published on Tuesday, Apr 28, 2026 by Pulumi
published on Tuesday, Apr 28, 2026 by Pulumi
Provides a Cloud Firewall Nat Firewall Control Policy resource. Nat firewall access control policy.
For information about Cloud Firewall Nat Firewall Control Policy and how to use it, see What is Nat Firewall Control Policy.
NOTE: Available since v1.224.0.
NOTE Since v1.276.0. Set
newOrder = -1or omit the argument to let the Cloud Backend manage policy ordering automatically. You can also usealicloud.cloudfirewall.NatFirewallControlPolicyOrderto manage the policy ordering.
If you want manged the policy order in parallel, do not set thenewOrder, instead usealicloud.cloudfirewall.NatFirewallControlPolicyOrdermanage the policy order.
Example Usage
Basic Usage
import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";
import * as std from "@pulumi/std";
const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const direction = config.get("direction") || "out";
const _default = alicloud.getZones({
availableResourceCreation: "VSwitch",
});
const defaultDEiWfM = new alicloud.vpc.Network("defaultDEiWfM", {
cidrBlock: "172.16.0.0/12",
vpcName: name,
});
const defaultFHDM3F = new alicloud.vpc.Switch("defaultFHDM3F", {
vpcId: defaultDEiWfM.id,
zoneId: _default.then(_default => _default.zones?.[0]?.id),
cidrBlock: "172.16.2.0/24",
});
const defaultMbS2Ts = new alicloud.vpc.NatGateway("defaultMbS2Ts", {
vpcId: defaultDEiWfM.id,
natGatewayName: name,
paymentType: "PayAsYouGo",
vswitchId: defaultFHDM3F.id,
natType: "Enhanced",
});
const port = new alicloud.cloudfirewall.AddressBook("port", {
description: std.format({
input: "%s%s",
args: [
name,
"port",
],
}).then(invoke => invoke.result),
groupName: std.format({
input: "%s%s",
args: [
name,
"port",
],
}).then(invoke => invoke.result),
groupType: "port",
addressLists: [
"22/22",
"23/23",
"24/24",
],
});
const port_update = new alicloud.cloudfirewall.AddressBook("port-update", {
description: std.format({
input: "%s%s",
args: [
name,
"port-update",
],
}).then(invoke => invoke.result),
groupName: std.format({
input: "%s%s",
args: [
name,
"port-update",
],
}).then(invoke => invoke.result),
groupType: "port",
addressLists: [
"22/22",
"23/23",
"24/24",
],
});
const domain = new alicloud.cloudfirewall.AddressBook("domain", {
description: std.format({
input: "%s%s",
args: [
name,
"domain",
],
}).then(invoke => invoke.result),
groupName: std.format({
input: "%s%s",
args: [
name,
"domain",
],
}).then(invoke => invoke.result),
groupType: "domain",
addressLists: [
"alibaba.com",
"aliyun.com",
"alicloud.com",
],
});
const ip = new alicloud.cloudfirewall.AddressBook("ip", {
description: name,
groupName: name,
groupType: "ip",
addressLists: [
"1.1.1.1/32",
"2.2.2.2/32",
],
});
const defaultNatFirewallControlPolicy = new alicloud.cloudfirewall.NatFirewallControlPolicy("default", {
applicationNameLists: ["ANY"],
description: name,
release: "false",
ipVersion: "4",
repeatDays: [
1,
2,
3,
],
repeatStartTime: "21:00",
aclAction: "log",
destPortGroup: port.groupName,
repeatType: "Weekly",
natGatewayId: defaultMbS2Ts.id,
source: "1.1.1.1/32",
direction: "out",
repeatEndTime: "21:30",
startTime: 1699156800,
destination: "1.1.1.1/32",
endTime: 1888545600,
sourceType: "net",
proto: "TCP",
newOrder: "1",
destinationType: "net",
destPortType: "group",
domainResolveType: 0,
});
import pulumi
import pulumi_alicloud as alicloud
import pulumi_std as std
config = pulumi.Config()
name = config.get("name")
if name is None:
name = "terraform-example"
direction = config.get("direction")
if direction is None:
direction = "out"
default = alicloud.get_zones(available_resource_creation="VSwitch")
default_d_ei_wf_m = alicloud.vpc.Network("defaultDEiWfM",
cidr_block="172.16.0.0/12",
vpc_name=name)
default_fhdm3_f = alicloud.vpc.Switch("defaultFHDM3F",
vpc_id=default_d_ei_wf_m.id,
zone_id=default.zones[0].id,
cidr_block="172.16.2.0/24")
default_mb_s2_ts = alicloud.vpc.NatGateway("defaultMbS2Ts",
vpc_id=default_d_ei_wf_m.id,
nat_gateway_name=name,
payment_type="PayAsYouGo",
vswitch_id=default_fhdm3_f.id,
nat_type="Enhanced")
port = alicloud.cloudfirewall.AddressBook("port",
description=std.format(input="%s%s",
args=[
name,
"port",
]).result,
group_name=std.format(input="%s%s",
args=[
name,
"port",
]).result,
group_type="port",
address_lists=[
"22/22",
"23/23",
"24/24",
])
port_update = alicloud.cloudfirewall.AddressBook("port-update",
description=std.format(input="%s%s",
args=[
name,
"port-update",
]).result,
group_name=std.format(input="%s%s",
args=[
name,
"port-update",
]).result,
group_type="port",
address_lists=[
"22/22",
"23/23",
"24/24",
])
domain = alicloud.cloudfirewall.AddressBook("domain",
description=std.format(input="%s%s",
args=[
name,
"domain",
]).result,
group_name=std.format(input="%s%s",
args=[
name,
"domain",
]).result,
group_type="domain",
address_lists=[
"alibaba.com",
"aliyun.com",
"alicloud.com",
])
ip = alicloud.cloudfirewall.AddressBook("ip",
description=name,
group_name=name,
group_type="ip",
address_lists=[
"1.1.1.1/32",
"2.2.2.2/32",
])
default_nat_firewall_control_policy = alicloud.cloudfirewall.NatFirewallControlPolicy("default",
application_name_lists=["ANY"],
description=name,
release="false",
