ALIYUN::ECS::SecurityGroupIngress類型用於建立安全性群組入方向的訪問規則。
文法
{
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"SourceGroupOwnerId": String,
"Description": String,
"PortRange": String,
"SecurityGroupId": String,
"NicType": String,
"Ipv6SourceCidrIp": String,
"Priority": Integer,
"SourceGroupId": String,
"Policy": String,
"IpProtocol": String,
"SourcePortRange": String,
"SourceCidrIp": String,
"SourcePrefixListId": String
}
}屬性
屬性名稱 | 類型 | 必須 | 允許更新 | 描述 | 約束 |
IpProtocol | String | 是 | 否 | IP協議。 | 取值:
|
PortRange | String | 是 | 否 | 目的端安全性群組開放的傳輸層協議相關的連接埠範圍。 | 取值:
|
SourcePrefixListId | String | 否 | 否 | 需要設定入方向存取權限的目的端首碼列表ID。 | 您可以調用雲端服務ECS的DescribePrefixLists查詢可以使用的首碼列表ID。 安全性群組的網路類型為傳統網路時,不支援設定首碼列表。 當您指定了SourceCidrIp、Ipv6SourceCidrIp與SourceFroupId參數中的任意一個時,將忽略該參數。 |
SourceGroupId | String | 否 | 否 | 需要設定存取權限的源端安全性群組ID。 | 至少設定SourceGroupId或者SourceCidrIp其中一項。 如果指定SourceGroupId,但未指定SourceCidrIp,則參數NicType取值為intranet。 如果同時指定SourceGroupId和SourceCidrIp,則預設以SourceCidrIp的設定為準。 |
SecurityGroupId | String | 否 | 否 | 需要建立入規則的安全性群組ID。 | 無 |
NicType | String | 否 | 否 | 網路類型。 | 取值:
當設定安全性群組之間互相訪問時,即指定DestGroupId但未指定DestCidrIp時,該參數取值為intranet。 |
Priority | Integer | 否 | 否 | 安全性群組規則優先順序。 | 取值範圍:1~100。 預設值:1。 |
SourceCidrIp | String | 否 | 否 | 源端IPv4 CIDR位址區段。 | 僅支援IPv4格式的IP位址範圍。 |
Policy | String | 否 | 否 | 存取權限。 | 取值:
|
SourceGroupOwnerId | String | 否 | 否 | 跨賬戶設定安全性群組規則時,源端安全性群組所屬的阿里雲賬戶ID。 | 如果SourceGroupOwnerId未設定,則預設設定您其他安全性群組的存取權限。 如果已經設定SourceCidrIp,則SourceGroupOwnerId的設定無效。 |
Description | String | 否 | 是 | 安全性群組規則的描述資訊。 | 長度為1~512個字元。 |
SourcePortRange | String | 否 | 否 | 源端安全性群組開放的傳輸層協議相關的連接埠範圍。 | 取值:
|
Ipv6SourceCidrIp | String | 否 | 否 | 源端IPv6 CIDR位址區段。 | 支援CIDR格式和IPv6格式的IP位址範圍。僅支援VPC類型的IP地址。 |
傳回值
Fn::GetAtt
無。
樣本
情境 1 :選擇已有安全性群組並開放入方向3306連接埠。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 選擇已有安全性群組並開放入方向3306連接埠。
en: Choose an existing security group and open inbound port 3306.
Parameters:
SecurityGroupId:
Type: String
Label:
en: Business Security Group ID
zh-cn: 業務安全性群組ID
AssociationProperty: ALIYUN::ECS::SecurityGroup::SecurityGroupId
Resources:
SecurityGroupIngress_3306:
Type: ALIYUN::ECS::SecurityGroupIngress
Properties:
SecurityGroupId:
Ref: SecurityGroupId
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
NicType: intranet
PortRange: 3306/3306
Outputs: {}
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "選擇已有安全性群組並開放入方向3306連接埠。",
"en": "Choose an existing security group and open inbound port 3306."
