All Products
Search

This Product

    Resource Orchestration Service:ALIYUN::VPC::TrafficMirrorFilter

    Document Center

    Resource Orchestration Service:ALIYUN::VPC::TrafficMirrorFilter

    Last Updated:Mar 30, 2023

    ALIYUN::VPC::TrafficMirrorFilter is used to create a filter for traffic mirroring.

    Syntax

    {
  "Type": "ALIYUN::VPC::TrafficMirrorFilter",
  "Properties": {
    "TrafficMirrorFilterDescription": String,
    "EgressRules": List,
    "TrafficMirrorFilterName": String,
    "IngressRules": List
  }
}

    Properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    TrafficMirrorFilterDescription

    String

    No

    Yes

    The description of the filter.

    The description must be 1 to 256 characters in length. The description cannot start with http:// or https://.

    EgressRules

    List

    No

    No

    Details of the outbound rules in the filter.

    For more information, see EgressRules properties.

    TrafficMirrorFilterName

    String

    No

    Yes

    The name of the filter.

    The name must be 1 to 128 characters in length. The name cannot start with http:// or https://.

    IngressRules

    List

    No

    No

    Details of the inbound rules in the filter.

    For more information, see IngressRules properties.

    EgressRules syntax

    "EgressRules": [
  {
    "DestinationPortRange": String,
    "Action": String,
    "SourcePortRange": String,
    "Priority": Integer,
    "SourceCidrBlock": String,
    "DestinationCidrBlock": String,
    "Protocol": String
  }
]

    EgressRules properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    DestinationPortRange

    String

    No

    No

    The destination port range of the outbound traffic.

    The supported ports range from 1 to 65535.

    Separate the start port and the end port with a forward slash (/). Sample values: 1/200 and 80/80.

    You cannot set this property to -1/-1. The value -1/-1 indicates that all ports are allowed.

    Note

    If you set the Protocol property in EgressRules to ALL or ICMP, you do not need to specify the DestinationPortRange property. In this case, all ports are allowed.

    Action

    String

    Yes

    No

    The action of the outbound rule.

    Valid values:

    • accept: accepts network traffic.

    • drop: drops network traffic.

    SourcePortRange

    String

    No

    No

    The source port range of the outbound traffic.

    The supported ports range from 1 to 65535.

    Separate the start port and the end port with a forward slash (/). Sample values: 1/200 and 80/80.

    You cannot set this property to -1/-1. The value -1/-1 indicates that all ports are allowed.

    Note

    If you set the Protocol property in EgressRules to ALL or ICMP, you do not need to specify the SourcePortRange property. In this case, all ports are allowed.

    Priority

    Integer

    No

    No

    The priority of the outbound rule.

    A smaller value indicates a higher priority.

    You can add up to 10 outbound rules in a filter.

    SourceCidrBlock

    String

    No

    No

    The source CIDR block of the outbound traffic.

    None.

    DestinationCidrBlock

    String

    No

    No

    The destination CIDR block of the outbound traffic.

    None.

    Protocol

    String

    Yes

    No

    The type of the protocol that is used by the outbound traffic that you want to mirror.

    Valid values:

    • ALL: all types of protocols

    • ICMP: Internet Control Message Protocol (ICMP)

    • TCP: Transmission Control Protocol (TCP)

    • UDP: User Datagram Protocol (UDP)

    IngressRules syntax

    "IngressRules": [
  {
    "DestinationPortRange": String,
    "Action": String,
    "SourcePortRange": String,
    "Priority": Integer,
    "SourceCidrBlock": String,
    "DestinationCidrBlock": String,
    "Protocol": String
  }
]

    IngressRules properties

    Property

    Type

    Required

    Editable

    Description

    Constraint

    DestinationPortRange

    String

    No

    No

    The destination port range of the inbound traffic.

    The supported ports range from 1 to 65535.

    Separate the start port and the end port with a forward slash (/). Sample values: 1/200 and 80/80.

    Note

    If you set the Protocol property in IngressRules to ALL or ICMP, you do not need to specify the DestinationPortRange property. In this case, all ports are allowed.

    Action

    String

    Yes

    No

    The action of the inbound rule.

    Valid values:

    • accept: accepts network traffic.

