ALIYUN::CLOUDFW::TrFirewall类型用于创建TR防火墙。
语法
{
"Type": "ALIYUN::CLOUDFW::TrFirewall",
"Properties": {
"CenId": String,
"FirewallName": String,
"RouteMode": String,
"RegionNo": String,
"TransitRouterId": String,
"FirewallDescription": String,
"FirewallVpcId": String,
"FirewallSubnetCidr": String,
"FirewallVpcCidr": String,
"FirewallVswitchId": String,
"TrAttachmentMasterZone": String,
"TrAttachmentMasterCidr": String,
"TrAttachmentSlaveCidr": String,
"TrAttachmentSlaveZone": String
}
}
属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
CenId | String | 是 | 否 | 云企业网实例 ID。 | 无 |
FirewallName | String | 是 | 是 | 云防火墙的名称。 | 无 |
RouteMode | String | 是 | 否 | 路由模式。 | 取值:
|
RegionNo | String | 是 | 否 | 转发路由器实例 I 的地域 ID。 | 无 |
TransitRouterId | String | 是 | 否 | 转发路由器实例 ID。 | 无 |
FirewallDescription | String | 否 | 否 | 防火墙描述。 | 无 |
FirewallVpcId | String | 否 | 否 | 手动模式下创建防火墙 ENI 的 VPC ID。 | 无 |
FirewallSubnetCidr | String | 否 | 否 | 自动模式下防火墙 VPC 中存放防火墙 ENI 的子网网段。 | 无 |
FirewallVpcCidr | String | 否 | 否 | 自动模式下防火墙 VPC 网段。 | 无 |
FirewallVswitchId | String | 否 | 否 | 手动模式下创建防火墙 ENI 的 VSW ID。 | 无 |
TrAttachmentMasterZone | String | 否 | 否 | 交换机主可用区。 | 无 |
TrAttachmentMasterCidr | String | 否 | 否 | 自动模式下防火墙 VPC 中用于连接 TR 的子网主用网段。 | 无 |
TrAttachmentSlaveCidr | String | 否 | 否 | 自动模式下防火墙 VPC 中用于连接 TR 的子网备用网段。 | 无 |
TrAttachmentSlaveZone | String | 否 | 否 | 交换机备可用区。 | 无 |
返回值
Fn::GetAtt
FirewallId:VPC 边界防火墙实例 ID。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
RouteMode:
Type: String
Description:
en: |-
The routing mode of the VPC firewall. Valid values:
managed: automatic mode
manual: manual mode
AllowedValues:
- managed
- manual
Required: true
Default: manual
FirewallVpcId:
Type: Number
Description:
en: The ID of the VPC in which the ENI associated with the VPC firewall is created in manual mode.
Required: false
AssociationProperty: ALIYUN::ECS::VPC::VPCId
FirewallName:
Type: String
Description:
en: The name of the firewall.
Required: true
FirewallVswitchId:
Type: String
Description:
en: The ID of the vSwitch that is used to create the ENI in manual mode.
Required: false
AssociationProperty: ALIYUN::ECS::VSwitch
AssociationPropertyMetadata:
VpcId: ${FirewallVpcId}
CenId:
Type: String
Description:
en: The ID of the Cloud Enterprise Network (CEN) instance.
Required: true
AssociationProperty: ALIYUN::CEN::Instance::CenId
TransitRouterId:
Type: String
Description:
en: The ID of the transit router.
Required: true
Resources:
ExtensionResource:
Type: ALIYUN::CLOUDFW::TrFirewall
Properties:
RouteMode:
Ref: RouteMode
RegionNo:
Ref: ALIYUN::Region
FirewallVpcId:
Ref: FirewallVpcId
FirewallName:
Ref: FirewallName
FirewallVswitchId:
Ref: FirewallVswitchId
CenId:
Ref: CenId
TransitRouterId:
Ref: TransitRouterId
Outputs:
FirewallId:
Description: The instance ID of the VPC firewall.
Value:
Fn::GetAtt:
- ExtensionResource
- FirewallId
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"RouteMode": {
"Type": "String",
"Description": {
"en": "The routing mode of the VPC firewall. Valid values:\nmanaged: automatic mode\nmanual: manual mode"
},
"AllowedValues": [
"managed",
"manual"
],
"Required": true,
"Default": "manual"
},
"FirewallVpcId": {
"Type": "Number",
"Description": {
"en": "The ID of the VPC in which the ENI associated with the VPC firewall is created in manual mode."
},
"Required": false,
"AssociationProperty": "ALIYUN::ECS::VPC::VPCId"
},
"FirewallName": {
"Type": "String",
"Description": {
"en": "The name of the firewall."
},
"Required": true
},
"FirewallVswitchId": {
"Type": "String",
"Description": {
"en": "The ID of the vSwitch that is used to create the ENI in manual mode."
},
"Required": false,
"AssociationProperty": "ALIYUN::ECS::VSwitch",
"AssociationPropertyMetadata": {
"VpcId": "${FirewallVpcId}"
}
},
"CenId": {
"Type": "String",
"Description": {
"en": "The ID of the Cloud Enterprise Network (CEN) instance."
},
"Required": true,
"AssociationProperty": "ALIYUN::CEN::Instance::CenId"
},
"TransitRouterId": {
"Type": "String",
"Description": {
"en": "The ID of the transit router."
},
"Required": true
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::CLOUDFW::TrFirewall",
"Properties": {
"RouteMode": {
"Ref": "RouteMode"
},
"RegionNo": {
"Ref": "ALIYUN::Region"
},
"FirewallVpcId": {
"Ref": "FirewallVpcId"
},
"FirewallName": {
"Ref": "FirewallName"
},
"FirewallVswitchId": {
"Ref": "FirewallVswitchId"
},
"CenId": {
"Ref": "CenId"
},
"TransitRouterId": {
"Ref": "TransitRouterId"
}
}
}
},
"Outputs": {
"FirewallId": {
"Description": "The instance ID of the VPC firewall.",
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"FirewallId"
]
}
}
}
}