ALIYUN::CLOUDFW::Instance类型用于创建云防火墙实例。
语法
{
"Type": "ALIYUN::CLOUDFW::Instance",
"Properties": {
"VpcBandwidth": Integer,
"AclExtension": Integer,
"NatFirewallNum": Integer,
"NatBandwidth": Integer,
"IpNum": Integer,
"AutoRenew": Boolean,
"Period": Integer,
"PayType": String,
"AutoPay": Boolean,
"LogStorage": Integer,
"LogAnalysis": Boolean,
"VpcFirewallNum": Integer,
"AccountNum": Integer,
"MultiAccountManagement": Boolean,
"Bandwidth": Integer,
"Spec": String,
"PeriodUnit": String,
"IgnoreExisting": Boolean
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
PayType | String | 是 | 否 | 付费方式。 | 取值:
|
AccountNum | Integer | 否 | 否 | 多账号管控数。 | 多账号管控数为您需要统一管控的成员账号数,可按需扩展。目前限时提供1个免费配额供您体验。取值范围:1~1000。 |
AclExtension | Integer | 否 | 否 | 当您版本的默认访问控制授权规格不够时,您可以购买访问控制的全局扩展规格。 | 此扩展支持与互联网和VPC边界ACL规范共享占用。取值范围:0~300000个。 |
AutoPay | Boolean | 否 | 否 | 是否自动付款。 | 取值:
|
AutoRenew | Boolean | 否 | 否 | 是否自动续订预付费实例。 | 取值:
|
Bandwidth | Integer | 否 | 否 | 公网流量处理能力。 | |
IgnoreExisting | Boolean | 否 | 否 | 是否忽略已有的云防火墙实例。 | 取值:
如果云防火墙实例不是由ROS创建的,在创建过程中将被忽略 更新和删除阶段。 |
IpNum | Integer | 否 | 否 | 可防护公网IP数。 | 取值范围:20~4000。 |
LogAnalysis | Boolean | 否 | 否 | 是否选购日志分析服务。 | 云防火墙默认含7天免费日志存储审计,如需要更长存储时长或满足等保要求,建议选购日志分析服务。 |
LogStorage | Integer | 否 | 否 | 日志存储容量。 | 存储容量选购参考:10 M公网带宽,存储6个月日志,推荐购买1000 GB日志存储容量,取值范围:1000~500000。 |
MultiAccountManagement | Boolean | 否 | 否 | 多账号统一管理。 | 当您的企业机构在云上有多个账号,需要实现统一集中化安全管理,可以选购云防火墙多账号统一管理服务。 如果您需要关闭多账号统一管理服务,请先在控制台关闭所管理成员账号的防火墙资产保护,并删除成员账号。 |
NatBandwidth | Integer | 否 | 否 | NAT私网流量处理能力。 | NAT防火墙处理的私网流量带宽大小。企业版默认带10 Mbps,旗舰版默认带20 Mbps。取值范围:0~1000。 单位:Mbps。 |
NatFirewallNum | Integer | 否 | 否 | NAT防火墙实例数。 | 每个NAT网关实例对应一个NAT防火墙实例。 高级版默认不包含它,企业版默认包含1个实例,旗舰版默认包含2个实例。 取值范围:0~20。 |
Period | Integer | 否 | 否 | 预付费时长。 | 当PeriodUnit为Month,取值范围为1、3、6, 当PeriodUnit为Year时,取值范围为1、2、3。 |
PeriodUnit | String | 否 | 否 | 续费单位。 | 取值:
|
Spec | String | 否 | 否 | 云防火墙的版本。 | 取值:
|
VpcBandwidth | Integer | 否 | 否 | VPC的网络处理能力。 | 取值范围:1000~15000。单位:Mbps。 |
VpcFirewallNum | Integer | 否 | 否 | VPC防火墙实例数。 | 创建的VPC防火墙实例数。如果您的VPC为云企业网(企业版)组网架构,每TR对应一个VPC防火墙实例;如果为云企业网(基础版)组网架构,每VPC对应一个VPC防火墙实例;如果为高速通道组网架构,每对VPC对应一个VPC防火墙实例。取值范围:2~500。 |
返回值
Fn::GetAtt
InstanceId:实例ID。
示例
YAML格式
ROSTemplateFormatVersion: '2015-09-01'
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- GroupType: Payment
Label:
default:
en: Payment
zh-cn: "\u4ED8\u8D39\u7C7B\u578B"
Parameters:
- Items:
- PayType
- Period
- PeriodUnit
Label: "\u652F\u4ED8\u65B9\u5F0F"
- Label:
default:
en: AutoRenew Configuration
zh-cn: "\u81EA\u52A8\u7EED\u8D39\u8BBE\u7F6E"
