Use ALIYUN::SLB::Listener in a call to create an SLB listener - Resource Orchestration Service

ALIYUN::SLB::Listener is used to create a Server Load Balancer (SLB) listener.

Syntax

 {
  "Type": "ALIYUN::SLB::Listener",
  "Properties": {
    "MasterSlaveServerGroupId": String,
    "AclStatus": String,
    "Protocol": String,
    "AclId": String,
    "ServerCertificateId": String,
    "HealthCheck": Map,
    "RequestTimeout": Integer,
    "IdleTimeout": Integer,
    "ListenerPort": Integer,
    "HttpConfig": Map,
    "Bandwidth": Integer,
    "AclType": String,
    "BackendServerPort": Integer,
    "Scheduler": String,
    "LoadBalancerId": String,
    "CACertificateId": String,
    "Persistence": Map,
    "VServerGroupId": String,
    "Description": String,
    "PortRange": List,
    "StartListener": Boolean,
    "EnableHttp2": String,
    "Gzip": String,
    "TLSCipherPolicy": String,
    "AclIds": List,
    "ProxyProtocolV2Enabled": Boolean,
    "ConnectionDrainTimeout": Integer,
    "Tags": List,
    "ConnectionDrain": String
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
MasterSlaveServerGroupId	String	No	No	The ID of the primary/secondary server group.	None.
AclStatus	String	No	Yes	Specifies whether to enable access control.	Valid values: on (default) off
EnableHttp2	String	No	Yes	Specifies whether to enable HTTP/2.	Valid values: on off
AclId	String	No	Yes	The ID of the access control list (ACL) that you want to associate with the listener.	You must specify this property when AclStatus is set to on.
AclType	String	No	Yes	The ACL type.	Valid values: white: whitelist. Only requests from the IP addresses or CIDR blocks in the ACL are forwarded. You can use a whitelist in scenarios where you want to allow access only from specific IP addresses to an application. Risks may arise if the whitelist is improperly configured. After you configure a whitelist, only the IP addresses that are added to the whitelist can access the listener. If you enable a whitelist but do not add an IP address to the whitelist, the listener does not forward requests. black: blacklist. All requests from the IP addresses or CIDR blocks in the ACL are not forwarded. You can use a blacklist in scenarios where you want to deny access only from specific IP addresses to an application. If you enable a blacklist but do not add an IP address to the blacklist, the listener forwards all requests. You must specify this property when AclStatus is set to on.
Protocol	String	Yes	No	The network protocol.	Valid values: http https tcp udp
ListenerPort	Integer	Yes	No	The frontend port of the SLB instance.	Valid values: 1 to 65535.
Bandwidth	Integer	Yes	Yes	The maximum bandwidth of the listener.	Valid values: 1 to 1000 and -1. Unit: Mbit/s. The value of this property must meet the following requirements: For a pay-by-bandwidth Internet-facing SLB instance, you cannot set this property to -1. The sum of the maximum bandwidth values that you specify for all listeners of an SLB instance cannot exceed the bandwidth value of the SLB instance. For a pay-by-data-transfer Internet-facing SLB instance, you can set this property to -1. A value of -1 specifies that the bandwidth of the listener is unlimited.
BackendServerPort	Integer	No	No	The backend port of the SLB instance.	Valid values: 1 to 65535.
LoadBalancerId	String	Yes	No	The ID of the SLB instance.	None.
HealthCheck	Map	No	No	The health check configurations.	For more information, see HealthCheck properties.
Persistence	Map	No	Yes	The persistence configurations.	For more information, see Persistence properties.
Scheduler	String	No	No	The routing algorithm.	Valid values: wrr (default): Backend servers that have higher weights receive more requests than backend servers that have lower weights. wlc: Requests are forwarded to backend servers in sequence.
CACertificateId	String	No	No	The ID of the certification authority (CA) certificate.	This property takes effect only when Protocol is set to https.
ServerCertificateId	String	No	Yes	The ID of the server certificate.	You must specify this property only when Protocol is set to https.
VServerGroupId	String	No	Yes	The ID of the server group.	None.
RequestTimeout	Integer	No	No	The timeout period of a request.	Valid values: 1 to 180. Unit: seconds.
IdleTimeout	Integer	No	No	The timeout period of an idle connection.	Valid values: 1 to 60. Unit: seconds.
HttpConfig	Map	No	No	The HTTP configurations.	For more information, see HttpConfig properties.
Description	String	No	No	The description of the listener.	The description must be 1 to 80 characters in length, and can contain letters, digits, hyphens (-), forward slashes (/), periods (.), and underscores (_).
PortRange	List	No	No	The port range of the listener.	You must enable all ports. To enable all ports, set StartPort to 1 and EndPort to 65535. For more information, see PortRange properties.
StartListener	Boolean	No	No	Specifies whether to start the listener.	Valid values: true (default) false
Gzip	String	No	Yes	Specifies whether to enable Gzip compression to compress specific types of files.	Valid values: true (default) false
TLSCipherPolicy	String	No	Yes	The transport layer security (TLS) policy.	A TLS policy contains TLS protocol versions and cipher suites that are available for HTTPS. Note This property takes effect when Protocol is set to `https`.
AclIds	List	No	Yes	The IDs of the ACLs that you want to associate with the listener.	You must specify this property when `AclStatus` is set to `on`. The AclIds property takes precedence over the AclId property.
ProxyProtocolV2Enabled	Boolean	No	Yes	Specifies whether to use the Proxy protocol to pass source client IP addresses to backend servers.	Valid values: true false
ConnectionDrainTimeout	Integer	No	Yes	The timeout period of connection draining.	Unit: seconds. Value values: 10 to 900.
Tags	List	No	Yes	The tags.	For more information, see Tags properties.
ConnectionDrain	String	No	Yes	Specifies whether to enable connection draining.	Valid values: on off