    • drop: drops network traffic.

    SourcePortRange

    String

    No

    No

    The source port range of the inbound traffic.

    The supported ports range from 1 to 65535.

    Separate the start port and the end port with a forward slash (/). Sample values: 1/200 and 80/80.

    Note

    If you set the Protocol property in IngressRules to ALL or ICMP, you do not need to specify the SourcePortRange property. In this case, all ports are allowed.

    Priority

    Integer

    No

    No

    The priority of the inbound rule.

    A smaller value indicates a higher priority.

    You can add up to 10 inbound rules in a filter.

    SourceCidrBlock

    String

    No

    No

    The source CIDR block of the inbound traffic.

    None.

    DestinationCidrBlock

    String

    No

    No

    The destination CIDR block of the inbound traffic.

    None.

    Protocol

    String

    Yes

    No

    The type of the protocol that is used by the inbound traffic that you want to mirror.

    Valid values:

    • ALL: all types of protocols

    • ICMP: ICMP

    • TCP: TCP

    • UDP: UDP

    Return values

    Fn::GetAtt

    • TrafficMirrorFilterDescription: the description of the filter.

    • EgressRules: details of the outbound rules in the filter.

    • TrafficMirrorFilterId: the ID of the filter.

    • TrafficMirrorFilterName: the name of the filter.

    • IngressRules: details of the inbound rules in the filter.

    Examples

    • YAML format

      ROSTemplateFormatVersion: '2015-09-01'
Parameters: {}
Resources:
  ExtensionResource:
    Type: ALIYUN::VPC::TrafficMirrorFilter
    Properties:
      EgressRules:
        - DestinationPortRange: 22/40
          Action: accept
          SourcePortRange: 22/40
          Priority: 1
          SourceCidrBlock: 10.0.0.0/24
          DestinationCidrBlock: 10.0.0.0/24
          Protocol: TCP
      TrafficMirrorFilterName: TestTrafficMirrorFilterName
      IngressRules:
        - Action: accept
          SourceCidrBlock: 10.0.0.0/24
          Protocol: TCP
          DestinationPortRange: 80/120
          Priority: 1
          DestinationCidrBlock: 10.0.0.0/24
          SourcePortRange: 80/120
Outputs:
  TrafficMirrorFilterDescription:
    Description: The description of the filter.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TrafficMirrorFilterDescription
  EgressRules:
    Description: Egress rules.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - EgressRules
  TrafficMirrorFilterId:
    Description: The ID of the filter.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TrafficMirrorFilterId
  TrafficMirrorFilterName:
    Description: The name of the filter.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TrafficMirrorFilterName
  IngressRules:
    Description: Ingress rules.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - IngressRules

    • JSON format

      {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::VPC::TrafficMirrorFilter",
      "Properties": {
        "EgressRules": [
          {
            "DestinationPortRange": "22/40",
            "Action": "accept",
            "SourcePortRange": "22/40",
            "Priority": 1,
            "SourceCidrBlock": "10.0.0.0/24",
            "DestinationCidrBlock": "10.0.0.0/24",
            "Protocol": "TCP"
          }
        ],
        "TrafficMirrorFilterName": "TestTrafficMirrorFilterName",
        "IngressRules": [
          {
            "Action": "accept",
            "SourceCidrBlock": "10.0.0.0/24",
            "Protocol": "TCP",
            "DestinationPortRange": "80/120",
            "Priority": 1,
            "DestinationCidrBlock": "10.0.0.0/24",
            "SourcePortRange": "80/120"
          }
        ]
      }
    }
  },
  "Outputs": {
    "TrafficMirrorFilterDescription": {
      "Description": "The description of the filter.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TrafficMirrorFilterDescription"
        ]
      }
    },
    "EgressRules": {
      "Description": "Egress rules.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "EgressRules"
        ]
      }
    },
    "TrafficMirrorFilterId": {
      "Description": "The ID of the filter.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TrafficMirrorFilterId"
        ]
      }
    },
    "TrafficMirrorFilterName": {
      "Description": "The name of the filter.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TrafficMirrorFilterName"
        ]
      }
    },
    "IngressRules": {
      "Description": "Ingress rules.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "IngressRules"
        ]
      }
    }
  }
}