Parameters:
- AutoRenew
- Label:
default:
en: AutoPay Configuration
zh-cn: "\u81EA\u52A8\u652F\u4ED8\u8BBE\u7F6E"
Parameters:
- AutoPay
- Label:
default:
en: Spec Configuration
zh-cn: "\u9632\u706B\u5899\u89C4\u683C\u8BBE\u7F6E"
Parameters:
- Spec
- IpNum
- Bandwidth
- Label:
default:
en: Vpc Firewall Configuration
zh-cn: "VPC\u9632\u706B\u5899\u8BBE\u7F6E"
Parameters:
- VpcFirewallNum
- VpcBandwidth
- Label:
default:
en: Nat Firewall Configuration
zh-cn: "NAT\u9632\u706B\u5899\u8BBE\u7F6E"
Parameters:
- NatFirewallNum
- NatBandwidth
- Label:
default:
en: Instance Configuration
zh-cn: "\u5B9E\u4F8B\u8BBE\u7F6E"
Parameters:
- AclExtension
- MultiAccountManagement
- AccountNum
- LogAnalysis
- LogStorage
- Label:
default:
en: Other Configuration
zh-cn: "\u5176\u4ED6\u8BBE\u7F6E"
Parameters: []
Parameters:
AccountNum:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${PayType}
- Subscription
- Fn::Equals:
- ${MultiAccountManagement}
- true
Description:
en: The number of multi-account management and control is the number of member
accounts that you need to uniformly control.
zh-cn: "\u591A\u8D26\u53F7\u7BA1\u63A7\u6570\u4E3A\u60A8\u9700\u8981\u7EDF\u4E00\
\u7BA1\u63A7\u7684\u6210\u5458\u8D26\u53F7\u6570\uFF0C\u53EF\u6309\u9700\u6269\
\u5C55\u3002\u76EE\u524D\u9650\u65F6\u63D0\u4F9B1\u4E2A\u514D\u8D39\u914D\u989D\
\u4F9B\u60A8\u4F53\u9A8C"
Label:
zh-cn: "\u591A\u8D26\u53F7\u7BA1\u63A7\u6570"
Required: false
Type: Number
AclExtension:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: When the default access control authorization specifications of your version
are not enough, you can purchase global extension specifications of access
control. This extension supports shared occupancy with Internet and VPC boundary
ACL specifications.
zh-cn: "\u5F53\u60A8\u7248\u672C\u9ED8\u8BA4\u8BBF\u95EE\u63A7\u5236\u6388\u6743\
\u89C4\u683C\u4E0D\u591F\u7528\u65F6\uFF0C\u53EF\u91C7\u8D2D\u8BBF\u95EE\u63A7\
\u5236\u5168\u5C40\u6269\u5C55\u89C4\u683C\u3002\u8BE5\u6269\u5C55\u652F\u6301\
\u4E92\u8054\u7F51\u548CVPC\u8FB9\u754CACL\u89C4\u683C\u5171\u4EAB\u5360\u7528\
\u3002"
Label:
zh-cn: "\u8BBF\u95EE\u63A7\u5236\u5168\u5C40\u6269\u5C55"
MaxValue: 50000
MinValue: 0
Required: false
Type: Number
AutoPay:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Default: true
Description:
en: Whether to auto pay the bill.
Label:
zh-cn: "\u8BA2\u5355\u662F\u5426\u81EA\u52A8\u652F\u4ED8"
Required: false
Type: Boolean
AutoRenew:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: Whether to auto renew the prepay instance.
