServer groups. |
ForwardGroupConfig syntax
"ForwardGroupConfig": {
"ServerGroupTuples": List
}ForwardGroupConfig properties
Property name | Type | Required | Update allowed | Description | Constraint |
ServerGroupTuples | List | Yes | Yes | The destination vServer group for forwarding. | For more information, see ServerGroupTuples property. |
ServerGroupTuples syntax
"ServerGroupTuples": [
{
"ServerGroupId": String
}
]ServerGroupTuples properties
Property name | Type | Required | Update allowed | Description | Constraint |
ServerGroupId | String | Yes | Yes | The ID of the destination vServer group for forwarding. | None |
Certificates syntax
"Certificates": [
{
"CertificateId": String
}
]Certificates properties
Property name | Type | Required | Update allowed | Description | Constraint |
CertificateId | String | No | Yes | The ID of the server certificate. | Only server certificates are supported. |
QuicConfig syntax
"QuicConfig": {
"QuicListenerId": String,
"QuicUpgradeEnabled": Boolean
}QuicConfig properties
Property name | Type | Required | Update allowed | Description | Constraint |
QuicListenerId | String | No | Yes | The ID of the QUIC listener to associate. | You must specify this parameter if QuicUpgradeEnabled is set to true. Note
|
QuicUpgradeEnabled | Boolean | No | Yes | Specifies whether to enable QUIC upgrade. | Valid values:
Note This parameter is supported only for HTTPS listeners. |
LogConfig syntax
"LogConfig": {
"AccessLogTracingConfig": Map,
"AccessLogRecordCustomizedHeadersEnabled": Boolean
}LogConfig properties
Property name | Type | Required | Update allowed | Description | Constraint |
AccessLogTracingConfig | Map | No | Yes | The X-Trace configuration for access logs. | For more information, see AccessLogTracingConfig property. |
AccessLogRecordCustomizedHeadersEnabled | Boolean | No | Yes | Specifies whether to include custom headers in access logs. | Valid values:
|
AccessLogTracingConfig syntax
"AccessLogTracingConfig": {
"TracingSample": Integer,
"TracingType": String,
"TracingEnabled": Boolean
}AccessLogTracingConfig properties
Property name | Type | Required | Update allowed | Description | Constraint |
TracingEnabled | Boolean | No | Yes | Specifies whether to enable X-Trace. | Valid values:
Note You can set this parameter to true only if the access log feature (AccessLogEnabled) is enabled. |
TracingSample | Integer | No | Yes | The sampling rate for X-Trace. | Valid value: 1 to 10000. Note This value takes effect only if TracingEnabled is set to true. |
TracingType | String | No | Yes | The X-Trace type. | Valid value: Zipkin. Note This value takes effect only if TracingEnabled is set to true. |
XForwardedForConfig syntax
"XForwardedForConfig": {
"XForwardedForClientCertFingerprintAlias": String,
"XForwardedForClientCertFingerprintEnabled": Boolean,
"XForwardedForClientCertIssuerDNAlias": String,
"XForwardedForClientCertClientVerifyAlias": String,
"XForwardedForSLBIdEnabled": Boolean,
"XForwardedForClientCertSubjectDNEnabled": Boolean,
"XForwardedForClientCertSubjectDNAlias": String,
"XForwardedForProtoEnabled": Boolean,
"XForwardedForClientSrcPortEnabled": Boolean,
"XForwardedForSLBPortEnabled": Boolean,
"XForwardedForEnabled": Boolean,
"XForwardedForClientCertIssuerDNEnabled": Boolean,
"XForwardedForClientCertClientVerifyEnabled": Boolean,
"XForwardedForClientSourceIpsEnabled": Boolean,
"XForwardedForClientSourceIpsTrusted": String,
"XForwardedForProcessingMode": String,
"XForwardedForHostEnabled": Boolean
}XForwardedForConfig properties
Property name | Type | Required | Update allowed | Description | Constraint |
XForwardedForClientCertClientVerifyAlias | String | No | Yes | The custom header name used to retrieve the verification result of the client certificate. | This parameter takes effect only if XForwardedForClientCertClientVerifyEnabled is set to true. Length: 1 to 40 characters. Valid characters: lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertClientVerifyEnabled | Boolean | No | Yes | Specifies whether to retrieve the verification result of the client certificate from the X-Forwarded-Clientcert-clientverify header field. | Valid values:
Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertFingerprintAlias | String | No | Yes | The custom header name used to retrieve the fingerprint of the client certificate. | This parameter takes effect only if XForwardedForClientCertFingerprintEnabled is set to true. Length: 1 to 40 characters. Valid characters: lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertFingerprintEnabled | Boolean | No | Yes | Specifies whether to retrieve the fingerprint of the client certificate from the X-Forwarded-Clientcert-fingerprint header field. | Valid values:
Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertIssuerDNAlias | String | No | Yes | The custom header name used to retrieve the issuer information of the client certificate. | This parameter takes effect only if XForwardedForClientCertIssuerDNEnabled is set to true. Length: 1 to 40 characters. Valid characters: lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertIssuerDNEnabled | Boolean | No | Yes | Specifies whether to retrieve the issuer information of the client certificate from the X-Forwarded-Clientcert-issuerdn header field. | Valid values:
Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertSubjectDNAlias | String | No | Yes | The custom header name used to retrieve the subject information of the client certificate. | This parameter takes effect only if XForwardedForClientCertSubjectDNEnabled is set to true. Length: 1 to 40 characters. Valid characters: lowercase letters, digits, hyphens (-), and underscores (_). Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientCertSubjectDNEnabled | Boolean | No | Yes | Specifies whether to retrieve the subject information of the client certificate from the X-Forwarded-Clientcert-subjectdn header field. | Valid values:
Note This parameter is supported only for HTTPS listeners. |
XForwardedForClientSourceIpsEnabled | Boolean | No | Yes | Specifies whether to obtain the client source port from the X-Forwarded-Client-SourceIps header field. | Valid values:
|
XForwardedForClientSourceIpsTrusted | String | No | Yes | The trusted proxy IP address. | Application Load Balancer (ALB) traverses the |
XForwardedForClientSrcPortEnabled | Boolean | No | Yes | Specifies whether to retrieve the client port from the X-Forwarded-Client-Port header field. | Valid values:
Note This parameter is supported only for HTTP and HTTPS listeners. |
XForwardedForEnabled | Boolean | No | Yes | Specifies whether to retrieve the originating IP address from the X-Forwarded-For header field. | Valid values:
Note This parameter is supported only for HTTP and HTTPS listeners. |
XForwardedForHostEnabled | Boolean | No | Yes | Specifies whether to retrieve the domain name of the client from the | Valid values:
Note This parameter is supported for HTTP, HTTPS, and QUIC listeners. |
XForwardedForProcessingMode | String | No | Yes | The mode for processing the | This value takes effect only if XForwardedForEnabled is set to true. Valid values:
Note
|
XForwardedForProtoEnabled | Boolean | No | Yes | Specifies whether to retrieve the listening protocol from the X-Forwarded-Proto header field. | Valid values:
|
XForwardedForSLBIdEnabled | Boolean | No | Yes | Specifies whether to retrieve the ALB instance ID from the SLB-ID header field. | Valid values:
|
XForwardedForSLBPortEnabled | Boolean | No | Yes | Specifies whether to retrieve the listening port from the X-Forwarded-Port header field. | Valid values:
|
CaCertificates syntax
"CaCertificates": [
{
"CertificateId": String
}
]CaCertificates properties
Property name | Type | Required | Update allowed | Description | Constraint |
CertificateId | String | No | Yes | The ID of the CA certificate. | None |
Return values
Fn::GetAtt
ListenerId: the ID of the listener.
