Alibaba Cloud v3.57.1, Jun 26 24

Alibaba Cloud v3.57.1 published on Wednesday, Jun 26, 2024 by Pulumi

alicloud.cloudfirewall.NatFirewallControlPolicy

Explore with Pulumi AI

Alibaba Cloud v3.57.1 published on Wednesday, Jun 26, 2024 by Pulumi

Create NatFirewallControlPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new NatFirewallControlPolicy(name: string, args: NatFirewallControlPolicyArgs, opts?: CustomResourceOptions);

@overload
def NatFirewallControlPolicy(resource_name: str,
                             args: NatFirewallControlPolicyArgs,
                             opts: Optional[ResourceOptions] = None)

@overload
def NatFirewallControlPolicy(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             nat_gateway_id: Optional[str] = None,
                             application_name_lists: Optional[Sequence[str]] = None,
                             description: Optional[str] = None,
                             source_type: Optional[str] = None,
                             source: Optional[str] = None,
                             proto: Optional[str] = None,
                             destination: Optional[str] = None,
                             destination_type: Optional[str] = None,
                             direction: Optional[str] = None,
                             new_order: Optional[str] = None,
                             acl_action: Optional[str] = None,
                             end_time: Optional[int] = None,
                             ip_version: Optional[str] = None,
                             domain_resolve_type: Optional[int] = None,
                             dest_port_type: Optional[str] = None,
                             release: Optional[str] = None,
                             repeat_days: Optional[Sequence[int]] = None,
                             repeat_end_time: Optional[str] = None,
                             repeat_start_time: Optional[str] = None,
                             repeat_type: Optional[str] = None,
                             dest_port_group: Optional[str] = None,
                             dest_port: Optional[str] = None,
                             start_time: Optional[int] = None)

func NewNatFirewallControlPolicy(ctx *Context, name string, args NatFirewallControlPolicyArgs, opts ...ResourceOption) (*NatFirewallControlPolicy, error)

public NatFirewallControlPolicy(string name, NatFirewallControlPolicyArgs args, CustomResourceOptions? opts = null)

public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args)
public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args, CustomResourceOptions options)

type: alicloud:cloudfirewall:NatFirewallControlPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args NatFirewallControlPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NatFirewallControlPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NatFirewallControlPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NatFirewallControlPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NatFirewallControlPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var natFirewallControlPolicyResource = new AliCloud.CloudFirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", new()
{
    NatGatewayId = "string",
    ApplicationNameLists = new[]
    {
        "string",
    },
    Description = "string",
    SourceType = "string",
    Source = "string",
    Proto = "string",
    Destination = "string",
    DestinationType = "string",
    Direction = "string",
    NewOrder = "string",
    AclAction = "string",
    EndTime = 0,
    IpVersion = "string",
    DomainResolveType = 0,
    DestPortType = "string",
    Release = "string",
    RepeatDays = new[]
    {
        0,
    },
    RepeatEndTime = "string",
    RepeatStartTime = "string",
    RepeatType = "string",
    DestPortGroup = "string",
    DestPort = "string",
    StartTime = 0,
});

example, err := cloudfirewall.NewNatFirewallControlPolicy(ctx, "natFirewallControlPolicyResource", &cloudfirewall.NatFirewallControlPolicyArgs{
	NatGatewayId: pulumi.String("string"),
	ApplicationNameLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:       pulumi.String("string"),
	SourceType:        pulumi.String("string"),
	Source:            pulumi.String("string"),
	Proto:             pulumi.String("string"),
	Destination:       pulumi.String("string"),
	DestinationType:   pulumi.String("string"),
	Direction:         pulumi.String("string"),
	NewOrder:          pulumi.String("string"),
	AclAction:         pulumi.String("string"),
	EndTime:           pulumi.Int(0),
	IpVersion:         pulumi.String("string"),
	DomainResolveType: pulumi.Int(0),
	DestPortType:      pulumi.String("string"),
	Release:           pulumi.String("string"),
	RepeatDays: pulumi.IntArray{
		pulumi.Int(0),
	},
	RepeatEndTime:   pulumi.String("string"),
	RepeatStartTime: pulumi.String("string"),
	RepeatType:      pulumi.String("string"),
	DestPortGroup:   pulumi.String("string"),
	DestPort:        pulumi.String("string"),
	StartTime:       pulumi.Int(0),
})

