alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy

Alibaba Cloud v3.95.0, Feb 12 26

Alibaba Cloud v3.95.0 published on Thursday, Feb 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Alibaba Cloud v3.95.0 published on Thursday, Feb 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

Example Usage

Basic Usage

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const config = new pulumi.Config();
const name = config.get("name") || "terraform-example";
const _default = alicloud.getAccount({});
const defaultInstance = new alicloud.cen.Instance("default", {
    cenInstanceName: name,
    description: "example_value",
    tags: {
        Created: "TF",
        For: "acceptance test",
    },
});
const defaultFirewallVpcFirewallControlPolicy = new alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy("default", {
    order: 1,
    destination: "127.0.0.2/32",
    applicationName: "ANY",
    description: "example_value",
    sourceType: "net",
    destPort: "80/88",
    aclAction: "accept",
    lang: "zh",
    destinationType: "net",
    source: "127.0.0.1/32",
    destPortType: "port",
    proto: "TCP",
    release: "true",
    memberUid: _default.then(_default => _default.id),
    vpcFirewallId: defaultInstance.id,
});

import pulumi
import pulumi_alicloud as alicloud

config = pulumi.Config()
name = config.get("name")
if name is None:
    name = "terraform-example"
default = alicloud.get_account()
default_instance = alicloud.cen.Instance("default",
    cen_instance_name=name,
    description="example_value",
    tags={
        "Created": "TF",
        "For": "acceptance test",
    })
default_firewall_vpc_firewall_control_policy = alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy("default",
    order=1,
    destination="127.0.0.2/32",
    application_name="ANY",
    description="example_value",
    source_type="net",
    dest_port="80/88",
    acl_action="accept",
    lang="zh",
    destination_type="net",
    source="127.0.0.1/32",
    dest_port_type="port",
    proto="TCP",
    release="true",
    member_uid=default.id,
    vpc_firewall_id=default_instance.id)

package main

import (
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cen"
	"github.com/pulumi/pulumi-alicloud/sdk/v3/go/alicloud/cloudfirewall"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		name := "terraform-example"
		if param := cfg.Get("name"); param != "" {
			name = param
		}
		_default, err := alicloud.GetAccount(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		defaultInstance, err := cen.NewInstance(ctx, "default", &cen.InstanceArgs{
			CenInstanceName: pulumi.String(name),
			Description:     pulumi.String("example_value"),
			Tags: pulumi.StringMap{
				"Created": pulumi.String("TF"),
				"For":     pulumi.String("acceptance test"),
			},
		})
		if err != nil {
			return err
		}
		_, err = cloudfirewall.NewFirewallVpcFirewallControlPolicy(ctx, "default", &cloudfirewall.FirewallVpcFirewallControlPolicyArgs{
			Order:           pulumi.Int(1),
			Destination:     pulumi.String("127.0.0.2/32"),
			ApplicationName: pulumi.String("ANY"),
			Description:     pulumi.String("example_value"),
			SourceType:      pulumi.String("net"),
			DestPort:        pulumi.String("80/88"),
			AclAction:       pulumi.String("accept"),
			Lang:            pulumi.String("zh"),
			DestinationType: pulumi.String("net"),
			Source:          pulumi.String("127.0.0.1/32"),
			DestPortType:    pulumi.String("port"),
			Proto:           pulumi.String("TCP"),
			Release:         pulumi.String("true"),
			MemberUid:       pulumi.String(_default.Id),
			VpcFirewallId:   defaultInstance.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AliCloud = Pulumi.AliCloud;

return await Deployment.RunAsync(() => 
{
    var config = new Config();
    var name = config.Get("name") ?? "terraform-example";
    var @default = AliCloud.GetAccount.Invoke();

    var defaultInstance = new AliCloud.Cen.Instance("default", new()
    {
        CenInstanceName = name,
        Description = "example_value",
        Tags = 
        {
            { "Created", "TF" },
            { "For", "acceptance test" },
        },
    });

