All Products
Search

This Product

    Anti-DDoS:Purchase and manage Anti-DDoS Pro or Anti-DDoS Premium instances using Terraform

    Document Center

    Anti-DDoS:Purchase and manage Anti-DDoS Pro or Anti-DDoS Premium instances using Terraform

    Last Updated:Feb 27, 2026

    Use Terraform to purchase and manage Anti-DDoS Pro or Anti-DDoS Premium instances. This topic uses the purchase of an Anti-DDoS Pro or Anti-DDoS Premium instance as an example.

    Note

    The sample code in this topic supports one-click execution. Run the code directly. One-click execution

    Prerequisites

    • An Alibaba Cloud account (root account) has full permissions on all resources. If compromised, it poses a major security risk. Use a Resource Access Management (RAM) user instead. Create an AccessKey for the RAM user. For more information, see Create a RAM user and Create an AccessKey.

    • Attach the following least privilege policy to the RAM user who runs Terraform commands. This grants permissions to manage the resources used in this example. For more information, see Manage permissions for RAM users.

      This policy allows the RAM user to create, view, and delete RAM roles. It also lets the RAM user manage access policies for RAM roles.

      {
  "Statement": [
    {
      "Action": [
        "ddosprotection:CreateInstance",
        "ddosprotection:DeleteInstance"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ],
  "Version": "1"
}

    • Prepare your Terraform runtime environment. Choose one of the following options.

      • Use Terraform in Terraform Explorer: Alibaba Cloud provides an online Terraform environment. You do not need to install Terraform. Log on and use Terraform online. This option is ideal for low-cost, fast, and convenient Terraform evaluation and debugging.

      • Use Terraform to quickly create resources: Alibaba Cloud Cloud Shell comes preinstalled with Terraform and preconfigured identity credentials. Run Terraform commands directly in Cloud Shell. This option is ideal for low-cost, fast, and convenient Terraform access and usage.

      • Install and configure Terraform locally: Use this option if you have poor network connectivity or need a custom development environment.

    Resources used

    Procedure

    1. You can create a working directory. In that directory, create a configuration file named main.tf.

      main.tf: The main Terraform file. It defines the resources to deploy. This example shows how to purchase an Anti-DDoS Proxy (non-Chinese mainland) instance.

      Important

      When you define and deploy an Anti-DDoS Proxy (non-Chinese mainland) instance with Terraform, note that you cannot destroy the instance using Terraform. Manage the instance lifecycle carefully to avoid unnecessary charges.

      # Region
variable "region_id" {
  type    = string
  default = "ap-southeast-1"  # Change to Singapore
}

# Anti-DDoS CoO instance name
variable "ddoscoo_instance_name" {
  description = "The name of the Anti-DDoS CoO instance"
  type        = string
  default     = "Ddoscoo-spm-fofo"  # Default value
}
# Number of ports (required): Number of port retransmission rules for the instance. Minimum is 50. Increase in increments of 5, such as 55, 60, or 65. Upgrades only.
variable "port_count" {
  description = "Number of ports for the Anti-DDoS CoO instance"
  type        = string
  default     = "50"  # Default value
}
# 0: Insurance mitigation plan. 1: Unlimited mitigation plan. 2: Chinese Mainland Acceleration (CMA). 3: Security CMA mitigation plan.
variable "product_plan" {
  description = "Product plan of the Anti-DDoS CoO instance"
  type        = string
  default     = "0"
}

# Number of domain names (required): Number of domain name retransmission rules for the instance. Minimum is 50. Increase in increments of 5, such as 55, 60, or 65. Upgrades only.
variable "domain_count" {
  description = "Number of domains for the Anti-DDoS CoO instance"
  type        = string
  default     = "50"  # Default value
}

# Purchase period
variable "period" {
  description = "Purchase period of the Anti-DDoS CoO instance"
  type        = string
  default     = "1"  # Default value
}

# Product type
variable "product_type" {
  description = "Product type of the Anti-DDoS CoO instance"
  type        = string
  default     = "ddosDip"  # International version: ddoscoo_intl
}

# Billing method
variable "pricing_mode" {
  description = "Pricing mode of the Anti-DDoS CoO instance (Prepaid or Postpaid)"
  type        = string
  default     = "Postpaid"  # Default value
}
# Scrubbing bandwidth: Clean bandwidth provided by the instance
variable "normal_bandwidth" {
  description = "Clean bandwidth provided by the instance, valid only when product_type is ddosDip"
  type        = number
  default     = 100
}
# Queries per second (QPS): Normal QPS provided by the instance
variable "normal_qps" {
  description = "Normal QPS provided by the instance, valid only for security_acceleration"
  type        = number
  default     = 500
}
# Function version: Standard function plan
variable "function_version" {
  description = "Function version of the instance, valid only for security_acceleration"
  type        = number
  default     = 0
}

provider "alicloud" {
  region = var.region_id
}

resource "alicloud_ddoscoo_instance" "newInstance" {
  name             = var.ddoscoo_instance_name
  port_count       = var.port_count
  domain_count     = var.domain_count
  period           = var.pricing_mode == "Prepaid" ? var.period : null
  product_type     = var.product_type
  product_plan     = var.product_plan
  function_version = var.function_version
  normal_bandwidth = var.normal_bandwidth