LoadBalancerId: the ID of the Application Load Balancer (ALB) instance.
Examples
Scenario 1: Create an HTTP listener.
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
LoadBalancerId:
Type: String
Description: The ID of the ALB instance.
Default: lb-bp1iilcd9ujny84z8****
Resources:
Listener:
Type: ALIYUN::ALB::Listener
Properties:
ListenerPort: 80
DefaultActions:
- ForwardGroupConfig:
ServerGroupTuples:
- ServerGroupId: sgp-46ndzg2wz4v5mp****
Type: ForwardGroup
LoadBalancerId:
Ref: LoadBalancerId
ListenerProtocol: HTTP
Outputs:
ListenerId:
Description: The ID of the listener.
Value:
Fn::GetAtt:
- Listener
- ListenerId {
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"LoadBalancerId": {
"Type": "String",
"Description": "The ID of the ALB instance.",
"Default": "lb-bp1iilcd9ujny84z8****"
}
},
"Resources": {
"Listener": {
"Type": "ALIYUN::ALB::Listener",
"Properties": {
"ListenerPort": 80,
"DefaultActions": [
{
"ForwardGroupConfig": {
"ServerGroupTuples": [
{
"ServerGroupId": "sgp-46ndzg2wz4v5mp****"
}
]
},
"Type": "ForwardGroup"
}
],
"LoadBalancerId": {
"Ref": "LoadBalancerId"
},
"ListenerProtocol": "HTTP"
}
}
},
"Outputs": {
"ListenerId": {
"Description": "The ID of the listener.",
"Value": {
"Fn::GetAtt": [
"Listener",
"ListenerId"
]
}
}
}
}Scenario 2: Create a dual-zone ALB instance and an HTTP listener.
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: Create a dual-Availability-Zone ALB.
en: Create a dual-Availability-Zone ALB.
Parameters:
CommonName:
Type: String
Default: elastic-app
ZoneId1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId2
Label:
en: Availability Zone
zh-cn: Zone 1
ZoneId2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
ExclusiveTo:
- ZoneId1
Label:
en: Availability Zone
zh-cn: Zone 2
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName:
Fn::Sub: ${CommonName}-vpc
VSwitch1:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-vsw
VSwitch2:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.2.0/24
ZoneId:
Ref: ZoneId2
VSwitchName:
Fn::Sub: ${CommonName}-vsw
Alb:
Type: 'ALIYUN::ALB::LoadBalancer'
Properties:
LoadBalancerName:
Fn::Sub: ${CommonName}-alb
LoadBalancerEdition: Basic
VpcId:
Ref: Vpc
LoadBalancerBillingConfig:
PayType: PostPay
AddressType: Internet
ZoneMappings:
- ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
- ZoneId:
Ref: ZoneId2
VSwitchId:
Ref: VSwitch2
AlbServerGroup:
Type: 'ALIYUN::ALB::ServerGroup'
Properties:
VpcId:
Ref: Vpc
ServerGroupType: Instance
ServerGroupName:
Fn::Sub: ${CommonName}-server-group
HealthCheckConfig:
HealthCheckConnectPort: 80
HealthCheckCodes:
- http_2xx
- http_3xx
HealthCheckProtocol: HTTP
HealthCheckEnabled: true
HealthCheckPath: /
StickySessionConfig:
StickySessionEnabled: false
AlbListener:
Type: 'ALIYUN::ALB::Listener'
Properties:
ListenerPort: 80
DefaultActions:
- Type: ForwardGroup
ForwardGroupConfig:
ServerGroupTuples:
- ServerGroupId:
Ref: AlbServerGroup
LoadBalancerId:
Ref: Alb
ListenerProtocol: HTTP
Metadata:
'ALIYUN::ROS::Interface':
ParameterGroups:
- Parameters:
- ZoneId1
- ZoneId2
Hidden:
- CommonName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "Create a dual-Availability-Zone ALB.",
"en": "Create a dual-Availability-Zone ALB."