    var defaultFirewallVpcFirewallControlPolicy = new AliCloud.CloudFirewall.FirewallVpcFirewallControlPolicy("default", new()
    {
        Order = 1,
        Destination = "127.0.0.2/32",
        ApplicationName = "ANY",
        Description = "example_value",
        SourceType = "net",
        DestPort = "80/88",
        AclAction = "accept",
        Lang = "zh",
        DestinationType = "net",
        Source = "127.0.0.1/32",
        DestPortType = "port",
        Proto = "TCP",
        Release = "true",
        MemberUid = @default.Apply(@default => @default.Apply(getAccountResult => getAccountResult.Id)),
        VpcFirewallId = defaultInstance.Id,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.alicloud.AlicloudFunctions;
import com.pulumi.alicloud.cen.Instance;
import com.pulumi.alicloud.cen.InstanceArgs;
import com.pulumi.alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy;
import com.pulumi.alicloud.cloudfirewall.FirewallVpcFirewallControlPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var config = ctx.config();
        final var name = config.get("name").orElse("terraform-example");
        final var default = AlicloudFunctions.getAccount(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference);

        var defaultInstance = new Instance("defaultInstance", InstanceArgs.builder()
            .cenInstanceName(name)
            .description("example_value")
            .tags(Map.ofEntries(
                Map.entry("Created", "TF"),
                Map.entry("For", "acceptance test")
            ))
            .build());

        var defaultFirewallVpcFirewallControlPolicy = new FirewallVpcFirewallControlPolicy("defaultFirewallVpcFirewallControlPolicy", FirewallVpcFirewallControlPolicyArgs.builder()
            .order(1)
            .destination("127.0.0.2/32")
            .applicationName("ANY")
            .description("example_value")
            .sourceType("net")
            .destPort("80/88")
            .aclAction("accept")
            .lang("zh")
            .destinationType("net")
            .source("127.0.0.1/32")
            .destPortType("port")
            .proto("TCP")
            .release("true")
            .memberUid(default_.id())
            .vpcFirewallId(defaultInstance.id())
            .build());

    }
}

configuration:
  name:
    type: string
    default: terraform-example
resources:
  defaultInstance:
    type: alicloud:cen:Instance
    name: default
    properties:
      cenInstanceName: ${name}
      description: example_value
      tags:
        Created: TF
        For: acceptance test
  defaultFirewallVpcFirewallControlPolicy:
    type: alicloud:cloudfirewall:FirewallVpcFirewallControlPolicy
    name: default
    properties:
      order: '1'
      destination: 127.0.0.2/32
      applicationName: ANY
      description: example_value
      sourceType: net
      destPort: 80/88
      aclAction: accept
      lang: zh
      destinationType: net
      source: 127.0.0.1/32
      destPortType: port
      proto: TCP
      release: true
      memberUid: ${default.id}
      vpcFirewallId: ${defaultInstance.id}
variables:
  default:
    fn::invoke:
      function: alicloud:getAccount
      arguments: {}

📚 Need more examples? VIEW MORE EXAMPLES

Create FirewallVpcFirewallControlPolicy Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new FirewallVpcFirewallControlPolicy(name: string, args: FirewallVpcFirewallControlPolicyArgs, opts?: CustomResourceOptions);

@overload
def FirewallVpcFirewallControlPolicy(resource_name: str,
                                     args: FirewallVpcFirewallControlPolicyArgs,
                                     opts: Optional[ResourceOptions] = None)

@overload
def FirewallVpcFirewallControlPolicy(resource_name: str,
                                     opts: Optional[ResourceOptions] = None,
                                     acl_action: Optional[str] = None,
                                     vpc_firewall_id: Optional[str] = None,
                                     source_type: Optional[str] = None,
                                     description: Optional[str] = None,
                                     source: Optional[str] = None,
                                     proto: Optional[str] = None,
                                     order: Optional[int] = None,
                                     destination: Optional[str] = None,
                                     destination_type: Optional[str] = None,
                                     member_uid: Optional[str] = None,
                                     repeat_days: Optional[Sequence[int]] = None,
                                     lang: Optional[str] = None,
                                     domain_resolve_type: Optional[str] = None,
                                     dest_port_type: Optional[str] = None,
                                     dest_port_group: Optional[str] = None,
                                     release: Optional[str] = None,
                                     end_time: Optional[int] = None,
                                     repeat_end_time: Optional[str] = None,
                                     repeat_start_time: Optional[str] = None,
                                     repeat_type: Optional[str] = None,
                                     dest_port: Optional[str] = None,
                                     application_name_lists: Optional[Sequence[str]] = None,
                                     start_time: Optional[int] = None,
                                     application_name: Optional[str] = None)

func NewFirewallVpcFirewallControlPolicy(ctx *Context, name string, args FirewallVpcFirewallControlPolicyArgs, opts ...ResourceOption) (*FirewallVpcFirewallControlPolicy, error)

