ALIYUN::VPC::ForwardEntry - 资源编排

ALIYUN::VPC::ForwardEntry类型用于在DNAT列表中添加DNAT条目。

语法

{
  "Type": "ALIYUN::VPC::ForwardEntry",
  "Properties": {
    "ExternalPort": String,
    "ExternalIp": String,
    "IpProtocol": String,
    "PortBreak": Boolean,
    "InternalPort": String,
    "ForwardEntryName": String,
    "InternalIp": String,
    "ForwardTableId": String
  }
}

属性

属性名称	类型	必须	允许更新	描述	约束
ExternalPort	String	是	否	外部端口或端口段。	当为公网NAT网关配置DNAT条目时，需要进行端口转发的外部端口或端口段。输入的端口范围需要在1~65535之间。如果需要在端口段内转发，请在输入时以正斜线（/）隔开起始端口，例如`10/20`。如果ExternalPort设置为端口段，则InternalPort也需要设置为端口段，且端口段的端口个数相同，例如ExternalPort设置为`10/20`，InternalPort设置为`80/90`。当为VPC NAT网关配置DNAT条目时，NAT IP地址被外部网络访问的端口，取值范围：1~65535。
ExternalIp	String	是	否	IP 地址。	当为公网NAT网关配置DNAT条目时，提供公网访问的弹性公网IP地址。当为VPC NAT网关配置DNAT条目时，提供外部网络访问的NAT IP地址。
IpProtocol	String	是	否	协议类型。	取值： TCP：转发TCP协议的报文。 UDP：转发UDP协议的报文。 Any：转发所有协议的报文。如果IpProtocol配置为Any，则ExternalPort和InternalPort也必须配置为Any，实现DNAT IP映射。
PortBreak	Boolean	否	否	是否开启端口突破。	取值： true：开启端口突破。 false（默认值）：不开启端口突破。说明当DNAT条目和SNAT条目使用同一个公网IP地址时，如果您需要配置大于1024的端口号，您需要指定PortBreak为true。
InternalPort	String	是	否	内部端口或端口段。	当为公网NAT网关配置DNAT条目时，需要进行端口转发的内部端口或端口段，取值范围：1~65535。当为VPC NAT网关配置DNAT条目时，需要映射的目标ECS实例端口，取值范围：1~65535。
ForwardEntryName	String	否	否	DNAT规则的名称。	无
InternalIp	String	是	否	私网IP。	当为公网NAT网关配置DNAT条目时，需要进行公网通信的ECS实例的私网IP地址，该私网IP地址需满足以下条件：必须属NAT网关所在的VPC的网段。必须被一个ECS实例使用且该实例没有绑定EIP时，DNAT条目才生效。当为VPC NAT网关配置DNAT条目时，需要通过DNAT规则进行通信的私网IP地址。
ForwardTableId	String	是	否	DNAT列表的ID。	无

返回值

Fn::GetAtt

ForwardEntryId：DNAT条目的ID。

示例

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Metadata:
  ALIYUN::ROS::Interface:
    ParameterGroups:
    - Label:
        default:
          en: DNAT Configure
          zh-cn: "DNAT\u8BBE\u7F6E"
      Parameters:
      - ForwardTableId
      - PortBreak
      - ForwardEntryName
    - Label:
        default:
          en: Network Configure
          zh-cn: "\u7F51\u7EDC\u8BBE\u7F6E"
      Parameters:
      - ExternalIp
      - InternalIp
      - ExternalPort
      - InternalPort
      - IpProtocol
    - Label:
        default:
          en: Other Configure
          zh-cn: "\u5176\u4ED6\u8BBE\u7F6E"
      Parameters: []
Parameters:
  ExternalIp:
    Description:
      en: Source IP, must belongs to bandwidth package internet IP
    Label:
      zh-cn: "\u516C\u7F51IP\u5730\u5740"
    Required: true
    Type: String
  ExternalPort:
    Description:
      en: Source port, now support [1-65535]|Any|x/y
    Label:
      zh-cn: "\u516C\u7F51\u7AEF\u53E3"
    Required: true
    Type: String
  ForwardEntryName:
    Description:
      en: the name of the DNAT rule is 2-128 characters long and must start with a
        letter or Chinese, but cannot begin with HTTP:// or https://.
    Label:
      zh-cn: "DNAT\u89C4\u5219\u7684\u540D\u79F0"
    Required: false
    Type: String
  ForwardTableId:
    Description:
      en: Create forward entry in specified forward table.
    Label:
      zh-cn: "DNAT\u8868\u7684ID"
    Required: true
    Type: String
  InternalIp:
    Description:
      en: Destination IP, must belong to VPC private IP
    Label:
      zh-cn: "\u79C1\u7F51IP\u5730\u5740"
    Required: true
    Type: String
  InternalPort:
    Description:
      en: Destination port, now support [1-65535]|Any|x/y
    Label:
      zh-cn: "\u79C1\u7F51\u7AEF\u53E3"
    Required: true
    Type: String
  IpProtocol:
    AllowedValues:
    - TCP
    - UDP
    - Any
    Description:
      en: Supported protocol, Now support 'TCP|UDP|Any'
    Label:
      zh-cn: "\u534F\u8BAE\u7C7B\u578B"
    Required: true
    Type: String
  PortBreak:
    Description:
      en: Specifies whether to remove limits on the port range.
    Label:
      zh-cn: "\u662F\u5426\u5F00\u542F\u7AEF\u53E3\u7A81\u7834"
    Required: false
    Type: Boolean
Resources:
  ForwardTableEntry:
    Properties:
      ExternalIp:
        Ref: ExternalIp
      ExternalPort:
        Ref: ExternalPort
      ForwardEntryName:
        Ref: ForwardEntryName
      ForwardTableId:
        Ref: ForwardTableId
      InternalIp:
        Ref: InternalIp
      InternalPort:
        Ref: InternalPort
      IpProtocol:
        Ref: IpProtocol
      PortBreak:
        Ref: PortBreak
    Type: ALIYUN::VPC::ForwardEntry
Outputs:
  ForwardEntryId:
    Description: The id of created forward entry.
    Value:
      Fn::GetAtt:
      - ForwardTableEntry
      - ForwardEntryId

