全部产品
Search

搜索本产品

    资源编排:ALIYUN::WAF3::TGW

    文档中心

    资源编排:ALIYUN::WAF3::TGW

    更新时间:Aug 13, 2024

    ALIYUN::WAF3::TGW类型用于创建透明资产。

    语法

    {
  "Type": "ALIYUN::WAF3::TGW",
  "Properties": {
    "InstanceId": String,
    "Listen": Map,
    "ResourceGroupId": String,
    "Redirect": Map
  }
}

    属性

    属性名称

    类型

    必须

    允许更新

    描述

    约束

    InstanceId

    String

    WAF 实例的 ID。

    Listen

    Map

    配置监听信息。

    更多信息,请参见Listen属性。

    ResourceGroupId

    String

    资源组 ID。

    Redirect

    Map

    配置转发信息。

    Listen语法

    "Listen": {
  "CustomCiphers": List,
  "TLSVersion": String,
  "Http2Enabled": Boolean,
  "CipherSuite": Integer,
  "EnableTLSv3": Boolean,
  "Port": Integer,
  "ResourceProduct": String,
  "Certificates": List,
  "Protocol": String,
  "ResourceInstanceId": String
}

    Listen属性

    属性名称

    类型

    必须

    允许更新

    描述

    约束

    Port

    Integer

    监听端口。

    Protocol

    String

    协议类型。

    ResourceProduct

    String

    访问WAF的云产品。

    ResourceInstanceId

    String

    连接到WAF的云产品实例ID。

    CustomCiphers

    List

    自定义加密套件列表。

    此参数仅在CipherSuite设置为99时使用。最多支持配置5个自定义加密套件。

    CipherSuite

    Integer

    加密套件类型。

    取值:

    • 1:表示添加全部加密套件。

    • 2:表示添加强加密套件。

    • 99:表示添加自定义加密套件。

    Certificates

    List

    绑定到证书的域名。

    最多支持绑定10个证书。

    EnableTLSv3

    Boolean

    是否支持 TLS1.3 版本。

    取值:

    • true:表示支持 TLS1.3 版本。

    • false:表示不支持 TLS1.3 版本。

    Http2Enabled

    Boolean

    是否开启 HTTP2。

    取值:

    • true:表示开启 HTTP2。

    • false:表示不开启 HTTP2。

    TLSVersion

    String

    TLS 的版本。

    取值:

    • tlsv1

    • tlsv1.1

    • tlsv1.2

    Certificates语法

    "Certificates": [
  {
    "AppliedType": String,
    "CertificateId": String
  }
]

    Certificates属性

    属性名称

    类型

    必须

    允许更新

    描述

    约束

    AppliedType

    String

    HTTPS协议的证书类型。

    有效值:

    • default: 表示默认证书。

    • extension: 表示扩展证书。

    CertificateId

    String

    已添加证书的ID。

    Redirect语法

    "Redirect": {
  "XffHeaders": List,
  "WriteTimeout": Integer,
  "XffHeaderMode": Integer,
  "Keepalive": Boolean,
  "RequestHeaders": List,
  "KeepaliveRequests": Integer,
  "KeepaliveTimeout": Integer,
  "ReadTimeout": Integer,
  "XffProto": Boolean
}

    Redirect属性

    属性名称

    类型

    必须

    允许更新

    描述

    约束

    Keepalive

    Boolean

    是否保持长连接。

    取值:

    • true(默认):表示保持长连接。

    • false:表示不保持长连接。

    KeepaliveRequests

    Integer

    多路复用长连接的请求次数。

    取值范围:60~1000,单位:次。

    KeepaliveTimeout

    Integer

    空闲长连接超时时间。

    取值范围:1~60,默认值为15,单位:秒。

    RequestHeaders

    List

    域名的流量标签字段和值。

    用于标记由WAF处理的流量。

    ReadTimeout

    Integer

    读取超时时长。

    单位:秒。取值范围:1~3600。

    WriteTimeout

    Integer

    写入超时时长。

    单位:秒。取值范围:1~3600。

    XffHeaders

    List

    设置用于获取客户端IP的自定义字段列表。

    格式表达为["header1", "header2", ...]。最多支持配置20个自定义字段。

    XffHeaderMode

    Integer

    WAF 获取客户端真实 IP 的方式。

    取值:

    • 0:表示客户端访问流量到 WAF 前没有经过其他七层代理转发。

    • 1:表示 WAF 读取请求头中 X-Forwarded-For(XFF)字段的第一个值作为客户端 IP。

    • 2:表示 WAF 读取请求头中由您设置的自定义字段值作为客户端 IP。

    XffProto

    Boolean

    X-Forward-For-Proto 传递 WAF 的协议。

    取值:

    • true(默认):表示传递 WAF 的协议。

    • false:表示不传递 WAF 的协议。

    RequestHeaders语法

    "RequestHeaders": [
  {
    "Value": String,
    "Key": String
  }
]

    RequestHeaders属性

    属性名称

    类型

    必须

    允许更新

    描述

    约束

    Key

    String

    指定的自定义请求头部字段。

    Value

    String

    指定的自定义请求头部字段设定的值。

    返回值

    Fn::GetAtt

    • InstanceId:WAF 实例的 ID。

    • Port:访问WAF的云产品端口。

    • ResourceProduct:访问WAF的云产品。

    • TgwId:透明访问资源的保护对象ID。

    示例

    • YAML格式 

      ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  InstanceId:
    Type: String
    Description:
      en: The ID of the WAF instance.
    Required: true
  Listen:
    AssociationPropertyMetadata:
      Parameters:
        CustomCiphers:
          Type: Json
          Description:
            en: Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99.
          Required: false
          MinLength: 0
          MaxLength: 5
        TLSVersion:
          Type: String
          Description:
            en: |-
              The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
              tlsv1
              tlsv1.1
              tlsv1.2
          AllowedValues:
            - tlsv1
            - tlsv1.1
            - tlsv1.2
          Required: false
        Http2Enabled:
          Type: Boolean
          Description:
            en: |-
              Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
              true: Enable HTTP2.
              false (default): Disable HTTP2.
          Required: false
        CipherSuite:
          Type: Number
          Description:
            en: |-
              The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:
              1: Indicates adding all encryption suites.
              2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.
              99: Indicates adding a custom encryption suite.
          Required: false
        EnableTLSv3:
          Type: Boolean
          Description:
            en: |-
              Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:
              true: indicates that TSL1.3 version is supported.
              false: indicates that TSL1.3 version is not supported.
          Required: false
        Port:
          Type: Number
          Description:
            en: Access the cloud product port of WAF.
          Required: true
        ResourceProduct:
          Type: String
          Description:
            en: Access to WAF cloud products.
          Required: true
        Certificates:
          AssociationPropertyMetadata:
            Parameters:
              AppliedType:
                Type: String
                Description:
                  en: |-
                    The certificate type for the HTTPS protocol. Valid values:
                    default: Indicates the default certificate.
                    extension: Indicates an extended certificate.
                AllowedValues:
                  - default
                  - extension
                Required: false
              CertificateId:
                Type: String
                Description:
                  en: The ID of the certificate that was added.
                Required: false
          AssociationProperty: List[Parameters]
          Type: Json
          Description:
            en: The domain name bound to the certificate.
          Required: false
          MinLength: 0
          MaxLength: 10
        Protocol:
          Type: String
          Description:
            en: Protocol type
          Required: true
        ResourceInstanceId:
          Type: String
          Description:
            en: The instance ID of the cloud product connected to WAF.
          Required: true
    Type: Json
    Description:
      en: Listening information.
    Required: true
Resources:
  ExtensionResource:
    Type: ALIYUN::WAF3::TGW
    Properties:
      InstanceId:
        Ref: InstanceId
      Listen:
        Ref: Listen
Outputs:
  InstanceId:
    Description: The ID of the WAF instance.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - InstanceId
  Port:
    Description: Access the cloud product port of WAF.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - Port
  ResourceProduct:
    Description: Access to WAF cloud products.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - ResourceProduct
  TgwId:
    Description: The protection object ID of the transparent access resource.
    Value:
      Fn::GetAtt:
        - ExtensionResource
        - TgwId