public FirewallVpcFirewallControlPolicy(string name, FirewallVpcFirewallControlPolicyArgs args, CustomResourceOptions? opts = null)

public FirewallVpcFirewallControlPolicy(String name, FirewallVpcFirewallControlPolicyArgs args)
public FirewallVpcFirewallControlPolicy(String name, FirewallVpcFirewallControlPolicyArgs args, CustomResourceOptions options)

type: alicloud:cloudfirewall:FirewallVpcFirewallControlPolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args FirewallVpcFirewallControlPolicyArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var firewallVpcFirewallControlPolicyResource = new AliCloud.CloudFirewall.FirewallVpcFirewallControlPolicy("firewallVpcFirewallControlPolicyResource", new()
{
    AclAction = "string",
    VpcFirewallId = "string",
    SourceType = "string",
    Description = "string",
    Source = "string",
    Proto = "string",
    Order = 0,
    Destination = "string",
    DestinationType = "string",
    MemberUid = "string",
    RepeatDays = new[]
    {
        0,
    },
    Lang = "string",
    DomainResolveType = "string",
    DestPortType = "string",
    DestPortGroup = "string",
    Release = "string",
    EndTime = 0,
    RepeatEndTime = "string",
    RepeatStartTime = "string",
    RepeatType = "string",
    DestPort = "string",
    ApplicationNameLists = new[]
    {
        "string",
    },
    StartTime = 0,
    ApplicationName = "string",
});

example, err := cloudfirewall.NewFirewallVpcFirewallControlPolicy(ctx, "firewallVpcFirewallControlPolicyResource", &cloudfirewall.FirewallVpcFirewallControlPolicyArgs{
	AclAction:       pulumi.String("string"),
	VpcFirewallId:   pulumi.String("string"),
	SourceType:      pulumi.String("string"),
	Description:     pulumi.String("string"),
	Source:          pulumi.String("string"),
	Proto:           pulumi.String("string"),
	Order:           pulumi.Int(0),
	Destination:     pulumi.String("string"),
	DestinationType: pulumi.String("string"),
	MemberUid:       pulumi.String("string"),
	RepeatDays: pulumi.IntArray{
		pulumi.Int(0),
	},
	Lang:              pulumi.String("string"),
	DomainResolveType: pulumi.String("string"),
	DestPortType:      pulumi.String("string"),
	DestPortGroup:     pulumi.String("string"),
	Release:           pulumi.String("string"),
	EndTime:           pulumi.Int(0),
	RepeatEndTime:     pulumi.String("string"),
	RepeatStartTime:   pulumi.String("string"),
	RepeatType:        pulumi.String("string"),
	DestPort:          pulumi.String("string"),
	ApplicationNameLists: pulumi.StringArray{
		pulumi.String("string"),
	},
	StartTime:       pulumi.Int(0),
	ApplicationName: pulumi.String("string"),
})

var firewallVpcFirewallControlPolicyResource = new FirewallVpcFirewallControlPolicy("firewallVpcFirewallControlPolicyResource", FirewallVpcFirewallControlPolicyArgs.builder()
    .aclAction("string")
    .vpcFirewallId("string")
    .sourceType("string")
    .description("string")
    .source("string")
    .proto("string")
    .order(0)
    .destination("string")
    .destinationType("string")
    .memberUid("string")
    .repeatDays(0)
    .lang("string")
    .domainResolveType("string")
    .destPortType("string")
    .destPortGroup("string")
    .release("string")
    .endTime(0)
    .repeatEndTime("string")
    .repeatStartTime("string")
    .repeatType("string")
    .destPort("string")
    .applicationNameLists("string")
    .startTime(0)
    .applicationName("string")
    .build());

firewall_vpc_firewall_control_policy_resource = alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy("firewallVpcFirewallControlPolicyResource",
    acl_action="string",
    vpc_firewall_id="string",
    source_type="string",
    description="string",
    source="string",
    proto="string",
    order=0,
    destination="string",
    destination_type="string",
    member_uid="string",
    repeat_days=[0],
    lang="string",
    domain_resolve_type="string",
    dest_port_type="string",
    dest_port_group="string",
    release="string",
    end_time=0,
    repeat_end_time="string",
    repeat_start_time="string",
    repeat_type="string",
    dest_port="string",
    application_name_lists=["string"],
    start_time=0,
    application_name="string")