Label:
zh-cn: "\u5230\u671F\u662F\u5426\u81EA\u52A8\u7EED\u8D39"
Required: false
Type: Boolean
Bandwidth:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: 'Public network processing capability. Valid values: 10 to 15000. Unit:
Mbps.'
zh-cn: "\u516C\u7F51\u6D41\u91CF\u5904\u7406\u80FD\u529B\u662F\u6307\u4E91\u9632\
\u706B\u5899\u4E92\u8054\u7F51\u8FB9\u754C\u9632\u706B\u5899\uFF0C\u53EF\u9632\
\u62A4\u7684\u516C\u7F51\u51FA\u5165\u6D41\u91CF\u5CF0\u503C\uFF08\u5165\u5411\
\u6216\u51FA\u5411\u53D6\u5176\u9AD8\uFF09\uFF0C\u5EFA\u8BAE\u4E0E\u60A8\u4E1A\
\u52A1\u7684\u516C\u7F51\u5E26\u5BBD\u4FDD\u6301\u4E00\u81F4\uFF0C\u53EF\u968F\
\u65F6\u6269\u5BB9"
Label:
zh-cn: "\u516C\u7F51\u6D41\u91CF\u5904\u7406\u80FD\u529B(\u5355\u4F4DMbps)"
MaxValue: 15000
MinValue: 10
Required: false
Type: Number
IpNum:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: 'The number of public IPs that can be protected. Valid values: 20 to 4000.PremiumVersion:
[20, 1000]'
Label:
zh-cn: "\u53EF\u9632\u62A4\u516C\u7F51IP\u6570"
MaxValue: 4000
MinValue: 20
Required: false
Type: Number
LogAnalysis:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: The cloud firewall includes 7 days of free log storage and auditing by default.
If you need longer storage time or meet the requirements for equal protection,
it is recommended to purchase the log analysis service.
zh-cn: "\u4E91\u9632\u706B\u5899\u9ED8\u8BA4\u542B7\u5929\u514D\u8D39\u65E5\u5FD7\
\u5B58\u50A8\u5BA1\u8BA1\uFF0C\u5982\u9700\u8981\u66F4\u957F\u5B58\u50A8\u65F6\
\u957F\u6216\u6EE1\u8DB3\u7B49\u4FDD\u8981\u6C42\uFF0C\u5EFA\u8BAE\u9009\u8D2D\
\u65E5\u5FD7\u5206\u6790\u670D\u52A1"
Label:
zh-cn: "\u65E5\u5FD7\u5206\u6790"
Required: false
Type: Boolean
LogStorage:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${PayType}
- Subscription
- Fn::Equals:
- ${LogAnalysis}
- true
Description:
en: 'Reference for purchasing storage capacity: 10M public network bandwidth,
6 months of log storage, recommended purchase of 1000GB log storage capacity'
zh-cn: "\u5B58\u50A8\u5BB9\u91CF\u9009\u8D2D\u53C2\u8003\uFF1A10M\u516C\u7F51\
\u5E26\u5BBD\uFF0C\u5B58\u50A86\u4E2A\u6708\u65E5\u5FD7\uFF0C\u63A8\u8350\u8D2D\
\u4E701000GB\u65E5\u5FD7\u5B58\u50A8\u5BB9\u91CF"
Label:
zh-cn: "\u65E5\u5FD7\u5B58\u50A8\u5BB9\u91CF(\u5355\u4F4DGB)"
MaxValue: 500000
MinValue: 1000
Required: false
Type: Number
MultiAccountManagement:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Default: false
Description:
en: Multiple accounts on the enterprise cloud can be managed centrally on the
cloud firewall, including asset inventory, ACL policies, attack protection,
log reports, etc. After the member account is managed by the current account,
there will be no need to purchase it separately.
