ALIYUN::ECS::SecurityGroupEgress类型用于创建安全组出方向的访问规则。
语法
{
"Type": "ALIYUN::ECS::SecurityGroupEgress",
"Properties": {
"SecurityGroupId": String,
"IpProtocol": String,
"PortRange": String,
"DestGroupId": String,
"DestCidrIp": String,
"Policy": String,
"Priority": String,
"NicType": String,
"Ipv6DestCidrIp": String
}
}
属性
属性名称 | 类型 | 必须 | 允许更新 | 描述 | 约束 |
---|---|---|---|---|---|
IpProtocol | String | 是 | 否 | 传输层协议。 | 取值:
|
PortRange | String | 是 | 否 | 目的端安全组开放的传输层协议相关的端口范围。 | 取值:
了解端口的应用场景,请参见常用端口。 |
SecurityGroupId | String | 否 | 否 | 源端安全组ID。 | 无。 |
NicType | String | 否 | 否 | 网卡类型。 | 取值:
|
Priority | Integer | 否 | 否 | 安全组规则优先级。 | 取值范围:1~100。
默认值:1。 |
DestGroupId | String | 否 | 否 | 需要设置访问权限的目的端安全组ID。 | 至少设置DestGroupId或者DestCidrIp其中一项。如果指定DestGroupId但未指定DestCidrIp,则NicType取值为intranet。如果同时指定DestGroupId和DestCidrIp,则以DestCidrIp的设置为准。 |
DestCidrIp | String | 否 | 否 | 目的端IP地址范围。 | 支持IPv4格式的IP地址范围。 |
Policy | String | 否 | 否 | 设置访问权限。 | 取值:
|
Description | String | 否 | 是 | 安全组规则的描述信息。 | 长度为1~512个字符。 |
DestGroupOwnerId | String | 否 | 否 | 跨账户设置安全组规则时,目的端安全组所属的阿里云账户ID。 | 如果DestGroupOwnerId未设置,则认为是设置您其他安全组的访问权限。如果您已经设置DestCidrIp,则DestGroupOwnerId的设置无效。 |
Ipv6DestCidrIp | String | 否 | 否 | 目的端IPv6 CIDR地址段。 | 支持CIDR格式和IPv6格式的IP地址范围,且仅支持VPC类型的IP地址。 |
返回值
Fn::GetAtt
无。
示例
JSON
格式
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Policy": {
"Type": "String",
"Description": "Authorization policies, parameter values can be: accept (accepted access), drop (denied access). Default value is accept.",
"AllowedValues": [
"accept",
"drop"
]
},
"PortRange": {
"Type": "String",
"Description": "Ip protocol relative port range. For tcp and udp, the port rang is [1,65535], using format '1/200'For icmp|gre|all protocel, the port range should be '-1/-1'"
},
"Description": {
"Type": "String",
"Description": "Description of the security group rule, [1, 512] characters. The default is empty.",
"MinLength": 1,
"MaxLength": 512
},
"Priority": {
"Type": "Number",
"Description": "Authorization policies priority range[1, 100]",
"MinValue": 1,
"MaxValue": 100,
"Default": 1
},
"SecurityGroupId": {
"Type": "String",
"Description": "Id of the security group."
},
"DestGroupOwnerId": {
"Type": "String",
"Description": "Dest Group Owner Account ID"
},
"IpProtocol": {
"Type": "String",
"Description": "Ip protocol for in rule.",
"AllowedValues": [
"tcp",
"udp",
"icmp",
"gre",
"all"
]
},
"DestCidrIp": {
"Type": "String",
"Description": "Dest CIDR Ip Address range. Only IPV4 supported."
},
"NicType": {
"Type": "String",
"Description": "Network type, could be 'internet' or 'intranet'. Default value is internet.",
"AllowedValues": [
"internet",
"intranet"
]
},
"Ipv6DestCidrIp": {
"Type": "String",
"Description": "Destination IPv6 CIDR address segment. Supports IP address ranges in CIDR format and IPv6 format.\nNote Only VPC type IP addresses are supported."
},
"DestGroupId": {
"Type": "String",
"Description": "Dest Group Id"
}
},
"Resources": {
"SecurityGroupEgress": {
"Type": "ALIYUN::ECS::SecurityGroupEgress",
"Properties": {
"Policy": {
"Ref": "Policy"
},
"PortRange": {
"Ref": "PortRange"
},
"Description": {
"Ref": "Description"
},
"Priority": {
"Ref": "Priority"
},
"SecurityGroupId": {
"Ref": "SecurityGroupId"
},
"DestGroupOwnerId": {
"Ref": "DestGroupOwnerId"
},
"IpProtocol": {
"Ref": "IpProtocol"
},
"DestCidrIp": {
"Ref": "DestCidrIp"
},
"NicType": {
"Ref": "NicType"
},
"Ipv6DestCidrIp": {
"Ref": "Ipv6DestCidrIp"
},
"DestGroupId": {
"Ref": "DestGroupId"
}
}
}
}
}
YAML
格式
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Policy:
Type: String
Description: >-
Authorization policies, parameter values can be: accept (accepted access),
drop (denied access). Default value is accept.
AllowedValues:
- accept
- drop
PortRange:
Type: String
Description: >-
Ip protocol relative port range. For tcp and udp, the port rang is
[1,65535], using format '1/200'For icmp|gre|all protocel, the port range
should be '-1/-1'
Description:
Type: String
Description: >-
Description of the security group rule, [1, 512] characters. The default
is empty.
MinLength: 1
MaxLength: 512
Priority:
Type: Number
Description: 'Authorization policies priority range[1, 100]'
MinValue: 1
MaxValue: 100
Default: 1
SecurityGroupId:
Type: String
Description: Id of the security group.
DestGroupOwnerId:
Type: String
Description: Dest Group Owner Account ID
IpProtocol:
Type: String
Description: Ip protocol for in rule.
AllowedValues:
- tcp
- udp
- icmp
- gre
- all
DestCidrIp:
Type: String
Description: Dest CIDR Ip Address range. Only IPV4 supported.
NicType:
Type: String
Description: >-
Network type, could be 'internet' or 'intranet'. Default value is
internet.
AllowedValues:
- internet
- intranet
Ipv6DestCidrIp:
Type: String
Description: >-
Destination IPv6 CIDR address segment. Supports IP address ranges in CIDR
format and IPv6 format.
Note Only VPC type IP addresses are supported.
DestGroupId:
Type: String
Description: Dest Group Id
Resources:
SecurityGroupEgress:
Type: 'ALIYUN::ECS::SecurityGroupEgress'
Properties:
Policy:
Ref: Policy
PortRange:
Ref: PortRange
Description:
Ref: Description
Priority:
Ref: Priority
SecurityGroupId:
Ref: SecurityGroupId
DestGroupOwnerId:
Ref: DestGroupOwnerId
IpProtocol:
Ref: IpProtocol
DestCidrIp:
Ref: DestCidrIp
NicType:
Ref: NicType
Ipv6DestCidrIp:
Ref: Ipv6DestCidrIp
DestGroupId:
Ref: DestGroupId