1. Docs
  2. Reference
  3. API
  4. pulumi_alicloud
  5. waf

This page documents the language specification for the alicloud package. If you're looking for help working with the inputs, outputs, or functions of alicloud resources in a Pulumi program, please see the resource documentation for examples and API reference.

waf

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-alicloud repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-alicloud repo.

class pulumi_alicloud.waf.AwaitableGetDomainsResult(domains=None, id=None, ids=None, instance_id=None, output_file=None)
class pulumi_alicloud.waf.Domain(resource_name, opts=None, cluster_type=None, connection_time=None, domain=None, http2_ports=None, http_ports=None, http_to_user_ip=None, https_ports=None, https_redirect=None, instance_id=None, is_access_product=None, load_balancing=None, log_headers=None, read_time=None, resource_group_id=None, source_ips=None, write_time=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Domain resource to create domain in the Web Application Firewall.

For information about WAF and how to use it, see What is Alibaba Cloud WAF.

NOTE: Available in 1.82.0+ .

import pulumi
import pulumi_alicloud as alicloud

domain = alicloud.waf.Domain("domain",
    cluster_type="PhysicalCluster",
    domain="www.aliyun.com",
    http2_ports=443,
    http_ports=80,
    http_to_user_ip="Off",
    https_ports=443,
    https_redirect="Off",
    instance_id="waf-123455",
    is_access_product="On",
    load_balancing="IpHash",
    log_headers=[{
        "key": "foo",
        "value": "http",
    }],
    source_ips=["1.1.1.1"])
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cluster_type (pulumi.Input[str]) – The type of the WAF cluster. Valid values: “PhysicalCluster” and “VirtualCluster”. Default to “PhysicalCluster”.

  • connection_time (pulumi.Input[float]) – The connection timeout for WAF exclusive clusters. Unit: seconds.

  • domain (pulumi.Input[str]) – The domain that you want to add to WAF.

  • http2_ports (pulumi.Input[list]) – List of the HTTP 2.0 ports.

  • http_ports (pulumi.Input[list]) – List of the HTTP ports

  • http_to_user_ip (pulumi.Input[str]) – Specifies whether to enable the HTTP back-to-origin feature. After this feature is enabled, the WAF instance can use HTTP to forward HTTPS requests to the origin server. By default, port 80 is used to forward the requests to the origin server. Valid values: “On” and “Off”. Default to “Off”.

  • https_ports (pulumi.Input[list]) – List of the HTTPS ports

  • https_redirect (pulumi.Input[str]) – Specifies whether to redirect HTTP requests as HTTPS requests. Valid values: “On” and “Off”. Default to “Off”.

  • instance_id (pulumi.Input[str]) – The ID of the WAF instance.

  • is_access_product (pulumi.Input[str]) – Specifies whether to configure a Layer-7 proxy, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: “On” and “Off”. Default to “Off”.

  • load_balancing (pulumi.Input[str]) – The load balancing algorithm that is used to forward requests to the origin. Valid values: “IpHash” and “RoundRobin”. Default to “IpHash”.

  • log_headers (pulumi.Input[list]) – The key-value pair that is used to mark the traffic that flows through WAF to the domain. Each item contains two field:

* key: The key of label
* value: The value of label
Parameters

  • read_time (pulumi.Input[float]) – The read timeout of a WAF exclusive cluster. Unit: seconds.

  • resource_group_id (pulumi.Input[str]) – The ID of the resource group to which the queried domain belongs in Resource Management. By default, no value is specified, indicating that the domain belongs to the default resource group.

  • source_ips (pulumi.Input[list]) – List of the IP address or domain of the origin server to which the specified domain points.

  • write_time (pulumi.Input[float]) – The timeout period for a WAF exclusive cluster write connection. Unit: seconds.

The log_headers object supports the following:

  • key (pulumi.Input[str])

  • value (pulumi.Input[str])

cluster_type: pulumi.Output[str] = None

The type of the WAF cluster. Valid values: “PhysicalCluster” and “VirtualCluster”. Default to “PhysicalCluster”.

cname: pulumi.Output[str] = None

The CNAME record assigned by the WAF instance to the specified domain.

connection_time: pulumi.Output[float] = None

The connection timeout for WAF exclusive clusters. Unit: seconds.

domain: pulumi.Output[str] = None

The domain that you want to add to WAF.

http2_ports: pulumi.Output[list] = None

List of the HTTP 2.0 ports.