},
"Parameters": {
"CommonName": {
"Type": "String",
"Default": "elastic-app"
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId2"
]
},
"Label": {
"en": "Availability Zone",
"zh-cn": "Zone 1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "Availability Zone",
"zh-cn": "Zone 2"
}
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.2.0/24",
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw"
}
}
},
"Alb": {
"Type": "ALIYUN::ALB::LoadBalancer",
"Properties": {
"LoadBalancerName": {
"Fn::Sub": "${CommonName}-alb"
},
"LoadBalancerEdition": "Basic",
"VpcId": {
"Ref": "Vpc"
},
"LoadBalancerBillingConfig": {
"PayType": "PostPay"
},
"AddressType": "Internet",
"ZoneMappings": [
{
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
}
},
{
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchId": {
"Ref": "VSwitch2"
}
}
]
}
},
"AlbServerGroup": {
"Type": "ALIYUN::ALB::ServerGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ServerGroupType": "Instance",
"ServerGroupName": {
"Fn::Sub": "${CommonName}-server-group"
},
"HealthCheckConfig": {
"HealthCheckConnectPort": 80,
"HealthCheckCodes": [
"http_2xx",
"http_3xx"
],
"HealthCheckProtocol": "HTTP",
"HealthCheckEnabled": true,
"HealthCheckPath": "/"
},
"StickySessionConfig": {
"StickySessionEnabled": false
}
}
},
"AlbListener": {
"Type": "ALIYUN::ALB::Listener",
"Properties": {
"ListenerPort": 80,
"DefaultActions": [
{
"Type": "ForwardGroup",
"ForwardGroupConfig": {
"ServerGroupTuples": [
{
"ServerGroupId": {
"Ref": "AlbServerGroup"
}
}
]
}
}
],
"LoadBalancerId": {
"Ref": "Alb"
},
"ListenerProtocol": "HTTP"
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"ZoneId1",
"ZoneId2"
]
}
],
"Hidden": [
"CommonName"
]
}
}
}Scenario 3: Deploy a high-availability NGINX website.
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: Create a dual-Availability-Zone high-availability NGINX website, including a VPC, ECS instances, an ALB, security groups, and automated deployment configurations.
en: Establish a dual-Availability-Zone high-availability NGINX website, encompassing a Virtual Private Cloud (VPC), Elastic Cloud Server (ECS) instances, an Application Load Balancer (ALB), Security Groups, and automated deployment configurations.
Parameters:
CommonName:
Type: String
Default: elastic-app
ZoneId1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
AutoSelectFirst: true
ExclusiveTo:
- ZoneId2
Label:
en: Availability Zone
zh-cn: Zone 1
ZoneId2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::ZoneId'
AssociationPropertyMetadata:
AutoSelectFirst: true
ExclusiveTo:
- ZoneId1
Label:
en: Availability Zone
zh-cn: Zone 2
InstanceType1:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
SpotStrategy: SpotAsPriceGo
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId}
Label:
en: Instance Type
zh-cn: Instance type 1
Description:
zh-cn: This solution creates a spot instance and automatically deploys an NGINX service.
en: This solution will create a spot instance and automatically deploy an NGINX service.
Default: null
InstanceType2:
Type: String
AssociationProperty: 'ALIYUN::ECS::Instance::InstanceType'
AssociationPropertyMetadata:
SpotStrategy: SpotAsPriceGo
InstanceChargeType: PostPaid
SystemDiskCategory: cloud_essd
ZoneId: ${ZoneId}
Label:
en: Instance Type
zh-cn: Instance type 2
Description:
zh-cn: This solution creates a spot instance and automatically deploys an NGINX service.
en: This solution will create a spot instance and automatically deploy an NGINX service.