const firewallVpcFirewallControlPolicyResource = new alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy("firewallVpcFirewallControlPolicyResource", {
    aclAction: "string",
    vpcFirewallId: "string",
    sourceType: "string",
    description: "string",
    source: "string",
    proto: "string",
    order: 0,
    destination: "string",
    destinationType: "string",
    memberUid: "string",
    repeatDays: [0],
    lang: "string",
    domainResolveType: "string",
    destPortType: "string",
    destPortGroup: "string",
    release: "string",
    endTime: 0,
    repeatEndTime: "string",
    repeatStartTime: "string",
    repeatType: "string",
    destPort: "string",
    applicationNameLists: ["string"],
    startTime: 0,
    applicationName: "string",
});

type: alicloud:cloudfirewall:FirewallVpcFirewallControlPolicy
properties:
    aclAction: string
    applicationName: string
    applicationNameLists:
        - string
    description: string
    destPort: string
    destPortGroup: string
    destPortType: string
    destination: string
    destinationType: string
    domainResolveType: string
    endTime: 0
    lang: string
    memberUid: string
    order: 0
    proto: string
    release: string
    repeatDays:
        - 0
    repeatEndTime: string
    repeatStartTime: string
    repeatType: string
    source: string
    sourceType: string
    startTime: 0
    vpcFirewallId: string

FirewallVpcFirewallControlPolicy Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The FirewallVpcFirewallControlPolicy resource accepts the following input properties:

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

Description string

Access control over VPC firewalls description of the strategy information.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Source string

Access control over VPC firewalls strategy in the source address.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

VpcFirewallId string

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

ApplicationName string

The type of the applications that the access control policy supports. Valid values: FTP, HTTP, HTTPS, MySQL, SMTP, SMTPS, RDP, VNC, SSH, Redis, MQTT, MongoDB, Memcache, SSL, ANY.

ApplicationNameLists List<string>

The list of application types that the access control policy supports.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

DomainResolveType string

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

EndTime int

The end time of the policy validity period.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

RepeatDays List<int>

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

RepeatEndTime string

The recurring end time of the policy validity period.

RepeatStartTime string

The recurring start time of the policy validity period.

RepeatType string

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

StartTime int

The start time of the policy validity period.

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

Description string

Access control over VPC firewalls description of the strategy information.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Source string

Access control over VPC firewalls strategy in the source address.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

VpcFirewallId string

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

ApplicationName string

ApplicationNameLists []string

The list of application types that the access control policy supports.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

DomainResolveType string

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

EndTime int

The end time of the policy validity period.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

RepeatDays []int

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

RepeatEndTime string

The recurring end time of the policy validity period.

RepeatStartTime string

The recurring start time of the policy validity period.

RepeatType string

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

StartTime int

The start time of the policy validity period.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

description String

Access control over VPC firewalls description of the strategy information.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

order Integer

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source String

Access control over VPC firewalls strategy in the source address.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId String

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

applicationName String

applicationNameLists List<String>

The list of application types that the access control policy supports.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

domainResolveType String

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

endTime Integer

The end time of the policy validity period.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeatDays List<Integer>

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeatEndTime String

The recurring end time of the policy validity period.

repeatStartTime String

The recurring start time of the policy validity period.

repeatType String

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

startTime Integer

The start time of the policy validity period.

aclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

description string

Access control over VPC firewalls description of the strategy information.

destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

order number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source string

Access control over VPC firewalls strategy in the source address.

sourceType string

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId string

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

applicationName string

applicationNameLists string[]

The list of application types that the access control policy supports.

destPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortType string

The type of the destination port in the access control policy. Valid values: port, group.

domainResolveType string

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

endTime number

The end time of the policy validity period.

lang string

The language of the content within the request and response. Valid values: zh, en.

memberUid string

The UID of the member account of the current Alibaba cloud account.

release string

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeatDays number[]

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeatEndTime string

The recurring end time of the policy validity period.

repeatStartTime string

The recurring start time of the policy validity period.

repeatType string

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

startTime number

The start time of the policy validity period.

acl_action str

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

description str

Access control over VPC firewalls description of the strategy information.

destination str

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destination_type str

The type of the destination address in the access control policy. Valid values: net, group, domain.

order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto str

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source str

Access control over VPC firewalls strategy in the source address.

source_type str

The type of the source address in the access control policy. Valid values: net, group.

vpc_firewall_id str

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

application_name str

application_name_lists Sequence[str]

The list of application types that the access control policy supports.

