1. Packages
  2. Alibaba Cloud Provider
  3. API Docs
  4. cloudfirewall
  5. NatFirewallControlPolicy
Alibaba Cloud v3.66.0 published on Friday, Nov 15, 2024 by Pulumi

alicloud.cloudfirewall.NatFirewallControlPolicy

Explore with Pulumi AI

alicloud logo
Alibaba Cloud v3.66.0 published on Friday, Nov 15, 2024 by Pulumi

    Provides a Cloud Firewall Nat Firewall Control Policy resource. Nat firewall access control policy.

    For information about Cloud Firewall Nat Firewall Control Policy and how to use it, see What is Nat Firewall Control Policy.

    NOTE: Available since v1.224.0.

    Create NatFirewallControlPolicy Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new NatFirewallControlPolicy(name: string, args: NatFirewallControlPolicyArgs, opts?: CustomResourceOptions);
    @overload
    def NatFirewallControlPolicy(resource_name: str,
                                 args: NatFirewallControlPolicyArgs,
                                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def NatFirewallControlPolicy(resource_name: str,
                                 opts: Optional[ResourceOptions] = None,
                                 nat_gateway_id: Optional[str] = None,
                                 application_name_lists: Optional[Sequence[str]] = None,
                                 description: Optional[str] = None,
                                 source_type: Optional[str] = None,
                                 source: Optional[str] = None,
                                 proto: Optional[str] = None,
                                 destination: Optional[str] = None,
                                 destination_type: Optional[str] = None,
                                 direction: Optional[str] = None,
                                 new_order: Optional[str] = None,
                                 acl_action: Optional[str] = None,
                                 end_time: Optional[int] = None,
                                 ip_version: Optional[str] = None,
                                 domain_resolve_type: Optional[int] = None,
                                 dest_port_type: Optional[str] = None,
                                 release: Optional[str] = None,
                                 repeat_days: Optional[Sequence[int]] = None,
                                 repeat_end_time: Optional[str] = None,
                                 repeat_start_time: Optional[str] = None,
                                 repeat_type: Optional[str] = None,
                                 dest_port_group: Optional[str] = None,
                                 dest_port: Optional[str] = None,
                                 start_time: Optional[int] = None)
    func NewNatFirewallControlPolicy(ctx *Context, name string, args NatFirewallControlPolicyArgs, opts ...ResourceOption) (*NatFirewallControlPolicy, error)
    public NatFirewallControlPolicy(string name, NatFirewallControlPolicyArgs args, CustomResourceOptions? opts = null)
    public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args)
    public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args, CustomResourceOptions options)
    
    type: alicloud:cloudfirewall:NatFirewallControlPolicy
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args NatFirewallControlPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NatFirewallControlPolicyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NatFirewallControlPolicyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NatFirewallControlPolicyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NatFirewallControlPolicyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var natFirewallControlPolicyResource = new AliCloud.CloudFirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", new()
    {
        NatGatewayId = "string",
        ApplicationNameLists = new[]
        {
            "string",
        },
        Description = "string",
        SourceType = "string",
        Source = "string",
        Proto = "string",
        Destination = "string",
        DestinationType = "string",
        Direction = "string",
        NewOrder = "string",
        AclAction = "string",
        EndTime = 0,
        IpVersion = "string",
        DomainResolveType = 0,
        DestPortType = "string",
        Release = "string",
        RepeatDays = new[]
        {
            0,
        },
        RepeatEndTime = "string",
        RepeatStartTime = "string",
        RepeatType = "string",
        DestPortGroup = "string",
        DestPort = "string",
        StartTime = 0,
    });
    