ip_version="4",
repeat_days=[
1,
2,
3,
],
repeat_start_time="21:00",
acl_action="log",
dest_port_group=port.group_name,
repeat_type="Weekly",
nat_gateway_id=default_mb_s2_ts.id,
source="1.1.1.1/32",
direction="out",
repeat_end_time="21:30",
start_time=1699156800,
destination="1.1.1.1/32",
end_time=1888545600,
source_type="net",
proto="TCP",
new_order="1",
destination_type="net",
dest_port_type="group",
domain_resolve_type=0)
package main
import (
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cloudfirewall"
"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/vpc"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
name := "terraform-example"
if param := cfg.Get("name"); param != "" {
name = param
}
direction := "out"
if param := cfg.Get("direction"); param != "" {
direction = param
}
_default, err := alicloud.GetZones(ctx, &alicloud.GetZonesArgs{
AvailableResourceCreation: pulumi.StringRef("VSwitch"),
}, nil)
if err != nil {
return err
}
defaultDEiWfM, err := vpc.NewNetwork(ctx, "defaultDEiWfM", &vpc.NetworkArgs{
CidrBlock: pulumi.String("172.16.0.0/12"),
VpcName: pulumi.String(pulumi.String(name)),
})
if err != nil {
return err
}
defaultFHDM3F, err := vpc.NewSwitch(ctx, "defaultFHDM3F", &vpc.SwitchArgs{
VpcId: defaultDEiWfM.ID(),
ZoneId: pulumi.String(pulumi.String(_default.Zones[0].Id)),
CidrBlock: pulumi.String("172.16.2.0/24"),
})
if err != nil {
return err
}
defaultMbS2Ts, err := vpc.NewNatGateway(ctx, "defaultMbS2Ts", &vpc.NatGatewayArgs{
VpcId: defaultDEiWfM.ID(),
NatGatewayName: pulumi.String(pulumi.String(name)),
PaymentType: pulumi.String("PayAsYouGo"),
VswitchId: defaultFHDM3F.ID(),
NatType: pulumi.String("Enhanced"),
})
if err != nil {
return err
}
invokeFormat, err := std.Format(ctx, &std.FormatArgs{
Input: "%s%s",
Args: []string{
name,
"port",
},
}, nil)
if err != nil {
return err
}
invokeFormat1, err := std.Format(ctx, &std.FormatArgs{
Input: "%s%s",
Args: []string{
name,
"port",
},
}, nil)
if err != nil {
return err
}
port, err := cloudfirewall.NewAddressBook(ctx, "port", &cloudfirewall.AddressBookArgs{
Description: pulumi.String(invokeFormat.Result),
GroupName: pulumi.String(invokeFormat1.Result),
GroupType: pulumi.String("port"),
AddressLists: pulumi.StringArray{
pulumi.String("22/22"),
pulumi.String("23/23"),
pulumi.String("24/24"),
},
})
if err != nil {
return err
}
invokeFormat2, err := std.Format(ctx, &std.FormatArgs{
Input: "%s%s",
Args: []string{
name,
"port-update",
},
}, nil)
if err != nil {
return err
}
invokeFormat3, err := std.Format(ctx, &std.FormatArgs{
Input: "%s%s",
Args: []string{
name,
"port-update",
},
}, nil)
if err != nil {
return err
}
_, err = cloudfirewall.NewAddressBook(ctx, "port-update", &cloudfirewall.AddressBookArgs{
Description: pulumi.String(invokeFormat2.Result),
GroupName: pulumi.String(invokeFormat3.Result),
GroupType: pulumi.String("port"),
AddressLists: pulumi.StringArray{
pulumi.String("22/22"),
pulumi.String("23/23"),
pulumi.String("24/24"),
},
})
if err != nil {
return err
}
invokeFormat4, err := std.Format(ctx, &std.FormatArgs{
Input: "%s%s",
Args: []string{
name,
"domain",
},
}, nil)
if err != nil {
return err
}
invokeFormat5, err := std.Format(ctx, &std.FormatArgs{
Input: "%s%s",
Args: []string{
name,
"domain",
},
}, nil)
if err != nil {
return err
}
_, err = cloudfirewall.NewAddressBook(ctx, "domain", &cloudfirewall.AddressBookArgs{
Description: pulumi.String(invokeFormat4.Result),
GroupName: pulumi.String(invokeFormat5.Result),
GroupType: pulumi.String("domain"),
AddressLists: pulumi.StringArray{
pulumi.String("alibaba.com"),
pulumi.String("aliyun.com"),
pulumi.String("alicloud.com"),
},
})
if err != nil {
return err
}
_, err = cloudfirewall.NewAddressBook(ctx, "ip", &cloudfirewall.AddressBookArgs{
Description: pulumi.String(pulumi.String(name)),
GroupName: pulumi.String(pulumi.String(name)),
GroupType: pulumi.String("ip"),
AddressLists: pulumi.StringArray{
pulumi.String("1.1.1.1/32"),
pulumi.String("2.2.2.2/32"),
},
})
if err != nil {
return err
}
_, err = cloudfirewall.NewNatFirewallControlPolicy(ctx, "default", &cloudfirewall.NatFirewallControlPolicyArgs{
ApplicationNameLists: pulumi.StringArray{
pulumi.String("ANY"),
},
Description: pulumi.String(pulumi.String(name)),
Release: pulumi.String("false"),
IpVersion: pulumi.String("4"),
RepeatDays: pulumi.IntArray{
pulumi.Int(1),
pulumi.Int(2),
pulumi.Int(3),
},
RepeatStartTime: pulumi.String("21:00"),
AclAction: pulumi.String("log"),
DestPortGroup: port.GroupName,
RepeatType: pulumi.String("Weekly"),
NatGatewayId: defaultMbS2Ts.ID(),
Source: pulumi.String("1.1.1.1/32"),
Direction: pulumi.String("out"),
RepeatEndTime: pulumi.String("21:30"),
StartTime: pulumi.Int(1699156800),
Destination: pulumi.String("1.1.1.1/32"),
EndTime: pulumi.Int(1888545600),
SourceType: pulumi.String("net"),
Proto: pulumi.String("TCP"),
NewOrder: pulumi.String("1"),
DestinationType: pulumi.String("net"),
DestPortType: pulumi.String("group"),
DomainResolveType: pulumi.Int(0),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var config = new Config();
var name = config.Get("name") ?? "terraform-example";
var direction = config.Get("direction") ?? "out";
var @default = AliCloud.Index.GetZones.Invoke(new()
{
