CDN sync secondary origin - CDN - Alibaba Cloud Documentation Center

You can use the CDN secondary origin server feature to periodically sync content from your primary origin to a secondary origin. When the primary origin becomes unavailable, CDN automatically routes origin fetches to the secondary origin to keep your service running.

Prerequisites

You have activated the Function Compute service. For more information, see Activate Service.

Note
If Function Compute is not activated, CDN secondary origin server tasks cannot invoke the required functions after you create them.
You have activated Object Storage Service (OSS) and created a bucket. For more information, see Create a bucket in the console.

Billing

Function Compute service fees:

The CDN secondary origin server feature uses Function Compute and is billed on a pay-as-you-go basis. For a detailed breakdown of Function Compute charges, see Billing overview. The fees for Function Compute consist of the following two items:

Billable item

Billing rules

Internet data transfers fee

Internet data transfers fee = Tiered unit price × Data transfer usage

Tiered unit price: The first 200 GB of data transfers per month is free. This includes 20 GB for all regions (including the Chinese mainland) and 180 GB for regions outside the Chinese mainland. Data transfers that exceed 200 GB are billed at tiered rates. The rates vary by region. For more information, see Cloud Data Transfer (CDT) pricing for Internet data transfers.

Data transfer usage: You can view your Internet data transfers on the Resource Usage Details page in the Function Compute console.

Function Compute CU usage fee

CU usage fee = CU usage × CU unit price

CU usage = Usage of each resource × CU conversion factor

Usage of each resource: You can view the usage of each resource on the Resource Usage Details page in the Function Compute console.

CU conversion factor: See the CU conversion factor table.

CU unit price: See the Billable items and unit prices table.

Example of Function Compute service fees

Assume a user creates a CPU function and enables express mode. The instance specification is 0.35 vCPU, 512 MB of memory, and a 512 MB temporary disk. In the current month, express mode runs for 50 hours, which includes 10 active hours and 40 idle hours. The function is invoked 1,000,000 times. The Internet data transfer fee, CU usage fee, and total fee are as follows.

Note

In express mode for CPU instances, Function Compute bills memory and disk usage based on the total execution time. It bills active vCPU usage based on the duration of the active state and does not bill for idle vCPU usage.

Internet data transfers fee

Assume each function invocation uses 250 KB of resources. The 1,000,000 invocations generate 25 GB of traffic, which is within the 200 GB free tier. Therefore, you incur no fees for Internet data transfers.

Internet data transfers fee = 0

Function Compute CU usage fee

Resource type	Usage	Conversion factor	CU usage
Active vCPU usage	12,600 vCPU-seconds	1 CU/vCPU-second	12,600 CU
Idle vCPU usage	50,400 vCPU-seconds	0 CU/vCPU-second Note: There is no charge for idle vCPUs.	0 CU
Memory usage	90,000 GB-seconds	0.15 CU/GB-second	13,500 CU
Disk usage	0 GB-seconds	0.05 CU/GB-second Note: The first 512 MB of disk usage is free of charge. Usage beyond this limit incurs charges.	0 CU
Function invocations	1,000,000 invocations	0.0075 CU/invocation	7,500 CU
Total CU usage: 33,600 CU

Total fee = Tier 1 unit price × Usage = USD 0.000020/CU × 33,600 CU = USD 0.67

Total fee

Total Function Compute service fee = Internet data transfers fee + Function Compute CU usage fee = USD 0 + USD 0.67 = USD 0.67

OSS storage fees:

Currently, you can only use the public endpoints of OSS buckets as secondary origin addresses. When files from your primary origin are synced and stored in OSS, you incur storage fees based on the file type, size, and storage duration. For detailed pricing information, see Storage fees.

Create a CDN secondary origin task

Log on to the CDN console.
In the left-side navigation pane, click Application Center.
On the Application Center page, find the Secondary Origin Servers card and click Try Now.
On the Secondary Origin Servers page, click Create Task.

On the Create Scheduled Task page, configure the following parameters.

Parameter	Description
Task Name	The name of the CDN secondary origin server task.
Permission Management	When you use the CDN secondary origin server feature for the first time, you must authorize Function Compute. On the authorization page, keep the default values for the following parameters: Role name: `AliyunCDNServerlessDevsRole`. Role description: `Serverless Devs Role for CDN Application`. System policy: `AliyunFCFullAccess` and `AliyunOSSFullAccess`.
Type	Domain name.
Domain Name	The domain name of the site to back up.
Secondary Origin Address	The public endpoint of an Alibaba Cloud OSS bucket to use as the secondary origin for storing backups.
Task Type	Recurring task.
Trigger Mode	Specifies how to trigger the CDN secondary origin server task. At Specific Interval: Triggers the task at a specified time interval. At Specific Time: Triggers the task at a specified time, date, or day of the week.
Resource Type	The type of resources to back up.

Configure the secondary origin address

Add the Secondary Origin Address specified in Create a CDN secondary origin server task to the Origin Information settings of your domain. For more information, see Configure an origin.

When you add the secondary origin address, configure the following parameters:

Origin Information: Select OSS Domain and enter the Secondary Origin Address from Create a CDN secondary origin server task.
Priority: Select Secondary.

Permissions for RAM users

A RAM user must have the required permissions to create CDN secondary origin server tasks.

Granting a RAM user the AliyunFCFullAccess and AliyunOSSFullAccess system permissions by using a system policy gives the user permissions to manage all of Function Compute and Object Storage Service (OSS).
1. Log on to the RAM console.
2. In the left-side navigation pane, choose Identities > Users.
3. Find the target RAM user and click Add Permissions in the Actions column.
4. In the Grant Permission panel, configure the authorization information.
  - For Authorization scope, select Account.
  - For Policies, set Policy type to System policy.
  - In the Policies search box, enter AliyunFCFullAccess and AliyunOSSFullAccess, select them from the results, which adds them to the Selected policy list.
5. Click Confirm.
6. Click Disable.

Create a custom policy and grant the ListRoles permission to the RAM user.

In the left-side navigation pane of the RAM console, choose Permissions > Policies.
Click Create policy.

Click the JSON tab.

In the editor, enter the following custom policy document.

{
    "Version": "1",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ram:CreateRole",
                "ram:AttachPolicyToRole",
                "ram:ListRoles"
            ],
            "Resource": "*"
        }
    ]
}

Click OK.

On the Create policy page, configure the Name and Remarks.

Parameter	Description
Name	Enter a descriptive name to help you identify the policy.
Remarks	Optional. Enter a description for the policy.

Click OK.
In the left-side navigation pane, choose Identities > Users.
Find the target RAM user and click Add Permissions in the Actions column.

In the Grant Permission panel, configure the authorization information.

Parameter	Description
Authorization scope	Select Account. This applies the permissions at the account level. You cannot select Resource Group.
Principal	This field is automatically populated with the RAM user that you selected.
Policy	Set Policy type to Custom Policies. In the search box, enter the name of the custom policy that you created, select it, and add it to the Selected policy list.

Click Confirm.
Click Disable.