HealthCheck syntax

"HealthCheck": {
  "Domain": String,
  "Interval": Integer,
  "URI": String,
  "HttpCode": String,
  "HealthyThreshold": Integer,
  "HealthCheckType": String,
  "Timeout": Integer,
  "UnhealthyThreshold": Integer,
  "Port": Integer,
  "Switch": String,
  "HealthCheckMethod": String,
  "Req": String,
  "Exp": String
}

HealthCheck properties

Property	Type	Required	Editable	Description	Constraint
Domain	String	No	No	The domain name that you want to use for health checks.	Valid values: $_ip. Custom string: The custom string that you specify must be 1 to 80 characters in length, and can contain letters, digits, hyphens (-), and periods (.). Null. Note If you set this property to $_ip or Null, SLB uses the private IP address of each backend server as the domain name to perform health checks.
Interval	Integer	No	No	The interval between two consecutive health checks.	Valid values: 1 to 5. Unit: seconds.
URI	String	No	No	The Uniform Resource Identifier (URI) that you want to use for health checks.	The URI must be 1 to 80 characters in length, and must start with a forward slash (/). It can contain letters, digits, and the following special characters: - / . % ? # &
HttpCode	String	No	No	The HTTP status codes.	Valid values: http_2xx (default) http_3xx http_4xx http_5xx Separate multiple HTTP status codes with commas (,).
HealthyThreshold	Integer	No	No	The threshold that is used to determine whether a backend server is healthy. The number of times that an unhealthy backend server must consecutively pass health checks before it is declared healthy.	Valid values: 1 to 10.
HealthCheckType	String	No	No	The health check type.	Valid values: tcp http
Timeout	Integer	No	No	The maximum timeout period of a health check response.	Valid values: 1 to 50. Unit: seconds. Note If the value of Timeout is smaller than the value of Interval, Timeout does not take effect. In this case, the value of Interval specifies the maximum timeout period.
UnhealthyThreshold	Integer	No	No	The threshold that is used to determine whether a backend server is unhealthy. The number of times that a healthy backend server must consecutively fail health checks before it is declared unhealthy.	Valid values: 1 to 10.
Port	Integer	No	No	The port that you want to use for health checks.	Valid values: 0 to 65535.
Switch	String	No	No	Specifies whether to enable the health check feature.	Valid values: on off Note This property takes effect only when Protocol is set to http or https. If you leave Switch empty, the health check feature is disabled by default unless health check items are already configured.
HealthCheckMethod	String	No	No	The method that you want to use to perform health checks.	Valid values: head get Note This property takes effect when Protocol is set to `https` or `http` and Switch is set to on.
Req	String	No	No	The request string for UDP listener health checks.	The string can be up to 64 characters in length, and can contain only letters and digits.
Exp	String	No	No	The response string for UDP listener health checks.	The string can be up to 64 characters in length, and can contain only letters and digits.