AvailableResourceCreation = "VSwitch",
});
var defaultDEiWfM = new AliCloud.Vpc.Network("defaultDEiWfM", new()
{
CidrBlock = "172.16.0.0/12",
VpcName = name,
});
var defaultFHDM3F = new AliCloud.Vpc.Switch("defaultFHDM3F", new()
{
VpcId = defaultDEiWfM.Id,
ZoneId = @default.Apply(@default => @default.Apply(getZonesResult => getZonesResult.Zones[0]?.Id)),
CidrBlock = "172.16.2.0/24",
});
var defaultMbS2Ts = new AliCloud.Vpc.NatGateway("defaultMbS2Ts", new()
{
VpcId = defaultDEiWfM.Id,
NatGatewayName = name,
PaymentType = "PayAsYouGo",
VswitchId = defaultFHDM3F.Id,
NatType = "Enhanced",
});
var port = new AliCloud.CloudFirewall.AddressBook("port", new()
{
Description = Std.Index.Format.Invoke(new()
{
Input = "%s%s",
Args = new[]
{
name,
"port",
},
}).Apply(invoke => invoke.Result),
GroupName = Std.Index.Format.Invoke(new()
{
Input = "%s%s",
Args = new[]
{
name,
"port",
},
}).Apply(invoke => invoke.Result),
GroupType = "port",
AddressLists = new[]
{
"22/22",
"23/23",
"24/24",
},
});
var port_update = new AliCloud.CloudFirewall.AddressBook("port-update", new()
{
Description = Std.Index.Format.Invoke(new()
{
Input = "%s%s",
Args = new[]
{
name,
"port-update",
},
}).Apply(invoke => invoke.Result),
GroupName = Std.Index.Format.Invoke(new()
{
Input = "%s%s",
Args = new[]
{
name,
"port-update",
},
}).Apply(invoke => invoke.Result),
GroupType = "port",
AddressLists = new[]
{
"22/22",
"23/23",
"24/24",
},
});
var domain = new AliCloud.CloudFirewall.AddressBook("domain", new()
{
Description = Std.Index.Format.Invoke(new()
{
Input = "%s%s",
Args = new[]
{
name,
"domain",
},
}).Apply(invoke => invoke.Result),
GroupName = Std.Index.Format.Invoke(new()
{
Input = "%s%s",
Args = new[]
{
name,
"domain",
},
}).Apply(invoke => invoke.Result),
GroupType = "domain",
AddressLists = new[]
{
"alibaba.com",
"aliyun.com",
"alicloud.com",
},
});
var ip = new AliCloud.CloudFirewall.AddressBook("ip", new()
{
Description = name,
GroupName = name,
GroupType = "ip",
AddressLists = new[]
{
"1.1.1.1/32",
"2.2.2.2/32",
},
});
var defaultNatFirewallControlPolicy = new AliCloud.CloudFirewall.NatFirewallControlPolicy("default", new()
{
ApplicationNameLists = new[]
{
"ANY",
},
Description = name,
Release = "false",
IpVersion = "4",
RepeatDays = new[]
{
1,
2,
3,
},
RepeatStartTime = "21:00",
AclAction = "log",
DestPortGroup = port.GroupName,
RepeatType = "Weekly",
NatGatewayId = defaultMbS2Ts.Id,
Source = "1.1.1.1/32",
Direction = "out",
RepeatEndTime = "21:30",
StartTime = 1699156800,
Destination = "1.1.1.1/32",
EndTime = 1888545600,
SourceType = "net",
Proto = "TCP",
NewOrder = "1",
DestinationType = "net",
DestPortType = "group",
DomainResolveType = 0,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.inputs.GetZonesArgs;
import com.pulumi.alicloud.vpc.Network;
import com.pulumi.alicloud.vpc.NetworkArgs;
import com.pulumi.alicloud.vpc.Switch;
import com.pulumi.alicloud.vpc.SwitchArgs;
import com.pulumi.alicloud.vpc.NatGateway;
import com.pulumi.alicloud.vpc.NatGatewayArgs;
import com.pulumi.alicloud.cloudfirewall.AddressBook;
import com.pulumi.alicloud.cloudfirewall.AddressBookArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FormatArgs;
import com.pulumi.alicloud.cloudfirewall.NatFirewallControlPolicy;
import com.pulumi.alicloud.cloudfirewall.NatFirewallControlPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var config = ctx.config();
final var name = config.get("name").orElse("terraform-example");
final var direction = config.get("direction").orElse("out");
final var default = AlicloudFunctions.getZones(GetZonesArgs.builder()
.availableResourceCreation("VSwitch")
.build());
var defaultDEiWfM = new Network("defaultDEiWfM", NetworkArgs.builder()
.cidrBlock("172.16.0.0/12")
.vpcName(name)
.build());
var defaultFHDM3F = new Switch("defaultFHDM3F", SwitchArgs.builder()
.vpcId(defaultDEiWfM.id())
.zoneId(default_.zones()[0].id())
.cidrBlock("172.16.2.0/24")
.build());
var defaultMbS2Ts = new NatGateway("defaultMbS2Ts", NatGatewayArgs.builder()
.vpcId(defaultDEiWfM.id())
.natGatewayName(name)
.paymentType("PayAsYouGo")
.vswitchId(defaultFHDM3F.id())
.natType("Enhanced")
.build());
var port = new AddressBook("port", AddressBookArgs.builder()
.description(StdFunctions.format(FormatArgs.builder()
.input("%s%s")
.args(
name,
"port")
.build()).result())
.groupName(StdFunctions.format(FormatArgs.builder()
.input("%s%s")
.args(
name,
"port")
.build()).result())
.groupType("port")
.addressLists(
"22/22",
"23/23",
"24/24")
.build());
var port_update = new AddressBook("port-update", AddressBookArgs.builder()
.description(StdFunctions.format(FormatArgs.builder()
.input("%s%s")
.args(
name,
"port-update")
.build()).result())
.groupName(StdFunctions.format(FormatArgs.builder()
.input("%s%s")
.args(
name,
"port-update")
.build()).result())
.groupType("port")
.addressLists(
"22/22",
"23/23",
"24/24")
.build());
var domain = new AddressBook("domain", AddressBookArgs.builder()
.description(StdFunctions.format(FormatArgs.builder()
.input("%s%s")
.args(
name,
"domain")
.build()).result())
.groupName(StdFunctions.format(FormatArgs.builder()
.input("%s%s")
.args(
name,
"domain")
.build()).result())
.groupType("domain")
.addressLists(
"alibaba.com",