    example, err := cloudfirewall.NewNatFirewallControlPolicy(ctx, "natFirewallControlPolicyResource", &cloudfirewall.NatFirewallControlPolicyArgs{
    	NatGatewayId: pulumi.String("string"),
    	ApplicationNameLists: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Description:       pulumi.String("string"),
    	SourceType:        pulumi.String("string"),
    	Source:            pulumi.String("string"),
    	Proto:             pulumi.String("string"),
    	Destination:       pulumi.String("string"),
    	DestinationType:   pulumi.String("string"),
    	Direction:         pulumi.String("string"),
    	NewOrder:          pulumi.String("string"),
    	AclAction:         pulumi.String("string"),
    	EndTime:           pulumi.Int(0),
    	IpVersion:         pulumi.String("string"),
    	DomainResolveType: pulumi.Int(0),
    	DestPortType:      pulumi.String("string"),
    	Release:           pulumi.String("string"),
    	RepeatDays: pulumi.IntArray{
    		pulumi.Int(0),
    	},
    	RepeatEndTime:   pulumi.String("string"),
    	RepeatStartTime: pulumi.String("string"),
    	RepeatType:      pulumi.String("string"),
    	DestPortGroup:   pulumi.String("string"),
    	DestPort:        pulumi.String("string"),
    	StartTime:       pulumi.Int(0),
    })
    
    var natFirewallControlPolicyResource = new NatFirewallControlPolicy("natFirewallControlPolicyResource", NatFirewallControlPolicyArgs.builder()
        .natGatewayId("string")
        .applicationNameLists("string")
        .description("string")
        .sourceType("string")
        .source("string")
        .proto("string")
        .destination("string")
        .destinationType("string")
        .direction("string")
        .newOrder("string")
        .aclAction("string")
        .endTime(0)
        .ipVersion("string")
        .domainResolveType(0)
        .destPortType("string")
        .release("string")
        .repeatDays(0)
        .repeatEndTime("string")
        .repeatStartTime("string")
        .repeatType("string")
        .destPortGroup("string")
        .destPort("string")
        .startTime(0)
        .build());
    
    nat_firewall_control_policy_resource = alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource",
        nat_gateway_id="string",
        application_name_lists=["string"],
        description="string",
        source_type="string",
        source="string",
        proto="string",
        destination="string",
        destination_type="string",
        direction="string",
        new_order="string",
        acl_action="string",
        end_time=0,
        ip_version="string",
        domain_resolve_type=0,
        dest_port_type="string",
        release="string",
        repeat_days=[0],
        repeat_end_time="string",
        repeat_start_time="string",
        repeat_type="string",
        dest_port_group="string",
        dest_port="string",
        start_time=0)
    
    const natFirewallControlPolicyResource = new alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", {
        natGatewayId: "string",
        applicationNameLists: ["string"],
        description: "string",
        sourceType: "string",
        source: "string",
        proto: "string",
        destination: "string",
        destinationType: "string",
        direction: "string",
        newOrder: "string",
        aclAction: "string",
        endTime: 0,
        ipVersion: "string",
        domainResolveType: 0,
        destPortType: "string",
        release: "string",
        repeatDays: [0],
        repeatEndTime: "string",
        repeatStartTime: "string",
        repeatType: "string",
        destPortGroup: "string",
        destPort: "string",
        startTime: 0,
    });
    
    type: alicloud:cloudfirewall:NatFirewallControlPolicy
    properties:
        aclAction: string
        applicationNameLists:
            - string
        description: string
        destPort: string
        destPortGroup: string
        destPortType: string
        destination: string
        destinationType: string
        direction: string
        domainResolveType: 0
        endTime: 0
        ipVersion: string
        natGatewayId: string
        newOrder: string
        proto: string
        release: string
        repeatDays:
            - 0
        repeatEndTime: string
        repeatStartTime: string
        repeatType: string
        source: string
        sourceType: string
        startTime: 0
    

    NatFirewallControlPolicy Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The NatFirewallControlPolicy resource accepts the following input properties:

    AclAction string
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    ApplicationNameLists List<string>
    The list of application types supported by the access control policy.
    Description string
    The description of the access control policy.
    Destination string
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    DestinationType string
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    Direction string
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    NatGatewayId string
    The ID of the NAT gateway instance.
    NewOrder string
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    Proto string
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    Source string
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    SourceType string
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    DestPort string