},
"Parameters": {
"SecurityGroupId": {
"Type": "String",
"Label": {
"en": "Business Security Group ID",
"zh-cn": "業務安全性群組ID"
},
"AssociationProperty": "ALIYUN::ECS::SecurityGroup::SecurityGroupId"
}
},
"Resources": {
"SecurityGroupIngress_3306": {
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"SecurityGroupId": {
"Ref": "SecurityGroupId"
},
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "3306/3306"
}
}
},
"Outputs": {
},
"Metadata": {
}
}情境 2 :建立安全性群組並開放入方向80連接埠。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 建立安全性群組開放入方向80連接埠。
en: Create an ECS security group to open inbound port 80.
Parameters:
ZoneId:
Type: String
Label:
en: Availability Zone
zh-cn: 可用性區域ID
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
Resources:
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock: 192.168.0.0/16
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ZoneId
VpcId:
Ref: Vpc
CidrBlock: 192.168.0.0/24
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
SecurityGroupIngress_80:
Type: ALIYUN::ECS::SecurityGroupIngress
Properties:
SecurityGroupId:
Ref: SecurityGroup
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
NicType: intranet
PortRange: 80/80
Outputs: {}
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "建立安全性群組開放入方向80連接埠。",
"en": "Create an ECS security group to open inbound port 80."
},
"Parameters": {
"ZoneId": {
"Type": "String",
"Label": {
"en": "Availability Zone",
"zh-cn": "可用性區域ID"
},
"AssociationProperty": "ALIYUN::ECS::Instance:ZoneId"
}
},
"Resources": {
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16"
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"ZoneId": {
"Ref": "ZoneId"
},
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.0.0/24"
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
}
}
},
"SecurityGroupIngress_80": {
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp",
"NicType": "intranet",
"PortRange": "80/80"
}
}
},
"Outputs": {
},
"Metadata": {
}
}情境 3 :建立ECS並開放入方向3000連接埠做為Flowise應用服務連接埠。
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 建立Ubuntu 22.04 ECS執行個體,配置安全性群組與網路,自動安裝Node.js與Flowise AI代理服務,提供外部存取URL。
en: Create an Ubuntu 22.04 ECS instance, configure security groups and networking, automate the installation of Node.js alongside the Flowise AI agent service, and provision an external access URL.
Parameters:
SystemDiskCategory:
Default: cloud_essd
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
LocaleKey: DiskCategory
AutoChangeType: false
InstanceType: ${InstanceType}
AutoSelectFirst: true
ZoneId: ${ZoneId}
Type: String
Label:
zh-cn: 系統硬碟類型
en: System Disk Type
InstanceType:
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
AssociationPropertyMetadata:
DefaultValueStrategy: recent
ZoneId: ${ZoneId}
Type: String
Label:
zh-cn: 執行個體類型
en: Instance Type
InstancePassword:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${SelectInstance}
- false
Description:
zh-cn: 伺服器登入密碼,長度8-30,必須包含三項(大寫字母、小寫字母、數字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符號)。
en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in).
Default: Null
Type: String
Label:
zh-cn: 執行個體密碼
en: Instance Password
NoEcho: true
AssociationProperty: ALIYUN::ECS::Instance::Password
ConstraintDescription:
zh-cn: 長度8-30,必須包含三項(大寫字母、小寫字母、數字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符號)。
en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in).
ZoneId:
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
Type: String
Description:
zh-cn: <b><font color='blue'>本模板會使用Git工具從GitHub上複製(clone)FlowiseAI/Flowise倉庫,在國內地區使用可能會有網路問題,可切換至海外地區。</font></b>
en: <b><font color='blue'>This template will clone the FlowiseAI/Flowise repository from GitHub using the Git tool. There may be network problems when using it in domestic regions. You can switch to overseas regions.</font></b>
Label:
zh-cn: 可用性區域ID
en: Availability Zone
Outputs:
FlowiseUrl:
Description: Flowise default address.
