Updated on 2023-12-13 GMT+08:00

VPC.FirewallGroup

Element Description

A firewall group (a logical group) is an access control policy system for one or more subnets. Based on the ingress and egress rules of associated subnets, firewalls determine whether data packets can be received by or sent into associated subnets.

Element Properties

Table 1 Property Description

Property

Required

Descripiton

description

No

ACL group description

Type: string

Value Description: Supports customization.

Value Constraint: The value supports a maximum of 255 characters.

egressFirewallPolicyId

No

ACL policy in the outbound direction

Type: string

Value Description: You are advised to use the get_input function to obtain the value, or connect to the FirewallPolicy object and use the get_reference function to obtain the value from the VPC.FirewallPolicy object.

adminStateUp

No

Whether the ACL rule is controlled by administrators

Type: boolean

Value Description: Supports customization.

subnetId

No

Information about the NIC to which the network ACL group-bound port ID list belongs

Type: HuaweiCloud.VPC.Subnet.All.Id Array

Value Description: Get the Subnet ID Via VPC service or automatically generate it by connecting to VPC.Subnet

Value Constraint: The value must satisfy the UUID rule and support a maximum of 64 characters.

Suggestion: 1. Set to get_input mode, then select through the AOS console. 2. Get the ID of the newly created subnet by connecting to the VPC.Subnet object.

ingressFirewallPolicyId

No

ACL policy in the inbound direction

Type: string

Value Description: You are advised to use the get_input function to obtain the value, or connect to the FirewallPolicy object and use the get_reference function to obtain the value from the VPC.FirewallPolicy object.

name

No

ACL group name

Type: string

Value Description: Supports customization.

Value Constraint: The value supports a maximum of 255 characters.

Relationships Between Elements

Table 2 Relationship description

Description

Target

Connected

VPC.Subnet

Connected

VPC.FirewallPolicy.Egress

Connected

VPC.FirewallPolicy.Ingress

Return Value

Property

Type

Description

refName

string

ACL group name

refID

string

ACL group ID

Blueprint Example

tosca_definitions_version: huaweicloud_tosca_version_1_0
node_templates:
  vpcfg273:
    type: HuaweiCloud.VPC.FirewallGroup
    properties:
      subnetId:
        - get_input: subnet_name
      egressFirewallPolicyId:
        get_reference: vpcfp2gy
      ingressFirewallPolicyId:
        get_reference: vpcfp3np
    requirements:
      - egressFirewallPolicyId:
          node: vpcfp2gy
      - ingressFirewallPolicyId:
          node: vpcfp3np
  vpcfp2gy:
    type: HuaweiCloud.VPC.FirewallPolicy.Egress
    properties:
      firewallRulesIds:
        - get_reference: vpcfr3uk
    requirements:
      - firewallRulesIds:
          node: vpcfr3uk
  vpcfp3np:
    type: HuaweiCloud.VPC.FirewallPolicy.Ingress
    properties:
      firewallRulesIds:
        - get_reference: vpcfr3uk
    requirements:
      - firewallRulesIds:
          node: vpcfr3uk
  vpcfr3uk:
    type: HuaweiCloud.VPC.FirewallRule
    properties: {}
inputs:
  subnet_name:
    description: ID of the VPC to which the subnet belongs
    label: ''
outputs:
  firegroupId:
    value:
      get_attribute: [vpcfg273, refID]