use ALIYUN::VPC::NatGateway to create a NAT gateway - Resource Orchestration Service

ALIYUN::VPC::NatGateway is used to create a NAT gateway.

Syntax

{
  "Type": "ALIYUN::VPC::NatGateway",
  "Properties": {
    "Description": String,
    "NatGatewayName": String,
    "InstanceChargeType": String,
    "PricingCycle": String,
    "VSwitchId": String,
    "Duration": Number,
    "DeletionProtection": Boolean,
    "InternetChargeType": String,
    "AutoPay": Boolean,
    "NatType": String,
    "DeletionForce": Boolean,
    "VpcId": String,
    "Tags": List,
    "NetworkType": String,
    "EipBindMode": String,
    "IcmpReplyEnabled": Boolean,
    "SecurityProtectionEnabled": Boolean
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
Description	String	No	No	The description of the NAT gateway.	The description must be 2 to 256 characters in length, and cannot start with `http://` or `https://`.
NatGatewayName	String	No	No	The name of the NAT gateway.	The name must be 2 to 128 characters in length. The name must start with a letter and cannot start with `http://` or `https://`. The name can contain letters, digits, periods (.), underscores (_), and hyphens (-). If you leave this property empty, the gateway ID is used as the gateway name.
InstanceChargeType	String	No	No	The billing method of the NAT gateway.	Valid values: PostPaid (default) PrePaid
PricingCycle	String	No	No	The unit of the subscription duration.	Valid values: Month (default) Year You must specify this property when InstanceChargeType is set to PrePaid.
VSwitchId	String	Yes	No	The vSwitch ID of the NAT gateway.	When you create an enhanced NAT gateway, you must specify a vSwitch for the NAT gateway. Then, the system assigns an idle private IP address from the vSwitch to the NAT gateway. If you want to create an enhanced NAT gateway and attach the gateway to an existing vSwitch, make sure that the zone to which the vSwitch belongs supports enhanced NAT gateways. In addition, the vSwitch must have idle private IP addresses. If you want to create an enhanced NAT gateway when you do not have a vSwitch, you must create a vSwitch in a zone that supports enhanced NAT gateways. Then, you can specify the vSwitch for the enhanced NAT gateway. You can call the ListEnhanhcedNatGatewayAvailableZones operation to query the zones that support enhanced NAT gateways and call the DescribeVSwitches to query the number of idle private IP addresses in a vSwitch.
Duration	Number	No	No	The subscription duration.	Valid values when PricingCycle is set to Month: 1 to 9. Valid values when PricingCycle is set to Year: 1 to 3. You must specify this property when InstanceChargeType is set to PrePaid.
DeletionProtection	Boolean	No	Yes	Specifies whether to enable the deletion protection feature.	Valid values: true false
InternetChargeType	String	No	No	The metering method of the NAT gateway.	Set the value to PayByLcu. A value of PayByLcu specifies the pay-by-CU metering method.
AutoPay	Boolean	No	No	Specifies whether to enable the automatic payment feature.	Valid values: false: disables the automatic payment feature. After an order is generated, you must go to the order center to complete the payment. true (default): enables the automatic payment feature. After an order is generated, the system automatically completes the payment. You must specify this property when InstanceChargeType is set to PrePaid.
NatType	String	No	No	The type of the NAT gateway.	Set the value to Enhanced. A value of Enhanced specifies an enhanced NAT gateway.
DeletionForce	Boolean	No	No	Specifies whether to forcefully delete the NAT gateway.	Valid values: true false
VpcId	String	Yes	No	The ID of the virtual private cloud (VPC) in which you want to create the NAT gateway.	If you want to create a standard NAT gateway in a VPC, make sure that the route table of the VPC does not contain a route entry whose destination CIDR block is set to 0.0.0.0/0. If a route entry whose destination CIDR block is set to 0.0.0.0/0 exists, you must delete the route entry before you create the standard NAT gateway. Note The preceding limit does not apply when you create an enhanced NAT gateway in a VPC.
NetworkType	String	No	No	The network type of the NAT gateway.	Valid values: Internet (default): Internet NAT gateway Intranet: VPC NAT gateway
Tags	List	No	Yes	The tags of the NAT gateway.	You can add up to 20 tags. For more information, see Tags syntax and Tags properties.
EipBindMode	String	No	No	The mode in which you want to associate the NAT gateway with an elastic IP address (EIP).	Valid values: MULTI_BINDED (default): Multi-EIP-to-ENI mode. NAT: NAT mode. IPv4 gateways are supported. In NAT mode, you can associate a NAT gateway with up to 50 EIPs. The EIP occupies one private IP address in the vSwitch of the NAT gateway. Note If the vSwitch of the NAT gateway does not have idle private IP addresses, the NAT gateway fails to be associated with the EIP.
IcmpReplyEnabled	Boolean	No	No	Specifies whether to enable the Internet Control Message Protocol (ICMP) non-retrieval feature.	Valid values: true false (default)
SecurityProtectionEnabled	Boolean	No	No	Specifies whether to enable the firewall feature.	Valid values: true false (default)