zh-cn: "\u4F01\u4E1A\u4E91\u4E0A\u591A\u4E2A\u8D26\u53F7\u53EF\u5728\u4E91\u9632\
\u706B\u5899\u7EDF\u4E00\u96C6\u4E2D\u5B89\u5168\u7BA1\u7406\uFF0C\u5305\u62EC\
\u8D44\u4EA7\u76D8\u70B9\u3001ACL\u7B56\u7565\u3001\u653B\u51FB\u9632\u62A4\
\u3001\u65E5\u5FD7\u62A5\u8868\u7B49\u3002\u6210\u5458\u8D26\u53F7\u88AB\u5F53\
\u524D\u8D26\u53F7\u7EDF\u7BA1\u540E\uFF0C\u5C06\u65E0\u9700\u5355\u72EC\u91C7\
\u8D2D"
Label:
zh-cn: "\u591A\u8D26\u53F7\u7EDF\u4E00\u7BA1\u7406"
Required: false
Type: Boolean
NatBandwidth:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: The bandwidth of private network traffic processed by the NAT firewall.
The premium version does not include it by default, the enterprise version
has 10Mbps by default, and the ultimate version has 20Mbps by default.
zh-cn: "NAT\u9632\u706B\u5899\u5904\u7406\u7684\u79C1\u7F51\u6D41\u91CF\u5E26\
\u5BBD\u5927\u5C0F\u3002\u9AD8\u7EA7\u7248\u9ED8\u8BA4\u4E0D\u542B\uFF0C\u4F01\
\u4E1A\u7248\u9ED8\u8BA4\u5E2610Mbps\uFF0C\u65D7\u8230\u7248\u7248\u9ED8\u8BA4\
\u5E2620Mbps\u3002"
Label:
zh-cn: "NAT\u79C1\u7F51\u6D41\u91CF\u5904\u7406\u80FD\u529B(\u5355\u4F4DMbps)"
MaxValue: 1000
MinValue: 0
Required: false
Type: Number
NatFirewallNum:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Description:
en: The number of NAT gateway instances of the NAT firewall you need to enable.
Each NAT gateway instance corresponds to one NAT firewall instance. The premium
version does not include it by default, the enterprise version comes with
1 specification by default,and the ultimate version comes with 2 specifications
by default.
zh-cn: "NAT\u9632\u706B\u5899\u5904\u7406\u7684\u79C1\u7F51\u6D41\u91CF\u5E26\
\u5BBD\u5927\u5C0F\u3002\u9AD8\u7EA7\u7248\u9ED8\u8BA4\u4E0D\u542B\uFF0C\u4F01\
\u4E1A\u7248\u9ED8\u8BA4\u5E2610Mbps\uFF0C\u65D7\u8230\u7248\u7248\u9ED8\u8BA4\
\u5E2620Mbps\u3002"
Label:
zh-cn: "NAT\u9632\u706B\u5899\u5B9E\u4F8B\u6570"
MaxValue: 20
MinValue: 0
Required: false
Type: Number
PayType:
AllowedValues:
- PayAsYouGo
- Subscription
AssociationProperty: ChargeType
AssociationPropertyMetadata:
PaymentDefinition:
PayAsYouGo: {}
Subscription:
Month:
- 1
- 3
- 6
Year:
- 1
- 2
- 3
Default: PayAsYouGo
Description:
en: 'The billing method of the firewall instance. Valid values:
PayAsYouGo: pay-as-you-go
Subscription: subscription'
Required: true
Type: String
Period:
AllowedValues:
- 1
- 2
- 3
- 6
AssociationProperty: PayPeriod
Default: 1
Description:
en: 'The subscription period of the firewallIf PeriodUnit is month, the valid
range is 1, 3, 6
If periodUnit is year, the valid range is 1, 2, 3'
Required: false
Type: Number
PeriodUnit:
AllowedValues:
- Month
- Year
AssociationProperty: PayPeriodUnit
Default: Month
Description:
en: 'The unit of the subscription duration. Valid values:
Month
Year
Default value: Month.'
Required: false
Type: String
Spec:
AllowedValues:
- PremiumVersion
- EnterpriseVersion
- UltimateVersion
AssociationPropertyMetadata:
Visible:
Condition:
Fn::Equals:
- ${PayType}
- Subscription
Default: PremiumVersion
Description:
en: The version of Cloud Firewall.