Default: null
InstancePassword:
NoEcho: true
Type: String
Description:
en: Server login password. Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
zh-cn: Server logon password. Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
Label:
en: Instance Password
zh-cn: Instance password
ConstraintDescription:
en: Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
zh-cn: Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
AssociationProperty: 'ALIYUN::ECS::Instance::Password'
Default: null
Resources:
Vpc:
Type: 'ALIYUN::ECS::VPC'
Properties:
CidrBlock: 192.168.0.0/16
VpcName:
Fn::Sub: ${CommonName}-vpc
VSwitch1:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.1.0/24
ZoneId:
Ref: ZoneId1
VSwitchName:
Fn::Sub: ${CommonName}-vsw
VSwitch2:
Type: 'ALIYUN::ECS::VSwitch'
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.2.0/24
ZoneId:
Ref: ZoneId2
VSwitchName:
Fn::Sub: ${CommonName}-vsw
SecurityGroup:
Type: 'ALIYUN::ECS::SecurityGroup'
Properties:
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-sg
SecurityGroupIngress:
- PortRange: 443/443
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
- PortRange: 80/80
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
EcsInstance1:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_
InstanceName:
Fn::Sub: ${CommonName}-ecs-1
InstanceType:
Ref: InstanceType1
SystemDiskCategory: cloud_essd
MaxAmount: 1
InternetMaxBandwidthOut: 0
SpotStrategy: SpotAsPriceGo
Password:
Ref: InstancePassword
UserData:
Fn::Sub: |-
#!/bin/bash
yum -y install nginx-1.20.1
instanceId=`curl http://100.100.100.200/latest/meta-data/instance-id`
echo "Welcome to NGINX. Current instance is $instanceId" > /usr/share/nginx/html/index.html
systemctl start nginx
systemctl enable nginx
EcsInstance2:
Type: 'ALIYUN::ECS::InstanceGroup'
Properties:
VpcId:
Ref: Vpc
ZoneId:
Ref: ZoneId2
VSwitchId:
Ref: VSwitch2
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_
InstanceName:
Fn::Sub: ${CommonName}-ecs-2
InstanceType:
Ref: InstanceType2
SystemDiskCategory: cloud_essd
MaxAmount: 1
InternetMaxBandwidthOut: 0
SpotStrategy: SpotAsPriceGo
Password:
Ref: InstancePassword
UserData:
Fn::Sub: |-
#!/bin/bash
yum -y install nginx-1.20.1
instanceId=`curl http://100.100.100.200/latest/meta-data/instance-id`
echo "Welcome to NGINX. Current instance is $instanceId" > /usr/share/nginx/html/index.html
systemctl start nginx
systemctl enable nginx
Alb:
Type: 'ALIYUN::ALB::LoadBalancer'
Properties:
LoadBalancerName:
Fn::Sub: ${CommonName}-alb
LoadBalancerEdition: Basic
VpcId:
Ref: Vpc
LoadBalancerBillingConfig:
PayType: PostPay
AddressType: Internet
ZoneMappings:
- ZoneId:
Ref: ZoneId1
VSwitchId:
Ref: VSwitch1
- ZoneId:
Ref: ZoneId2
VSwitchId:
Ref: VSwitch2
AlbServerGroup:
Type: 'ALIYUN::ALB::ServerGroup'
Properties:
VpcId:
Ref: Vpc
ServerGroupType: Instance
ServerGroupName:
Fn::Sub: ${CommonName}-server-group
HealthCheckConfig:
HealthCheckConnectPort: 80
HealthCheckCodes:
- http_2xx
- http_3xx
HealthCheckProtocol: HTTP
HealthCheckEnabled: true
HealthCheckPath: /
StickySessionConfig:
StickySessionEnabled: false
AlbBackendServerAttachment:
Type: 'ALIYUN::ALB::BackendServerAttachment'
Properties:
ServerGroupId:
Ref: AlbServerGroup
Servers:
- ServerType: Ecs
ServerId:
Ref: EcsInstance1
Port: 80
- ServerType: Ecs
ServerId:
Ref: EcsInstance2
Port: 80
AlbListener:
Type: 'ALIYUN::ALB::Listener'
Properties:
ListenerPort: 80
DefaultActions:
- Type: ForwardGroup
ForwardGroupConfig:
ServerGroupTuples:
- ServerGroupId:
Ref: AlbServerGroup
LoadBalancerId:
Ref: Alb
ListenerProtocol: HTTP
Outputs:
WebUrl:
Description:
zh-cn: Web access URL.
en: The web access URL.