dest_port str

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

dest_port_group str

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

dest_port_type str

The type of the destination port in the access control policy. Valid values: port, group.

domain_resolve_type str

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

end_time int

The end time of the policy validity period.

lang str

The language of the content within the request and response. Valid values: zh, en.

member_uid str

The UID of the member account of the current Alibaba cloud account.

release str

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeat_days Sequence[int]

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeat_end_time str

The recurring end time of the policy validity period.

repeat_start_time str

The recurring start time of the policy validity period.

repeat_type str

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

start_time int

The start time of the policy validity period.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

description String

Access control over VPC firewalls description of the strategy information.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

order Number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

source String

Access control over VPC firewalls strategy in the source address.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

vpcFirewallId String

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

applicationName String

applicationNameLists List<String>

The list of application types that the access control policy supports.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

domainResolveType String

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

endTime Number

The end time of the policy validity period.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeatDays List<Number>

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeatEndTime String

The recurring end time of the policy validity period.

repeatStartTime String

The recurring start time of the policy validity period.

repeatType String

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

startTime Number

The start time of the policy validity period.

Outputs

All input properties are implicitly available as output properties. Additionally, the FirewallVpcFirewallControlPolicy resource produces the following output properties:

AclUuid string: Access control over VPC firewalls strategy unique identifier.
ApplicationId string: Policy specifies the application ID.
CreateTime int: (Available since v1.267.0) The time when the policy was created.
DestPortGroupPorts List<string>: Port Address Book port list.
DestinationGroupCidrs List<string>: Destination address book defined in the address list.
DestinationGroupType string: The destination address book type in the access control policy.
HitTimes int: Control strategy of hits per second.
Id string: The provider-assigned unique ID for this managed resource.
SourceGroupCidrs List<string>: SOURCE address of the address list.
SourceGroupType string: The source address type in the access control policy.

AclUuid string: Access control over VPC firewalls strategy unique identifier.
ApplicationId string: Policy specifies the application ID.
CreateTime int: (Available since v1.267.0) The time when the policy was created.
DestPortGroupPorts []string: Port Address Book port list.
DestinationGroupCidrs []string: Destination address book defined in the address list.
DestinationGroupType string: The destination address book type in the access control policy.
HitTimes int: Control strategy of hits per second.
Id string: The provider-assigned unique ID for this managed resource.
SourceGroupCidrs []string: SOURCE address of the address list.
SourceGroupType string: The source address type in the access control policy.

aclUuid String: Access control over VPC firewalls strategy unique identifier.
applicationId String: Policy specifies the application ID.
createTime Integer: (Available since v1.267.0) The time when the policy was created.
destPortGroupPorts List<String>: Port Address Book port list.
destinationGroupCidrs List<String>: Destination address book defined in the address list.
destinationGroupType String: The destination address book type in the access control policy.
hitTimes Integer: Control strategy of hits per second.
id String: The provider-assigned unique ID for this managed resource.
sourceGroupCidrs List<String>: SOURCE address of the address list.
sourceGroupType String: The source address type in the access control policy.

aclUuid string: Access control over VPC firewalls strategy unique identifier.
applicationId string: Policy specifies the application ID.
createTime number: (Available since v1.267.0) The time when the policy was created.
destPortGroupPorts string[]: Port Address Book port list.
destinationGroupCidrs string[]: Destination address book defined in the address list.
destinationGroupType string: The destination address book type in the access control policy.
hitTimes number: Control strategy of hits per second.
id string: The provider-assigned unique ID for this managed resource.
sourceGroupCidrs string[]: SOURCE address of the address list.
sourceGroupType string: The source address type in the access control policy.

acl_uuid str: Access control over VPC firewalls strategy unique identifier.
application_id str: Policy specifies the application ID.
create_time int: (Available since v1.267.0) The time when the policy was created.
dest_port_group_ports Sequence[str]: Port Address Book port list.
destination_group_cidrs Sequence[str]: Destination address book defined in the address list.
destination_group_type str: The destination address book type in the access control policy.
hit_times int: Control strategy of hits per second.
id str: The provider-assigned unique ID for this managed resource.
source_group_cidrs Sequence[str]: SOURCE address of the address list.
source_group_type str: The source address type in the access control policy.

aclUuid String: Access control over VPC firewalls strategy unique identifier.
applicationId String: Policy specifies the application ID.
createTime Number: (Available since v1.267.0) The time when the policy was created.
destPortGroupPorts List<String>: Port Address Book port list.
destinationGroupCidrs List<String>: Destination address book defined in the address list.
destinationGroupType String: The destination address book type in the access control policy.
hitTimes Number: Control strategy of hits per second.
id String: The provider-assigned unique ID for this managed resource.
sourceGroupCidrs List<String>: SOURCE address of the address list.
sourceGroupType String: The source address type in the access control policy.