var natFirewallControlPolicyResource = new NatFirewallControlPolicy("natFirewallControlPolicyResource", NatFirewallControlPolicyArgs.builder()
    .natGatewayId("string")
    .applicationNameLists("string")
    .description("string")
    .sourceType("string")
    .source("string")
    .proto("string")
    .destination("string")
    .destinationType("string")
    .direction("string")
    .newOrder("string")
    .aclAction("string")
    .endTime(0)
    .ipVersion("string")
    .domainResolveType(0)
    .destPortType("string")
    .release("string")
    .repeatDays(0)
    .repeatEndTime("string")
    .repeatStartTime("string")
    .repeatType("string")
    .destPortGroup("string")
    .destPort("string")
    .startTime(0)
    .build());

nat_firewall_control_policy_resource = alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource",
    nat_gateway_id="string",
    application_name_lists=["string"],
    description="string",
    source_type="string",
    source="string",
    proto="string",
    destination="string",
    destination_type="string",
    direction="string",
    new_order="string",
    acl_action="string",
    end_time=0,
    ip_version="string",
    domain_resolve_type=0,
    dest_port_type="string",
    release="string",
    repeat_days=[0],
    repeat_end_time="string",
    repeat_start_time="string",
    repeat_type="string",
    dest_port_group="string",
    dest_port="string",
    start_time=0)

const natFirewallControlPolicyResource = new alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", {
    natGatewayId: "string",
    applicationNameLists: ["string"],
    description: "string",
    sourceType: "string",
    source: "string",
    proto: "string",
    destination: "string",
    destinationType: "string",
    direction: "string",
    newOrder: "string",
    aclAction: "string",
    endTime: 0,
    ipVersion: "string",
    domainResolveType: 0,
    destPortType: "string",
    release: "string",
    repeatDays: [0],
    repeatEndTime: "string",
    repeatStartTime: "string",
    repeatType: "string",
    destPortGroup: "string",
    destPort: "string",
    startTime: 0,
});

type: alicloud:cloudfirewall:NatFirewallControlPolicy
properties:
    aclAction: string
    applicationNameLists:
        - string
    description: string
    destPort: string
    destPortGroup: string
    destPortType: string
    destination: string
    destinationType: string
    direction: string
    domainResolveType: 0
    endTime: 0
    ipVersion: string
    natGatewayId: string
    newOrder: string
    proto: string
    release: string
    repeatDays:
        - 0
    repeatEndTime: string
    repeatStartTime: string
    repeatType: string
    source: string
    sourceType: string
    startTime: 0

NatFirewallControlPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The NatFirewallControlPolicy resource accepts the following input properties:

AclAction string

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

ApplicationNameLists List<string>

The list of application types supported by the access control policy.

Description string

The description of the access control policy.

Destination string

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

DestinationType string

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

Direction string

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

NatGatewayId string

The ID of the NAT gateway instance.

NewOrder string

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

Proto string

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

Source string

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

SourceType string

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

DestPort string

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

DestPortGroup string

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

DestPortType string

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

DomainResolveType int

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

EndTime int

The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

IpVersion string

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

RepeatDays List<int>

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

RepeatEndTime string

The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

RepeatStartTime string

The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

RepeatType string

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

StartTime int

The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

AclAction string

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

ApplicationNameLists []string

The list of application types supported by the access control policy.

Description string

The description of the access control policy.

Destination string

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

DestinationType string

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

Direction string

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

NatGatewayId string

The ID of the NAT gateway instance.

