Provides a Cloud Firewall Vpc Firewall Control Policy resource.
For information about Cloud Firewall Vpc Firewall Control Policy and how to use it, see What is Vpc Firewall Control Policy.
Basic Usage
variable "name" {
default = "terraform-example"
}
data "alicloud_account" "default" {
}
resource "alicloud_cen_instance" "default" {
cen_instance_name = var.name
description = "example_value"
tags = {
Created = "TF"
For = "acceptance test"
}
}
resource "alicloud_cloud_firewall_vpc_firewall_control_policy" "default" {
order = "1"
destination = "127.0.0.2/32"
application_name = "ANY"
description = "example_value"
source_type = "net"
dest_port = "80/88"
acl_action = "accept"
lang = "zh"
destination_type = "net"
source = "127.0.0.1/32"
dest_port_type = "port"
proto = "TCP"
release = true
member_uid = data.alicloud_account.default.id
vpc_firewall_id = alicloud_cen_instance.default.id
}
The following arguments are supported:
vpc_firewall_id
- (Required, ForceNew) The ID of the VPC firewall instance. Valid values:
application_name
- (Required) The type of the applications that the access control policy supports. Valid values: FTP
, HTTP
, HTTPS
, MySQL
, SMTP
, SMTPS
, RDP
, VNC
, SSH
, Redis
, MQTT
, MongoDB
, Memcache
, SSL
, ANY
.description
- (Required) Access control over VPC firewalls description of the strategy information.acl_action
- (Required) The action that Cloud Firewall performs on the traffic. Valid values: accept
, drop
, log
.source
- (Required) Access control over VPC firewalls strategy in the source address.source_type
- (Required) The type of the source address in the access control policy. Valid values: net
, group
.destination
- (Required) The destination address in the access control policy. Valid values:
destination_type
is set to net
, the value of destination
must be a CIDR block.destination_type
is set to group
, the value of destination
must be an address book.destination_type
is set to domain
, the value of destination
must be a domain name.destination_type
- (Required) The type of the destination address in the access control policy. Valid values: net
, group
, domain
.proto
- (Required) The type of the protocol in the access control policy. Valid values: ANY
, TCP
, UDP
, ICMP
.order
- (Required, ForceNew, Int) The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.dest_port
- (Optional) The destination port in the access control policy. Note: If dest_port_type
is set to port
, you must specify this parameter.dest_port_group
- (Optional) Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type
is set to group
, you must specify this parameter.dest_port_type
- (Optional) The type of the destination port in the access control policy. Valid values: port
, group
.release
- (Optional, Bool) The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:
true
: Enable access control policiesfalse
: does not enable access control policies.member_uid
- (Optional, ForceNew) The UID of the member account of the current Alibaba cloud account.lang
- (Optional) The language of the content within the request and response. Valid values: zh
, en
.The following attributes are exported:
id
- The resource ID of Vpc Firewall Control Policy. The value formats as <vpc_firewall_id>:<acl_uuid>
.acl_uuid
- Access control over VPC firewalls strategy unique identifier.application_id
- Policy specifies the application ID.source_group_cidrs
- SOURCE address of the address list.source_group_type
- The source address type in the access control policy.destination_group_cidrs
- Destination address book defined in the address list.destination_group_type
- The destination address book type in the access control policy.dest_port_group_ports
- Port Address Book port list.hit_times
- Control strategy of hits per second.The timeouts
block allows you to specify timeouts for certain actions:
create
- (Defaults to 5 mins) Used when create the Vpc Firewall Control Policy.update
- (Defaults to 5 mins) Used when update the Vpc Firewall Control Policy.delete
- (Defaults to 5 mins) Used when delete the Vpc Firewall Control Policy.Cloud Firewall Vpc Firewall Control Policy can be imported using the id, e.g.
$ terraform import alicloud_cloud_firewall_vpc_firewall_control_policy.example <vpc_firewall_id>:<acl_uuid>