-
Notifications
You must be signed in to change notification settings - Fork 35
/
cloud-firewall-in-multiple-accounts.yml
199 lines (199 loc) · 8.89 KB
/
cloud-firewall-in-multiple-accounts.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建VPC、子网、安全组,部署ECS实例并配置高效云盘,绑定EIP。
en: Create a Virtual Private Cloud (VPC), subnets, security groups, deploy Elastic
Compute Service (ECS) instances, and configure high-performance cloud disks, then
bind Elastic IP Addresses (EIPs).
Parameters:
VpcName:
Default: VPC_1
Label:
zh-cn: 专有网络名称
en: VPC_Name
Type: String
Description:
zh-cn: 长度为1-128个字符,以大小字母或中文开头,可包含数字、下划线(_)和连字符(-),但不能以http://或https://开头。
en: It must be 1 to 128 characters in length and must start with a letter. It can contain digits, underscores (_), and hyphens (-). It cannot start with http:// or https://.
VpcCidrBlock:
Description:
zh-cn: VPC的ip地址段范围,<br>您可以使用以下的ip地址段或其子网:<br><font color='green'>[10.0.0.0/8]</font><br><font color='green'>[172.16.0.0/12]</font><br><font color='green'>[192.168.0.0/16]</font>
en: 'The ip address range of the VPC in the CidrBlock form; <br>You can use the following ip address ranges and their subnets: <br><font color=''green''>[10.0.0.0/8]</font><br><font color=''green''>[172.16.0.0/12]</font><br><font color=''green''>[192.168.0.0/16]</font>'
Default: 192.168.0.0/16
Label:
zh-cn: 专有网络IPv4网段
en: VPC CIDR IPv4 Block
AssociationProperty: ALIYUN::VPC::VPC::CidrBlock
Type: String
VSwitchCidrBlock:
Type: String
Label:
en: VSwitch CIDR Block
zh-cn: 交换机子网网段
Description:
zh-cn: 必须属于VPC的子网段。
en: Must belong to the subnet segment of VPC.
AssociationProperty: ALIYUN::VPC::VSwitch::CidrBlock
AssociationPropertyMetadata:
VpcCidrBlock: VpcCidrBlock
Default: 192.168.1.0/24
InstanceName:
Default: ECS_1
Label:
zh-cn: ECS名称
en: VPC_Name
Type: String
Description:
zh-cn: 长度为1-128个字符,以大小字母或中文开头,可包含数字、半角句号(.)、半角冒号(:)、下划线(_)和连字符(-)。
en: It must be 1 to 128 characters in length and must start with a letter. It can contain digits, half corner period (.) , half-corner colon (:), underscore (_), and hyphen (-).
ECSPassword:
NoEcho: true
Type: String
Description:
en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in).
zh-cn: 服务器登录密码,长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)。
AllowedPattern: '[0-9A-Za-z\_\-\&:;''<>,=%`~!@#\(\)\$\^\*\+\|\{\}\[\]\.\?\/]+$'
Label:
en: Instance Password
zh-cn: 实例密码
MinLength: 8
ConstraintDescription:
en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in).
zh-cn: 长度8-30,必须包含三项(大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号)。
MaxLength: 30
ECSZoneId:
AssociationProperty: ALIYUN::ECS::Instance:ZoneId
Type: String
Description:
en: 'Availability zone ID.<br><b>Note: <font color=''blue''>Before selecting, please confirm whether the availability zone supports the specification of creating ECS resources. It is recommended to be different from other switch availability zones</font></b ><br><font color=''red''>The switch availability zone and the selected switch instance ID must be in the same availability zone.</font>'
zh-cn: 可用区ID。<br><b>注: <font color='blue'>选择前请确认该可用区是否支持创建ECS资源的规格,建议与其他交换机可用区不同</font></b><br><font color='red'>交换机可用区和已选择的交换机实例ID必须在同一个可用区。</font>
Label:
en: VSwitch Availability Zone
zh-cn: 交换机可用区
Default: cn-hangzhou-h
ECSInstanceType:
AssociationPropertyMetadata:
ZoneId: ECSZoneId
InstanceChargeType: PostPaid
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
Type: String
Description:
