全部產品
Search
文件中心

Resource Orchestration Service:ALIYUN::ALB::SecurityPolicy

更新時間:Jun 15, 2024

ALIYUN::ALB::SecurityPolicy類型用於建立自訂安全性原則。

文法

{
  "Type": "ALIYUN::ALB::SecurityPolicy",
  "Properties": {
    "Ciphers": List,
    "ResourceGroupId": String,
    "TLSVersions": List,
    "SecurityPolicyName": String
  }
}

屬性

屬性名稱

類型

必須

允許更新

描述

約束

Ciphers

List

支援的加密套件。

取值:

  • TLSv1.0和TLSv1.1 支援:

    • ECDHE-ECDSA-AES128-SHA

    • ECDHE-ECDSA-AES256-SHA

    • ECDHE-RSA-AES128-SHA

    • ECDHE-RSA-AES256-SHA

    • AES128-SHA

    • AES256-SHA

    • DES-CBC3-SHA

  • TLSv1.2支援:

    • ECDHE-ECDSA-AES128-SHA

    • ECDHE-ECDSA-AES256-SHA

    • ECDHE-RSA-AES128-SHA

    • ECDHE-RSA-AES256-SHA

    • AES128-SHA

    • AES256-SHA

    • DES-CBC3-SHA

    • ECDHE-ECDSA-AES128-GCM-SHA256

    • ECDHE-ECDSA-AES256-GCM-SHA384

    • ECDHE-ECDSA-AES128-SHA256

    • ECDHE-ECDSA-AES256-SHA384

    • ECDHE-RSA-AES128-GCM-SHA256

    • ECDHE-RSA-AES256-GCM-SHA384

    • ECDHE-RSA-AES128-SHA256

    • ECDHE-RSA-AES256-SHA384

    • AES128-GCM-SHA256

    • AES256-GCM-SHA384

    • AES128-SHA256

    • AES256-SHA256

  • TLSv1.3支援:

    • TLS_AES_128_GCM_SHA256

    • TLS_AES_256_GCM_SHA384

    • TLS_CHACHA20_POLY1305_SHA256

    • TLS_AES_128_CCM_SHA256

    • TLS_AES_128_CCM_8_SHA256

說明

當TLSVersions取值支援Ciphers時,該參數才生效。

SecurityPolicyName

String

安全性原則名稱。

長度為2~128個英文或中文字元,必須以大小字母或中文開頭,可包含數字、半形句號(.)、底線(_)和短劃線(-)。

TLSVersions

List

支援的TLS協議版本。

取值:

  • TLSv1.0

  • TLSv1.1

  • TLSv1.2

  • TLSv1.3

ResourceGroupId

String

資源群組ID。

傳回值

Fn::GetAtt

SecurityPolicyId:安全性原則ID。

樣本

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Ciphers:
    Description: 'The supported cipher suites, which are determined by the TLS protocol
      version.

      The specified cipher suites must be supported by at least one TLS protocol version
      that you specify.

      Note For example, if you set the TLSVersions parameter to TLSv1.3, you must
      specify cipher suites that are supported by TLS 1.3.'
    MaxLength: 20
    MinLength: 1
    Type: Json
  SecurityPolicyName:
    Description: 'The name of the security policy.

      The name must be 2 to 128 characters in length, and can contain letters, digits,
      periods

      (.), underscores (_), and hyphens (-). The name must start with a letter.'
    Type: String
  TLSVersions:
    Description: 'The supported versions of the Transport Layer Security (TLS) protocol.
      Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3 and so on.'
    MaxLength: 5
    MinLength: 1
    Type: Json
Resources:
  SecurityPolicy:
    Properties:
      Ciphers:
        Ref: Ciphers
      SecurityPolicyName:
        Ref: SecurityPolicyName
      TLSVersions:
        Ref: TLSVersions
    Type: ALIYUN::ALB::SecurityPolicy
Outputs:
  SecurityPolicyId:
    Description: The ID of the security policy.
    Value:
      Fn::GetAtt:
      - SecurityPolicy
      - SecurityPolicyId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Ciphers": {
      "Type": "Json",
      "Description": "The supported cipher suites, which are determined by the TLS protocol version.\nThe specified cipher suites must be supported by at least one TLS protocol version that you specify.\nNote For example, if you set the TLSVersions parameter to TLSv1.3, you must specify cipher suites that are supported by TLS 1.3.",
      "MinLength": 1,
      "MaxLength": 20
    },
    "TLSVersions": {
      "Type": "Json",
      "Description": "The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3 and so on.",
      "MinLength": 1,
      "MaxLength": 5
    },
    "SecurityPolicyName": {
      "Type": "String",
      "Description": "The name of the security policy.\nThe name must be 2 to 128 characters in length, and can contain letters, digits, periods\n(.), underscores (_), and hyphens (-). The name must start with a letter."
    }
  },
  "Resources": {
    "SecurityPolicy": {
      "Type": "ALIYUN::ALB::SecurityPolicy",
      "Properties": {
        "Ciphers": {
          "Ref": "Ciphers"
        },
        "TLSVersions": {
          "Ref": "TLSVersions"
        },
        "SecurityPolicyName": {
          "Ref": "SecurityPolicyName"
        }
      }
    }
  },
  "Outputs": {
    "SecurityPolicyId": {
      "Description": "The ID of the security policy.",
      "Value": {
        "Fn::GetAtt": [
          "SecurityPolicy",
          "SecurityPolicyId"
        ]
      }
    }
  }
}