ALIYUN::PrivateLink::VpcEndpoint - Resource Orchestration Service

ALIYUN::PrivateLink::VpcEndpoint is used to create an endpoint.

Syntax

{
  "Type": "ALIYUN::PrivateLink::VpcEndpoint",
  "Properties": {
    "VpcId": String,
    "EndpointName": String,
    "ServiceName": String,
    "Zone": List,
    "SecurityGroupId": List,
    "EndpointDescription": String,
    "ServiceId": String,
    "ProtectedEnabled": Boolean,
    "ZonePrivateIpAddressCount": Number,
    "EndpointType": String,
    "Tags": List
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
VpcId	String	Yes	No	The ID of the virtual private cloud (VPC) to which the endpoint belongs.	None.
EndpointName	String	No	Yes	The name of the endpoint.	The name must be 2 to 128 characters in length, and can contain letters, digits, hyphens (-), and underscores (_). The name must start with a letter.
ServiceName	String	No	No	The name of the endpoint service that is associated with the endpoint.	None.
Zone	List	No	Yes	The zones.	You can specify up to 10 zones. For more information, see Zone properties.
SecurityGroupId	List	Yes	Yes	The IDs of the security groups that are associated with the elastic network interfaces (ENIs) of the endpoint. Security groups can be used to control data communication between VPCs and endpoint ENIs.	An endpoint ENI can be associated with up to 10 security groups.
EndpointDescription	String	No	Yes	The description of the endpoint.	The description must be 2 to 256 characters in length, and cannot start with `http://` or `https://`.
ServiceId	String	No	No	The ID of the endpoint service that is associated with the endpoint.	None.
ProtectedEnabled	Boolean	No	No	Specifies whether to enable user authentication.	This property takes effect in Security Token Service (STS) mode. Valid values: true: enables user authentication. After user authentication is enabled, only the user who creates the endpoint can modify or delete the endpoint in STS mode. false (default): does not enable user authentication.
ZonePrivateIpAddressCount	Number	No	No	The number of private IP addresses that are assigned to an ENI in each zone.	Set the value to 1.
EndpointType	String	No	No	The type of the endpoint.	Set the value to Interface. In this case, you can specify Classic Load Balancer (CLB) instances as the service resources of the endpoint service.
Tags	List	No	Yes	The tags of the endpoint.	You can add up to 20 tags.

Zone syntax

"Zone": [
  {
    "ZoneId": String,
    "VSwitchId": String,
    "Ip": String
  }
]

Zone properties

Property	Type	Required	Editable	Description	Constraint
ZoneId	String	No	No	The ID of the zone in which the endpoint service resides.	None.
VSwitchId	String	No	No	The ID of the vSwitch for which you want to create the endpoint ENI in the zone.	None.
Ip	String	No	No	The IP address of the zone in which the endpoint resides.	None.

Tags syntax

"Tags": [
  {
    "Value": String,
    "Key": String
  }
]

Tags properties

Property

Type

Required

Editable

Description

Constraint

Key

String

Yes

The key of the tag.

You can specify up to 20 tag keys. The tag key cannot be an empty string.

The tag key can be up to 64 characters in length, and cannot contain http:// or https://. The tag key cannot start with aliyun or acs:.

Value

String

The value of the tag.

You can specify up to 20 tag values. The tag value can be an empty string.

The tag value can be up to 128 characters in length, and cannot contain http:// or https://. The tag value cannot start with aliyun or acs:.

Return values

Fn::GetAtt

EndpointDomain: the domain of the endpoint.
Bandwidth: the bandwidth of the endpoint.
EndpointId: the ID of the endpoint.
EndpointName: the name of the endpoint.
VpcId: the ID of the VPC to which the endpoint belongs.
ServiceName: the name of the endpoint service that is associated with the endpoint.
ServiceId: the ID of the endpoint service that is associated with the endpoint.
ZoneDomains: the zone domains.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  MasterZoneId:
    Type: String
    Description: The master zone id to create load balancer instance.
    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
  SlaveZoneId:
    Type: String
    Description: The slave zone id to create load balancer instance.
    AssociationProperty: ALIYUN::ECS::Instance::ZoneId
  VpcId:
    Type: String
    Description: The VPC id to create load balancer instance. For VPC network only.
    AssociationProperty: ALIYUN::ECS::VPC::VPCId
  VSwitchId:
    Type: String
    Description: The VSwitch id to create load balancer instance. For VPC network only.
    AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
    AssociationPropertyMetadata:
      VpcId: ${VpcId}
      ZoneId: ${MasterZoneId}
  SecurityGroupId:
    Type: CommaDelimitedList
    AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
    AssociationPropertyMetadata:
      VpcId: ${VpcId}
    Description: The security group associated with the endpoint network interface. The security group can control the data communication from the VPC to the endpoint network interface.
    MinLength: 1
    MaxLength: 10
Resources:
  LoadBalancer:
    Type: ALIYUN::SLB::LoadBalancer
    Properties:
      SupportPrivateLink: true
      PayType: PayOnDemand
      VpcId:
        Ref: VpcId
      VSwitchId:
        Ref: VSwitchId
      LoadBalancerSpec: slb.s1.small
      LoadBalancerName: TestLoadBalancer
      AddressType: intranet
      MasterZoneId:
        Ref: MasterZoneId
      SlaveZoneId:
        Ref: SlaveZoneId
  VpcEndpointService:
    DependsOn: LoadBalancer
    Type: ALIYUN::PrivateLink::VpcEndpointService
    Properties:
      User:
        - Ref: ALIYUN::AccountId
      ServiceDescription: test service endpoint
      Resource:
        - ZoneId:
            Ref: MasterZoneId
          ResourceId:
            Ref: LoadBalancer
          ResourceType: slb
      ConnectBandwidth: 100
      AutoAcceptEnabled: true
  VpcEndpoint:
    DependsOn: VpcEndpointService
    Type: ALIYUN::PrivateLink::VpcEndpoint
    Properties:
      VpcId:
        Ref: VpcId
      EndpointName: TestEndpoint
      Zone:
        - ZoneId:
            Ref: MasterZoneId
          VSwitchId:
            Ref: VSwitchId
      SecurityGroupId:
        Ref: SecurityGroupId
      ServiceId:
        Ref: VpcEndpointService
Outputs:
  ServiceName:
    Description: The name of the endpoint service.
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceName
  ServiceDomain:
    Description: The domain name of the endpoint service.
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceDomain
  ServiceId:
    Description: The ID of the endpoint service.
    Value:
      Fn::GetAtt:
        - VpcEndpointService
        - ServiceId
  EndpointDomain:
    Description: The domain name of the endpoint.
    Value:
      Fn::GetAtt:
        - VpcEndpoint
        - EndpointDomain
  Bandwidth:
    Description: The bandwidth of the endpoint.
    Value:
      Fn::GetAtt:
        - VpcEndpoint
        - Bandwidth
  EndpointId:
    Description: The ID of the endpoint.
    Value:
      Fn::GetAtt:
        - VpcEndpoint
        - EndpointId