}

output "instance_id" {
  description = "The ID of the Anti-DDoS CoO instance"
  value       = alicloud_ddoscoo_instance.newInstance.id
}

output "instance_name" {
  description = "The name of the Anti-DDoS CoO instance"
  value       = var.ddoscoo_instance_name
}

    2. Run the terraform init command to initialize Terraform.

    3. Expected output:

      Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

    4. Run the terraform plan command to generate the resource plan.

    Expected result:

    alicloud_ddoscoo_instance.newInstance: Refreshing state... [id=ddoscoo-cn-20s3zrc4k001]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # alicloud_ddoscoo_instance.newInstance will be updated in-place
  ~ resource "alicloud_ddoscoo_instance" "newInstance" {
        id                = "ddoscoo-cn-20**********""
      ~ name              = "yourDdoscooInstanceName" -> "Ddoscoo"
        # (7 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Changes to Outputs:
  + instance_id   = "ddoscoo-cn-**********"
  + instance_name = "Ddoscoo"

    1. Run the terraform apply command. When prompted, enter yes and press Enter. Wait for the command to finish. If you see the following message, authorization is complete.

    Expected result:

    alicloud_ddoscoo_instance.newInstance: Modifying... [id=ddoscoo-cn-*********]
alicloud_ddoscoo_instance.newInstance: Modifications complete after 1s [id=ddoscoo-cn-*********]

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Outputs:

instance_id = "ddoscoo-cn-*********"
instance_name = "Ddoscoo"

    1. Verify the operation.

    Run the terraform show command

    Run the following command to query details about the resources created by Terraform:

    terraform show

    image

    Anti-DDoS Proxy (Chinese mainland) console

    Log on to the Anti-DDoS Proxy console to view the created instance.

    image

    Complete code example

    Note

    The sample code in this topic supports one-click execution. Run the code directly. One-click execution

    # Region
variable "region_id" {
  type    = string
  default = "ap-southeast-1"  # Change to Singapore
}

# Anti-DDoS CoO instance name
variable "ddoscoo_instance_name" {
  description = "The name of the Anti-DDoS CoO instance"
  type        = string
  default     = "Ddoscoo-spm-fofo"  # Default value
}
# Number of ports (required): Number of port retransmission rules for the instance. Minimum is 50. Increase in increments of 5, such as 55, 60, or 65. Upgrades only.
variable "port_count" {
  description = "Number of ports for the Anti-DDoS CoO instance"
  type        = string
  default     = "50"  # Default value
}
# 0: Insurance mitigation plan. 1: Unlimited mitigation plan. 2: Chinese Mainland Acceleration (CMA). 3: Security CMA mitigation plan.
variable "product_plan" {
  description = "Product plan of the Anti-DDoS CoO instance"
  type        = string
  default     = "0"
}

# Number of domain names (required): Number of domain name retransmission rules for the instance. Minimum is 50. Increase in increments of 5, such as 55, 60, or 65. Upgrades only.
variable "domain_count" {
  description = "Number of domains for the Anti-DDoS CoO instance"
  type        = string
  default     = "50"  # Default value
}

# Purchase period
variable "period" {
  description = "Purchase period of the Anti-DDoS CoO instance"
  type        = string
  default     = "1"  # Default value
}

# Product type
variable "product_type" {
  description = "Product type of the Anti-DDoS CoO instance"
  type        = string
  default     = "ddosDip"  # International version: ddoscoo_intl
}

# Billing method
variable "pricing_mode" {
  description = "Pricing mode of the Anti-DDoS CoO instance (Prepaid or Postpaid)"
  type        = string
  default     = "Postpaid"  # Default value
}
# Scrubbing bandwidth: Clean bandwidth provided by the instance
variable "normal_bandwidth" {
  description = "Clean bandwidth provided by the instance, valid only when product_type is ddosDip"
  type        = number
  default     = 100
}
# Queries per second (QPS): Normal QPS provided by the instance
variable "normal_qps" {
  description = "Normal QPS provided by the instance, valid only for security_acceleration"
  type        = number
  default     = 500
}
# Function version: Standard function plan
variable "function_version" {
  description = "Function version of the instance, valid only for security_acceleration"
  type        = number
  default     = 0
}

provider "alicloud" {
  region = var.region_id
}

resource "alicloud_ddoscoo_instance" "newInstance" {
  name             = var.ddoscoo_instance_name
  port_count       = var.port_count
  domain_count     = var.domain_count
  period           = var.pricing_mode == "Prepaid" ? var.period : null
  product_type     = var.product_type
  product_plan     = var.product_plan
  function_version = var.function_version
  normal_bandwidth = var.normal_bandwidth

}

output "instance_id" {
  description = "The ID of the Anti-DDoS CoO instance"
  value       = alicloud_ddoscoo_instance.newInstance.id
}

output "instance_name" {
  description = "The name of the Anti-DDoS CoO instance"
  value       = var.ddoscoo_instance_name
}

    References