Label:
zh-cn: "\u9632\u706B\u5899\u7248\u672C"
Required: false
Type: String
VpcBandwidth:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${PayType}
- Subscription
- Fn::Or:
- Fn::Equals:
- ${Spec}
- EnterpriseVersion
- Fn::Equals:
- ${Spec}
- UltimateVersion
Description:
en: 'VPC network processing capability. Valid values: 1000 to 15000. Unit: Mbps.'
zh-cn: "VPC\u6D41\u91CF\u5904\u7406\u80FD\u529B\u662F\u6307\u4E91\u9632\u706B\
\u5899\u7684VPC\u8FB9\u754C\u9632\u706B\u5899\uFF0C\u53EF\u9632\u62A4\u7684\
\u8DE8VPC\u6D41\u91CF\u5CF0\u503C\uFF0C\u5EFA\u8BAE\u4E0E\u60A8\u4E1A\u52A1\
\u7684VPC\u5E26\u5BBD\u4FDD\u6301\u4E00\u81F4\uFF0C\u53EF\u968F\u65F6\u6269\
\u5BB9"
Label:
zh-cn: "VPC\u6D41\u91CF\u5904\u7406\u80FD\u529B(\u5355\u4F4DMbps)"
MaxValue: 15000
MinValue: 1000
Required: false
Type: Number
VpcFirewallNum:
AssociationPropertyMetadata:
Visible:
Condition:
Fn::And:
- Fn::Equals:
- ${PayType}
- Subscription
- Fn::Or:
- Fn::Equals:
- ${Spec}
- EnterpriseVersion
- Fn::Equals:
- ${Spec}
- UltimateVersion
Description:
en: The number of protected VPCs. It will be ignored when spec = "premium_version".
Valid values between 2 and 500.
zh-cn: "\u521B\u5EFA\u7684VPC\u9632\u706B\u5899\u5B9E\u4F8B\u6570\u3002\u5982\
\u679C\u60A8\u7684VPC\u4E3A\u4E91\u4F01\u4E1A\u7F51\uFF08\u4F01\u4E1A\u7248\
\uFF09\u7EC4\u7F51\u67B6\u6784\uFF0C\u6BCFTR\u5BF9\u5E94\u4E00\u4E2AVPC\u9632\
\u706B\u5899\u5B9E\u4F8B\uFF1B\u5982\u679C\u4E3A\u4E91\u4F01\u4E1A\u7F51\uFF08\
\u57FA\u7840\u7248\uFF09\u7EC4\u7F51\u67B6\u6784\uFF0C\u6BCFVPC\u5BF9\u5E94\
\u4E00\u4E2AVPC\u9632\u706B\u5899\u5B9E\u4F8B\uFF1B\u5982\u679C\u4E3A\u9AD8\
\u901F\u901A\u9053\u7EC4\u7F51\u67B6\u6784\uFF0C\u6BCF\u5BF9VPC\u5BF9\u5E94\
\u4E00\u4E2AVPC\u9632\u706B\u5899\u5B9E\u4F8B"
Label:
zh-cn: "VPC\u9632\u706B\u5899\u5B9E\u4F8B\u6570"
MaxValue: 500
MinValue: 2
Required: false
Type: Number
Resources:
Instance:
Properties:
AccountNum:
Ref: AccountNum
AclExtension:
Ref: AclExtension
AutoPay:
Ref: AutoPay
AutoRenew:
Ref: AutoRenew
Bandwidth:
Ref: Bandwidth
IpNum:
Ref: IpNum
LogAnalysis:
Ref: LogAnalysis
LogStorage:
Ref: LogStorage
MultiAccountManagement:
Ref: MultiAccountManagement
NatBandwidth:
Ref: NatBandwidth
NatFirewallNum:
Ref: NatFirewallNum
PayType:
Ref: PayType
Period:
Ref: Period
PeriodUnit:
Ref: PeriodUnit
Spec:
Ref: Spec
VpcBandwidth:
Ref: VpcBandwidth
VpcFirewallNum:
Ref: VpcFirewallNum
Type: ALIYUN::CLOUDFW::Instance
Outputs:
InstanceId:
Description: Instance Id.