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    DestPortGroup string

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    DestPortType string
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    DomainResolveType int
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    EndTime int

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    IpVersion string
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    Release string
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    RepeatDays List<int>
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    RepeatEndTime string

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    RepeatStartTime string

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    RepeatType string
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    StartTime int

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    AclAction string
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    ApplicationNameLists []string
    The list of application types supported by the access control policy.
    Description string
    The description of the access control policy.
    Destination string
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    DestinationType string
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    Direction string
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    NatGatewayId string
    The ID of the NAT gateway instance.
    NewOrder string
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    Proto string
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    Source string
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    SourceType string
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    DestPort string

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    DestPortGroup string

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    DestPortType string
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    DomainResolveType int
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    EndTime int

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    IpVersion string
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    Release string
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    RepeatDays []int
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    RepeatEndTime string

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    RepeatStartTime string

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    RepeatType string
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    StartTime int

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    aclAction String
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    applicationNameLists List<String>
    The list of application types supported by the access control policy.
    description String
    The description of the access control policy.
    destination String
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destinationType String
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction String
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    natGatewayId String
    The ID of the NAT gateway instance.
    newOrder String
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto String
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    source String
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    sourceType String
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    destPort String

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    destPortGroup String

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    destPortType String
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    domainResolveType Integer
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    endTime Integer

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ipVersion String
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    release String
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeatDays List<Integer>
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeatEndTime String

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeatStartTime String

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeatType String
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    startTime Integer

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    aclAction string
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    applicationNameLists string[]
    The list of application types supported by the access control policy.
    description string
    The description of the access control policy.
    destination string
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destinationType string
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction string
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    natGatewayId string
    The ID of the NAT gateway instance.
    newOrder string
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto string
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    source string
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    sourceType string
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    destPort string

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    destPortGroup string

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    destPortType string
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    domainResolveType number
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    endTime number

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ipVersion string
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    release string
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeatDays number[]
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeatEndTime string

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeatStartTime string

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeatType string
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    startTime number

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    acl_action str
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    application_name_lists Sequence[str]
    The list of application types supported by the access control policy.
    description str
    The description of the access control policy.
    destination str
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destination_type str
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction str
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    nat_gateway_id str
    The ID of the NAT gateway instance.
    new_order str
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto str
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    source str
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    source_type str
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    dest_port str

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    dest_port_group str

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    dest_port_type str
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    domain_resolve_type int
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    end_time int

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ip_version str
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    release str
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeat_days Sequence[int]
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeat_end_time str

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeat_start_time str

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeat_type str
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    start_time int

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    aclAction String
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    applicationNameLists List<String>
    The list of application types supported by the access control policy.
    description String
    The description of the access control policy.
    destination String
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destinationType String
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction String
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    natGatewayId String
    The ID of the NAT gateway instance.
    newOrder String
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto String
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    source String
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    sourceType String
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    destPort String

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    destPortGroup String

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    destPortType String
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    domainResolveType Number
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    endTime Number

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ipVersion String
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    release String
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeatDays List<Number>
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeatEndTime String

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeatStartTime String

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeatType String
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    startTime Number

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NatFirewallControlPolicy resource produces the following output properties:

    AclUuid string

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    CreateTime int
    The time when the policy was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    AclUuid string

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    CreateTime int
    The time when the policy was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    aclUuid String

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    createTime Integer
    The time when the policy was created.
    id String
    The provider-assigned unique ID for this managed resource.
    aclUuid string

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    createTime number
    The time when the policy was created.
    id string
    The provider-assigned unique ID for this managed resource.
    acl_uuid str

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    create_time int
    The time when the policy was created.
    id str
    The provider-assigned unique ID for this managed resource.
    aclUuid String

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    createTime Number
    The time when the policy was created.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing NatFirewallControlPolicy Resource