http_ports: pulumi.Output[list] = None

List of the HTTP ports

http_to_user_ip: pulumi.Output[str] = None

Specifies whether to enable the HTTP back-to-origin feature. After this feature is enabled, the WAF instance can use HTTP to forward HTTPS requests to the origin server. By default, port 80 is used to forward the requests to the origin server. Valid values: “On” and “Off”. Default to “Off”.

https_ports: pulumi.Output[list] = None

List of the HTTPS ports

https_redirect: pulumi.Output[str] = None

Specifies whether to redirect HTTP requests as HTTPS requests. Valid values: “On” and “Off”. Default to “Off”.

instance_id: pulumi.Output[str] = None

The ID of the WAF instance.

is_access_product: pulumi.Output[str] = None

Specifies whether to configure a Layer-7 proxy, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: “On” and “Off”. Default to “Off”.

load_balancing: pulumi.Output[str] = None

The load balancing algorithm that is used to forward requests to the origin. Valid values: “IpHash” and “RoundRobin”. Default to “IpHash”.

log_headers: pulumi.Output[list] = None

The key-value pair that is used to mark the traffic that flows through WAF to the domain. Each item contains two field:

  • key: The key of label

  • value: The value of label

    • key (str)

    • value (str)

read_time: pulumi.Output[float] = None

The read timeout of a WAF exclusive cluster. Unit: seconds.

resource_group_id: pulumi.Output[str] = None

The ID of the resource group to which the queried domain belongs in Resource Management. By default, no value is specified, indicating that the domain belongs to the default resource group.

source_ips: pulumi.Output[list] = None

List of the IP address or domain of the origin server to which the specified domain points.

write_time: pulumi.Output[float] = None

The timeout period for a WAF exclusive cluster write connection. Unit: seconds.

static get(resource_name, id, opts=None, cluster_type=None, cname=None, connection_time=None, domain=None, http2_ports=None, http_ports=None, http_to_user_ip=None, https_ports=None, https_redirect=None, instance_id=None, is_access_product=None, load_balancing=None, log_headers=None, read_time=None, resource_group_id=None, source_ips=None, status=None, write_time=None)

Get an existing Domain resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • cluster_type (pulumi.Input[str]) – The type of the WAF cluster. Valid values: “PhysicalCluster” and “VirtualCluster”. Default to “PhysicalCluster”.

  • cname (pulumi.Input[str]) – The CNAME record assigned by the WAF instance to the specified domain.

  • connection_time (pulumi.Input[float]) – The connection timeout for WAF exclusive clusters. Unit: seconds.

  • domain (pulumi.Input[str]) – The domain that you want to add to WAF.

  • http2_ports (pulumi.Input[list]) – List of the HTTP 2.0 ports.

  • http_ports (pulumi.Input[list]) – List of the HTTP ports

  • http_to_user_ip (pulumi.Input[str]) – Specifies whether to enable the HTTP back-to-origin feature. After this feature is enabled, the WAF instance can use HTTP to forward HTTPS requests to the origin server. By default, port 80 is used to forward the requests to the origin server. Valid values: “On” and “Off”. Default to “Off”.

  • https_ports (pulumi.Input[list]) – List of the HTTPS ports

  • https_redirect (pulumi.Input[str]) – Specifies whether to redirect HTTP requests as HTTPS requests. Valid values: “On” and “Off”. Default to “Off”.

  • instance_id (pulumi.Input[str]) – The ID of the WAF instance.

  • is_access_product (pulumi.Input[str]) – Specifies whether to configure a Layer-7 proxy, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: “On” and “Off”. Default to “Off”.

  • load_balancing (pulumi.Input[str]) – The load balancing algorithm that is used to forward requests to the origin. Valid values: “IpHash” and “RoundRobin”. Default to “IpHash”.

  • log_headers (pulumi.Input[list]) – The key-value pair that is used to mark the traffic that flows through WAF to the domain. Each item contains two field:

* key: The key of label
* value: The value of label
Parameters

  • read_time (pulumi.Input[float]) – The read timeout of a WAF exclusive cluster. Unit: seconds.

  • resource_group_id (pulumi.Input[str]) – The ID of the resource group to which the queried domain belongs in Resource Management. By default, no value is specified, indicating that the domain belongs to the default resource group.

  • source_ips (pulumi.Input[list]) – List of the IP address or domain of the origin server to which the specified domain points.

  • write_time (pulumi.Input[float]) – The timeout period for a WAF exclusive cluster write connection. Unit: seconds.

