alicloud.cloudfirewall.NatFirewallControlPolicy
Explore with Pulumi AI
Provides a Cloud Firewall Nat Firewall Control Policy resource. Nat firewall access control policy.
For information about Cloud Firewall Nat Firewall Control Policy and how to use it, see What is Nat Firewall Control Policy.
NOTE: Available since v1.224.0.
Create NatFirewallControlPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NatFirewallControlPolicy(name: string, args: NatFirewallControlPolicyArgs, opts?: CustomResourceOptions);
@overload
def NatFirewallControlPolicy(resource_name: str,
args: NatFirewallControlPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NatFirewallControlPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
nat_gateway_id: Optional[str] = None,
application_name_lists: Optional[Sequence[str]] = None,
description: Optional[str] = None,
source_type: Optional[str] = None,
source: Optional[str] = None,
proto: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
new_order: Optional[str] = None,
acl_action: Optional[str] = None,
end_time: Optional[int] = None,
ip_version: Optional[str] = None,
domain_resolve_type: Optional[int] = None,
dest_port_type: Optional[str] = None,
release: Optional[str] = None,
repeat_days: Optional[Sequence[int]] = None,
repeat_end_time: Optional[str] = None,
repeat_start_time: Optional[str] = None,
repeat_type: Optional[str] = None,
dest_port_group: Optional[str] = None,
dest_port: Optional[str] = None,
start_time: Optional[int] = None)
func NewNatFirewallControlPolicy(ctx *Context, name string, args NatFirewallControlPolicyArgs, opts ...ResourceOption) (*NatFirewallControlPolicy, error)
public NatFirewallControlPolicy(string name, NatFirewallControlPolicyArgs args, CustomResourceOptions? opts = null)
public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args)
public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args, CustomResourceOptions options)
type: alicloud:cloudfirewall:NatFirewallControlPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var natFirewallControlPolicyResource = new AliCloud.CloudFirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", new()
{
NatGatewayId = "string",
ApplicationNameLists = new[]
{
"string",
},
Description = "string",
SourceType = "string",
Source = "string",
Proto = "string",
Destination = "string",
DestinationType = "string",
Direction = "string",
NewOrder = "string",
AclAction = "string",
EndTime = 0,
IpVersion = "string",
DomainResolveType = 0,
DestPortType = "string",
Release = "string",
RepeatDays = new[]
{
0,
},
RepeatEndTime = "string",
RepeatStartTime = "string",
RepeatType = "string",
DestPortGroup = "string",
DestPort = "string",
StartTime = 0,
});
example, err := cloudfirewall.NewNatFirewallControlPolicy(ctx, "natFirewallControlPolicyResource", &cloudfirewall.NatFirewallControlPolicyArgs{
NatGatewayId: pulumi.String("string"),
ApplicationNameLists: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
SourceType: pulumi.String("string"),
Source: pulumi.String("string"),
Proto: pulumi.String("string"),
Destination: pulumi.String("string"),
DestinationType: pulumi.String("string"),
Direction: pulumi.String("string"),
NewOrder: pulumi.String("string"),
AclAction: pulumi.String("string"),
EndTime: pulumi.Int(0),
IpVersion: pulumi.String("string"),
DomainResolveType: pulumi.Int(0),
DestPortType: pulumi.String("string"),
Release: pulumi.String("string"),
RepeatDays: pulumi.IntArray{
pulumi.Int(0),
},
RepeatEndTime: pulumi.String("string"),
RepeatStartTime: pulumi.String("string"),
RepeatType: pulumi.String("string"),
DestPortGroup: pulumi.String("string"),
DestPort: pulumi.String("string"),
StartTime: pulumi.Int(0),
})
var natFirewallControlPolicyResource = new NatFirewallControlPolicy("natFirewallControlPolicyResource", NatFirewallControlPolicyArgs.builder()
.natGatewayId("string")
.applicationNameLists("string")
.description("string")
.sourceType("string")
.source("string")
.proto("string")
.destination("string")
.destinationType("string")
.direction("string")
.newOrder("string")
.aclAction("string")
.endTime(0)
.ipVersion("string")
.domainResolveType(0)
.destPortType("string")
.release("string")
.repeatDays(0)
.repeatEndTime("string")
.repeatStartTime("string")
.repeatType("string")
.destPortGroup("string")
.destPort("string")
.startTime(0)
.build());
nat_firewall_control_policy_resource = alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource",
nat_gateway_id="string",
application_name_lists=["string"],
description="string",
source_type="string",
source="string",
proto="string",
destination="string",
destination_type="string",
direction="string",
new_order="string",
acl_action="string",
end_time=0,
ip_version="string",
domain_resolve_type=0,
dest_port_type="string",
release="string",
repeat_days=[0],
repeat_end_time="string",
repeat_start_time="string",
repeat_type="string",
dest_port_group="string",
dest_port="string",
start_time=0)
const natFirewallControlPolicyResource = new alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", {
natGatewayId: "string",
applicationNameLists: ["string"],
description: "string",
sourceType: "string",
source: "string",
proto: "string",
destination: "string",
destinationType: "string",
direction: "string",
newOrder: "string",
aclAction: "string",
endTime: 0,
ipVersion: "string",
domainResolveType: 0,
destPortType: "string",
release: "string",
repeatDays: [0],
repeatEndTime: "string",
repeatStartTime: "string",
repeatType: "string",
destPortGroup: "string",
destPort: "string",
startTime: 0,
});
type: alicloud:cloudfirewall:NatFirewallControlPolicy
properties:
aclAction: string
applicationNameLists:
- string
description: string
destPort: string
destPortGroup: string
destPortType: string
destination: string
destinationType: string
direction: string
domainResolveType: 0
endTime: 0
ipVersion: string
natGatewayId: string
newOrder: string
proto: string
release: string
repeatDays:
- 0
repeatEndTime: string
repeatStartTime: string
repeatType: string
source: string
sourceType: string
startTime: 0
NatFirewallControlPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NatFirewallControlPolicy resource accepts the following input properties:
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- Application
Name List<string>Lists - The list of application types supported by the access control policy.