    Get an existing NatFirewallControlPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NatFirewallControlPolicyState, opts?: CustomResourceOptions): NatFirewallControlPolicy
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            acl_action: Optional[str] = None,
            acl_uuid: Optional[str] = None,
            application_name_lists: Optional[Sequence[str]] = None,
            create_time: Optional[int] = None,
            description: Optional[str] = None,
            dest_port: Optional[str] = None,
            dest_port_group: Optional[str] = None,
            dest_port_type: Optional[str] = None,
            destination: Optional[str] = None,
            destination_type: Optional[str] = None,
            direction: Optional[str] = None,
            domain_resolve_type: Optional[int] = None,
            end_time: Optional[int] = None,
            ip_version: Optional[str] = None,
            nat_gateway_id: Optional[str] = None,
            new_order: Optional[str] = None,
            proto: Optional[str] = None,
            release: Optional[str] = None,
            repeat_days: Optional[Sequence[int]] = None,
            repeat_end_time: Optional[str] = None,
            repeat_start_time: Optional[str] = None,
            repeat_type: Optional[str] = None,
            source: Optional[str] = None,
            source_type: Optional[str] = None,
            start_time: Optional[int] = None) -> NatFirewallControlPolicy
    func GetNatFirewallControlPolicy(ctx *Context, name string, id IDInput, state *NatFirewallControlPolicyState, opts ...ResourceOption) (*NatFirewallControlPolicy, error)
    public static NatFirewallControlPolicy Get(string name, Input<string> id, NatFirewallControlPolicyState? state, CustomResourceOptions? opts = null)
    public static NatFirewallControlPolicy get(String name, Output<String> id, NatFirewallControlPolicyState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AclAction string
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    AclUuid string

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    ApplicationNameLists List<string>
    The list of application types supported by the access control policy.
    CreateTime int
    The time when the policy was created.
    Description string
    The description of the access control policy.
    DestPort string

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    DestPortGroup string

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    DestPortType string
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    Destination string
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    DestinationType string
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    Direction string
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    DomainResolveType int
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    EndTime int

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    IpVersion string
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    NatGatewayId string
    The ID of the NAT gateway instance.
    NewOrder string
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    Proto string
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    Release string
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    RepeatDays List<int>
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    RepeatEndTime string

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    RepeatStartTime string

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    RepeatType string
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    Source string
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    SourceType string
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    StartTime int

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    AclAction string
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    AclUuid string

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    ApplicationNameLists []string
    The list of application types supported by the access control policy.
    CreateTime int
    The time when the policy was created.
    Description string
    The description of the access control policy.
    DestPort string

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    DestPortGroup string

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    DestPortType string
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    Destination string
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    DestinationType string
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    Direction string
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    DomainResolveType int
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    EndTime int

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    IpVersion string
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    NatGatewayId string
    The ID of the NAT gateway instance.
    NewOrder string
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    Proto string
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    Release string
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    RepeatDays []int
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    RepeatEndTime string

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    RepeatStartTime string

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    RepeatType string
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    Source string
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    SourceType string
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    StartTime int

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    aclAction String
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    aclUuid String

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    applicationNameLists List<String>
    The list of application types supported by the access control policy.
    createTime Integer
    The time when the policy was created.
    description String
    The description of the access control policy.
    destPort String

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    destPortGroup String

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    destPortType String
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    destination String
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destinationType String
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction String
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    domainResolveType Integer
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    endTime Integer

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ipVersion String
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    natGatewayId String
    The ID of the NAT gateway instance.
    newOrder String
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto String
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    release String
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeatDays List<Integer>
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeatEndTime String

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeatStartTime String

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeatType String
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    source String
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    sourceType String
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    startTime Integer

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    aclAction string
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    aclUuid string

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    applicationNameLists string[]
    The list of application types supported by the access control policy.
    createTime number
    The time when the policy was created.
    description string
    The description of the access control policy.
    destPort string

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    destPortGroup string

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    destPortType string
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    destination string
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destinationType string
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction string
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    domainResolveType number
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    endTime number