The log_headers object supports the following:

  • key (pulumi.Input[str])

  • value (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_alicloud.waf.GetDomainsResult(domains=None, id=None, ids=None, instance_id=None, output_file=None)

A collection of values returned by getDomains.

domains = None

A list of Domains. Each element contains the following attributes:

id = None

The provider-assigned unique ID for this managed resource.

ids = None

(Optional) A list of WAF domain names. Each item is domain name.

class pulumi_alicloud.waf.Instance(resource_name, opts=None, big_screen=None, exclusive_ip_package=None, ext_bandwidth=None, ext_domain_package=None, log_storage=None, log_time=None, modify_type=None, package_code=None, period=None, prefessional_service=None, renew_period=None, renewal_status=None, resource_group_id=None, subscription_type=None, waf_log=None, __props__=None, __name__=None, __opts__=None)

Provides a WAF Instance resource to create instance in the Web Application Firewall.

For information about WAF and how to use it, see What is Alibaba Cloud WAF.

NOTE: Available in 1.83.0+ .

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.waf.Instance("default",
    big_screen="0",
    exclusive_ip_package="1",
    ext_bandwidth="50",
    ext_domain_package="1",
    log_storage="3",
    log_time="180",
    package_code="version_3",
    period=1,
    prefessional_service="false",
    resource_group_id="rs-abc12345",
    subscription_type="Subscription",
    waf_log="false")
Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • big_screen (pulumi.Input[str]) – Specify whether big screen is supported. Valid values: [“0”, “1”]. “0” for false and “1” for true.

  • exclusive_ip_package (pulumi.Input[str]) – Specify the number of exclusive WAF IP addresses.

  • ext_bandwidth (pulumi.Input[str]) – The extra bandwidth. Unit: Mbit/s.

  • ext_domain_package (pulumi.Input[str]) – The number of extra domains.

  • log_storage (pulumi.Input[str]) – Log storage size. Unit: T. Valid values: [3, 5, 10, 20, 50].

  • log_time (pulumi.Input[str]) – Log storage period. Unit: day. Valid values: [180, 360].

  • modify_type (pulumi.Input[str]) – Type of configuration change. Valid value: Upgrade.

  • package_code (pulumi.Input[str]) – Subscription plan:

* China site customers can purchase the following versions of China Mainland region, valid values: ["version_3", "version_4", "version_5"].
* China site customers can purchase the following versions of International region, valid values: ["version_pro_asia", "version_business_asia", "version_enterprise_asia"]
* International site customers can purchase the following versions of China Mainland region: ["version_pro_china", "version_business_china", "version_enterprise_china"]
* International site customers can purchase the following versions of International region: ["version_pro", "version_business", "version_enterprise"].
Parameters

  • period (pulumi.Input[float]) – Service time of Web Application Firewall.

  • prefessional_service (pulumi.Input[str]) – Specify whether professional service is supported. Valid values: [“true”, “false”]

  • renew_period (pulumi.Input[float]) – Renewal period of WAF service. Unit: month

  • renewal_status (pulumi.Input[str]) – Renewal status of WAF service. Valid values:

* AutoRenewal: The service time of WAF is renewed automatically.
* ManualRenewal (default): The service time of WAF is renewed manually.Specifies whether to configure a Layer-7 proxy, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: "On" and "Off". Default to "Off".
Parameters

  • resource_group_id (pulumi.Input[str]) – The resource group ID.

  • subscription_type (pulumi.Input[str]) – Subscription of WAF service. Valid values: [“Subscription”, “PayAsYouGo”].

  • waf_log (pulumi.Input[str]) – Specify whether Log service is supported. Valid values: [“true”, “false”]

big_screen: pulumi.Output[str] = None

Specify whether big screen is supported. Valid values: [“0”, “1”]. “0” for false and “1” for true.

exclusive_ip_package: pulumi.Output[str] = None

Specify the number of exclusive WAF IP addresses.

ext_bandwidth: pulumi.Output[str] = None

The extra bandwidth. Unit: Mbit/s.

ext_domain_package: pulumi.Output[str] = None

The number of extra domains.

log_storage: pulumi.Output[str] = None

Log storage size. Unit: T. Valid values: [3, 5, 10, 20, 50].

log_time: pulumi.Output[str] = None

Log storage period. Unit: day. Valid values: [180, 360].

modify_type: pulumi.Output[str] = None

Type of configuration change. Valid value: Upgrade.

package_code: pulumi.Output[str] = None

Subscription plan:

  • China site customers can purchase the following versions of China Mainland region, valid values: [“version_3”, “version_4”, “version_5”].