NewOrder string

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

Proto string

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

Source string

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

SourceType string

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

DestPort string

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

DestPortGroup string

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

DestPortType string

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

DomainResolveType int

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

EndTime int

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

IpVersion string

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

RepeatDays []int

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

RepeatEndTime string

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

RepeatStartTime string

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

RepeatType string

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

StartTime int

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

aclAction String

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

applicationNameLists List<String>

The list of application types supported by the access control policy.

description String

The description of the access control policy.

destination String

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destinationType String

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction String

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

natGatewayId String

The ID of the NAT gateway instance.

newOrder String

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto String

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

source String

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

sourceType String

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

destPort String

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

destPortGroup String

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

destPortType String

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

domainResolveType Integer

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

endTime Integer

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ipVersion String

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeatDays List<Integer>

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeatEndTime String

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeatStartTime String

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeatType String

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

startTime Integer

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

aclAction string

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

applicationNameLists string[]

The list of application types supported by the access control policy.

description string

The description of the access control policy.

destination string

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destinationType string

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction string

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

natGatewayId string

The ID of the NAT gateway instance.

newOrder string

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto string

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

source string

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

sourceType string

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

destPort string

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

destPortGroup string

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

destPortType string

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

domainResolveType number

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

endTime number

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ipVersion string

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

release string

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeatDays number[]

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeatEndTime string

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeatStartTime string

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeatType string

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

startTime number

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

acl_action str

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

application_name_lists Sequence[str]

The list of application types supported by the access control policy.

description str

The description of the access control policy.

destination str

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destination_type str

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction str

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

nat_gateway_id str

The ID of the NAT gateway instance.

new_order str

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto str

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

source str

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

source_type str

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

dest_port str

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

dest_port_group str

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

dest_port_type str

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

domain_resolve_type int

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

end_time int

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ip_version str

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

release str

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeat_days Sequence[int]

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeat_end_time str

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeat_start_time str

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeat_type str

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

start_time int

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

aclAction String

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

applicationNameLists List<String>

The list of application types supported by the access control policy.

description String

The description of the access control policy.

destination String

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destinationType String

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction String

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

natGatewayId String

The ID of the NAT gateway instance.

newOrder String

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto String

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

source String

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

sourceType String

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

destPort String

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

destPortGroup String

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

destPortType String

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

domainResolveType Number

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

endTime Number

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ipVersion String

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeatDays List<Number>

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeatEndTime String

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeatStartTime String

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeatType String

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

startTime Number

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

Outputs

All input properties are implicitly available as output properties. Additionally, the NatFirewallControlPolicy resource produces the following output properties:

AclUuid string: The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
CreateTime int: The time when the policy was created.
Id string: The provider-assigned unique ID for this managed resource.

AclUuid string: The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
CreateTime int: The time when the policy was created.
Id string: The provider-assigned unique ID for this managed resource.

aclUuid String: The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
createTime Integer: The time when the policy was created.
id String: The provider-assigned unique ID for this managed resource.

aclUuid string: The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
createTime number: The time when the policy was created.
id string: The provider-assigned unique ID for this managed resource.

acl_uuid str: The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
create_time int: The time when the policy was created.
id str: The provider-assigned unique ID for this managed resource.

aclUuid String: The unique ID of the security access control policy.
NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.
createTime Number: The time when the policy was created.
id String: The provider-assigned unique ID for this managed resource.

Look up Existing NatFirewallControlPolicy Resource

Get an existing NatFirewallControlPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NatFirewallControlPolicyState, opts?: CustomResourceOptions): NatFirewallControlPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acl_action: Optional[str] = None,
        acl_uuid: Optional[str] = None,
        application_name_lists: Optional[Sequence[str]] = None,
        create_time: Optional[int] = None,
        description: Optional[str] = None,
        dest_port: Optional[str] = None,
        dest_port_group: Optional[str] = None,
        dest_port_type: Optional[str] = None,
        destination: Optional[str] = None,
        destination_type: Optional[str] = None,
        direction: Optional[str] = None,
        domain_resolve_type: Optional[int] = None,
        end_time: Optional[int] = None,
        ip_version: Optional[str] = None,
        nat_gateway_id: Optional[str] = None,
        new_order: Optional[str] = None,
        proto: Optional[str] = None,
        release: Optional[str] = None,
        repeat_days: Optional[Sequence[int]] = None,
        repeat_end_time: Optional[str] = None,
        repeat_start_time: Optional[str] = None,
        repeat_type: Optional[str] = None,
        source: Optional[str] = None,
        source_type: Optional[str] = None,
        start_time: Optional[int] = None) -> NatFirewallControlPolicy