"aliyun.com",
"alicloud.com")
.build());
var ip = new AddressBook("ip", AddressBookArgs.builder()
.description(name)
.groupName(name)
.groupType("ip")
.addressLists(
"1.1.1.1/32",
"2.2.2.2/32")
.build());
var defaultNatFirewallControlPolicy = new NatFirewallControlPolicy("defaultNatFirewallControlPolicy", NatFirewallControlPolicyArgs.builder()
.applicationNameLists("ANY")
.description(name)
.release("false")
.ipVersion("4")
.repeatDays(
1,
2,
3)
.repeatStartTime("21:00")
.aclAction("log")
.destPortGroup(port.groupName())
.repeatType("Weekly")
.natGatewayId(defaultMbS2Ts.id())
.source("1.1.1.1/32")
.direction("out")
.repeatEndTime("21:30")
.startTime(1699156800)
.destination("1.1.1.1/32")
.endTime(1888545600)
.sourceType("net")
.proto("TCP")
.newOrder("1")
.destinationType("net")
.destPortType("group")
.domainResolveType(0)
.build());
}
}
configuration:
name:
type: string
default: terraform-example
direction:
type: string
default: out
resources:
defaultDEiWfM:
type: alicloud:vpc:Network
properties:
cidrBlock: 172.16.0.0/12
vpcName: ${name}
defaultFHDM3F:
type: alicloud:vpc:Switch
properties:
vpcId: ${defaultDEiWfM.id}
zoneId: ${default.zones[0].id}
cidrBlock: 172.16.2.0/24
defaultMbS2Ts:
type: alicloud:vpc:NatGateway
properties:
vpcId: ${defaultDEiWfM.id}
natGatewayName: ${name}
paymentType: PayAsYouGo
vswitchId: ${defaultFHDM3F.id}
natType: Enhanced
port:
type: alicloud:cloudfirewall:AddressBook
properties:
description:
fn::invoke:
function: std:format
arguments:
input: '%s%s'
args:
- ${name}
- port
return: result
groupName:
fn::invoke:
function: std:format
arguments:
input: '%s%s'
args:
- ${name}
- port
return: result
groupType: port
addressLists:
- 22/22
- 23/23
- 24/24
port-update:
type: alicloud:cloudfirewall:AddressBook
properties:
description:
fn::invoke:
function: std:format
arguments:
input: '%s%s'
args:
- ${name}
- port-update
return: result
groupName:
fn::invoke:
function: std:format
arguments:
input: '%s%s'
args:
- ${name}
- port-update
return: result
groupType: port
addressLists:
- 22/22
- 23/23
- 24/24
domain:
type: alicloud:cloudfirewall:AddressBook
properties:
description:
fn::invoke:
function: std:format
arguments:
input: '%s%s'
args:
- ${name}
- domain
return: result
groupName:
fn::invoke:
function: std:format
arguments:
input: '%s%s'
args:
- ${name}
- domain
return: result
groupType: domain
addressLists:
- alibaba.com
- aliyun.com
- alicloud.com
ip:
type: alicloud:cloudfirewall:AddressBook
properties:
description: ${name}
groupName: ${name}
groupType: ip
addressLists:
- 1.1.1.1/32
- 2.2.2.2/32
defaultNatFirewallControlPolicy:
type: alicloud:cloudfirewall:NatFirewallControlPolicy
name: default
properties:
applicationNameLists:
- ANY
description: ${name}
release: 'false'
ipVersion: '4'
repeatDays:
- '1'
- '2'
- '3'
repeatStartTime: 21:00
aclAction: log
destPortGroup: ${port.groupName}
repeatType: Weekly
natGatewayId: ${defaultMbS2Ts.id}
source: 1.1.1.1/32
direction: out
repeatEndTime: 21:30
startTime: '1699156800'
destination: 1.1.1.1/32
endTime: '1888545600'
sourceType: net
proto: TCP
newOrder: '1'
destinationType: net
destPortType: group
domainResolveType: '0'
variables:
default:
fn::invoke:
function: alicloud:getZones
arguments:
availableResourceCreation: VSwitch
📚 Need more examples? VIEW MORE EXAMPLES
Create NatFirewallControlPolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NatFirewallControlPolicy(name: string, args: NatFirewallControlPolicyArgs, opts?: CustomResourceOptions);@overload
def NatFirewallControlPolicy(resource_name: str,
args: NatFirewallControlPolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NatFirewallControlPolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
acl_action: Optional[str] = None,
application_name_lists: Optional[Sequence[str]] = None,
description: Optional[str] = None,
source_type: Optional[str] = None,
source: Optional[str] = None,
proto: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
nat_gateway_id: Optional[str] = None,
end_time: Optional[int] = None,
ip_version: Optional[str] = None,
domain_resolve_type: Optional[int] = None,
new_order: Optional[str] = None,
dest_port_type: Optional[str] = None,
release: Optional[str] = None,
repeat_days: Optional[Sequence[int]] = None,
repeat_end_time: Optional[str] = None,
repeat_start_time: Optional[str] = None,
repeat_type: Optional[str] = None,
dest_port_group: Optional[str] = None,
dest_port: Optional[str] = None,
start_time: Optional[int] = None)func NewNatFirewallControlPolicy(ctx *Context, name string, args NatFirewallControlPolicyArgs, opts ...ResourceOption) (*NatFirewallControlPolicy, error)public NatFirewallControlPolicy(string name, NatFirewallControlPolicyArgs args, CustomResourceOptions? opts = null)
public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args)
public NatFirewallControlPolicy(String name, NatFirewallControlPolicyArgs args, CustomResourceOptions options)
type: alicloud:cloudfirewall:NatFirewallControlPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NatFirewallControlPolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var natFirewallControlPolicyResource = new AliCloud.CloudFirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", new()
{
AclAction = "string",