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "MasterZoneId": {
      "Type": "String",
      "Description": "The master zone id to create load balancer instance.",
      "AssociationProperty": "ALIYUN::ECS::Instance::ZoneId"
    },
    "SlaveZoneId": {
      "Type": "String",
      "Description": "The slave zone id to create load balancer instance.",
      "AssociationProperty": "ALIYUN::ECS::Instance::ZoneId"
    },
    "VpcId": {
      "Type": "String",
      "Description": "The VPC id to create load balancer instance. For VPC network only.",
      "AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
    },
    "VSwitchId": {
      "Type": "String",
      "Description": "The VSwitch id to create load balancer instance. For VPC network only.",
      "AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
      "AssociationPropertyMetadata": {
        "VpcId": "${VpcId}",
        "ZoneId": "${MasterZoneId}"
      }
    },
    "SecurityGroupId": {
      "Type": "CommaDelimitedList",
      "AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId",
      "AssociationPropertyMetadata": {
        "VpcId": "${VpcId}"
      },
      "Description": "The security group associated with the endpoint network interface. The security group can control the data communication from the VPC to the endpoint network interface.",
      "MinLength": 1,
      "MaxLength": 10
    }
  },
  "Resources": {
    "LoadBalancer": {
      "Type": "ALIYUN::SLB::LoadBalancer",
      "Properties": {
        "SupportPrivateLink": true,
        "PayType": "PayOnDemand",
        "VpcId": {
          "Ref": "VpcId"
        },
        "VSwitchId": {
          "Ref": "VSwitchId"
        },
        "LoadBalancerSpec": "slb.s1.small",
        "LoadBalancerName": "TestLoadBalancer",
        "AddressType": "intranet",
        "MasterZoneId": {
          "Ref": "MasterZoneId"
        },
        "SlaveZoneId": {
          "Ref": "SlaveZoneId"
        }
      }
    },
    "VpcEndpointService": {
      "DependsOn": "LoadBalancer",
      "Type": "ALIYUN::PrivateLink::VpcEndpointService",
      "Properties": {
        "User": [
          {
            "Ref": "ALIYUN::AccountId"
          }
        ],
        "ServiceDescription": "test service endpoint",
        "Resource": [
          {
            "ZoneId": {
              "Ref": "MasterZoneId"
            },
            "ResourceId": {
              "Ref": "LoadBalancer"
            },
            "ResourceType": "slb"
          }
        ],
        "ConnectBandwidth": 100,
        "AutoAcceptEnabled": true
      }
    },
    "VpcEndpoint": {
      "DependsOn": "VpcEndpointService",
      "Type": "ALIYUN::PrivateLink::VpcEndpoint",
      "Properties": {
        "VpcId": {
          "Ref": "VpcId"
        },
        "EndpointName": "TestEndpoint",
        "Zone": [
          {
            "ZoneId": {
              "Ref": "MasterZoneId"
            },
            "VSwitchId": {
              "Ref": "VSwitchId"
            }
          }
        ],
        "SecurityGroupId": {
          "Ref": "SecurityGroupId"
        },
        "ServiceId": {
          "Ref": "VpcEndpointService"
        }
      }
    }
  },
  "Outputs": {
    "ServiceName": {
      "Description": "The name of the endpoint service.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpointService",
          "ServiceName"
        ]
      }
    },
    "ServiceDomain": {
      "Description": "The domain name of the endpoint service.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpointService",
          "ServiceDomain"
        ]
      }
    },
    "ServiceId": {
      "Description": "The ID of the endpoint service.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpointService",
          "ServiceId"
        ]
      }
    },
    "EndpointDomain": {
      "Description": "The domain name of the endpoint.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpoint",
          "EndpointDomain"
        ]
      }
    },
    "Bandwidth": {
      "Description": "The bandwidth of the endpoint.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpoint",
          "Bandwidth"
        ]
      }
    },
    "EndpointId": {
      "Description": "The ID of the endpoint.",
      "Value": {
        "Fn::GetAtt": [
          "VpcEndpoint",
          "EndpointId"
        ]
      }
    }
  }
}