ALIYUN::WAF3::Instance类型用于创建Web应用防火墙实例3.0。
语法
{
"Type": "ALIYUN::WAF3::Instance",
"Properties": {
"IgnoreExisting": Boolean,
"IntelligentLoadBalancing": Boolean,
"AutoRenew": Boolean,
"Period": Integer,
"BotWebProtection": Boolean,
"ApiSecurity": Boolean,
"AutoPay": Boolean,
"TrafficBillingProtectionThreshold": Integer,
"PayType": String,
"LogStorage": Integer,
"ElasticQps": Integer,
"DomainsExtension": Integer,
"WafVersion": String,
"ExclusiveIPAddress": Integer,
"AdditionalProtectionNodes": Integer,
"Region": String,
"QpsExtension": Integer,
"FraudDetection": Boolean,
"BotAppProtection": Boolean,
"LogService": Boolean,
"PeriodUnit": String
}
}属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
IgnoreExisting | Boolean | 否 | 否 | 是否忽略已有的WAF3实例。 | 取值:
如果WAF3实例不是由ROS创建的,它将在更新和删除阶段被忽略。 |
IntelligentLoadBalancing | Boolean | 否 | 否 | 是否开启智能负载均衡。 | 取值:
|
AutoRenew | Boolean | 否 | 否 | 是否到期自动续费。 | 取值:
|
Period | Integer | 否 | 否 | 购买时长。 | PeriodUnit的订阅周期为月,取值范围为1、3、6 。 当periodUnit为year时,取值范围为1、2、3 。 |
BotWebProtection | Boolean | 否 | 否 | 是否开启Bot管理Web防护。 | 取值:
|
ApiSecurity | Boolean | 否 | 否 | 是否开启API安全。 | API安全会检测符合指定特征的请求响应内容,以判断API是否存在数据泄露风险,开启则意味着授权WAF进行相关分析,如地域选择中国内地,则服务部署与数据处理均在中国内地。 |
AutoPay | Boolean | 否 | 否 | 是否自动付款。 | 取值:
|
TrafficBillingProtectionThreshold | Integer | 否 | 否 | 流量计费保护阈值。 | WAF3.0按量付费模式默认为您开启流量计费保护功能来解决因CC攻击等非预期因素导致的账单费用过高问题。当实际峰值流量超过流量计费保护设定的阈值该小时不产生账单费用且WAF实例将处于沙箱说明状态,如下个小时实际峰值流量低于设定阈值将自动解除沙箱状态。取值范围:1000~100000。 |
PayType | String | 是 | 否 | 付费模式。 | 取值:
|
LogStorage | Integer | 否 | 否 | 日志存储容量。 | 取值范围:3~150,单位TB。 |
ElasticQps | Integer | 否 | 否 | 弹性后付费QPS。 | 当您因大促等场景有短期或突发的业务流量上涨,且可能超过版本内的QPS峰值和QPS扩展之和时,可以开启弹性后付费,对超出的流量进行后付费,避免实例因超用进入沙箱,影响正常业务。取值范围:0~60000。 |
DomainsExtension | Integer | 否 | 否 | 域名扩展。 | 若实际所需接入域名数量超过版本内免费域名数,可以由该规格扩展域名数量。 域名计数不区分域名类型,主域名、子域名、泛域名等都各计做一个域名。取值范围:1~5000。 |
WafVersion | String | 否 | 否 | Web应用防火墙3.0版本。 | 取值:
|
ExclusiveIPAddress | Integer | 否 | 否 | 独享IP数量。 | 取值范围:0~100。 |
AdditionalProtectionNodes | Integer | 否 | 否 | 多云或混合云防护扩展节点。 | 如果您有多云、本地IDC、内网、专有云等环境业务需要WAF防护,但不能通过CNAME接入公共云WAF,希望通过本地WAF进行防护,可以购买多云/混合云防护扩展节点。 反向代理模式下,单一防护节点最大支持防护HTTP 5000 QPS或HTTPS 3000 QPS。 SDK服务化模式下,单一防护节点最大支持防护HTTP/HTTPS 15000 QPS,叠加节点实现扩容。取值范围:0~500。 |
Region | String | 是 | 否 | Web应用防火墙3.0支持的地区。 | 取值:
|
QpsExtension | Integer | 否 | 否 | QPS扩展。 | 取值范围:0~30000。 |
FraudDetection | Boolean | 否 | 否 | 是否启动风险识别。 | 购买BOT管理后可开启该功能,如登录或注册等场景所使用手机号标签异常,可进行阻断或人机校验,根据异常标签命中次数进行计费。取值:
|
BotAppProtection | Boolean | 否 | 否 | 是否开启Bot管理APP防护。 | 取值:
|
LogService | Boolean | 否 | 否 | WAF实例是否支持日志服务。 | 取值:
|
PeriodUnit | String | 否 | 否 | 订阅持续时间的单位。 | 取值:
|
返回值
Fn::GetAtt
InstanceId:WAF3实例ID。
示例
YAML格式ROSTemplateFormatVersion: '2015-09-01' Parameters: AdditionalProtectionNodes: Default: 0 Description: en: 'Each protection cluster has at least two protection nodes, and each node provides the protection capabilities of up to 5,000 QPS for HTTP requests or up to 3,000 QPS for HTTPS requests. You can add protection nodes to increase protection capabilities. ' MaxValue: 500 MinValue: 0 Required: false Type: Number ApiSecurity: Description: en: The API security feature detects responses with specified characteristics to check whether data leaks occur. After you enable the feature, WAF is authorized to perform related analysis on your data. If you select Chinese Mainland, service deployment and data processing are performed in the Chinese