func GetNatFirewallControlPolicy(ctx *Context, name string, id IDInput, state *NatFirewallControlPolicyState, opts ...ResourceOption) (*NatFirewallControlPolicy, error)

public static NatFirewallControlPolicy Get(string name, Input<string> id, NatFirewallControlPolicyState? state, CustomResourceOptions? opts = null)

public static NatFirewallControlPolicy get(String name, Output<String> id, NatFirewallControlPolicyState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AclAction string

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

AclUuid string

The unique ID of the security access control policy.

NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

ApplicationNameLists List<string>

The list of application types supported by the access control policy.

CreateTime int

The time when the policy was created.

Description string

The description of the access control policy.

DestPort string

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

DestPortGroup string

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

DestPortType string

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

Destination string

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

DestinationType string

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

Direction string

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

DomainResolveType int

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

EndTime int

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

IpVersion string

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

NatGatewayId string

The ID of the NAT gateway instance.

NewOrder string

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

Proto string

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

RepeatDays List<int>

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

RepeatEndTime string

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

RepeatStartTime string

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

RepeatType string

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

Source string

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

SourceType string

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

StartTime int

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

AclAction string

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

AclUuid string

The unique ID of the security access control policy.

NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

ApplicationNameLists []string

The list of application types supported by the access control policy.

CreateTime int

The time when the policy was created.

Description string

The description of the access control policy.

DestPort string

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

DestPortGroup string

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

DestPortType string

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

Destination string

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

DestinationType string

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

Direction string

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

DomainResolveType int

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

EndTime int

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

IpVersion string

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

NatGatewayId string

The ID of the NAT gateway instance.

NewOrder string

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

Proto string

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

RepeatDays []int

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

RepeatEndTime string

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

RepeatStartTime string

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

RepeatType string

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

Source string

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

SourceType string

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

StartTime int

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

aclAction String

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

aclUuid String

The unique ID of the security access control policy.

NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

applicationNameLists List<String>

The list of application types supported by the access control policy.

createTime Integer

The time when the policy was created.

description String

The description of the access control policy.

destPort String

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

destPortGroup String

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

destPortType String

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

destination String

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destinationType String

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction String

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

domainResolveType Integer

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

endTime Integer

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ipVersion String

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

natGatewayId String

The ID of the NAT gateway instance.

newOrder String

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto String

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeatDays List<Integer>

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeatEndTime String

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeatStartTime String

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeatType String

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

source String

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

sourceType String

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

startTime Integer

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

aclAction string

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

aclUuid string

The unique ID of the security access control policy.

NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

applicationNameLists string[]

The list of application types supported by the access control policy.

createTime number

The time when the policy was created.

description string

The description of the access control policy.

destPort string

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

destPortGroup string

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

destPortType string

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

destination string

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destinationType string

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction string

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

domainResolveType number

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

endTime number

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ipVersion string

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

natGatewayId string

The ID of the NAT gateway instance.

newOrder string

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto string

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

release string

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeatDays number[]

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeatEndTime string

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeatStartTime string

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeatType string

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

source string

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

sourceType string

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

startTime number

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

acl_action str

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

acl_uuid str

The unique ID of the security access control policy.

NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

application_name_lists Sequence[str]

The list of application types supported by the access control policy.

create_time int

The time when the policy was created.

description str

The description of the access control policy.

dest_port str

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

dest_port_group str

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

dest_port_type str

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

destination str

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destination_type str

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction str

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

domain_resolve_type int

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

end_time int

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ip_version str

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

nat_gateway_id str

The ID of the NAT gateway instance.

new_order str

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto str

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

release str

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeat_days Sequence[int]

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeat_end_time str

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeat_start_time str

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeat_type str

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

source str

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

source_type str

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

start_time int

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

aclAction String

The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:

accept: Release
drop: Refused
log: Observation.

aclUuid String

The unique ID of the security access control policy.

NOTE: To modify a security access control policy, you need to provide the unique ID of the policy. You can call the DescribeNatFirewallControlPolicy interface to obtain the ID.

applicationNameLists List<String>

The list of application types supported by the access control policy.

createTime Number

The time when the policy was created.

description String

The description of the access control policy.

destPort String

The destination port of traffic access in the access control policy. Value:

When the protocol type is set to ICMP, the value of DestPort is null.

NOTE: When the protocol type is ICMP, access control on the destination port is not supported.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.

NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.

When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.

destPortGroup String

The address book name of the destination port of the access traffic in the access control policy.

NOTE: When DestPortType is set to group, you need to set the destination port address book name.

destPortType String

The destination port type of the access traffic in the security access control policy.

port: port
group: Port Address Book.

destination String

The destination address segment in the access control policy. Valid values:

When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
When DestinationType IS group, Destination is the name of the Destination address book. For example: db_group
When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].

destinationType String

The destination address type in the access control policy. Valid values:

net: Destination Network segment (CIDR address)
group: Destination Address Book
domain: the destination domain name.

direction String

The traffic direction of the access control policy. Valid values:

out: Internal and external traffic access control.

domainResolveType Number

The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:

0: Based on FQDN
1: DNS-based dynamic resolution
2: dynamic resolution based on FQDN and DNS.

endTime Number

NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.

ipVersion String

Supported IP address version. Value:

4 (default): indicates the IPv4 address.

natGatewayId String

The ID of the NAT gateway instance.

newOrder String

The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority.

proto String

The security protocol type for traffic access in the access control policy. Valid values:

ANY (indicates that all protocol types are queried)
TCP
UDP
ICMP.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created. Value:

true: Enable access control policy
false: Do not enable access control policies.

repeatDays List<Number>

Collection of recurring dates for the policy validity period of the access control policy.

When RepeatType is 'Permanent', 'None', 'Daily', RepeatDays is an empty collection. For example:[]
When RepeatType is Weekly, RepeatDays cannot be empty. For example:["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated.
RepeatDays cannot be empty when RepeatType is 'Monthly. For example:[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.

repeatEndTime String

NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.

repeatStartTime String

NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.

repeatType String

The type of repetition for the policy validity period of the access control policy. Value:

Permit (default): Always
None: Specify a single time
Daily: Daily
Weekly: Weekly
Monthly: Monthly.

source String

The source address in the access control policy. Valid values:

When SourceType is set to 'net', Source is the Source CIDR address. For example: 10.2.4.0/24
When SourceType is set to 'group', Source is the name of the Source address book. For example: db_group.

sourceType String

The source address type in the access control policy. Valid values:

net: the source network segment (CIDR address)
group: source address book

startTime Number

NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.

Import

Cloud Firewall Nat Firewall Control Policy can be imported using the id, e.g.

$ pulumi import alicloud:cloudfirewall/natFirewallControlPolicy:NatFirewallControlPolicy example <acl_uuid>:<nat_gateway_id>:<direction>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.57.1 published on Wednesday, Jun 26, 2024 by Pulumi

pulumi/pulumi-alicloud

alicloud.cloudfirewall.NatFirewallControlPolicy

On this page

On this page

Create NatFirewallControlPolicy Resource

Constructor syntax

Parameters

Constructor example

NatFirewallControlPolicy Resource Properties

Inputs

Outputs

Look up Existing NatFirewallControlPolicy Resource

Import

Package Details

On this page

On this page