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Metadata": {
    "ALIYUN::ROS::Interface": {
      "ParameterGroups": [
        {
          "Parameters": [
            "ForwardTableId",
            "PortBreak",
            "ForwardEntryName"
          ],
          "Label": {
            "default": {
              "en": "DNAT Configure",
              "zh-cn": "DNAT设置"
            }
          }
        },
        {
          "Parameters": [
            "ExternalIp",
            "InternalIp",
            "ExternalPort",
            "InternalPort",
            "IpProtocol"
          ],
          "Label": {
            "default": {
              "en": "Network Configure",
              "zh-cn": "网络设置"
            }
          }
        },
        {
          "Parameters": [],
          "Label": {
            "default": {
              "en": "Other Configure",
              "zh-cn": "其他设置"
            }
          }
        }
      ]
    }
  },
  "Parameters": {
    "ExternalPort": {
      "Type": "String",
      "Description": {
        "en": "Source port, now support [1-65535]|Any|x/y"
      },
      "Required": true,
      "Label": {
        "zh-cn": "公网端口"
      }
    },
    "ExternalIp": {
      "Type": "String",
      "Description": {
        "en": "Source IP, must belongs to bandwidth package internet IP"
      },
      "Required": true,
      "Label": {
        "zh-cn": "公网IP地址"
      }
    },
    "IpProtocol": {
      "Type": "String",
      "AllowedValues": [
        "TCP",
        "UDP",
        "Any"
      ],
      "Description": {
        "en": "Supported protocol, Now support 'TCP|UDP|Any'"
      },
      "Required": true,
      "Label": {
        "zh-cn": "协议类型"
      }
    },
    "PortBreak": {
      "Type": "Boolean",
      "Description": {
        "en": "Specifies whether to remove limits on the port range."
      },
      "Required": false,
      "Label": {
        "zh-cn": "是否开启端口突破"
      }
    },
    "InternalPort": {
      "Type": "String",
      "Description": {
        "en": "Destination port, now support [1-65535]|Any|x/y"
      },
      "Required": true,
      "Label": {
        "zh-cn": "私网端口"
      }
    },
    "ForwardEntryName": {
      "Type": "String",
      "Description": {
        "en": "the name of the DNAT rule is 2-128 characters long and must start with a letter or Chinese, but cannot begin with HTTP:// or https://."
      },
      "Required": false,
      "Label": {
        "zh-cn": "DNAT规则的名称"
      }
    },
    "InternalIp": {
      "Type": "String",
      "Description": {
        "en": "Destination IP, must belong to VPC private IP"
      },
      "Required": true,
      "Label": {
        "zh-cn": "私网IP地址"
      }
    },
    "ForwardTableId": {
      "Type": "String",
      "Description": {
        "en": "Create forward entry in specified forward table."
      },
      "Required": true,
      "Label": {
        "zh-cn": "DNAT表的ID"
      }
    }
  },
  "Resources": {
    "ForwardTableEntry": {
      "Type": "ALIYUN::VPC::ForwardEntry",
      "Properties": {
        "ExternalPort": {
          "Ref": "ExternalPort"
        },
        "ExternalIp": {
          "Ref": "ExternalIp"
        },
        "IpProtocol": {
          "Ref": "IpProtocol"
        },
        "PortBreak": {
          "Ref": "PortBreak"
        },
        "InternalPort": {
          "Ref": "InternalPort"
        },
        "ForwardEntryName": {
          "Ref": "ForwardEntryName"
        },
        "InternalIp": {
          "Ref": "InternalIp"
        },
        "ForwardTableId": {
          "Ref": "ForwardTableId"
        }
      }
    }
  },
  "Outputs": {
    "ForwardEntryId": {
      "Description": "The id of created forward entry.",
      "Value": {
        "Fn::GetAtt": [
          "ForwardTableEntry",
          "ForwardEntryId"
        ]
      }
    }
  }
}