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ipVersion string
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    natGatewayId string
    The ID of the NAT gateway instance.
    newOrder string
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto string
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    release string
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeatDays number[]
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeatEndTime string

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeatStartTime string

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeatType string
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    source string
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    sourceType string
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    startTime number

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    acl_action str
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    acl_uuid str

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    application_name_lists Sequence[str]
    The list of application types supported by the access control policy.
    create_time int
    The time when the policy was created.
    description str
    The description of the access control policy.
    dest_port str

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    dest_port_group str

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    dest_port_type str
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    destination str
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destination_type str
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction str
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    domain_resolve_type int
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    end_time int

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ip_version str
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    nat_gateway_id str
    The ID of the NAT gateway instance.
    new_order str
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto str
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    release str
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeat_days Sequence[int]
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeat_end_time str

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeat_start_time str

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeat_type str
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    source str
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    source_type str
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    start_time int

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    aclAction String
    The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

    • accept: Release
    • drop: Refused
    • log: Observation.
    aclUuid String

    The unique ID of the security access control policy.

    NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

    applicationNameLists List<String>
    The list of application types supported by the access control policy.
    createTime Number
    The time when the policy was created.
    description String
    The description of the access control policy.
    destPort String

    The destination port of traffic access in the access control policy. Value:

    • When the protocol type is set to ICMP, the value of DestPort is null.

    NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

    NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

    • When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
    destPortGroup String

    The address book name of the destination port of the access traffic in the access control policy.

    NOTE: When DestPortType is set to group, you need to set the destination port address book name.

    destPortType String
    The destination port type of the access traffic in the security access control policy.

    • port: port
    • group: Port Address Book.
    destination String
    The destination address segment in the access control policy. Valid values:

    • When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
    • When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
    • When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
    • When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
    destinationType String
    The destination address type in the access control policy. Valid values:

    • net: Destination Network segment (CIDR address)
    • group: Destination Address Book
    • domain: the destination domain name.
    direction String
    The traffic direction of the access control policy. Valid values:

    • out: Internal and external traffic access control.
    domainResolveType Number
    The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

    • 0: Based on FQDN
    • 1: DNS-based dynamic resolution
    • 2: dynamic resolution based on FQDN and DNS.
    endTime Number

    The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

    NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

    ipVersion String
    Supported IP address version. Value:

    • 4 (default): indicates the IPv4 address.
    natGatewayId String
    The ID of the NAT gateway instance.
    newOrder String
    The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.
    proto String
    The security protocol type for traffic access in the access control policy. Valid values:

    • ANY (indicates that all protocol types are queried)
    • TCP
    • UDP
    • ICMP.
    release String
    The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

    • true: Enable access control policy
    • false: Do not enable access control policies.
    repeatDays List<Number>
    Collection of recurring dates for the policy validity period of the access control policy.

    • When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
    • When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
    • RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
    repeatEndTime String

    The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

    NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

    repeatStartTime String

    The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

    NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

    repeatType String
    The type of repetition for the policy validity period of the access control policy. Value:

    • Permit (default): Always
    • None: Specify a single time
    • Daily: Daily
    • Weekly: Weekly
    • Monthly: Monthly.
    source String
    The source address in the access control policy. Valid values:

    • When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
    • When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.
    sourceType String
    The source address type in the access control policy. Valid values:

    • net: the source network segment (CIDR address)
    • group: source address book
    startTime Number

    The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

    NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

    Import

    Cloud Firewall Nat Firewall Control Policy can be imported using the id, e.g.

    $ pulumi import alicloud:cloudfirewall/natFirewallControlPolicy:NatFirewallControlPolicy example <acl_uuid>:<nat_gateway_id>:<direction>
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Alibaba Cloud pulumi/pulumi-alicloud
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the alicloud Terraform Provider.
    alicloud logo
    Alibaba Cloud v3.66.0 published on Friday, Nov 15, 2024 by Pulumi