You can use Terraform to purchase and manage Anti-DDoS Proxy instances. This topic outlines the steps for acquiring an Anti-DDoS Proxy instance.
Setup
To mitigate risks associated with compromised Alibaba Cloud accounts, we recommend using a RAM user and creating an AccessKey pair for that user. For more information, see Create a RAM user and Create an AccessKey.
Assign the following policy to the RAM user to grant the minimum permissions for managing resources in this example. For more information, see Grant permissions to a RAM user.
This policy allows the creation, viewing, and deletion of RAM roles, along with the management of permissions for the RAM role.
{ "Statement": [ { "Action": [ "ddosprotection:CreateInstance", "ddosprotection:DeleteInstance" ], "Effect": "Allow", "Resource": "*" } ], "Version": "1" }Set up the runtime environment for Terraform using one of the following methods:
Use Terraform in Terraform Explorer: Terraform Explorer provided by Alibaba Cloud allows developers to run Terraform online without installation. This method is ideal for efficiently and conveniently using and debugging Terraform at no cost.
Use Terraform in Cloud Shell: Alibaba Cloud Cloud Shell comes pre-installed with Terraform and configured identity credentials, allowing you to run Terraform commands directly. This method is ideal for using and debugging Terraform efficiently, conveniently, and at a low cost.
Install and configure Terraform: This method is best for scenarios with poor network connectivity or when a custom development environment is needed.
Required resources
alicloud_ddoscoo_instance: This resource is used to create an Anti-DDoS instance.
Procedure
Create a working directory and add a configuration file named
main.tfto define the resources to be deployed.main.tf: The primary Terraform file that specifies the resources for deployment. The following guide focuses on acquiring an Anti-DDoS Proxy (Outside Chinese Mainland) instance.
ImportantWhen deploying an Anti-DDoS Proxy (Outside Chinese Mainland) instance using Terraform, be aware that the instance cannot be destroyed using Terraform. Therefore, you should carefully manage the instance's lifecycle to prevent unnecessary expenses.
# Region variable "region_id" { type = string default = "ap-southeast-1" # Change to Singapore } # DDoS CoO instance name variable "ddoscoo_instance_name" { description = "The name of the DDoS CoO instance" type = string default = "Ddoscoo-spm-fofo" # Default value } # Number of ports (Required): The number of port forwarding rules for the instance. At least 50. Increase by 5 each time, such as 55, 60, 65. Only upgrades are supported. variable "port_count" { description = "Number of ports for the DDoS CoO instance" type = string default = "50" # Default value } # 0: Insurance Plan #1: Unlimited Plan #2: CMA Plan #3: Secure Chinese mainland acceleration (Sec-CMA) Plan. variable "product_plan" { description = "Product plan of the DDoS CoO instance" type = string default = "0" } # Number of domains (Required): The number of domain forwarding rules for the instance. At least 50. Increase by 5 each time, such as 55, 60, 65. Only upgrades are supported. variable "domain_count" { description = "Number of domains for the DDoS CoO instance" type = string default = "50" # Default value } # Purchase period variable "period" { description = "Purchase period of the DDoS CoO instance" type = string default = "1" # Default value } # Product type variable "product_type" { description = "Product type of the DDoS CoO instance" type = string default = "ddosDip" # International version ddoscoo_intl } # Billing method variable "pricing_mode" { description = "Pricing mode of the DDoS CoO instance (Prepaid or Postpaid)" type = string default = "Postpaid" # Default value } # Clean bandwidth Clean bandwidth provided by the instance variable "normal_bandwidth" { description = "Clean bandwidth provided by the instance, valid only when product_type is ddosDip" type = number default = 100 } # Queries per second: Clean QPS provided by the instance variable "normal_qps" { description = "Normal QPS provided by the instance, valid only for security_acceleration" type = number default = 500 } # Function version: Standard function plan variable "function_version" { description = "Function version of the instance, valid only for security_acceleration" type = number default = 0 } provider "alicloud" { region = var.region_id } resource "alicloud_ddoscoo_instance" "newInstance" { name = var.ddoscoo_instance_name port_count = var.port_count domain_count = var.domain_count period = var.pricing_mode == "Prepaid" ? var.period : null product_type = var.product_type product_plan = var.product_plan function_version = var.function_version normal_bandwidth = var.normal_bandwidth } output "instance_id" { description = "The ID of the DDoS CoO instance" value = alicloud_ddoscoo_instance.newInstance.id } output "instance_name" { description = "The name of the DDoS CoO instance" value = var.ddoscoo_instance_name }Initialize Terraform by running the
terraform initcommand.Expected output:
Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.Run the
terraform plancommand to generate a resource plan.