Persistence syntax

"Persistence": {
  "PersistenceTimeout": Integer,
  "CookieTimeout": Integer,
  "XForwardedFor": String,
  "XForwardedFor_SLBID": String,
  "XForwardedFor_proto": String,
  "XForwardedFor_SLBIP": String,
  "Cookie": String,
  "StickySession": String,
  "StickySessionType": String,
  "XForwardedFor_ClientSrcPort": String,
  "XForwardedFor_SLBPORT": String
}

Persistence properties

Property	Type	Required	Editable	Description	Constraint
StickySession	String	No	Yes	Specifies whether to enable session persistence.	Valid values: on off Note This property takes effect only when Protocol is set to `http` or `https`.
PersistenceTimeout	Integer	No	Yes	The timeout period of session persistence.	Valid values: 0 to 1000. Default value: 0. A value of 0 specifies that session persistence is disabled. Unit: seconds.
CookieTimeout	Integer	No	Yes	The timeout period of the cookie.	Valid values: 1 to 86400. Unit: seconds. Note You must specify this property when StickySession is set to on and StickySessionType is set to insert.
XForwardedFor	String	No	Yes	Specifies whether to use the X-Forwarded-Fort header to query the real IP address of a client.	Valid values: on off (default)
XForwardedFor_proto	String	No	Yes	Specifies whether to use the X-Forwarded-Proto header to query the listener protocol of the SLB instance.	Valid values: on off (default)
XForwardedFor_SLBID	String	No	Yes	Specifies whether to use the SLB-ID header to query the ID of the SLB instance.	Valid values: on off (default)
XForwardedFor_SLBIP	String	No	Yes	Specifies whether to use the SLB-IP header to query the real IP address that is requested by a client.	Valid values: on off (default)
Cookie	String	No	Yes	The cookie that you want to configure for the server.	The cookie must be 1 to 200 characters in length, and cannot start with a dollar sign ($). It can contain letters and digits, and cannot contain commas (,), semicolons (;), or spaces. Note You must specify this property when StickySession is set to on and StickySessionType is set to server.
StickySessionType	String	No	Yes	The method that you want to use to handle a cookie.	Valid values: insert: inserts a cookie. server: rewrites a cookie. Note You must specify this property when StickySession is set to on.
XForwardedFor_ClientSrcPort	String	No	Yes	Specifies whether to use the X-Forwarded-Client-srcport header to query the port that is used by a client to access the SLB instance.	Valid values: on off (default)
XForwardedFor_SLBPORT	String	No	Yes	Specifies whether to use the X-Forwarded-Port header to query the listener port of the SLB instance.	Valid values: on off (default)

HttpConfig syntax

"HttpConfig": {
  "ForwardPort": Integer,
  "ListenerForward": String
}

HttpConfig properties

Property

Type

Required

Editable

Description

Constraint

ForwardPort

Integer

The listener port that you want to use to redirect HTTP requests to HTTPS.

Valid values: 1 to 65535.

Default value: 443.

ListenerForward

String

Specifies whether to enable redirection from HTTP to HTTPS.

Valid values:

on
off (default)

PortRange syntax

"PortRange": [
  {
    "StartPort": Integer,
    "EndPort": Integer
  }
]

PortRange properties

Property	Type	Required	Editable	Description	Constraint
StartPort	Integer	Yes	No	The start port.	Set the value to 1.
EndPort	Integer	Yes	No	The end port.	Set the value to 65535.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]

Tags properties

Property	Type	Required	Editable	Description	Constraint
Key	String	Yes	No	The tag key.	None.
Value	String	No	No	The tag value.	None.

Return values

Fn::GetAtt

LoadBalancerId: the ID of the SLB instance.
ListenerPortsAndProtocol: the frontend ports and protocol that are used by the SLB instance.

Examples

`YAML` format

ROSTemplateFormatVersion: '2015-09-01'
Description: Test SLB Listener
Parameters:
  SlbInstanceId:
    AssociationProperty: ALIYUN::SLB::Instance::InstanceId
    Type: String
Resources:
  Listener:
    Type: ALIYUN::SLB::Listener
    Properties:
      BackendServerPort: 8080
      Bandwidth: 50
      ListenerPort: 80
      LoadBalancerId:
        Ref: SlbInstanceId
      Protocol: https
      Scheduler: wrr
Outputs: {}

`JSON` format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Description": "Test SLB Listener",
  "Parameters": {
    "SlbInstanceId": {
      "AssociationProperty": "ALIYUN::SLB::Instance::InstanceId",
      "Type": "String"
    }
  },
  "Resources": {
    "Listener": {
      "Type": "ALIYUN::SLB::Listener",
      "Properties": {
        "BackendServerPort": 8080,
        "Bandwidth": 50,
        "ListenerPort": 80,
        "LoadBalancerId": {
          "Ref": "SlbInstanceId"
        },
        "Protocol": "https",
        "Scheduler": "wrr"
      }
    }
  },
  "Outputs": {
  }
}