Look up Existing FirewallVpcFirewallControlPolicy Resource

Get an existing FirewallVpcFirewallControlPolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallVpcFirewallControlPolicyState, opts?: CustomResourceOptions): FirewallVpcFirewallControlPolicy

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        acl_action: Optional[str] = None,
        acl_uuid: Optional[str] = None,
        application_id: Optional[str] = None,
        application_name: Optional[str] = None,
        application_name_lists: Optional[Sequence[str]] = None,
        create_time: Optional[int] = None,
        description: Optional[str] = None,
        dest_port: Optional[str] = None,
        dest_port_group: Optional[str] = None,
        dest_port_group_ports: Optional[Sequence[str]] = None,
        dest_port_type: Optional[str] = None,
        destination: Optional[str] = None,
        destination_group_cidrs: Optional[Sequence[str]] = None,
        destination_group_type: Optional[str] = None,
        destination_type: Optional[str] = None,
        domain_resolve_type: Optional[str] = None,
        end_time: Optional[int] = None,
        hit_times: Optional[int] = None,
        lang: Optional[str] = None,
        member_uid: Optional[str] = None,
        order: Optional[int] = None,
        proto: Optional[str] = None,
        release: Optional[str] = None,
        repeat_days: Optional[Sequence[int]] = None,
        repeat_end_time: Optional[str] = None,
        repeat_start_time: Optional[str] = None,
        repeat_type: Optional[str] = None,
        source: Optional[str] = None,
        source_group_cidrs: Optional[Sequence[str]] = None,
        source_group_type: Optional[str] = None,
        source_type: Optional[str] = None,
        start_time: Optional[int] = None,
        vpc_firewall_id: Optional[str] = None) -> FirewallVpcFirewallControlPolicy

func GetFirewallVpcFirewallControlPolicy(ctx *Context, name string, id IDInput, state *FirewallVpcFirewallControlPolicyState, opts ...ResourceOption) (*FirewallVpcFirewallControlPolicy, error)

public static FirewallVpcFirewallControlPolicy Get(string name, Input<string> id, FirewallVpcFirewallControlPolicyState? state, CustomResourceOptions? opts = null)

public static FirewallVpcFirewallControlPolicy get(String name, Output<String> id, FirewallVpcFirewallControlPolicyState state, CustomResourceOptions options)

resources:  _:    type: alicloud:cloudfirewall:FirewallVpcFirewallControlPolicy    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

AclUuid string

Access control over VPC firewalls strategy unique identifier.

ApplicationId string

Policy specifies the application ID.

ApplicationName string

ApplicationNameLists List<string>

The list of application types that the access control policy supports.

CreateTime int

(Available since v1.267.0) The time when the policy was created.

Description string

Access control over VPC firewalls description of the strategy information.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortGroupPorts List<string>

Port Address Book port list.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationGroupCidrs List<string>

Destination address book defined in the address list.

DestinationGroupType string

The destination address book type in the access control policy.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

DomainResolveType string

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

EndTime int

The end time of the policy validity period.

HitTimes int

Control strategy of hits per second.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

RepeatDays List<int>

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

RepeatEndTime string

The recurring end time of the policy validity period.

RepeatStartTime string

The recurring start time of the policy validity period.

RepeatType string

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

Source string

Access control over VPC firewalls strategy in the source address.

SourceGroupCidrs List<string>

SOURCE address of the address list.

SourceGroupType string

The source address type in the access control policy.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

StartTime int

The start time of the policy validity period.

VpcFirewallId string

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

AclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

AclUuid string

Access control over VPC firewalls strategy unique identifier.

ApplicationId string

Policy specifies the application ID.

ApplicationName string

ApplicationNameLists []string

The list of application types that the access control policy supports.

CreateTime int

(Available since v1.267.0) The time when the policy was created.

Description string

Access control over VPC firewalls description of the strategy information.

DestPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

DestPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

DestPortGroupPorts []string

Port Address Book port list.

DestPortType string

The type of the destination port in the access control policy. Valid values: port, group.

Destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

DestinationGroupCidrs []string

Destination address book defined in the address list.

DestinationGroupType string

The destination address book type in the access control policy.

DestinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

DomainResolveType string

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

EndTime int

The end time of the policy validity period.

HitTimes int

Control strategy of hits per second.

Lang string

The language of the content within the request and response. Valid values: zh, en.

MemberUid string

The UID of the member account of the current Alibaba cloud account.

Order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

Proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

Release string

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

RepeatDays []int

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

RepeatEndTime string

The recurring end time of the policy validity period.

RepeatStartTime string

The recurring start time of the policy validity period.

RepeatType string

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

Source string

Access control over VPC firewalls strategy in the source address.

SourceGroupCidrs []string

SOURCE address of the address list.

SourceGroupType string

The source address type in the access control policy.

SourceType string

The type of the source address in the access control policy. Valid values: net, group.

StartTime int

The start time of the policy validity period.

VpcFirewallId string

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

aclUuid String

Access control over VPC firewalls strategy unique identifier.

applicationId String

Policy specifies the application ID.

applicationName String

applicationNameLists List<String>

The list of application types that the access control policy supports.

createTime Integer

(Available since v1.267.0) The time when the policy was created.

description String

Access control over VPC firewalls description of the strategy information.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortGroupPorts List<String>

Port Address Book port list.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationGroupCidrs List<String>

Destination address book defined in the address list.

destinationGroupType String

The destination address book type in the access control policy.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

domainResolveType String

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

endTime Integer

The end time of the policy validity period.

hitTimes Integer

Control strategy of hits per second.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

order Integer

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeatDays List<Integer>

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeatEndTime String

The recurring end time of the policy validity period.

repeatStartTime String

The recurring start time of the policy validity period.

repeatType String

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

source String

Access control over VPC firewalls strategy in the source address.

sourceGroupCidrs List<String>

SOURCE address of the address list.

sourceGroupType String

The source address type in the access control policy.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

startTime Integer

The start time of the policy validity period.

vpcFirewallId String

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

aclAction string

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

aclUuid string

Access control over VPC firewalls strategy unique identifier.

applicationId string

Policy specifies the application ID.

applicationName string

applicationNameLists string[]

The list of application types that the access control policy supports.

createTime number

(Available since v1.267.0) The time when the policy was created.

description string

Access control over VPC firewalls description of the strategy information.

destPort string

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup string

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortGroupPorts string[]

Port Address Book port list.

destPortType string

The type of the destination port in the access control policy. Valid values: port, group.

destination string

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationGroupCidrs string[]

Destination address book defined in the address list.

destinationGroupType string

The destination address book type in the access control policy.

destinationType string

The type of the destination address in the access control policy. Valid values: net, group, domain.

domainResolveType string

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

endTime number

The end time of the policy validity period.

hitTimes number

Control strategy of hits per second.

lang string

The language of the content within the request and response. Valid values: zh, en.

memberUid string

The UID of the member account of the current Alibaba cloud account.

order number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto string

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release string

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeatDays number[]

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeatEndTime string

The recurring end time of the policy validity period.

repeatStartTime string

The recurring start time of the policy validity period.

repeatType string

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

source string

Access control over VPC firewalls strategy in the source address.

sourceGroupCidrs string[]

SOURCE address of the address list.

sourceGroupType string

The source address type in the access control policy.

sourceType string

The type of the source address in the access control policy. Valid values: net, group.

startTime number

The start time of the policy validity period.

vpcFirewallId string

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

acl_action str

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

acl_uuid str

Access control over VPC firewalls strategy unique identifier.

application_id str

Policy specifies the application ID.

application_name str

application_name_lists Sequence[str]

The list of application types that the access control policy supports.

create_time int

(Available since v1.267.0) The time when the policy was created.

description str

Access control over VPC firewalls description of the strategy information.

dest_port str

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

dest_port_group str

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

dest_port_group_ports Sequence[str]

Port Address Book port list.

dest_port_type str

The type of the destination port in the access control policy. Valid values: port, group.

destination str

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destination_group_cidrs Sequence[str]

Destination address book defined in the address list.

destination_group_type str

The destination address book type in the access control policy.

destination_type str

The type of the destination address in the access control policy. Valid values: net, group, domain.

domain_resolve_type str

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

end_time int

The end time of the policy validity period.

hit_times int

Control strategy of hits per second.

lang str

The language of the content within the request and response. Valid values: zh, en.