mainland. Required: false Type: Boolean AutoPay: Default: false Description: en: Whether to auto pay the bill. Required: false Type: Boolean AutoRenew: Description: en: Whether to auto renew the prepay instance. Required: false Type: Boolean BotAppProtection: Default: true Description: en: Bot management module for App protection. Required: false Type: Boolean BotWebProtection: Default: true Description: en: Bot management module for Web application protection. Required: false Type: Boolean DomainsExtension: Default: 0 Description: en: If the actual number of required access domain names exceeds the number of free domain names in the version, the number of domain names can be expanded according to this specification.Domain name counting does not differentiate between domain name types. The main domain name, sub-domain name, and pan-domain name are each counted as one domain name. MaxValue: 5000 MinValue: 0 Required: false Type: Number ElasticQps: Default: 0 Description: en: The burstable QPS (pay-as-you-go) feature is suitable for scenarios that involve short-term or sudden traffic surges, for example, during promotions. In these scenarios, the traffic peak may exceed the sum of the maximum QPS that is supported by your WAF edition and the extended QPS. If you enable the feature, you are charged based on the amount of excess QPS resources that you use. This helps prevent your domain names from being added to a sandbox when QPS resources are excessively used and helps ensure service continuity. MaxValue: 60000 MinValue: 0 Required: false Type: Number ExclusiveIPAddress: Default: 0 Description: en: Excluesive IP address number. MaxValue: 100 MinValue: 0 Required: false Type: Number FraudDetection: Default: true Description: en: 'You can enable this feature only after you enable the bot management module. If abnormal phone numbers are used in logon or registration scenarios, anomaly tags are matched. Requests from the abnormal phone numbers are blocked or CAPTCHA verification is required. You are charged based on the number of times that anomaly tags are matched. ' Required: false Type: Boolean IgnoreExisting: Default: false Description: en: 'Whether to ignore existing WAF3 instance False: ROS will perform a uniqueness check.If the WAF3 instance exists, an error will be reported when creating it. True: ROS will not check the uniqueness.If the WAF3 instance exists, the creation process will be ignored. If the WAF3 instance is not created by ROS, it will be ignored during update and delete stage.' Required: false Type: Boolean IntelligentLoadBalancing: Description: en: Intelligent load balancer for WAF instance. Required: false Type: Boolean LogService: Description: en: Log service for WAF instance. Required: false Type: Boolean LogStorage: Description: en: Log storage capacity. MaxValue: 150 MinValue: 3 Required: false Type: Number PayType: AllowedValues: - PayAsYouGo - Subscription Description: en: 'The billing method of the firewall instance. Valid values: PayAsYouGo: pay-as-you-go Subscription: subscription' Required: true Type: String Period: AllowedValues: - 1 - 2 - 3 - 6 AssociationProperty: PayPeriod Description: en: 'The subscription period of the firewallIf PeriodUnit is month, the valid range is 1, 3, 6 If periodUnit is year, the valid range is 1, 2, 3' Required: false Type: Number PeriodUnit: AllowedValues: - Month - Year AssociationProperty: PayPeriodUnit Description: en: 'The unit of the subscription duration. Valid values: Month Year Default value: Month.' Required: false Type: String QpsExtension: Default: 0 Description: en: Extended QPS. MaxValue: 30000 MinValue: 0 Required: false Type: Number Region: AllowedValues: - OutsideChineseMainland - ChineseMainland Description: en: "Web Application Firewall is available in the following regions: regions\ \ in the Chinese mainland, China (Hong Kong), Singapore (Singapore), Malaysia\ \ (Kuala Lumpur), US (Silicon Valley), Germany (Frankfurt),\ \ Indonesia (Jakarta), UAE (Dubai), and Japan (Tokyo).\n If\ \ your origin server is deployed within the Chinese mainland, select Chinese\ \ Mainland. If your origin server is deployed outside the Chinese mainland,\ \ select Outside Chinese mainland. Intelligent region selection is supported." Required: true Type: String TrafficBillingProtectionThreshold: Description: en: In pay-as-you-go WAF 3.0, the traffic billing protection feature is automatically enabled to prevent unexpected and unusually high bills that result from unpredictable factors such as HTTP flood attacks. A bill is not generated for an hour if the peak traffic exceeds the traffic billing protection threshold within the hour. Then, your WAF instance is added to a sandbox. If the peak traffic is lower than the traffic billing protection threshold the next hour, your WAF instance is removed from the sandbox. MaxValue: 100000 MinValue: 1000 Required: false Type: Number WafVersion: AllowedValues: - Basic - Pro - Enterprise - Ultimate Description: en: 'The version of WAF3.0. ' Required: false Type: String Resources: Instance: Properties: AdditionalProtectionNodes: Ref: AdditionalProtectionNodes ApiSecurity: Ref: ApiSecurity AutoPay: Ref: AutoPay AutoRenew: Ref: AutoRenew BotAppProtection: Ref: BotAppProtection BotWebProtection: Ref: BotWebProtection DomainsExtension: Ref: DomainsExtension ElasticQps: Ref: ElasticQps ExclusiveIPAddress: Ref: ExclusiveIPAddress FraudDetection: Ref: FraudDetection IgnoreExisting: Ref: IgnoreExisting IntelligentLoadBalancing: Ref: IntelligentLoadBalancing LogService: Ref: LogService LogStorage: Ref: LogStorage PayType: Ref: PayType Period: Ref: Period PeriodUnit: Ref: PeriodUnit QpsExtension: Ref: QpsExtension Region: Ref: Region TrafficBillingProtectionThreshold: Ref: TrafficBillingProtectionThreshold WafVersion: Ref: WafVersion Type: ALIYUN::WAF3::Instance Outputs: InstanceId: Description: Instance Id. Value: Fn::GetAtt: - Instance - InstanceIdJSON格式{ "ROSTemplateFormatVersion": "2015-09-01", "Parameters": { "IgnoreExisting": { "Type": "Boolean", "Description": { "en": "Whether to ignore existing WAF3 instance\nFalse: ROS will perform a uniqueness check.If the WAF3 instance exists, an error will be reported when creating it.\nTrue: ROS will not check the uniqueness.If the WAF3 instance exists, the creation process will be ignored.