Value:
'Fn::Sub': 'http://${Alb.DNSName}'
Metadata:
'ALIYUN::ROS::Interface':
ParameterGroups:
- Parameters:
- ZoneId1
- InstanceType1
- ZoneId2
- InstanceType2
- InstancePassword
TemplateTags:
- acs:example:elastic computing:Deploy a high-availability NGINX website
Hidden:
- CommonName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "Create a dual-Availability-Zone high-availability NGINX website, including a VPC, ECS instances, an ALB, security groups, and automated deployment configurations.",
"en": "Establish a dual-Availability-Zone high-availability NGINX website, encompassing a Virtual Private Cloud (VPC), Elastic Cloud Server (ECS) instances, an Application Load Balancer (ALB), Security Groups, and automated deployment configurations."
},
"Parameters": {
"CommonName": {
"Type": "String",
"Default": "elastic-app"
},
"ZoneId1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"AutoSelectFirst": true,
"ExclusiveTo": [
"ZoneId2"
]
},
"Label": {
"en": "Availability Zone",
"zh-cn": "Zone 1"
}
},
"ZoneId2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"AssociationPropertyMetadata": {
"AutoSelectFirst": true,
"ExclusiveTo": [
"ZoneId1"
]
},
"Label": {
"en": "Availability Zone",
"zh-cn": "Zone 2"
}
},
"InstanceType1": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"SpotStrategy": "SpotAsPriceGo",
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId}"
},
"Label": {
"en": "Instance Type",
"zh-cn": "Instance type 1"
},
"Description": {
"zh-cn": "This solution creates a spot instance and automatically deploys an NGINX service.",
"en": "This solution will create a spot instance and automatically deploy an NGINX service."
},
"Default": null
},
"InstanceType2": {
"Type": "String",
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"SpotStrategy": "SpotAsPriceGo",
"InstanceChargeType": "PostPaid",
"SystemDiskCategory": "cloud_essd",
"ZoneId": "${ZoneId}"
},
"Label": {
"en": "Instance Type",
"zh-cn": "Instance type 2"
},
"Description": {
"zh-cn": "This solution creates a spot instance and automatically deploys an NGINX service.",
"en": "This solution will create a spot instance and automatically deploy an NGINX service."
