ALIYUN::NLB::SecurityPolicy - Resource Orchestration Service

ALIYUN::NLB::SecurityPolicy is used to create a custom security policy for a TCP/SSL listener.

Syntax

{
  "Type": "ALIYUN::NLB::SecurityPolicy",
  "Properties": {
    "Ciphers": List,
    "ResourceGroupId": String,
    "SecurityPolicyName": String,
    "TlsVersions": List,
    "Tags": List
  }
}

Properties

Property	Type	Required	Editable	Description	Constraint
Ciphers	List	Yes	Yes	The supported cipher suites.	The valid values of Ciphers vary based on the version of the Transport Layer Security (TLS) protocol. You can specify up to 32 cipher suites. Valid values for TLS 1.0 and TLS 1.1: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA Valid values for TLS 1.2: ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA AES128-SHA AES256-SHA DES-CBC3-SHA ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 Valid values for TLS 1.3: TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256
ResourceGroupId	String	No	No	The ID of the resource group.	None.
SecurityPolicyName	String	No	Yes	The name of the security policy.	The name must be 1 to 200 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
TlsVersions	List	Yes	Yes	The supported versions of the TLS protocol.	Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.
Tags	List	No	Yes	The tags.	You can add up to 20 tags. For more information, see Tags properties.

Tags syntax

"Tags": [
  {
    "Value": String,
    "Key": String
  }
]

Tags properties

Property	Type	Required	Editable	Description	Constraint
Value	String	No	No	The tag value.	The tag value can be an empty string. The tag value can be up to 128 characters in length, and cannot start with `acs:`. It cannot contain `http://` or `https://`.
Key	String	Yes	No	The tag key.	The tag key cannot be an empty string. The tag key can be up to 128 characters in length, and cannot start with `aliyun` or `acs:`. It cannot contain `http://` or `https://`.

Return values

Fn::GetAtt

SecurityPolicyId: the ID of the TLS security policy.

Examples

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Ciphers:
    AssociationProperty: List[Parameter]
    AssociationPropertyMetadata:
      Parameter:
        Description:
          en: 'TLS 1.0 and TLS 1.1 support the following cipher suites:

            ECDHE-ECDSA-AES128-SHA

            ECDHE-ECDSA-AES256-SHA

            ECDHE-RSA-AES128-SHA

            ECDHE-RSA-AES256-SHA

            AES128-SHA

            AES256-SHA

            DES-CBC3-SHA

            TLS 1.2 supports the following cipher suites:

            ECDHE-ECDSA-AES128-SHA

            ECDHE-ECDSA-AES256-SHA

            ECDHE-RSA-AES128-SHA

            ECDHE-RSA-AES256-SHA

            AES128-SHA

            AES256-SHA

            DES-CBC3-SHA

            ECDHE-ECDSA-AES128-GCM-SHA256

            ECDHE-ECDSA-AES256-GCM-SHA384

            ECDHE-ECDSA-AES128-SHA256

            ECDHE-ECDSA-AES256-SHA384

            ECDHE-RSA-AES128-GCM-SHA256

            ECDHE-RSA-AES256-GCM-SHA384

            ECDHE-RSA-AES128-SHA256

            ECDHE-RSA-AES256-SHA384

            AES128-GCM-SHA256

            AES256-GCM-SHA384

            AES128-SHA256

            AES256-SHA256

            TLS 1.3 supports the following cipher suites:

            TLS_AES_128_GCM_SHA256

            TLS_AES_256_GCM_SHA384

            TLS_CHACHA20_POLY1305_SHA256

            TLS_AES_128_CCM_SHA256

            TLS_AES_128_CCM_8_SHA256'
        Required: false
        Type: String
    Description:
      en: TThe supported cipher suites, which are determined by the TLS protocol version.
        You can specify at most 32 cipher suites.
    MaxLength: 32
    MinLength: 1
    Required: true
    Type: Json
  ResourceGroupId:
    AssociationProperty: ALIYUN::ECS::ResourceGroup::ResourceGroupId
    Description:
      en: The ID of the resource group.
    Required: false
    Type: String
  SecurityPolicyName:
    Description:
      en: 'The name of the security policy.