ApplicationNameLists = new[]
{
"string",
},
Description = "string",
SourceType = "string",
Source = "string",
Proto = "string",
Destination = "string",
DestinationType = "string",
Direction = "string",
NatGatewayId = "string",
EndTime = 0,
IpVersion = "string",
DomainResolveType = 0,
NewOrder = "string",
DestPortType = "string",
Release = "string",
RepeatDays = new[]
{
0,
},
RepeatEndTime = "string",
RepeatStartTime = "string",
RepeatType = "string",
DestPortGroup = "string",
DestPort = "string",
StartTime = 0,
});
example, err := cloudfirewall.NewNatFirewallControlPolicy(ctx, "natFirewallControlPolicyResource", &cloudfirewall.NatFirewallControlPolicyArgs{
AclAction: pulumi.String("string"),
ApplicationNameLists: pulumi.StringArray{
pulumi.String("string"),
},
Description: pulumi.String("string"),
SourceType: pulumi.String("string"),
Source: pulumi.String("string"),
Proto: pulumi.String("string"),
Destination: pulumi.String("string"),
DestinationType: pulumi.String("string"),
Direction: pulumi.String("string"),
NatGatewayId: pulumi.String("string"),
EndTime: pulumi.Int(0),
IpVersion: pulumi.String("string"),
DomainResolveType: pulumi.Int(0),
NewOrder: pulumi.String("string"),
DestPortType: pulumi.String("string"),
Release: pulumi.String("string"),
RepeatDays: pulumi.IntArray{
pulumi.Int(0),
},
RepeatEndTime: pulumi.String("string"),
RepeatStartTime: pulumi.String("string"),
RepeatType: pulumi.String("string"),
DestPortGroup: pulumi.String("string"),
DestPort: pulumi.String("string"),
StartTime: pulumi.Int(0),
})
var natFirewallControlPolicyResource = new NatFirewallControlPolicy("natFirewallControlPolicyResource", NatFirewallControlPolicyArgs.builder()
.aclAction("string")
.applicationNameLists("string")
.description("string")
.sourceType("string")
.source("string")
.proto("string")
.destination("string")
.destinationType("string")
.direction("string")
.natGatewayId("string")
.endTime(0)
.ipVersion("string")
.domainResolveType(0)
.newOrder("string")
.destPortType("string")
.release("string")
.repeatDays(0)
.repeatEndTime("string")
.repeatStartTime("string")
.repeatType("string")
.destPortGroup("string")
.destPort("string")
.startTime(0)
.build());
nat_firewall_control_policy_resource = alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource",
acl_action="string",
application_name_lists=["string"],
description="string",
source_type="string",
source="string",
proto="string",
destination="string",
destination_type="string",
direction="string",
nat_gateway_id="string",
end_time=0,
ip_version="string",
domain_resolve_type=0,
new_order="string",
dest_port_type="string",
release="string",
repeat_days=[0],
repeat_end_time="string",
repeat_start_time="string",
repeat_type="string",
dest_port_group="string",
dest_port="string",
start_time=0)
const natFirewallControlPolicyResource = new alicloud.cloudfirewall.NatFirewallControlPolicy("natFirewallControlPolicyResource", {
aclAction: "string",
applicationNameLists: ["string"],
description: "string",
sourceType: "string",
source: "string",
proto: "string",
destination: "string",
destinationType: "string",
direction: "string",
natGatewayId: "string",
endTime: 0,
ipVersion: "string",
domainResolveType: 0,
newOrder: "string",
destPortType: "string",
release: "string",
repeatDays: [0],
repeatEndTime: "string",
repeatStartTime: "string",
repeatType: "string",
destPortGroup: "string",
destPort: "string",
startTime: 0,
});
type: alicloud:cloudfirewall:NatFirewallControlPolicy
properties:
aclAction: string
applicationNameLists:
- string
description: string
destPort: string
destPortGroup: string
destPortType: string
destination: string
destinationType: string
direction: string
domainResolveType: 0
endTime: 0
ipVersion: string
natGatewayId: string
newOrder: string
proto: string
release: string
repeatDays:
- 0
repeatEndTime: string
repeatStartTime: string
repeatType: string
source: string
sourceType: string
startTime: 0
NatFirewallControlPolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NatFirewallControlPolicy resource accepts the following input properties:
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- Application
Name List<string>Lists - The list of application types supported by the access control policy.
- Description string
- The description of the access control policy.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- Direction string
- The traffic direction of the access control policy. Valid values:
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- Source string
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- Source
Type string - The source address type in the access control policy. Valid values:
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- Repeat
Days List<int> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- Application
Name []stringLists - The list of application types supported by the access control policy.
- Description string
- The description of the access control policy.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- Direction string
- The traffic direction of the access control policy. Valid values:
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- Source string