},
"Default": null
},
"InstancePassword": {
"NoEcho": true,
"Type": "String",
"Description": {
"en": "Server login password. Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/",
"zh-cn": "Server logon password. Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/"
},
"Label": {
"en": "Instance Password",
"zh-cn": "Instance password"
},
"ConstraintDescription": {
"en": "Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/",
"zh-cn": "Length: 8 to 30 characters. Must contain three of the following: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/"
},
"AssociationProperty": "ALIYUN::ECS::Instance::Password",
"Default": null
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16",
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
}
}
},
"VSwitch1": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.1.0/24",
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw"
}
}
},
"VSwitch2": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.2.0/24",
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw"
}
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-sg"
},
"SecurityGroupIngress": [
{
"PortRange": "443/443",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
},
{
"PortRange": "80/80",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
}
]
}
},
"EcsInstance1": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs-1"
},
"InstanceType": {
"Ref": "InstanceType1"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"InternetMaxBandwidthOut": 0,
"SpotStrategy": "SpotAsPriceGo",
"Password": {
"Ref": "InstancePassword"
},
"UserData": {
"Fn::Sub": "#!/bin/bash\nyum -y install nginx-1.20.1\ninstanceId=`curl http://100.100.100.200/latest/meta-data/instance-id`\necho \"Welcome to NGINX. Current instance is $instanceId\" > /usr/share/nginx/html/index.html \nsystemctl start nginx \nsystemctl enable nginx"
}
}
},
"EcsInstance2": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchId": {
"Ref": "VSwitch2"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_",
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs-2"
},
"InstanceType": {
"Ref": "InstanceType2"
},
"SystemDiskCategory": "cloud_essd",
"MaxAmount": 1,
"InternetMaxBandwidthOut": 0,
"SpotStrategy": "SpotAsPriceGo",
"Password": {
"Ref": "InstancePassword"
},
"UserData": {
"Fn::Sub": "#!/bin/bash\nyum -y install nginx-1.20.1\ninstanceId=`curl http://100.100.100.200/latest/meta-data/instance-id`\necho \"Welcome to NGINX. Current instance is $instanceId\" > /usr/share/nginx/html/index.html \nsystemctl start nginx \nsystemctl enable nginx"
}
}
},
"Alb": {
"Type": "ALIYUN::ALB::LoadBalancer",
"Properties": {
"LoadBalancerName": {
"Fn::Sub": "${CommonName}-alb"
},
"LoadBalancerEdition": "Basic",
"VpcId": {
"Ref": "Vpc"
},
"LoadBalancerBillingConfig": {
"PayType": "PostPay"
},
"AddressType": "Internet",
"ZoneMappings": [
{
"ZoneId": {
"Ref": "ZoneId1"
},
"VSwitchId": {
"Ref": "VSwitch1"
}
},
{
"ZoneId": {
"Ref": "ZoneId2"
},
"VSwitchId": {
"Ref": "VSwitch2"
}
}
]
}
},
"AlbServerGroup": {
"Type": "ALIYUN::ALB::ServerGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"ServerGroupType": "Instance",
"ServerGroupName": {
"Fn::Sub": "${CommonName}-server-group"
},
"HealthCheckConfig": {
"HealthCheckConnectPort": 80,
"HealthCheckCodes": [
"http_2xx",
"http_3xx"
],
"HealthCheckProtocol": "HTTP",
"HealthCheckEnabled": true,
"HealthCheckPath": "/"
},
"StickySessionConfig": {
"StickySessionEnabled": false
}
}
},
"AlbBackendServerAttachment": {
"Type": "ALIYUN::ALB::BackendServerAttachment",
"Properties": {
"ServerGroupId": {
"Ref": "AlbServerGroup"
},
"Servers": [
{
"ServerType": "Ecs",
"ServerId": {
"Ref": "EcsInstance1"
},
"Port": 80
},
{
"ServerType": "Ecs",
"ServerId": {
"Ref": "EcsInstance2"
},
"Port": 80
}
]
}
},
"AlbListener": {
"Type": "ALIYUN::ALB::Listener",
"Properties": {
"ListenerPort": 80,
"DefaultActions": [
{
"Type": "ForwardGroup",
"ForwardGroupConfig": {
"ServerGroupTuples": [
{
"ServerGroupId": {
"Ref": "AlbServerGroup"
}
}
]
}
}
],
"LoadBalancerId": {
"Ref": "Alb"
},
"ListenerProtocol": "HTTP"
}
}
},
"Outputs": {
"WebUrl": {
"Description": {
"zh-cn": "Web access URL.",
"en": "The web access URL."
},
"Value": {
"Fn::Sub": "http://${Alb.DNSName}"
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"ZoneId1",
"InstanceType1",
"ZoneId2",
"InstanceType2",
"InstancePassword"
]
}
],
"TemplateTags": [
"acs:example:elastic computing:Deploy a high-availability NGINX website"
],
"Hidden": [
"CommonName"
]
}
}
}For more examples, see public templates that include this resource.