    • JSON格式 

      {
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "InstanceId": {
      "Type": "String",
      "Description": {
        "en": "The ID of the WAF instance."
      },
      "Required": true
    },
    "Listen": {
      "AssociationPropertyMetadata": {
        "Parameters": {
          "CustomCiphers": {
            "Type": "Json",
            "Description": {
              "en": "Customize the encryption suite list. This parameter is used only when CipherSuite is set to 99."
            },
            "Required": false,
            "MinLength": 0,
            "MaxLength": 5
          },
          "TLSVersion": {
            "Type": "String",
            "Description": {
              "en": "The TLS version to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntlsv1\ntlsv1.1\ntlsv1.2"
            },
            "AllowedValues": [
              "tlsv1",
              "tlsv1.1",
              "tlsv1.2"
            ],
            "Required": false
          },
          "Http2Enabled": {
            "Type": "Boolean",
            "Description": {
              "en": "Whether to enable HTTP2. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\ntrue: Enable HTTP2.\nfalse (default): Disable HTTP2."
            },
            "Required": false
          },
          "CipherSuite": {
            "Type": "Number",
            "Description": {
              "en": "The type of encryption suite to be added. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Values:\n1: Indicates adding all encryption suites.\n2: Indicates adding a strong encryption suite. This value can be selected only when the value of TLSVersion is tlsv1.2.\n99: Indicates adding a custom encryption suite."
            },
            "Required": false
          },
          "EnableTLSv3": {
            "Type": "Boolean",
            "Description": {
              "en": "Whether to support TSL1.3 version. This parameter is used only when the value of HttpsPorts is not empty (indicating that the domain name uses the HTTPS protocol). Value:\ntrue: indicates that TSL1.3 version is supported.\nfalse: indicates that TSL1.3 version is not supported."
            },
            "Required": false
          },
          "Port": {
            "Type": "Number",
            "Description": {
              "en": "Access the cloud product port of WAF."
            },
            "Required": true
          },
          "ResourceProduct": {
            "Type": "String",
            "Description": {
              "en": "Access to WAF cloud products."
            },
            "Required": true
          },
          "Certificates": {
            "AssociationPropertyMetadata": {
              "Parameters": {
                "AppliedType": {
                  "Type": "String",
                  "Description": {
                    "en": "The certificate type for the HTTPS protocol. Valid values:\ndefault: Indicates the default certificate.\nextension: Indicates an extended certificate."
                  },
                  "AllowedValues": [
                    "default",
                    "extension"
                  ],
                  "Required": false
                },
                "CertificateId": {
                  "Type": "String",
                  "Description": {
                    "en": "The ID of the certificate that was added."
                  },
                  "Required": false
                }
              }
            },
            "AssociationProperty": "List[Parameters]",
            "Type": "Json",
            "Description": {
              "en": "The domain name bound to the certificate."
            },
            "Required": false,
            "MinLength": 0,
            "MaxLength": 10
          },
          "Protocol": {
            "Type": "String",
            "Description": {
              "en": "Protocol type"
            },
            "Required": true
          },
          "ResourceInstanceId": {
            "Type": "String",
            "Description": {
              "en": "The instance ID of the cloud product connected to WAF."
            },
            "Required": true
          }
        }
      },
      "Type": "Json",
      "Description": {
        "en": "Listening information."
      },
      "Required": true
    }
  },
  "Resources": {
    "ExtensionResource": {
      "Type": "ALIYUN::WAF3::TGW",
      "Properties": {
        "InstanceId": {
          "Ref": "InstanceId"
        },
        "Listen": {
          "Ref": "Listen"
        }
      }
    }
  },
  "Outputs": {
    "InstanceId": {
      "Description": "The ID of the WAF instance.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "InstanceId"
        ]
      }
    },
    "Port": {
      "Description": "Access the cloud product port of WAF.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "Port"
        ]
      }
    },
    "ResourceProduct": {
      "Description": "Access to WAF cloud products.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "ResourceProduct"
        ]
      }
    },
    "TgwId": {
      "Description": "The protection object ID of the transparent access resource.",
      "Value": {
        "Fn::GetAtt": [
          "ExtensionResource",
          "TgwId"
        ]
      }
    }
  }
}