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- Source
Type string - The source address type in the access control policy. Valid values:
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- Repeat
Days []int - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- description String
- The description of the access control policy.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- direction String
- The traffic direction of the access control policy. Valid values:
- nat
Gateway StringId - The ID of the NAT gateway instance.
- proto String
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- source String
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source
Type String - The source address type in the access control policy. Valid values:
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- domain
Resolve IntegerType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end
Time Integer The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat
Days List<Integer> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- start
Time Integer The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- application
Name string[]Lists - The list of application types supported by the access control policy.
- description string
- The description of the access control policy.
- destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type string - The destination address type in the access control policy. Valid values:
- direction string
- The traffic direction of the access control policy. Valid values:
- nat
Gateway stringId - The ID of the NAT gateway instance.
- proto string
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- source string
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source
Type string - The source address type in the access control policy. Valid values:
- dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- domain
Resolve numberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end
Time number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version string - Supported IP address version. Value:
- new
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat
Days number[] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- start
Time number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl_
action str - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- application_
name_ Sequence[str]lists - The list of application types supported by the access control policy.
- description str
- The description of the access control policy.
- destination str
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination_
type str - The destination address type in the access control policy. Valid values:
- direction str
- The traffic direction of the access control policy. Valid values:
- nat_
gateway_ strid - The ID of the NAT gateway instance.
- proto str
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- source str
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source_
type str - The source address type in the access control policy. Valid values:
- dest_
port str The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest_
port_ strgroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest_
port_ strtype - The destination port type of the access traffic in the security access control policy.
- domain_
resolve_ inttype - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end_
time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip_
version str - Supported IP address version. Value:
- new_
order str - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - release str
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat_
days Sequence[int] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat_
end_ strtime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat_
start_ strtime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat_
type str - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- start_
time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- description String
- The description of the access control policy.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- direction String
- The traffic direction of the access control policy. Valid values:
- nat
Gateway StringId - The ID of the NAT gateway instance.
- proto String
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- source String
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source
Type String - The source address type in the access control policy. Valid values:
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- domain
Resolve NumberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end
Time Number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat
Days List<Number> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- start
Time Number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
Outputs
All input properties are implicitly available as output properties. Additionally, the NatFirewallControlPolicy resource produces the following output properties:
- Acl
Uuid string - The unique ID of the security access control policy.
- Create
Time int - The time when the policy was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Acl
Uuid string - The unique ID of the security access control policy.
