Use ALIYUN::CLOUDFW::AddressBook to add an address book for access control - Resource Orchestration Service

ALIYUN::CLOUDFW::AddressBook is used to create an address book that is used for access control. Address books include IP address books, Elastic Compute Service (ECS) tag-based address books, port address books, and domain address books.

Syntax

{
  "Type": "ALIYUN::CLOUDFW::AddressBook",
  "Properties": {
    "GroupType": String,
    "AutoAddTagEcs": Boolean,
    "Description": String,
    "TagRelation": String,
    "RegionId": String,
    "GroupName": String,
    "AddressList": String,
    "TagList": List
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
Description	String	Yes	Yes	The description of the address book.	None.
GroupName	String	Yes	No	The name of the address book.	None.
GroupType	String	Yes	No	The type of the address book.	Valid values: IP: IP address book domain: domain address book port: port address book tag: ECS tag-based address book
AddressList	String	No	Yes	The addresses that you want to add to the address book. Separate multiple addresses with commas (,). Note You must specify this property when GroupType is set to IP, port, or domain.	If you set GroupType to IP, the value of AddressList is IP addresses. Example: 10.10.XX.XX/32,10.10.XX.XX/24. If you set GroupType to port, the value of AddressList is port numbers or port ranges. Examples: 80 and 100/200. If you set GroupType to domain, the value of AddressList is domain names. Example: demo1.aliyun.com,demo2.aliyun.com.
AutoAddTagEcs	Boolean	No	Yes	Specifies whether to automatically add public IP addresses of ECS instances to the address book if the instances match the specified ECS tags.	Valid values: true false
RegionId	String	No	No	The region. Default value: cn-hangzhou.	Valid values: cn-hangzhou ap-southeast-1
TagList	List	No	Yes	The ECS tags that you want to use to match public IP addresses of ECS instances.	None.
TagRelation	String	No	Yes	The logical relation among the ECS tags that you want to use to match public IP addresses of ECS instances.	Valid values: and: Public IP addresses of ECS instances are added to the address book only when the ECS instances match all the specified ECS tags. or: Public IP addresses of ECS instances are added to the address book only when the ECS instances match one of the specified ECS tags.

TagList syntax

"TagList": [
  {
    "TagKey": String,
    "TagValue": String
  }
]

TagList properties

Property	Type	Required	Editable	Description	Constraint
TagKey	String	No	Yes	The key of the ECS tag.	None.
TagValue	String	No	Yes	The value of the ECS tag.	None.

Return values

Fn::GetAtt

GroupUuid: the unique ID of the address book that is returned.

Examples

`YAML` format

ROSTemplateFormatVersion: '2015-09-01'
Resources:
  AddressBook:
    Type: ALIYUN::CLOUDFW::AddressBook
    Properties:
      GroupType:
        Ref: GroupType
      AutoAddTagEcs:
        Ref: AutoAddTagEcs
      Description:
        Ref: Description
      TagRelation:
        Ref: TagRelation
      RegionId:
        Ref: RegionId
      GroupName:
        Ref: GroupName
      AddressList:
        Ref: AddressList
      TagList:
        Ref: TagList
Parameters:
  GroupType:
    Type: String
    Description: 'Type the address book, the optional values: ip: IP Address Book.
      domain: domain name address book .port: Port Address Book. tag: ECS label address
      book'
    AllowedValues:
    - domain
    - ip
    - port
    - tag
  AutoAddTagEcs:
    Default: false
    Type: Boolean
    Description: Whether to automatically add new ECS public network IP matching tags
      to the address book. Default to false.
    AllowedValues:
    - 'True'
    - 'true'
    - 'False'
    - 'false'
  Description:
    MinLength: 1
    Type: String
    Description: Address book description.
  TagRelation:
    Type: String
    Description: 'The relationship between the labels to be matched more ECS. and:
      the relationship between multiple labels. and: that matches both ECS IP public
      network more tags will be added to the address book. or: a plurality of inter-labeled
      or relationship, i.e., as long as a matching tag ECS public IP address book
      will be added.'
    AllowedValues:
    - and
    - or
  RegionId:
    Default: cn-hangzhou
    Type: String
    Description: Region ID. Default to cn-hangzhou.
    AllowedValues:
    - cn-hangzhou
    - ap-southeast-1
  GroupName:
    Type: String
    Description: Name Address book.
  AddressList:
    Type: String
    Description: |-
      Address list of the address book, between multiple addresses separated by commas.
      Note: When GroupType ip, it must be set to port or domain.
      When GroupType as ip, address list, fill in the IP address. For example: 10.10.XX.XX/32, 10.10.XX.XX/24
      When GroupType for the port, the address list to fill in ports or port ranges. For example: 80, 100/200
      When GroupType for the domain, the domain name to fill in the address list. For example: demo1.aliyun.com, demo2.aliyun.com
  TagList:
    Type: Json
    Description: ''
    MaxLength: 100
Outputs:
  GroupUuid:
    Description: After a successful return to the address book to add unique identification
      ID.
    Value:
      Fn::GetAtt:
      - AddressBook
      - GroupUuid