Expected results:
alicloud_ddoscoo_instance.newInstance: Refreshing state... [id=ddoscoo-cn-20s3zrc4k001]
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# alicloud_ddoscoo_instance.newInstance will be updated in-place
~ resource "alicloud_ddoscoo_instance" "newInstance" {
id = "ddoscoo-cn-20**********""
~ name = "yourDdoscooInstanceName" -> "Ddoscoo"
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Changes to Outputs:
+ instance_id = "ddoscoo-cn-**********"
+ instance_name = "Ddoscoo"
Run the
terraform applycommand, typeyeswhen prompted, and click Enter. Wait for the command to be run. If the following message appears, the authorization is complete.
Expected results:
alicloud_ddoscoo_instance.newInstance: Modifying... [id=ddoscoo-cn-*********]
alicloud_ddoscoo_instance.newInstance: Modifications complete after 1s [id=ddoscoo-cn-*********]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
instance_id = "ddoscoo-cn-*********"
instance_name = "Ddoscoo"Verify the operation.
Run the terraform show command
To view the details of the resources created by Terraform, run the following command:
terraform show
Anti-DDoS Proxy (Chinese Mainland) console
Access the Anti-DDoS Proxy (Chinese Mainland) console to view the instance you created.
Complete code example
# Region
variable "region_id" {
type = string
default = "ap-southeast-1" # Change to Singapore
}
# DDoS CoO instance name
variable "ddoscoo_instance_name" {
description = "The name of the DDoS CoO instance"
type = string
default = "Ddoscoo-spm-fofo" # Default value
}
# Number of ports (required): The number of port forwarding rules for the instance. At least 50. Increase by 5 each time, such as 55, 60, 65. Only upgrades are supported.
variable "port_count" {
description = "Number of ports for the DDoS CoO instance"
type = string
default = "50" # Default value
}
# 0: Insurance plan #1: Unlimited plan #2: CMA plan #3: Secure Chinese mainland acceleration (Sec-CMA) plan.
variable "product_plan" {
description = "Product plan of the DDoS CoO instance"
type = string
default = "0"
}
# Number of domains (required): The number of domain forwarding rules for the instance. At least 50. Increase by 5 each time, such as 55, 60, 65. Only upgrades are supported.
variable "domain_count" {
description = "Number of domains for the DDoS CoO instance"
type = string
default = "50" # Default value
}
# Purchase period
variable "period" {
description = "Purchase period of the DDoS CoO instance"
type = string
default = "1" # Default value
}
# Product type
variable "product_type" {
description = "Product type of the DDoS CoO instance"
type = string
default = "ddosDip" # International version ddoscoo_intl
}
# Billing method
variable "pricing_mode" {
description = "Pricing mode of the DDoS CoO instance (Prepaid or Postpaid)"
type = string
default = "Postpaid" # Default value
}
# Clean bandwidth: Clean bandwidth provided by the instance
variable "normal_bandwidth" {
description = "Clean bandwidth provided by the instance, valid only when product_type is ddosDip"
type = number
default = 100
}
# Queries per second: Clean QPS provided by the instance
variable "normal_qps" {
description = "Normal QPS provided by the instance, valid only for security_acceleration"
type = number
default = 500
}
# Function version: Standard function plan
variable "function_version" {
description = "Function version of the instance, valid only for security_acceleration"
type = number
default = 0
}
provider "alicloud" {
region = var.region_id
}
resource "alicloud_ddoscoo_instance" "newInstance" {
name = var.ddoscoo_instance_name
port_count = var.port_count
domain_count = var.domain_count
period = var.pricing_mode == "Prepaid" ? var.period : null
product_type = var.product_type
product_plan = var.product_plan
function_version = var.function_version
normal_bandwidth = var.normal_bandwidth
}
output "instance_id" {
description = "The ID of the DDoS CoO instance"
value = alicloud_ddoscoo_instance.newInstance.id
}
output "instance_name" {
description = "The name of the DDoS CoO instance"
value = var.ddoscoo_instance_name
}References
For more information about Terraform, see What is Terraform?