\nIf the WAF3 instance is not created by ROS, it will be ignored during update and delete stage." }, "Required": false, "Default": false }, "AutoRenew": { "Type": "Boolean", "Description": { "en": "Whether to auto renew the prepay instance." }, "Required": false }, "IntelligentLoadBalancing": { "Type": "Boolean", "Description": { "en": "Intelligent load balancer for WAF instance." }, "Required": false }, "Period": { "AssociationProperty": "PayPeriod", "Type": "Number", "Description": { "en": "The subscription period of the firewallIf PeriodUnit is month, the valid range is 1, 3, 6\nIf periodUnit is year, the valid range is 1, 2, 3" }, "AllowedValues": [ 1, 2, 3, 6 ], "Required": false }, "BotWebProtection": { "Type": "Boolean", "Description": { "en": "Bot management module for Web application protection." }, "Required": false, "Default": true }, "TrafficBillingProtectionThreshold": { "Type": "Number", "Description": { "en": "In pay-as-you-go WAF 3.0, the traffic billing protection feature is automatically enabled to prevent unexpected and unusually high bills that result from unpredictable factors such as HTTP flood attacks. A bill is not generated for an hour if the peak traffic exceeds the traffic billing protection threshold within the hour. Then, your WAF instance is added to a sandbox. If the peak traffic is lower than the traffic billing protection threshold the next hour, your WAF instance is removed from the sandbox." }, "Required": false, "MinValue": 1000, "MaxValue": 100000 }, "ApiSecurity": { "Type": "Boolean", "Description": { "en": "The API security feature detects responses with specified characteristics to check whether data leaks occur. After you enable the feature, WAF is authorized to perform related analysis on your data. If you select Chinese Mainland, service deployment and data processing are performed in the Chinese mainland." }, "Required": false }, "PayType": { "Type": "String", "Description": { "en": "The billing method of the firewall instance. Valid values:\nPayAsYouGo: pay-as-you-go\nSubscription: subscription" }, "AllowedValues": [ "PayAsYouGo", "Subscription" ], "Required": true }, "AutoPay": { "Type": "Boolean", "Description": { "en": "Whether to auto pay the bill." }, "Required": false, "Default": false }, "LogStorage": { "Type": "Number", "Description": { "en": "Log storage capacity." }, "Required": false, "MinValue": 3, "MaxValue": 150 }, "ElasticQps": { "Type": "Number", "Description": { "en": "The burstable QPS (pay-as-you-go) feature is suitable for scenarios that involve short-term or sudden traffic surges, for example, during promotions. In these scenarios, the traffic peak may exceed the sum of the maximum QPS that is supported by your WAF edition and the extended QPS. If you enable the feature, you are charged based on the amount of excess QPS resources that you use. This helps prevent your domain names from being added to a sandbox when QPS resources are excessively used and helps ensure service continuity." }, "Required": false, "MinValue": 0, "MaxValue": 60000, "Default": 0 }, "DomainsExtension": { "Type": "Number", "Description": { "en": "If the actual number of required access domain names exceeds the number of free domain names in the version, the number of domain names can be expanded according to this specification.Domain name counting does not differentiate between domain name types. The main domain name, sub-domain name, and pan-domain name are each counted as one domain name." }, "Required": false, "MinValue": 0, "MaxValue": 5000, "Default": 0 }, "WafVersion": { "Type": "String", "Description": { "en": "The version of WAF3.0.