All Products
Search

This Product

    Anti-DDoS:Use Terraform to configure Website Config rules

    Document Center

    Anti-DDoS:Use Terraform to configure Website Config rules

    Last Updated:Jul 26, 2025

    You can use Terraform to configure Website Config rules. This topic describes how to add a Website Config rule.

    Note

    You can run the sample code in this topic with a single click. Run

    Prerequisites

    • You have purchased an Anti-DDoS Pro or Anti-DDoS Premium instance. For more information, see Purchase and manage Anti-DDoS Pro or Anti-DDoS Premium instances using Terraform.

    • An Alibaba Cloud account has full permissions on all resources. If the identity credentials of an Alibaba Cloud account are leaked, this can create high security risks. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey for the RAM user. For more information, see Create a RAM user and Create an AccessKey.

    • Attach the following least privilege policy to the RAM user that you use to run Terraform commands. This grants the RAM user the permissions to manage the resources that are used in this example. For more information, see Grant permissions to a RAM user.

      This access policy allows the user to add and view domain name configurations in a specific Anti-DDoS Pro or Anti-DDoS Premium instance.

      {
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ddoscoo:DescribeDomain",
                "ddoscoo:DescribeDomains",
                "ddoscoo:AddDomain"
            ],
            "Resource": "acs:ddoscoo:<region>:<account-id>:domain/*"
        }
    ]
}

    Prepare a Terraform runtime environment. You can use one of the following methods:

    • Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You do not need to install Terraform. After you log on, you can use Terraform online. This method is suitable for scenarios where you want to quickly and conveniently test Terraform at no cost.

    • Cloud Shell: Terraform components are pre-installed and identity credentials are configured in Alibaba Cloud Cloud Shell. You can run Terraform commands directly in Cloud Shell. This method is suitable for scenarios where you want to quickly and conveniently access Terraform at a low cost.

    • Install and configure Terraform on your on-premises machine: This method is suitable for scenarios where the network connectivity is poor or a custom developer environment is required.

    Resources used

    Procedure

    1. Create a working directory and a configuration file named main.tf in the directory.

      main.tf: This is the main Terraform file that defines the resources to be deployed. This topic provides an example of adding a domain name configuration to an instance.

      Important

      To prevent unnecessary fees, carefully manage the instance lifecycle.

      provider "alicloud" {
  region = "cn-hangzhou"
}

variable "name" {
  default = "tf-example"
}
variable "domain" {
  default = "tf-example.alibaba.com"# Replace the value with a domain name that has obtained an ICP filing.
}

resource "alicloud_ddoscoo_instance" "default" {
  name              = var.name
  bandwidth         = "30"
  base_bandwidth    = "30"
  service_bandwidth = "100"
  port_count        = "50"
  domain_count      = "50"
  period            = "1"
  product_type      = "ddoscoo"
}

resource "alicloud_ddoscoo_domain_resource" "default" {
  domain       = var.domain
  rs_type      = 0
  instance_ids = [alicloud_ddoscoo_instance.default.id]
  real_servers = ["177.167.XX.XX"]# Replace the value with the address of your origin server.
  https_ext    = "{\"Http2\":1,\"Http2https\":0,\"Https2http\":0}"
  proxy_types {
    proxy_ports = [443]
    proxy_type  = "https"
  }
}

    2. Run the terraform init command to initialize the Terraform runtime environment.

      Expected output: image

    3. Run the terraform apply command. At the prompt, enter yes and press the Enter key. If the following information is returned, the authorization is successful.

      Expected result: image

    4. Verify the result.

    Run the terraform show command

    You can run the following command to query the details of the resources that are created by Terraform:

    terraform show

    image

    Anti-DDoS Pro and Anti-DDoS Premium (Chinese mainland) console

    Log on to the Anti-DDoS Pro and Anti-DDoS Premium console to view the Website Config.

    image

    Clean up resources

    If you no longer need the resources created and managed by Terraform, run the following command to release them. For more information about terraform destroy, see Common commands.

    terraform destroy

    Complete code example

    Note

    You can run the sample code in this topic with a single click. Run

    provider "alicloud" {
  region = "cn-hangzhou"
}

variable "name" {
  default = "tf-example"
}
variable "domain" {
  default = "tf-example.alibaba.com"# Replace the value with a domain name that has obtained an ICP filing.
}

resource "alicloud_ddoscoo_instance" "default" {
  name              = var.name
  bandwidth         = "30"
  base_bandwidth    = "30"
  service_bandwidth = "100"
  port_count        = "50"
  domain_count      = "50"
  period            = "1"
  product_type      = "ddoscoo"
}

resource "alicloud_ddoscoo_domain_resource" "default" {
  domain       = var.domain
  rs_type      = 0
  instance_ids = [alicloud_ddoscoo_instance.default.id]
  real_servers = ["177.167.XX.XX"]# Replace the value with the address of your origin server.
  https_ext    = "{\"Http2\":1,\"Http2https\":0,\"Https2http\":0}"
  proxy_types {
    proxy_ports = [443]
    proxy_type  = "https"
  }
}

    References