- Create
Time int - The time when the policy was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- acl
Uuid String - The unique ID of the security access control policy.
- create
Time Integer - The time when the policy was created.
- id String
- The provider-assigned unique ID for this managed resource.
- acl
Uuid string - The unique ID of the security access control policy.
- create
Time number - The time when the policy was created.
- id string
- The provider-assigned unique ID for this managed resource.
- acl_
uuid str - The unique ID of the security access control policy.
- create_
time int - The time when the policy was created.
- id str
- The provider-assigned unique ID for this managed resource.
- acl
Uuid String - The unique ID of the security access control policy.
- create
Time Number - The time when the policy was created.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NatFirewallControlPolicy Resource
Get an existing NatFirewallControlPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NatFirewallControlPolicyState, opts?: CustomResourceOptions): NatFirewallControlPolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
acl_action: Optional[str] = None,
acl_uuid: Optional[str] = None,
application_name_lists: Optional[Sequence[str]] = None,
create_time: Optional[int] = None,
description: Optional[str] = None,
dest_port: Optional[str] = None,
dest_port_group: Optional[str] = None,
dest_port_type: Optional[str] = None,
destination: Optional[str] = None,
destination_type: Optional[str] = None,
direction: Optional[str] = None,
domain_resolve_type: Optional[int] = None,
end_time: Optional[int] = None,
ip_version: Optional[str] = None,
nat_gateway_id: Optional[str] = None,
new_order: Optional[str] = None,
proto: Optional[str] = None,
release: Optional[str] = None,
repeat_days: Optional[Sequence[int]] = None,
repeat_end_time: Optional[str] = None,
repeat_start_time: Optional[str] = None,
repeat_type: Optional[str] = None,
source: Optional[str] = None,
source_type: Optional[str] = None,
start_time: Optional[int] = None) -> NatFirewallControlPolicyfunc GetNatFirewallControlPolicy(ctx *Context, name string, id IDInput, state *NatFirewallControlPolicyState, opts ...ResourceOption) (*NatFirewallControlPolicy, error)public static NatFirewallControlPolicy Get(string name, Input<string> id, NatFirewallControlPolicyState? state, CustomResourceOptions? opts = null)public static NatFirewallControlPolicy get(String name, Output<String> id, NatFirewallControlPolicyState state, CustomResourceOptions options)resources: _: type: alicloud:cloudfirewall:NatFirewallControlPolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- Acl
Uuid string - The unique ID of the security access control policy.
- Application
Name List<string>Lists - The list of application types supported by the access control policy.
- Create
Time int - The time when the policy was created.
- Description string
- The description of the access control policy.
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- Direction string
- The traffic direction of the access control policy. Valid values:
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- Repeat
Days List<int> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- Source string
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- Source
Type string - The source address type in the access control policy. Valid values:
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- Acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- Acl
Uuid string - The unique ID of the security access control policy.
- Application
Name []stringLists - The list of application types supported by the access control policy.
- Create
Time int - The time when the policy was created.
- Description string
- The description of the access control policy.
- Dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- Dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- Dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- Destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- Destination
Type string - The destination address type in the access control policy. Valid values:
- Direction string
- The traffic direction of the access control policy. Valid values:
- Domain
Resolve intType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- End
Time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- Ip
Version string - Supported IP address version. Value:
- Nat
Gateway stringId - The ID of the NAT gateway instance.
- New
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - Proto string
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- Release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- Repeat
Days []int - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- Repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- Repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- Repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- Source string
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- Source
Type string - The source address type in the access control policy. Valid values:
- Start
Time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- acl
Uuid String - The unique ID of the security access control policy.
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- create
Time Integer - The time when the policy was created.
- description String
- The description of the access control policy.
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- direction String
- The traffic direction of the access control policy. Valid values:
- domain
Resolve IntegerType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end
Time Integer The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- nat
Gateway StringId - The ID of the NAT gateway instance.
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - proto String
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat
Days List<Integer> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- source String
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source
Type String - The source address type in the access control policy. Valid values:
- start
Time Integer The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action string - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- acl
Uuid string - The unique ID of the security access control policy.
- application
Name string[]Lists - The list of application types supported by the access control policy.
- create
Time number - The time when the policy was created.
- description string
- The description of the access control policy.
- dest
Port string The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port stringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port stringType - The destination port type of the access traffic in the security access control policy.
- destination string
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type string - The destination address type in the access control policy. Valid values:
- direction string
- The traffic direction of the access control policy. Valid values:
- domain
Resolve numberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end
Time number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version string - Supported IP address version. Value:
- nat
Gateway stringId - The ID of the NAT gateway instance.
- new
Order string - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - proto string
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- release string
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat
Days number[] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat
End stringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start stringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type string - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- source string
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source
Type string - The source address type in the access control policy. Valid values:
- start
Time number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl_
action str - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- acl_
uuid str - The unique ID of the security access control policy.
- application_
name_ Sequence[str]lists - The list of application types supported by the access control policy.
- create_
time int - The time when the policy was created.
- description str
- The description of the access control policy.
- dest_
port str The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest_
port_ strgroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest_
port_ strtype - The destination port type of the access traffic in the security access control policy.
- destination str
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination_
type str - The destination address type in the access control policy. Valid values:
- direction str
- The traffic direction of the access control policy. Valid values:
- domain_
resolve_ inttype - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end_
time int The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip_
version str - Supported IP address version. Value:
- nat_
gateway_ strid - The ID of the NAT gateway instance.