`JSON` format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Resources": {
    "AddressBook": {
      "Type": "ALIYUN::CLOUDFW::AddressBook",
      "Properties": {
        "GroupType": {
          "Ref": "GroupType"
        },
        "AutoAddTagEcs": {
          "Ref": "AutoAddTagEcs"
        },
        "Description": {
          "Ref": "Description"
        },
        "TagRelation": {
          "Ref": "TagRelation"
        },
        "RegionId": {
          "Ref": "RegionId"
        },
        "GroupName": {
          "Ref": "GroupName"
        },
        "AddressList": {
          "Ref": "AddressList"
        },
        "TagList": {
          "Ref": "TagList"
        }
      }
    }
  },
  "Parameters": {
    "GroupType": {
      "Type": "String",
      "Description": "Type the address book, the optional values: ip: IP Address Book. domain: domain name address book .port: Port Address Book. tag: ECS label address book",
      "AllowedValues": [
        "domain",
        "ip",
        "port",
        "tag"
      ]
    },
    "AutoAddTagEcs": {
      "Default": false,
      "Type": "Boolean",
      "Description": "Whether to automatically add new ECS public network IP matching tags to the address book. Default to false.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ]
    },
    "Description": {
      "MinLength": 1,
      "Type": "String",
      "Description": "Address book description."
    },
    "TagRelation": {
      "Type": "String",
      "Description": "The relationship between the labels to be matched more ECS. and: the relationship between multiple labels. and: that matches both ECS IP public network more tags will be added to the address book. or: a plurality of inter-labeled or relationship, i.e., as long as a matching tag ECS public IP address book will be added.",
      "AllowedValues": [
        "and",
        "or"
      ]
    },
    "RegionId": {
      "Default": "cn-hangzhou",
      "Type": "String",
      "Description": "Region ID. Default to cn-hangzhou.",
      "AllowedValues": [
        "cn-hangzhou",
        "ap-southeast-1"
      ]
    },
    "GroupName": {
      "Type": "String",
      "Description": "Name Address book."
    },
    "AddressList": {
      "Type": "String",
      "Description": "Address list of the address book, between multiple addresses separated by commas.\nNote: When GroupType ip, it must be set to port or domain.\nWhen GroupType as ip, address list, fill in the IP address. For example: 10.10.XX.XX/32, 10.10.XX.XX/24\nWhen GroupType for the port, the address list to fill in ports or port ranges. For example: 80, 100/200\nWhen GroupType for the domain, the domain name to fill in the address list. For example: demo1.aliyun.com, demo2.aliyun.com"
    },
    "TagList": {
      "Type": "Json",
      "Description": "",
      "MaxLength": 100
    }
  },
  "Outputs": {
    "GroupUuid": {
      "Description": "After a successful return to the address book to add unique identification ID.",
      "Value": {
        "Fn::GetAtt": [
          "AddressBook",
          "GroupUuid"
        ]
      }
    }
  }
}