- Description string
- The description of the access control policy.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- Direction string
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- Source string
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- Source
Type string - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- Repeat
Days List<int> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- Application
Name []stringLists - The list of application types supported by the access control policy.
- Description string
- The description of the access control policy.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- Direction string
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- Source string
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- Source
Type string - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- Repeat
Days []int - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- description String
- The description of the access control policy.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction String
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- nat
Gateway StringId - The ID of the NAT gateway instance.
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto String
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- source String
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source
Type String - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- domain
Resolve IntegerType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end
Time Integer The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat
Days List<Integer> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- start
Time Integer The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- application
Name string[]Lists - The list of application types supported by the access control policy.
- description string
- The description of the access control policy.
- destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type string - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction string
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- nat
Gateway stringId - The ID of the NAT gateway instance.
- new
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto string
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- source string
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source
Type string - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- domain
Resolve numberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end
Time number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version string - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat
Days number[] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- start
Time number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl_
action str - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- application_
name_ Sequence[str]lists - The list of application types supported by the access control policy.
- description str
- The description of the access control policy.
- destination str
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination_
type str - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction str
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- nat_
gateway_ strid - The ID of the NAT gateway instance.
- new_
order str - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto str
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- source str
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source_
type str - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- dest_
port str The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest_
port_ strgroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest_
port_ strtype - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- domain_
resolve_ inttype - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end_
time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip_
version str - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- release str
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat_
days Sequence[int] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat_
end_ strtime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat_
start_ strtime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat_
type str - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- start_
time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- description String
- The description of the access control policy.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction String
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- nat
Gateway StringId - The ID of the NAT gateway instance.
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto String
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- source String
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source
Type String - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- domain
Resolve NumberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end
Time Number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat
Days List<Number> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- start
Time Number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
Outputs
All input properties are implicitly available as output properties. Additionally, the NatFirewallControlPolicy resource produces the following output properties:
- Acl
Uuid string The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- Create
Time int - The time when the policy was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Acl
Uuid string The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- Create
Time int - The time when the policy was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- acl
Uuid String The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- create
Time Integer - The time when the policy was created.
- id String
- The provider-assigned unique ID for this managed resource.
- acl
Uuid string The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- create
Time number - The time when the policy was created.
- id string
- The provider-assigned unique ID for this managed resource.
- acl_
uuid str The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- create_
time int - The time when the policy was created.
- id str
- The provider-assigned unique ID for this managed resource.