\n" }, "AllowedValues": [ "Basic", "Pro", "Enterprise", "Ultimate" ], "Required": false }, "AdditionalProtectionNodes": { "Type": "Number", "Description": { "en": "Each protection cluster has at least two protection nodes, and each node provides the protection capabilities of up to 5,000 QPS for HTTP requests or up to 3,000 QPS for HTTPS requests. You can add protection nodes to increase protection capabilities. " }, "Required": false, "MinValue": 0, "MaxValue": 500, "Default": 0 }, "ExclusiveIPAddress": { "Type": "Number", "Description": { "en": "Excluesive IP address number." }, "Required": false, "MinValue": 0, "MaxValue": 100, "Default": 0 }, "Region": { "Type": "String", "Description": { "en": "Web Application Firewall is available in the following regions: regions in the Chinese mainland, China (Hong Kong), Singapore (Singapore), Malaysia (Kuala Lumpur), US (Silicon Valley), Germany (Frankfurt), Indonesia (Jakarta), UAE (Dubai), and Japan (Tokyo).\n If your origin server is deployed within the Chinese mainland, select Chinese Mainland. If your origin server is deployed outside the Chinese mainland, select Outside Chinese mainland. Intelligent region selection is supported." }, "AllowedValues": [ "OutsideChineseMainland", "ChineseMainland" ], "Required": true }, "QpsExtension": { "Type": "Number", "Description": { "en": "Extended QPS." }, "Required": false, "MinValue": 0, "MaxValue": 30000, "Default": 0 }, "FraudDetection": { "Type": "Boolean", "Description": { "en": "You can enable this feature only after you enable the bot management module. If abnormal phone numbers are used in logon or registration scenarios, anomaly tags are matched. Requests from the abnormal phone numbers are blocked or CAPTCHA verification is required. You are charged based on the number of times that anomaly tags are matched. " }, "Required": false, "Default": true }, "BotAppProtection": { "Type": "Boolean", "Description": { "en": "Bot management module for App protection." }, "Required": false, "Default": true }, "LogService": { "Type": "Boolean", "Description": { "en": "Log service for WAF instance." }, "Required": false }, "PeriodUnit": { "AssociationProperty": "PayPeriodUnit", "Type": "String", "Description": { "en": "The unit of the subscription duration. Valid values:\nMonth\nYear\nDefault value: Month." }, "AllowedValues": [ "Month", "Year" ], "Required": false } }, "Resources": { "Instance": { "Type": "ALIYUN::WAF3::Instance", "Properties": { "IgnoreExisting": { "Ref": "IgnoreExisting" }, "AutoRenew": { "Ref": "AutoRenew" }, "IntelligentLoadBalancing": { "Ref": "IntelligentLoadBalancing" }, "Period": { "Ref": "Period" }, "BotWebProtection": { "Ref": "BotWebProtection" }, "TrafficBillingProtectionThreshold": { "Ref": "TrafficBillingProtectionThreshold" }, "ApiSecurity": { "Ref": "ApiSecurity" }, "PayType": { "Ref": "PayType" }, "AutoPay": { "Ref": "AutoPay" }, "LogStorage": { "Ref": "LogStorage" }, "ElasticQps": { "Ref": "ElasticQps" }, "DomainsExtension": { "Ref": "DomainsExtension" }, "WafVersion": { "Ref": "WafVersion" }, "AdditionalProtectionNodes": { "Ref": "AdditionalProtectionNodes" }, "ExclusiveIPAddress": { "Ref": "ExclusiveIPAddress" }, "Region": { "Ref": "Region" }, "QpsExtension": { "Ref": "QpsExtension" }, "FraudDetection": { "Ref": "FraudDetection" }, "BotAppProtection": { "Ref": "BotAppProtection" }, "LogService": { "Ref": "LogService" }, "PeriodUnit": { "Ref": "PeriodUnit" } } } }, "Outputs": { "InstanceId": { "Description": "Instance Id.", "Value": { "Fn::GetAtt": [ "Instance", "InstanceId" ] } } } }