注意事項

• Terraform運行環境：阿里雲Cloud Shell

• Terraform版本：0.12

• alicloud版本：1.203.0

• resource定義：cloud_firewall_vpc_firewall_control_policy

前提條件

• 已建立阿里雲帳號和存取金鑰（AccessKey）。具體操作，請參見建立AccessKey。

• 已經安裝並配置了Terraform。

為指定VPC防火牆策略組添加存取控制策略

1. 在Terraform執行目錄下的terraform.tf檔案中，配置如下內容。

   程式碼範例如下：

   provider "alicloud" {
     version = "~> 1.203.0"
   }
   
   resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
     order            = "1"
     destination      = "192.XX.XX.2/32"
     application_name = "ANY"
     description      = "Created_by_Terraform"
     source_type      = "net"
     dest_port        = "80/88"
     acl_action       = "accept"
     lang             = "zh"
     destination_type = "net"
     source           = "192.XX.XX.1/32"
     dest_port_type   = "port"
     proto            = "TCP"
     release          = true
     member_uid       = "141518928482****"
     vpc_firewall_id  = "vfw-d7b8ce273791475b****"
   }

2. 運行terraform init，對環境進行初始化。

   程式碼範例如下：

   Initializing the backend...
   
   Initializing provider plugins...
   - Checking for available provider plugins...
   - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.203.0...
   
   
   Warning: registry.terraform.io: For users on Terraform 0.13 or greater, this provider has moved to aliyun/alicloud. Please update your source in required_providers.
   
   
   Terraform has been successfully initialized!
   
   You may now begin working with Terraform. Try running "terraform plan" to see
   any changes that are required for your infrastructure. All Terraform commands
   should now work.
   
   If you ever set or change modules or backend configuration for Terraform,
   rerun this command to reinitialize your working directory. If you forget, other
   commands will detect it and remind you to do so if necessary.

3. 運行terraform apply。出現如下配置資訊後，確認配置資訊並輸入yes，開始建立。

   程式碼範例如下：

   An execution plan has been generated and is shown below.
   Resource actions are indicated with the following symbols:
     + create
   
   Terraform will perform the following actions:
   
     # alicloud_cloud_firewall_vpc_firewall_control_policy.default will be created
     + resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
         + acl_action              = "accept"
         + acl_uuid                = (known after apply)
         + application_id          = (known after apply)
         + application_name        = "ANY"
         + description             = "Created_by_Terraform"
         + dest_port               = "80/88"
         + dest_port_group_ports   = (known after apply)
         + dest_port_type          = "port"
         + destination             = "192.XX.XX.2/32"
         + destination_group_cidrs = (known after apply)
         + destination_group_type  = (known after apply)
         + destination_type        = "net"
         + hit_times               = (known after apply)
         + id                      = (known after apply)
         + lang                    = "zh"
         + member_uid              = "141518928482****"
         + order                   = 1
         + proto                   = "TCP"
         + release                 = true
         + source                  = "192.XX.XX.1/32"
         + source_group_cidrs      = (known after apply)
         + source_group_type       = (known after apply)
         + source_type             = "net"
         + vpc_firewall_id         = "vfw-d7b8ce273791475b****"
       }
   
   Plan: 1 to add, 0 to change, 0 to destroy.
   
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: yes
   
   alicloud_cloud_firewall_vpc_firewall_control_policy.default: Creating...
   alicloud_cloud_firewall_vpc_firewall_control_policy.default: Creation complete after 2s [id=vfw-d7b8ce273791475b****:ba164e52-acd2-4899-bf72-6816b13a****]
   
   Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

   建立成功後，可以返回指定的VPC防火牆ID：vfw-d7b8ce273791475b****，添加的存取控制策略ID為：ba164e52-acd2-4899-bf72-6816b13a****。

4. 查看結果。

   • 運行terraform show查看VPC防火牆存取控制策略詳細資料。

     # alicloud_cloud_firewall_vpc_firewall_control_policy.default:
     resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
         acl_action              = "accept"
         acl_uuid                = "ba164e52-acd2-4899-bf72-6816b13a****"
         application_id          = "0"
         application_name        = "ANY"
         description             = "Created_by_Terraform"
         dest_port               = "80/88"
         dest_port_group_ports   = []
         dest_port_type          = "port"
         destination             = "192.XX.XX.2/32"
         destination_group_cidrs = []
         destination_type        = "net"
         hit_times               = 0
         id                      = "vfw-d7b8ce273791475b****:ba164e52-acd2-4899-bf72-6816b13a****"
         lang                    = "zh"
         member_uid              = "1415189284827****"
         order                   = 1
         proto                   = "TCP"
         release                 = true
         source                  = "192.XX.XX..1/32"
         source_group_cidrs      = []
         source_type             = "net"
         vpc_firewall_id         = "vfw-d7b8ce273791475b****"
     }

   • 登入Cloud Firewall控制台，在存取控制>VPC邊界頁面，查看VPC邊界防火牆存取控制策略詳細資料。