  • China site customers can purchase the following versions of International region, valid values: [“version_pro_asia”, “version_business_asia”, “version_enterprise_asia”]

  • International site customers can purchase the following versions of China Mainland region: [“version_pro_china”, “version_business_china”, “version_enterprise_china”]

  • International site customers can purchase the following versions of International region: [“version_pro”, “version_business”, “version_enterprise”].

period: pulumi.Output[float] = None

Service time of Web Application Firewall.

prefessional_service: pulumi.Output[str] = None

Specify whether professional service is supported. Valid values: [“true”, “false”]

renew_period: pulumi.Output[float] = None

Renewal period of WAF service. Unit: month

renewal_status: pulumi.Output[str] = None

Renewal status of WAF service. Valid values:

  • AutoRenewal: The service time of WAF is renewed automatically.

  • ManualRenewal (default): The service time of WAF is renewed manually.Specifies whether to configure a Layer-7 proxy, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: “On” and “Off”. Default to “Off”.

resource_group_id: pulumi.Output[str] = None

The resource group ID.

status: pulumi.Output[float] = None

The status of the instance.

subscription_type: pulumi.Output[str] = None

Subscription of WAF service. Valid values: [“Subscription”, “PayAsYouGo”].

waf_log: pulumi.Output[str] = None

Specify whether Log service is supported. Valid values: [“true”, “false”]

static get(resource_name, id, opts=None, big_screen=None, exclusive_ip_package=None, ext_bandwidth=None, ext_domain_package=None, log_storage=None, log_time=None, modify_type=None, package_code=None, period=None, prefessional_service=None, renew_period=None, renewal_status=None, resource_group_id=None, status=None, subscription_type=None, waf_log=None)

Get an existing Instance resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • big_screen (pulumi.Input[str]) – Specify whether big screen is supported. Valid values: [“0”, “1”]. “0” for false and “1” for true.

  • exclusive_ip_package (pulumi.Input[str]) – Specify the number of exclusive WAF IP addresses.

  • ext_bandwidth (pulumi.Input[str]) – The extra bandwidth. Unit: Mbit/s.

  • ext_domain_package (pulumi.Input[str]) – The number of extra domains.

  • log_storage (pulumi.Input[str]) – Log storage size. Unit: T. Valid values: [3, 5, 10, 20, 50].

  • log_time (pulumi.Input[str]) – Log storage period. Unit: day. Valid values: [180, 360].

  • modify_type (pulumi.Input[str]) – Type of configuration change. Valid value: Upgrade.

  • package_code (pulumi.Input[str]) – Subscription plan:

* China site customers can purchase the following versions of China Mainland region, valid values: ["version_3", "version_4", "version_5"].
* China site customers can purchase the following versions of International region, valid values: ["version_pro_asia", "version_business_asia", "version_enterprise_asia"]
* International site customers can purchase the following versions of China Mainland region: ["version_pro_china", "version_business_china", "version_enterprise_china"]
* International site customers can purchase the following versions of International region: ["version_pro", "version_business", "version_enterprise"].
Parameters

  • period (pulumi.Input[float]) – Service time of Web Application Firewall.

  • prefessional_service (pulumi.Input[str]) – Specify whether professional service is supported. Valid values: [“true”, “false”]

  • renew_period (pulumi.Input[float]) – Renewal period of WAF service. Unit: month

  • renewal_status (pulumi.Input[str]) – Renewal status of WAF service. Valid values:

* AutoRenewal: The service time of WAF is renewed automatically.
* ManualRenewal (default): The service time of WAF is renewed manually.Specifies whether to configure a Layer-7 proxy, such as Anti-DDoS Pro or CDN, to filter the inbound traffic before it is forwarded to WAF. Valid values: "On" and "Off". Default to "Off".
Parameters

  • resource_group_id (pulumi.Input[str]) – The resource group ID.

  • status (pulumi.Input[float]) – The status of the instance.

  • subscription_type (pulumi.Input[str]) – Subscription of WAF service. Valid values: [“Subscription”, “PayAsYouGo”].

  • waf_log (pulumi.Input[str]) – Specify whether Log service is supported. Valid values: [“true”, “false”]

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

pulumi_alicloud.waf.get_domains(ids=None, instance_id=None, output_file=None, opts=None)

Provides a WAF datasource to retrieve domains.

For information about WAF and how to use it, see What is Alibaba Cloud WAF.

NOTE: Available in 1.86.0+ .

import pulumi
import pulumi_alicloud as alicloud

default = alicloud.waf.get_domains(instance_id="waf-cf-xxxxx")
Parameters

  • ids (list) – A list of WAF domain names. Each item is domain name.

  • instance_id (str) – The Id of waf instance to which waf domain belongs.