AntiDDos.Service
模型说明
一种流量清洗服务,可对EIP预防DDos攻击。
模型属性
属性 |
是否必选 |
描述 |
|---|---|---|
cleaningAccessPos |
是 |
清洗时访问限制分段ID 参数类型:integer 取值说明:可取1至8的整数。 默认值:8 取值约束:{u'in_range': [1, 8]} 使用建议:数值越大,则在清洗时允许单一源IP新建连接个数和单一源IP连接总个数越大 |
trafficPos |
是 |
流量分段ID 参数类型:integer 取值说明:可取1至9的整数。 默认值:9 取值约束:{u'in_range': [1, 9]} 使用建议:数值越大,则每秒流量阈值和每秒报文数阈值越大 |
appType |
是 |
应用类型ID 参数类型:integer 取值说明:可取0或1,使用UDP协议或通用应用的为类型0,使用TCP协议或web应用的类型为1 默认值:1 取值约束:{u'valid_values': [0, 1]} |
httpRequestPos |
是 |
HTTP请求数分段ID 参数类型:integer 取值说明:可取1至15的整数。 默认值:1 取值约束:{u'in_range': [1, 15]} 使用建议:数值越大,则每秒HTTP请求数阈值越大 |
floatingIpId |
是 |
用户EIP的ID 参数类型:string 取值说明:支持使用已有或新建弹性公网IP的ID,如果使用新建的,需在模板中的ECS.CloudServer元素中增加publicIP字段或CCE.NodePool元素增加publicIp字段,并增加依赖关系。 使用建议:1、通过get_attribute获取由此模板创建的弹性公网IP的ID 2、在弹性公网IP页面获取已经创建好的IP的ID(https://console-intl.huaweicloud.com/vpc) |
enableL7 |
是 |
是否开启L7层防护 参数类型:boolean 取值说明:true 或 false,如果设置为true,则表示开启L7层防护 默认值:False 使用建议:根据规格按需填写 |
关联关系
无
输出
无
blueprint样例
tosca_definitions_version: huaweicloud_tosca_version_1_0
inputs:
ecs-name:
default: "my-cloudserver"
label: ECS
description: "虚机名称"
ecs-image:
default: "327946b5-e954-42c3-949a-3312688c9269"
label: ECS
description: "虚机镜像"
ecs-flavor:
default: "c1.medium"
label: ECS
description: "虚机规格"
ecs-volumetype:
default: SATA
label: ECS
description: "虚机磁盘类型"
ecs-count:
default: 1
label: ECS
description: "虚机数量"
az:
default: "cn-north-1a"
label: ECS
description: "所在AZ"
subnet-name:
default: "my-ecs-subnet2"
label: ECS
description: "子网名称"
subnet-gateway:
default: "192.168.1.1"
label: ECS
description: "子网网关"
vpc-name:
default: "my-ecs-vpkvc2"
label: ECS
description: "VPC名称"
vpc-cidr:
default: "192.168.0.0/16"
label: ECS
description: "VPC cidr地址"
ads-enableL7:
type: boolean
default: true
label: AntiDDos
description: "是否启用L7层防护"
ads-trafficPos:
type: integer
default: 9
label: AntiDDos
description: "流量分段ID"
ads-httpRequestPos:
type: integer
default: 1
label: AntiDDos
description: "HTTP请求数分段ID"
ads-cleaningAccessPos:
type: integer
default: 8
label: AntiDDos
description: "清洗时访问限制分段ID"
ads-appType:
type: integer
default: 1
label: AntiDDos
description: "应用类型ID"
node_templates:
my-ecs:
type: HuaweiCloud.ECS.CloudServer
properties:
name: {get_input: ecs-name}
instances: {get_input: ecs-count}
imageId: {get_input: ecs-image}
flavor: {get_input: ecs-flavor}
vpcId: {get_attribute: [my-subnet, vpcId]}
availabilityZone: {get_input: az}
nics:
- subnetId: {get_attribute: [my-subnet, refID]}
rootVolume:
volumeType: {get_input: ecs-volumetype}
dataVolumes:
- volumeType: SATA
size: 100
publicIP:
eip:
ipType: 5_bgp
bandwidth:
size: 100
shareType: PER
requirements:
- nics.subnetId:
node: my-subnet
my-subnet:
type: HuaweiCloud.VPC.Subnet
properties:
name: {get_input: subnet-name}
cidr: {get_input: vpc-cidr}
gateway: {get_input: subnet-gateway}
dnsList: [114.114.114.115, 114.114.114.114]
vpcId: {get_attribute: [my-vpc,refID]}
availabilityZone: {get_input: az}
requirements:
- vpcId:
node: my-vpc
my-vpc:
type: HuaweiCloud.VPC.VPC
properties:
name: {get_input: vpc-name}
cidr: {get_input: vpc-cidr}
policies:
my-antiddos:
type: HuaweiCloud.AntiDDos.Service # 对EIP启用 AntiDDos
properties:
enableL7: {get_input: ads-enableL7}
trafficPos: {get_input: ads-trafficPos}
httpRequestPos : {get_input: ads-httpRequestPos}
cleaningAccessPos: {get_input: ads-cleaningAccessPos}
appType: {get_input: ads-appType}
floatingIpId: {get_attribute: [my-ecs, floatingIpId]}
targets: [my-ecs]
outputs:
ecs-id:
value: {get_attribute: [my-ecs, refID]}
description: "ECS ID"
vpc-id:
value: {get_attribute: [my-vpc, refID]}
description: "VPC ID"
subnet-id:
value: {get_attribute: [my-subnet, refID]}
description: "SUBNET ID"