Value:
Fn::GetAtt:
- Instance
- InstanceId
OrderId:
Description: Order id of created instance.
Value:
Fn::GetAtt:
- Instance
- OrderId
JSON格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
{
"Label": "支付方式",
"Items": [
"PayType",
"Period",
"PeriodUnit"
]
}
],
"GroupType": "Payment",
"Label": {
"default": {
"en": "Payment",
"zh-cn": "付费类型"
}
}
},
{
"Parameters": [
"AutoRenew"
],
"Label": {
"default": {
"en": "AutoRenew Configuration",
"zh-cn": "自动续费设置"
}
}
},
{
"Parameters": [
"AutoPay"
],
"Label": {
"default": {
"en": "AutoPay Configuration",
"zh-cn": "自动支付设置"
}
}
},
{
"Parameters": [
"Spec",
"IpNum",
"Bandwidth"
],
"Label": {
"default": {
"en": "Spec Configuration",
"zh-cn": "防火墙规格设置"
}
}
},
{
"Parameters": [
"VpcFirewallNum",
"VpcBandwidth"
],
"Label": {
"default": {
"en": "Vpc Firewall Configuration",
"zh-cn": "VPC防火墙设置"
}
}
},
{
"Parameters": [
"NatFirewallNum",
"NatBandwidth"
],
"Label": {
"default": {
"en": "Nat Firewall Configuration",
"zh-cn": "NAT防火墙设置"
}
}
},
{
"Parameters": [
"AclExtension",
"MultiAccountManagement",
"AccountNum",
"LogAnalysis",
"LogStorage"
],
"Label": {
"default": {
"en": "Instance Configuration",
"zh-cn": "实例设置"
}
}
},
{
"Parameters": [],
"Label": {
"default": {
"en": "Other Configuration",
"zh-cn": "其他设置"
}
}
}
]
}
},
"Parameters": {
"VpcBandwidth": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::And": [
{
"Fn::Equals": [
"${PayType}",
"Subscription"
]
},
{
"Fn::Or": [
{
"Fn::Equals": [
"${Spec}",
"EnterpriseVersion"
]
},
{
"Fn::Equals": [
"${Spec}",
"UltimateVersion"
]
}
]
}
]
}
}
},
"Type": "Number",
"Description": {
"en": "VPC network processing capability. Valid values: 1000 to 15000. Unit: Mbps.",
"zh-cn": "VPC流量处理能力是指云防火墙的VPC边界防火墙,可防护的跨VPC流量峰值,建议与您业务的VPC带宽保持一致,可随时扩容"
},
"Required": false,
"MinValue": 1000,
"Label": {
"zh-cn": "VPC流量处理能力(单位Mbps)"
},
"MaxValue": 15000
},
"AclExtension": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Number",
"Description": {
"en": "When the default access control authorization specifications of your version are not enough, you can purchase global extension specifications of access control. This extension supports shared occupancy with Internet and VPC boundary ACL specifications.",
"zh-cn": "当您版本默认访问控制授权规格不够用时,可采购访问控制全局扩展规格。该扩展支持互联网和VPC边界ACL规格共享占用。"
},
"Required": false,
"MinValue": 0,
"Label": {
"zh-cn": "访问控制全局扩展"
},
"MaxValue": 50000
},
"NatFirewallNum": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Number",
"Description": {
"en": "The number of NAT gateway instances of the NAT firewall you need to enable. Each NAT gateway instance corresponds to one NAT firewall instance. The premium version does not include it by default, the enterprise version comes with 1 specification by default,and the ultimate version comes with 2 specifications by default.",
"zh-cn": "NAT防火墙处理的私网流量带宽大小。高级版默认不含,企业版默认带10Mbps,旗舰版默认带20Mbps。"
},
"Required": false,
"MinValue": 0,
"Label": {
"zh-cn": "NAT防火墙实例数"
},
"MaxValue": 20
},
"NatBandwidth": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Number",
"Description": {
"en": "The bandwidth of private network traffic processed by the NAT firewall. The premium version does not include it by default, the enterprise version has 10Mbps by default, and the ultimate version has 20Mbps by default.",
"zh-cn": "NAT防火墙处理的私网流量带宽大小。高级版默认不含,企业版默认带10Mbps,旗舰版默认带20Mbps。"
},
"Required": false,
"MinValue": 0,
"Label": {
"zh-cn": "NAT私网流量处理能力(单位Mbps)"
},
"MaxValue": 1000
},
"IpNum": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Number",
"Description": {
"en": "The number of public IPs that can be protected. Valid values: 20 to 4000.PremiumVersion: [20, 1000]"
},
"Required": false,
"MinValue": 20,
"Label": {
"zh-cn": "可防护公网IP数"
},
"MaxValue": 4000
},
"AutoRenew": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Boolean",
"Description": {
"en": "Whether to auto renew the prepay instance."