- new_
order str - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - proto str
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- release str
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat_
days Sequence[int] - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat_
end_ strtime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat_
start_ strtime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat_
type str - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- source str
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source_
type str - The source address type in the access control policy. Valid values:
- start_
time int The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
- acl
Action String - The method (action) of access traffic passing through Cloud Firewall in the security access control policy. Valid values:
- acl
Uuid String - The unique ID of the security access control policy.
- application
Name List<String>Lists - The list of application types supported by the access control policy.
- create
Time Number - The time when the policy was created.
- description String
- The description of the access control policy.
- dest
Port String The destination port of traffic access in the access control policy. Value:
- When the protocol type is set to ICMP, the value of DestPort is null.
NOTE: When the protocol type is ICMP, access control on the destination port is not supported.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) IS group, the value of DestPort is null.
NOTE: When you select group (destination port address book) for the destination port type of the access control policy, you do not need to set a specific destination port number. All ports that need to be controlled by this access control policy are included in the destination port address book.
- When the protocol type is TCP, UDP, or ANY, and the destination port type (DestPortType) is port, the value of DestPort is the destination port number.
- dest
Port StringGroup The address book name of the destination port of the access traffic in the access control policy.
NOTE: When DestPortType is set to group, you need to set the destination port address book name.
- dest
Port StringType - The destination port type of the access traffic in the security access control policy.
- destination String
- The destination address segment in the access control policy. Valid values:
- When DestinationType is net, Destination is the Destination CIDR. For example: 1.2.XX.XX/24
- When DestinationType IS group, Destination is the name of the Destination address book. For example: dbGroup
- When DestinationType is domain, Destination is the Destination domain name. For example: * .aliyuncs.com
- When DestinationType is location, Destination is the Destination region. For example: ["BJ11", "ZB"].
- destination
Type String - The destination address type in the access control policy. Valid values:
- direction String
- The traffic direction of the access control policy. Valid values:
- domain
Resolve NumberType - The domain name resolution method of the access control policy. The policy is enabled by default after it is created. Valid values:
- end
Time Number The end time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. Must be full or half time and at least half an hour greater than the start time.
NOTE: When RepeatType is set to permit, EndTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, EndTime must have a value and you need to set the end time.
- ip
Version String - Supported IP address version. Value:
- nat
Gateway StringId - The ID of the NAT gateway instance.
- new
Order String - The priority for the access control policy to take effect. The priority number increases sequentially from 1, and the smaller the priority number, the higher the priority. If not set, default to
-1. - proto String
- The security protocol type for traffic access in the access control policy. Valid values:
ANY(Indicates that all protocol types are queried)TCPUDPICMP.
- release String
- The enabled status of the access control policy. The policy is enabled by default after it is created. Value:
- repeat
Days List<Number> - Collection of recurring dates for the policy validity period of the access control policy.
- When RepeatType is
Permanent,None,Daily, RepeatDays is an empty collection. For example:[] - When RepeatType is Weekly, RepeatDays cannot be empty. For example:
["0", "6"]. When the RepeatType is set to Weekly, RepeatDays cannot be repeated. - RepeatDays cannot be empty when RepeatType is 'Monthly. For example:
[1, 31]. When RepeatType is set to Monthly, RepeatDays cannot be repeated.
- When RepeatType is
- repeat
End StringTime The recurring end time of the policy validity period of the access control policy. For example: 23:30, it must be the whole point or half point time, and at least half an hour greater than the repeat start time.
NOTE: When RepeatType is set to normal or None, RepeatEndTime is null. When the RepeatType is Daily, Weekly, or Monthly, the RepeatEndTime must have a value, and you need to set the repeat end time.
- repeat
Start StringTime The recurring start time of the policy validity period of the access control policy. For example: 08:00, it must be the whole point or half point time, and at least half an hour less than the repeat end time.
NOTE: When RepeatType is set to permit or None, RepeatStartTime is empty. When the RepeatType is Daily, Weekly, or Monthly, the RepeatStartTime must have a value and you need to set the repeat start time.
- repeat
Type String - The type of repetition for the policy validity period of the access control policy. Value:
Permit(default): AlwaysNone: Specify a single timeDaily: DailyWeekly: WeeklyMonthly: Monthly.
- source String
- The source address in the access control policy. Valid values:
- When
SourceTypeis set tonet, Source is the Source CIDR address. For example:10.2.4.0/24 - When
SourceTypeis set togroup, Source is the name of the Source address book. For example:dbGroup.
- When
- source
Type String - The source address type in the access control policy. Valid values:
- start
Time Number The start time of the policy validity period of the access control policy. Expresses using the second-level timestamp format. It must be a full or half hour and at least half an hour less than the end time.
NOTE: When RepeatType is set to normal, StartTime is null. When the RepeatType is None, Daily, Weekly, or Monthly, StartTime must have a value and you need to set the start time.
Import
Cloud Firewall Nat Firewall Control Policy can be imported using the id, e.g.
$ pulumi import alicloud:cloudfirewall/natFirewallControlPolicy:NatFirewallControlPolicy example <acl_uuid>:<nat_gateway_id>:<direction>
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Alibaba Cloud pulumi/pulumi-alicloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
alicloudTerraform Provider.
published on Tuesday, Apr 28, 2026 by Pulumi