Value:
Fn::Sub:
- http://${IP}:3000
- IP:
Fn::Jq:
- First
- if .[0].PublicIpAddress != [] then .[0].PublicIpAddress[0] else .[0].EipAddress.IpAddress end
- Fn::GetAtt:
- DS_Instances
- Instances
Resources:
SecurityGroupIngress_3000:
Type: ALIYUN::ECS::SecurityGroupIngress
Properties:
IpProtocol: tcp
SecurityGroupId:
Ref: SecurityGroup
NicType: intranet
SourceCidrIp: 0.0.0.0/0
PortRange: 3000/3000
InstanceGroup:
Type: ALIYUN::ECS::InstanceGroup
Properties:
SystemDiskCategory:
Ref: SystemDiskCategory
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
ImageId: ubuntu_22_04
IoOptimized: optimized
VSwitchId:
Ref: VSwitch
Password:
Ref: InstancePassword
InstanceName: Flowise
InstanceType:
Ref: InstanceType
MaxAmount: 1
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
DS_Instances:
Type: DATASOURCE::ECS::Instances
Properties:
InstanceIds:
Fn::GetAtt:
- InstanceGroup
- InstanceIds
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock: 192.168.0.0/16
InstallFlowise:
Type: ALIYUN::ECS::RunCommand
Properties:
CommandContent: |
#!/bin/bash
echo "#########################"
echo "# Install NodeJS"
echo "#########################"
git clone https://github.com/nvm-sh/nvm.git /opt/nvm && cd /opt/nvm
ret_code=$?
if [ $ret_code -ne 0 ]; then
echo "Git clone https://github.com/nvm-sh/nvm.git failed. Exiting."
exit $ret_code
fi
./install.sh
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"
nvm install 22
npm config set registry https://registry.npmmirror.com
npm i -g pnpm
echo "#########################"
echo "# Install Flowise"
echo "#########################"
git clone --depth 1 https://github.com/FlowiseAI/Flowise.git /opt/Flowise && cd /opt/Flowise
ret_code=$?
if [ $ret_code -ne 0 ]; then
echo "Git clone https://github.com/FlowiseAI/Flowise.git failed. Exiting."
exit $ret_code
fi
pnpm install
pnpm build
nohup pnpm start > flowise.log 2>&1 &
Type: RunShellScript
Sync: true
InstanceIds:
Fn::GetAtt:
- InstanceGroup
- InstanceIds
Timeout: 1800
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
VpcId:
Ref: Vpc
CidrBlock: 192.168.0.0/24
ZoneId:
Ref: ZoneId
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "建立Ubuntu 22.04 ECS執行個體,配置安全性群組與網路,自動安裝Node.js與Flowise AI代理服務,提供外部存取URL。",
"en": "Create an Ubuntu 22.04 ECS instance, configure security groups and networking, automate the installation of Node.js alongside the Flowise AI agent service, and provision an external access URL."
},
"Parameters": {
"SystemDiskCategory": {
"Default": "cloud_essd",
"AssociationProperty": "ALIYUN::ECS::Disk::SystemDiskCategory",
"AssociationPropertyMetadata": {
"LocaleKey": "DiskCategory",
"AutoChangeType": false,
"InstanceType": "${InstanceType}",
"AutoSelectFirst": true,
"ZoneId": "${ZoneId}"
},
"Type": "String",
"Label": {
"zh-cn": "系統硬碟類型",
"en": "System Disk Type"
}
},
"InstanceType": {
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"AssociationPropertyMetadata": {
"DefaultValueStrategy": "recent",
"ZoneId": "${ZoneId}"
},
"Type": "String",
"Label": {
"zh-cn": "執行個體類型",
"en": "Instance Type"
}
},
"InstancePassword": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${SelectInstance}",
false
]
}
}
},
"Description": {
"zh-cn": "伺服器登入密碼,長度8-30,必須包含三項(大寫字母、小寫字母、數字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符號)。",
"en": "Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)."
},
"Default": null,
"Type": "String",
"Label": {
"zh-cn": "執行個體密碼",
"en": "Instance Password"
},
"NoEcho": true,
"AssociationProperty": "ALIYUN::ECS::Instance::Password",
"ConstraintDescription": {
"zh-cn": "長度8-30,必須包含三項(大寫字母、小寫字母、數字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符號)。",
"en": "Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)."