en: <font color='blue'><b>1.Before selecting the model please confirm that the current available zone under the model is in stock, some models need to be reported in advance</b></font><br><font color='blue'><b>2.List of optional models</font><br></b></font>[ecs.c5.large <font color='green'>2vCPU 4GiB Intranet bandwidth1Gbps In-grid sending and receiving packages30MillionPPS</font>]<br></b>[ecs.c5.xlarge <font color='green'>4vCPU 8GiB Intranet bandwidth1.5Gbps In-grid sending and receiving packages50MillionPPS</font>]<br></b>[ecs.c5.2xlarge <font color='green'>8vCPU 16GiB Intranet bandwidth2.5Gbps In-grid sending and receiving packages80MillionPPS</font>]
zh-cn: <font color='blue'><b>1.选择机型前请先确认当前可用区下该机型是否有货,部分机型需要提前报备</b></font><br><font color='blue'><b>2.可选机型列表</font><br></b></font>[ecs.c5.large <font color='green'>2vCPU 4GiB 内网带宽1Gbps 内网收发包30万PPS</font>]<br></b>[ecs.c5.xlarge <font color='green'>4vCPU 8GiB 内网带宽1.5Gbps 内网收发包50万PPS</font>]<br></b>[ecs.c5.2xlarge <font color='green'>8vCPU 16GiB 内网带宽2.5Gbps 内网收发包80万PPS</font>]
Label:
en: Instance Type
zh-cn: 实例规格
Default: ecs.t5-lc2m1.nano
ECSDiskCategory:
Type: String
Description:
en: '<font color=''blue''><b>Optional values:</b></font><br>[cloud_efficiency: <font color=''green''>Efficient Cloud Disk</font>]<br>[cloud_ssd: <font color=''green''>SSD Cloud Disk</font>]<br>[cloud_essd: <font color=''green''>ESSD Cloud Disk</font>]<br>[cloud: <font color=''green''>Cloud Disk</font>]<br>[ephemeral_ssd: <font color=''green''>Local SSD Cloud Disk</font>]'
zh-cn: '<font color=''blue''><b>可选值:</b></font><br>[cloud_efficiency: <font color=''green''>高效云盘</font>]<br>[cloud_ssd: <font color=''green''>SSD云盘</font>]<br>[cloud_essd: <font color=''green''>ESSD云盘</font>]<br>[cloud: <font color=''green''>普通云盘</font>]<br>[ephemeral_ssd: <font color=''green''>本地SSD盘</font>]'
AssociationProperty: ALIYUN::ECS::Disk::SystemDiskCategory
AssociationPropertyMetadata:
ZoneId: ECSZoneId
InstanceType: ECSInstanceType
Label:
en: System Disk Type
zh-cn: 系统盘类型
Default: cloud_ssd
Resources:
EcsVpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock:
Ref: VpcCidrBlock
VpcName:
Ref: ALIYUN::StackName
EcsVSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: ECSZoneId
VpcId:
Ref: EcsVpc
CidrBlock:
Ref: VSwitchCidrBlock
EcsSecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: EcsVpc
SecurityGroupIngress:
- IpProtocol: tcp
PortRange: 22/22
SourceCidrIp: 0.0.0.0/0
- IpProtocol: tcp
PortRange: 80/80
SourceCidrIp: 0.0.0.0/0
SecurityGroupEgress:
- IpProtocol: tcp
PortRange: 22/22
DestCidrIp: 0.0.0.0/0
- IpProtocol: tcp
PortRange: 80/80
DestCidrIp: 0.0.0.0/0
ECSInstanceGroup:
Type: ALIYUN::ECS::InstanceGroup
Properties:
IoOptimized: optimized
InstanceChargeType: PostPaid
ZoneId:
Ref: ECSZoneId
SystemDiskCategory:
Ref: ECSDiskCategory
SecurityGroupId:
Ref: EcsSecurityGroup
VSwitchId:
Ref: EcsVSwitch
MaxAmount: 1
SystemDiskSize: 20
VpcId:
Ref: EcsVpc
ImageId: centos_7
InstanceType:
Ref: ECSInstanceType
AllocatePublicIP: 'false'
Password:
Ref: ECSPassword
ElasticIp:
Type: ALIYUN::VPC::EIP
Properties:
Bandwidth: 1
InternetChargeType: PayByTraffic
ElasticIpAssociation:
Type: ALIYUN::VPC::EIPAssociation
Properties:
InstanceId:
Fn::Select:
- 0
- Fn::GetAtt:
- ECSInstanceGroup
- InstanceIds
AllocationId:
Ref: ElasticIp
Outputs:
EipAddress:
Description: IP address of created EIP.
Value:
Fn::GetAtt:
- ElasticIp
- EipAddress
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- VpcName
- VpcCidrBlock
- VSwitchCidrBlock
Label:
default: VPC
- Parameters:
- InstanceName
- ECSZoneId
- ECSInstanceType
- ECSDiskCategory
- ECSPassword
Label:
default: ECS
TemplateTags:
- acs:technical-solution:security-and-compliance:云防火墙企业多账号统一管理-tech_solu_79