        The name must be 1 to 200 characters in length, and can contain letters, digits,
        periods (.), underscores (_), and hyphens (-).'
    Required: false
    Type: String
  Tags:
    AssociationProperty: List[Parameters]
    AssociationPropertyMetadata:
      ListMetadata:
        Order:
        - Key
        - Value
      Parameters:
        Key:
          Required: true
          Type: String
        Value:
          Required: false
          Type: String
    Description:
      en: Tags to attach to instance. Max support 20 tags to add during create instance.
        Each tag with two properties Key and Value, and Key is required.
    MaxLength: 20
    Required: false
    Type: Json
  TlsVersions:
    AssociationProperty: List[Parameter]
    AssociationPropertyMetadata:
      Parameter:
        Required: false
        Type: String
    Description:
      en: 'The supported versions of the Transport Layer Security (TLS) protocol.
        Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3.'
    MaxLength: 4
    MinLength: 1
    Required: true
    Type: Json
Resources:
  SecurityPolicy:
    Properties:
      Ciphers:
        Ref: Ciphers
      ResourceGroupId:
        Ref: ResourceGroupId
      SecurityPolicyName:
        Ref: SecurityPolicyName
      Tags:
        Ref: Tags
      TlsVersions:
        Ref: TlsVersions
    Type: ALIYUN::NLB::SecurityPolicy
Outputs:
  SecurityPolicyId:
    Description: The ID of the security policy.
    Value:
      Fn::GetAtt:
      - SecurityPolicy
      - SecurityPolicyId

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Ciphers": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Description": {
            "en": "TLS 1.0 and TLS 1.1 support the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nTLS 1.2 supports the following cipher suites:\nECDHE-ECDSA-AES128-SHA\nECDHE-ECDSA-AES256-SHA\nECDHE-RSA-AES128-SHA\nECDHE-RSA-AES256-SHA\nAES128-SHA\nAES256-SHA\nDES-CBC3-SHA\nECDHE-ECDSA-AES128-GCM-SHA256\nECDHE-ECDSA-AES256-GCM-SHA384\nECDHE-ECDSA-AES128-SHA256\nECDHE-ECDSA-AES256-SHA384\nECDHE-RSA-AES128-GCM-SHA256\nECDHE-RSA-AES256-GCM-SHA384\nECDHE-RSA-AES128-SHA256\nECDHE-RSA-AES256-SHA384\nAES128-GCM-SHA256\nAES256-GCM-SHA384\nAES128-SHA256\nAES256-SHA256\nTLS 1.3 supports the following cipher suites:\nTLS_AES_128_GCM_SHA256\nTLS_AES_256_GCM_SHA384\nTLS_CHACHA20_POLY1305_SHA256\nTLS_AES_128_CCM_SHA256\nTLS_AES_128_CCM_8_SHA256"
          },
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "TThe supported cipher suites, which are determined by the TLS protocol version. You can specify at most 32 cipher suites."
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 32
    },
    "ResourceGroupId": {
      "AssociationProperty": "ALIYUN::ECS::ResourceGroup::ResourceGroupId",
      "Type": "String",
      "Description": {
        "en": "The ID of the resource group."
      },
      "Required": false
    },
    "SecurityPolicyName": {
      "Type": "String",
      "Description": {
        "en": "The name of the security policy.\nThe name must be 1 to 200 characters in length, and can contain letters, digits, periods (.), underscores (_), and hyphens (-)."
      },
      "Required": false
    },
    "TlsVersions": {
      "AssociationPropertyMetadata": {
        "Parameter": {
          "Type": "String",
          "Required": false
        }
      },
      "AssociationProperty": "List[Parameter]",
      "Type": "Json",
      "Description": {
        "en": "The supported versions of the Transport Layer Security (TLS) protocol. Valid values: TLSv1.0, TLSv1.1, TLSv1.2, and TLSv1.3."
      },
      "Required": true,
      "MinLength": 1,
      "MaxLength": 4
    },
    "Tags": {
      "AssociationPropertyMetadata": {
        "Parameters": {
          "Value": {
            "Type": "String",
            "Required": false
          },
          "Key": {
            "Type": "String",
            "Required": true
          }
        },
        "ListMetadata": {
          "Order": [
            "Key",
            "Value"
          ]
        }
      },
      "AssociationProperty": "List[Parameters]",
      "Type": "Json",
      "Description": {
        "en": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required."
      },
      "Required": false,
      "MaxLength": 20
    }
  },
  "Resources": {
    "SecurityPolicy": {
      "Type": "ALIYUN::NLB::SecurityPolicy",
      "Properties": {
        "Ciphers": {
          "Ref": "Ciphers"
        },
        "ResourceGroupId": {
          "Ref": "ResourceGroupId"
        },
        "SecurityPolicyName": {
          "Ref": "SecurityPolicyName"
        },
        "TlsVersions": {
          "Ref": "TlsVersions"
        },
        "Tags": {
          "Ref": "Tags"
        }
      }
    }
  },
  "Outputs": {
    "SecurityPolicyId": {
      "Description": "The ID of the security policy.",
      "Value": {
        "Fn::GetAtt": [
          "SecurityPolicy",
          "SecurityPolicyId"
        ]
      }
    }
  }
}