},
"Required": false,
"Label": {
"zh-cn": "到期是否自动续费"
}
},
"Period": {
"AssociationProperty": "PayPeriod",
"Type": "Number",
"Description": {
"en": "The subscription period of the firewallIf PeriodUnit is month, the valid range is 1, 3, 6\nIf periodUnit is year, the valid range is 1, 2, 3"
},
"AllowedValues": [
1,
2,
3,
6
],
"Required": false,
"Default": 1
},
"PayType": {
"AssociationPropertyMetadata": {
"PaymentDefinition": {
"PayAsYouGo": {},
"Subscription": {
"Month": [
1,
3,
6
],
"Year": [
1,
2,
3
]
}
}
},
"AssociationProperty": "ChargeType",
"Type": "String",
"Description": {
"en": "The billing method of the firewall instance. Valid values:\nPayAsYouGo: pay-as-you-go\nSubscription: subscription"
},
"AllowedValues": [
"PayAsYouGo",
"Subscription"
],
"Required": true,
"Default": "PayAsYouGo"
},
"AutoPay": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Boolean",
"Description": {
"en": "Whether to auto pay the bill."
},
"Required": false,
"Label": {
"zh-cn": "订单是否自动支付"
},
"Default": true
},
"LogStorage": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::And": [
{
"Fn::Equals": [
"${PayType}",
"Subscription"
]
},
{
"Fn::Equals": [
"${LogAnalysis}",
true
]
}
]
}
}
},
"Type": "Number",
"Description": {
"en": "Reference for purchasing storage capacity: 10M public network bandwidth, 6 months of log storage, recommended purchase of 1000GB log storage capacity",
"zh-cn": "存储容量选购参考:10M公网带宽,存储6个月日志,推荐购买1000GB日志存储容量"
},
"Required": false,
"MinValue": 1000,
"Label": {
"zh-cn": "日志存储容量(单位GB)"
},
"MaxValue": 500000
},
"LogAnalysis": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Boolean",
"Description": {
"en": "The cloud firewall includes 7 days of free log storage and auditing by default. If you need longer storage time or meet the requirements for equal protection, it is recommended to purchase the log analysis service.",
"zh-cn": "云防火墙默认含7天免费日志存储审计,如需要更长存储时长或满足等保要求,建议选购日志分析服务"
},
"Required": false,
"Label": {
"zh-cn": "日志分析"
}
},
"VpcFirewallNum": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::And": [
{
"Fn::Equals": [
"${PayType}",
"Subscription"
]
},
{
"Fn::Or": [
{
"Fn::Equals": [
"${Spec}",
"EnterpriseVersion"
]
},
{
"Fn::Equals": [
"${Spec}",
"UltimateVersion"
]
}
]
}
]
}
}
},
"Type": "Number",
"Description": {
"en": "The number of protected VPCs. It will be ignored when spec = \"premium_version\". Valid values between 2 and 500.",
"zh-cn": "创建的VPC防火墙实例数。如果您的VPC为云企业网(企业版)组网架构,每TR对应一个VPC防火墙实例;如果为云企业网(基础版)组网架构,每VPC对应一个VPC防火墙实例;如果为高速通道组网架构,每对VPC对应一个VPC防火墙实例"
},
"Required": false,
"MinValue": 2,
"Label": {
"zh-cn": "VPC防火墙实例数"
},
"MaxValue": 500
},
"AccountNum": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::And": [
{
"Fn::Equals": [
"${PayType}",
"Subscription"
]
},
{
"Fn::Equals": [
"${MultiAccountManagement}",
true
]
}
]
}
}
},