- acl
Uuid String The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- create
Time Number - The time when the policy was created.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NatFirewallControlPolicy Resource
Get an existing NatFirewallControlPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NatFirewallControlPolicyState, opts?: CustomResourceOptions): NatFirewallControlPolicy
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acl_action: Optional[str] = None,
acl_uuid: Optional[str] = None,
application_name_lists: Optional[Sequence[str]] = None,
create_time: Optional[int] = None,
description: Optional[str] = None,
dest_port: Optional[str] = None,
dest_port_group: Optional[str] = None,
dest_port_type: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
domain_resolve_type: Optional[int] = None,
end_time: Optional[int] = None,
ip_version: Optional[str] = None,
nat_gateway_id: Optional[str] = None,
new_order: Optional[str] = None,
proto: Optional[str] = None,
release: Optional[str] = None,
repeat_days: Optional[Sequence[int]] = None,
repeat_end_time: Optional[str] = None,
repeat_start_time: Optional[str] = None,
repeat_type: Optional[str] = None,
source: Optional[str] = None,
source_type: Optional[str] = None,
start_time: Optional[int] = None) -> NatFirewallControlPolicy
func GetNatFirewallControlPolicy(ctx *Context, name string, id IDInput, state *NatFirewallControlPolicyState, opts ...ResourceOption) (*NatFirewallControlPolicy, error)
public static NatFirewallControlPolicy Get(string name, Input<string> id, NatFirewallControlPolicyState? state, CustomResourceOptions? opts = null)
public static NatFirewallControlPolicy get(String name, Output<String> id, NatFirewallControlPolicyState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- Acl
Uuid string The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- Application
Name List<string>Lists - The list of application types supported by the access control policy.
- Create
Time int - The time when the policy was created.
- Description string
- The description of the access control policy.
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- Direction string
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- Repeat
Days List<int> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- Source string
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- Source
Type string - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- Acl
Uuid string The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- Application
Name []stringLists - The list of application types supported by the access control policy.
- Create
Time int - The time when the policy was created.
- Description string
- The description of the access control policy.
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- Direction string
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- Repeat
Days []int - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- Source string
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- Source
Type string - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- acl
Uuid String The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- create
Time Integer - The time when the policy was created.
- description String
- The description of the access control policy.
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction String
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- domain
Resolve IntegerType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end
Time Integer The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- nat
Gateway StringId - The ID of the NAT gateway instance.
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto String
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat
Days List<Integer> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- source String
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source
Type String - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- start
Time Integer The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- acl
Uuid string The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- application
Name string[]Lists - The list of application types supported by the access control policy.
- create
Time number - The time when the policy was created.
- description string
- The description of the access control policy.
- dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type string - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction string
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- domain
Resolve numberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end
Time number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version string - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- nat
Gateway stringId - The ID of the NAT gateway instance.
- new
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto string
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat
Days number[] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- source string
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source
Type string - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- start
Time number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl_
action str - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- acl_
uuid str The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- application_
name_ Sequence[str]lists - The list of application types supported by the access control policy.
- create_
time int - The time when the policy was created.
- description str
- The description of the access control policy.
- dest_
port str The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest_
port_ strgroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest_
port_ strtype - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- destination str
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination_
type str - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction str
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- domain_
resolve_ inttype - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end_
time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip_
version str - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- nat_
gateway_ strid - The ID of the NAT gateway instance.
- new_
order str - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto str
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- release str
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat_
days Sequence[int] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat_
end_ strtime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat_
start_ strtime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat_
type str - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- source str
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source_
type str - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- start_
time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- accept: Release
- drop: Refused
- log: Observation.
- acl
Uuid String The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- create
Time Number - The time when the policy was created.
- description String
- The description of the access control policy.
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- port: port
- group: Port Address Book.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- net: Destination Network segment (CIDR address)
- group: Destination Address Book
- domain: the destination domain name.
- direction String
- The traffic direction of the access control policy. Valid values:
- out: Internal and external traffic access control.
- domain
Resolve NumberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- 0: Based on FQDN
- 1: DNS-based dynamic resolution
- 2: dynamic resolution based on FQDN and DNS.
- end
Time Number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- 4 (default): indicates the IPv4 address.
- nat
Gateway StringId - The ID of the NAT gateway instance.
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
- proto String
- The security protocol type for traffic access in the access control policy. Valid values:
- ANY (indicates that all protocol types are queried)
- TCP
- UDP
- ICMP.
- release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- true: Enable access control policy
- false: Do not enable access control policies.
- repeat
Days List<Number> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
- When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
- RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
- Permit (default): Always
- None: Specify a single time
- Daily: Daily
- Weekly: Weekly
- Monthly: Monthly.
- source String
- The source address in the access control policy. Valid values:
- When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
- When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
- source
Type String - The source address type in the access control policy. Valid values:
- net: the source network segment (CIDR address)
- group: source address book
- start
Time Number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
Import
Cloud Firewall Nat Firewall Control Policy can be imported using the id, e.g.
$ pulumi import alicloud:cloudfirewall/natFirewallControlPolicy:NatFirewallControlPolicy example <acl_uuid>:<nat_gateway_id>:<direction>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloud
Terraform Provider.