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]

Tags properties

Property	Type	Required	Editable	Description	Constraint
Key	String	Yes	No	The tag key.	The tag key must be 1 to 64 characters in length, and cannot contain `http://` or `https://`. The tag key cannot start with `aliyun` or `acs:`. The tag key can contain letters, digits, periods (.), underscores (_), and hyphens (-).
Value	String	No	No	The tag value.	The tag value can be up to 128 characters in length, and cannot contain `http://` or `https://`. The tag value cannot start with `aliyun` or `acs:`. The tag value can contain letters, digits, periods (.), underscores (_), and hyphens (-).

Return values

Fn::GetAtt

NatGatewayId: the ID of the NAT gateway.
SNatTableId: the ID of the SNAT entry.
ForwardTableId: the ID of the DNAT entry.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Description: Test ECS NatGateway
Parameters:
  VPC:
    AssociationProperty: ALIYUN::ECS::VPC::VPCId
    Type: String
    Label:
       
      en: Existing VPC Instance ID
  VSwitch:
    AssociationProperty: ALIYUN::ECS::VSwitch::VSwitchId
    Type: String
    Label:
       
      en: VSwitch ID
    AssociationPropertyMetadata:
      VpcId: VPC
Resources:
  NatGateway:
    Type: ALIYUN::VPC::NatGateway
    Properties:
      NatGatewayName: mytest
      VpcId:
        Ref: VPC
      VSwitchId:
        Ref: VSwitch
Outputs:
  NatGatewayId:
    Value:
      Fn::GetAtt:
        - NatGateway
        - NatGatewayId
  BandwidthPackageId:
    Value:
      Fn::GetAtt:
        - BandwidthPackage
        - BandwidthPackageId
  BandwidthPackageIps:
    Value:
      Fn::GetAtt:
        - CommonBandwidthPackageIp
        - IpAddresses

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Description": "Test ECS NatGateway",
  "Parameters": {
    "VPC": {
      "AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
      "Type": "String",
      "Label": {
         
        "en": "Existing VPC Instance ID"
      }
    },
    "VSwitch": {
      "AssociationProperty": "ALIYUN::ECS::VSwitch::VSwitchId",
      "Type": "String",
      "Label": {
         
        "en": "VSwitch ID"
      },
      "AssociationPropertyMetadata": {
        "VpcId": "VPC"
      }
    }
  },
  "Resources": {
    "NatGateway": {
      "Type": "ALIYUN::VPC::NatGateway",
      "Properties": {
        "NatGatewayName": "mytest",
        "VpcId": {
          "Ref": "VPC"
        },
        "VSwitchId": {
          "Ref": "VSwitch"
        }
      }
    }
  },
  "Outputs": {
    "NatGatewayId": {
      "Value": {
        "Fn::GetAtt": [
          "NatGateway",
          "NatGatewayId"
        ]
      }
    },
    "BandwidthPackageId": {
      "Value": {
        "Fn::GetAtt": [
          "BandwidthPackage",
          "BandwidthPackageId"
        ]
      }
    },
    "BandwidthPackageIps": {
      "Value": {
        "Fn::GetAtt": [
          "CommonBandwidthPackageIp",
          "IpAddresses"
        ]
      }
    }
  }
}