member_uid str

The UID of the member account of the current Alibaba cloud account.

order int

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto str

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release str

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeat_days Sequence[int]

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeat_end_time str

The recurring end time of the policy validity period.

repeat_start_time str

The recurring start time of the policy validity period.

repeat_type str

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

source str

Access control over VPC firewalls strategy in the source address.

source_group_cidrs Sequence[str]

SOURCE address of the address list.

source_group_type str

The source address type in the access control policy.

source_type str

The type of the source address in the access control policy. Valid values: net, group.

start_time int

The start time of the policy validity period.

vpc_firewall_id str

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

aclAction String

The action that Cloud Firewall performs on the traffic. Valid values: accept, drop, log.

aclUuid String

Access control over VPC firewalls strategy unique identifier.

applicationId String

Policy specifies the application ID.

applicationName String

applicationNameLists List<String>

The list of application types that the access control policy supports.

createTime Number

(Available since v1.267.0) The time when the policy was created.

description String

Access control over VPC firewalls description of the strategy information.

destPort String

The destination port in the access control policy. Note: If dest_port_type is set to port, you must specify this parameter.

destPortGroup String

Access control policy in the access traffic of the destination port address book name. Note: If dest_port_type is set to group, you must specify this parameter.

destPortGroupPorts List<String>

Port Address Book port list.

destPortType String

The type of the destination port in the access control policy. Valid values: port, group.

destination String

The destination address in the access control policy. Valid values:

If destination_type is set to net, the value of destination must be a CIDR block.
If destination_type is set to group, the value of destination must be an address book.
If destination_type is set to domain, the value of destination must be a domain name.

destinationGroupCidrs List<String>

Destination address book defined in the address list.

destinationGroupType String

The destination address book type in the access control policy.

destinationType String

The type of the destination address in the access control policy. Valid values: net, group, domain.

domainResolveType String

The domain name resolution method for the access control policy. Valid values: FQDN, DNS, FQDN_AND_DNS.

endTime Number

The end time of the policy validity period.

hitTimes Number

Control strategy of hits per second.

lang String

The language of the content within the request and response. Valid values: zh, en.

memberUid String

The UID of the member account of the current Alibaba cloud account.

order Number

The priority of the access control policy. The priority value starts from 1. A smaller priority value indicates a higher priority.

proto String

The type of the protocol in the access control policy. Valid values: ANY, TCP, UDP, ICMP.

release String

The enabled status of the access control policy. The policy is enabled by default after it is created.. Valid values:

repeatDays List<Number>

The days of the week or month on which the policy is recurrently active. Valid values:

If repeat_type is set to Weekly. Valid values: 0 to 6.
If repeat_type is set to Monthly. Valid values: 1 to 31.

repeatEndTime String

The recurring end time of the policy validity period.

repeatStartTime String

The recurring start time of the policy validity period.

repeatType String

The recurrence type for the policy validity period. Default value: Permanent. Valid values: Permanent, None, Daily, Weekly, Monthly.

source String

Access control over VPC firewalls strategy in the source address.

sourceGroupCidrs List<String>

SOURCE address of the address list.

sourceGroupType String

The source address type in the access control policy.

sourceType String

The type of the source address in the access control policy. Valid values: net, group.

startTime Number

The start time of the policy validity period.

vpcFirewallId String

The ID of the VPC firewall instance. Valid values:

When the VPC firewall protects traffic between two VPCs connected through the cloud enterprise network, the policy group ID uses the cloud enterprise network instance ID.
When the VPC firewall protects traffic between two VPCs connected through the express connection, the policy group ID uses the ID of the VPC firewall instance.

Import

Cloud Firewall Vpc Firewall Control Policy can be imported using the id, e.g.

$ pulumi import alicloud:cloudfirewall/firewallVpcFirewallControlPolicy:FirewallVpcFirewallControlPolicy example <vpc_firewall_id>:<acl_uuid>

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: Alibaba Cloud pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

Alibaba Cloud v3.95.0 published on Thursday, Feb 12, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-alicloud

alicloud.cloudfirewall.FirewallVpcFirewallControlPolicy

On this page

On this page

Example Usage

Create FirewallVpcFirewallControlPolicy Resource

Constructor syntax

Parameters

Constructor example

FirewallVpcFirewallControlPolicy Resource Properties

Inputs

Outputs

Look up Existing FirewallVpcFirewallControlPolicy Resource

Import

Package Details

On this page

On this page