"Type": "Number",
"Description": {
"en": "The number of multi-account management and control is the number of member accounts that you need to uniformly control.",
"zh-cn": "多账号管控数为您需要统一管控的成员账号数,可按需扩展。目前限时提供1个免费配额供您体验"
},
"Required": false,
"Label": {
"zh-cn": "多账号管控数"
}
},
"MultiAccountManagement": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Boolean",
"Description": {
"en": "Multiple accounts on the enterprise cloud can be managed centrally on the cloud firewall, including asset inventory, ACL policies, attack protection, log reports, etc. After the member account is managed by the current account, there will be no need to purchase it separately.",
"zh-cn": "企业云上多个账号可在云防火墙统一集中安全管理,包括资产盘点、ACL策略、攻击防护、日志报表等。成员账号被当前账号统管后,将无需单独采购"
},
"Required": false,
"Label": {
"zh-cn": "多账号统一管理"
},
"Default": false
},
"Bandwidth": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "Number",
"Description": {
"en": "Public network processing capability. Valid values: 10 to 15000. Unit: Mbps.",
"zh-cn": "公网流量处理能力是指云防火墙互联网边界防火墙,可防护的公网出入流量峰值(入向或出向取其高),建议与您业务的公网带宽保持一致,可随时扩容"
},
"Required": false,
"MinValue": 10,
"Label": {
"zh-cn": "公网流量处理能力(单位Mbps)"
},
"MaxValue": 15000
},
"Spec": {
"AssociationPropertyMetadata": {
"Visible": {
"Condition": {
"Fn::Equals": [
"${PayType}",
"Subscription"
]
}
}
},
"Type": "String",
"Description": {
"en": "The version of Cloud Firewall."
},
"AllowedValues": [
"PremiumVersion",
"EnterpriseVersion",
"UltimateVersion"
],
"Required": false,
"Label": {
"zh-cn": "防火墙版本"
},
"Default": "PremiumVersion"
},
"PeriodUnit": {
"AssociationProperty": "PayPeriodUnit",
"Type": "String",
"Description": {
"en": "The unit of the subscription duration. Valid values:\nMonth\nYear\nDefault value: Month."
},
"AllowedValues": [
"Month",
"Year"
],
"Required": false,
"Default": "Month"
}
},
"Resources": {
"Instance": {
"Type": "ALIYUN::CLOUDFW::Instance",
"Properties": {
"VpcBandwidth": {
"Ref": "VpcBandwidth"
},
"AclExtension": {
"Ref": "AclExtension"
},
"NatFirewallNum": {
"Ref": "NatFirewallNum"
},
"NatBandwidth": {
"Ref": "NatBandwidth"
},
"IpNum": {
"Ref": "IpNum"
},
"AutoRenew": {
"Ref": "AutoRenew"
},
"Period": {
"Ref": "Period"
},
"PayType": {
"Ref": "PayType"
},
"AutoPay": {
"Ref": "AutoPay"
},
"LogStorage": {
"Ref": "LogStorage"
},
"LogAnalysis": {
"Ref": "LogAnalysis"
},
"VpcFirewallNum": {
"Ref": "VpcFirewallNum"
},
"AccountNum": {
"Ref": "AccountNum"
},
"MultiAccountManagement": {
"Ref": "MultiAccountManagement"
},
"Bandwidth": {
"Ref": "Bandwidth"
},
"Spec": {
"Ref": "Spec"
},
"PeriodUnit": {
"Ref": "PeriodUnit"
}
}
}
},
"Outputs": {
"InstanceId": {
"Description": "Instance Id.",
"Value": {
"Fn::GetAtt": [
"Instance",
"InstanceId"
]
}
},
"OrderId": {
"Description": "Order id of created instance.",
"Value": {
"Fn::GetAtt": [
"Instance",
"OrderId"
]
}
}
}
}