}
},
"ZoneId": {
"AssociationProperty": "ALIYUN::ECS::Instance:ZoneId",
"Type": "String",
"Description": {
"zh-cn": "<b><font color='blue'>本模板會使用Git工具從GitHub上複製(clone)FlowiseAI/Flowise倉庫,在國內地區使用可能會有網路問題,可切換至海外地區。</font></b>",
"en": "<b><font color='blue'>This template will clone the FlowiseAI/Flowise repository from GitHub using the Git tool. There may be network problems when using it in domestic regions. You can switch to overseas regions.</font></b>"
},
"Label": {
"zh-cn": "可用性區域ID",
"en": "Availability Zone"
}
}
},
"Outputs": {
"FlowiseUrl": {
"Description": "Flowise default address.",
"Value": {
"Fn::Sub": [
"http://${IP}:3000",
{
"IP": {
"Fn::Jq": [
"First",
"if .[0].PublicIpAddress != [] then .[0].PublicIpAddress[0] else .[0].EipAddress.IpAddress end",
{
"Fn::GetAtt": [
"DS_Instances",
"Instances"
]
}
]
}
}
]
}
}
},
"Resources": {
"SecurityGroupIngress_3000": {
"Type": "ALIYUN::ECS::SecurityGroupIngress",
"Properties": {
"IpProtocol": "tcp",
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"NicType": "intranet",
"SourceCidrIp": "0.0.0.0/0",
"PortRange": "3000/3000"
}
},
"InstanceGroup": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"SystemDiskCategory": {
"Ref": "SystemDiskCategory"
},
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "ubuntu_22_04",
"IoOptimized": "optimized",
"VSwitchId": {
"Ref": "VSwitch"
},
"Password": {
"Ref": "InstancePassword"
},
"InstanceName": "Flowise",
"InstanceType": {
"Ref": "InstanceType"
},
"MaxAmount": 1
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "Vpc"
}
}
},
"DS_Instances": {
"Type": "DATASOURCE::ECS::Instances",
"Properties": {
"InstanceIds": {
"Fn::GetAtt": [
"InstanceGroup",
"InstanceIds"
]
}
}
},
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"CidrBlock": "192.168.0.0/16"
}
},
"InstallFlowise": {
"Type": "ALIYUN::ECS::RunCommand",
"Properties": {
"CommandContent": "#!/bin/bash\necho \"#########################\"\necho \"# Install NodeJS\"\necho \"#########################\"\ngit clone https://github.com/nvm-sh/nvm.git /opt/nvm && cd /opt/nvm\nret_code=$?\nif [ $ret_code -ne 0 ]; then\n echo \"Git clone https://github.com/nvm-sh/nvm.git failed. Exiting.\"\n exit $ret_code\nfi\n./install.sh\nexport NVM_DIR=\"$HOME/.nvm\"\n[ -s \"$NVM_DIR/nvm.sh\" ] && \\. \"$NVM_DIR/nvm.sh\"\n[ -s \"$NVM_DIR/bash_completion\" ] && \\. \"$NVM_DIR/bash_completion\"\nnvm install 22\nnpm config set registry https://registry.npmmirror.com\nnpm i -g pnpm\n\necho \"#########################\"\necho \"# Install Flowise\"\necho \"#########################\"\ngit clone --depth 1 https://github.com/FlowiseAI/Flowise.git /opt/Flowise && cd /opt/Flowise\nret_code=$?\nif [ $ret_code -ne 0 ]; then\n echo \"Git clone https://github.com/FlowiseAI/Flowise.git failed. Exiting.\"\n exit $ret_code\nfi\npnpm install\npnpm build\nnohup pnpm start > flowise.log 2>&1 &\n",
"Type": "RunShellScript",
"Sync": true,
"InstanceIds": {
"Fn::GetAtt": [
"InstanceGroup",
"InstanceIds"
]
},
"Timeout": 1800
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.0.0/24",
"ZoneId": {
"Ref": "ZoneId"
}
}
}
},
"Metadata": {
}
}更多樣本,請參考包含此資源的公用模板。