Edge Security Acceleration:Terraform reference

alicloud_esa_cache_reserve_instance: Provides an ESA cache reserved instance resource. This resource creates a cache reserved instance with auto-renewal to pre-allocate high-throughput cache resources for the cloud storage acceleration service and improve the response performance for frequently accessed data.

alicloud_esa_cache_rule: Provides an ESA cache rule resource. This resource configures cache rules for edge nodes to follow origin cache policies, disable browser caching, ignore query string variations, and include specific cookie or header cache control parameters.

alicloud_esa_certificate: Provides an ESA certificate resource. This resource automatically applies for and deploys free Let's Encrypt SSL certificates to implement HTTPS communication encryption.

alicloud_esa_client_ca_certificate: Provides an ESA client CA certificate resource. This resource uploads a client CA root certificate for mutual TLS (mTLS) authentication scenarios to verify the legitimacy of client certificates. This ensures that only client certificates issued by trusted CAs can access services.

alicloud_esa_client_certificate: Provides an ESA client certificate resource. This resource creates RSA-encrypted client certificates to implement strong client identity verification in mTLS scenarios.

alicloud_esa_compression_rule: Provides an ESA compression rule resource. You can use this resource to configure compression rules for domain names. This provides preset conditions for enabling specific compression policies.

alicloud_esa_edge_container_app: Provides an ESA Edge container application resource. This resource creates a container application, forwards external traffic to the container, and configures a Layer 7 health check. The health check uses the HEAD method to check the / path every 5 seconds, has a 3-second timeout, and triggers a status change after two consecutive successes or five consecutive failures. This configuration enables automated health monitoring and fault isolation for the container service.

alicloud_esa_edge_container_app_record: Provides an ESA Edge container application record resource. This resource deploys Edge container applications, configures Layer 7 health checks (HEAD method to detect the / path), and attaches domain names to implement traffic rerouting. You must ensure that the service on container port 3000 is active and that the health check parameters match your business requirements.

alicloud_esa_http_request_header_modification_rule: Provides an ESA HTTP request header modification rule resource. You can use this resource to configure request header modification rules to modify request header values. This provides preset rules to support fine-grained traffic debugging.

alicloud_esa_http_response_header_modification_rule: Provides the ESA HTTP response header modification rule resource. This resource enables fine-grained, scenario-based control over HTTP response headers for domain traffic by applying modification rules. For example, you can add the exampleadd header, delete the exampledel header, and modify the value of the examplemodify header.

alicloud_esa_https_application_configuration: Provides an ESA HTTPS application configuration resource. This resource configures HTTPS application layer parameters for domain names, including the maximum validity period for HSTS, and enables security extension features such as rules, HSTS enforcement, and Alt-SVC.

alicloud_esa_https_basic_configuration: Provides an ESA HTTPS basic configuration resource. This resource forcibly enables a global HTTPS encryption policy.

alicloud_esa_image_transform: Provides an ESA image transformation resource. This resource configures image format conversion rules for domain names.

alicloud_esa_kv: Provides an ESA edge Key-Value Store resource for storing and managing lightweight configuration data or static content on edge nodes to support fast reads and low-latency access.

alicloud_esa_kv_namespace: Provides an ESA KV namespace resource. This resource creates a Key-Value storage namespace to isolate storage and manage configuration data such as security policies, dynamic rules, API keys, and grayscale parameters. This provides hot-updatable lightweight metadata management capabilities for secure acceleration.

alicloud_esa_list: Provides an ESA list resource. This resource lets you view the list of ESA sites.

alicloud_esa_network_optimization: Provides an ESA network optimization resource. It configures network optimization rules for requests that match domain names, supports WebSocket, gRPC, or HTTP/2 origin protocols, and limits the maximum file upload size. This lets you optimize network transmission and implement security controls for specific service traffic.

alicloud_esa_origin_ca_certificate: Provides the ESA origin CA certificate resource. This resource configures a trusted certification authority (CA) certificate for the Alibaba Cloud Edge Security Acceleration (ESA) service. This allows an ESA edge node to verify the origin server certificate when an HTTPS back-to-origin connection is established with a backend origin server, which ensures the security and trustworthiness of the back-to-origin communication.

alicloud_esa_origin_client_certificate: Provides the ESA origin client certificate resource. This resource creates or uploads a client TLS certificate and configures it for the Alibaba Cloud Edge Security Acceleration (ESA) service. This allows an ESA edge node to provide client identity authentication to the origin server when the node initiates an origin request to the backend origin server as an HTTPS client. This process implements client identity verification in mutual TLS (mTLS) authentication.

alicloud_esa_origin_pool: Provides an ESA origin pool resource. This resource lets you configure a mixed pool of multiple origins, including one Alibaba Cloud OSS origin (cross-account key authentication) and two private storage origins compatible with the S3 protocol (AWS v2 signature authentication). This implements cross-border traffic distribution to different cloud storage services based on a specified ratio, while ensuring back-to-origin compatibility through Host header rewriting and TLS SNI.

alicloud_esa_origin_protection: Provides an ESA origin protection configuration resource to centrally configure and manage security mitigation policies for backend origin servers. By hiding the real IP addresses of origin servers, forcing traffic to be forwarded through ESA edge nodes, and enabling security authentication mechanisms, this resource prevents servers from being directly exposed to the internet. This defends against threats such as DDoS attacks, CC attacks, and scanning probes, and improves the overall availability and security of backend services.

alicloud_esa_origin_rule: Provides an ESA Origin Rule resource. This resource forwards traffic to the origin port over the HTTP protocol and enables Host header passing, SNI extension, and chunked transfer (Range) support.

alicloud_esa_page: Provides an ESA page resource. This resource creates a custom error page with a Base64-encoded HTML template. When decoded, the template is a standard 403 Forbidden access page with a Chinese language declaration.

alicloud_esa_rate_plan_instance: Provides an ESA Rate Plan instance resource. This resource creates an NS-type billing instance on a subscription basis and enables auto-renewal and automatic payment. This provides the basic resource quota and billing framework for subsequent deployments of Global Accelerator services, such as sites and routing rules.

alicloud_esa_record: Provides an ESA record resource that lets you add records and set their priority, weight, and TTL to implement service discovery and load balancing based on the DNS protocol.

alicloud_esa_redirect_rule: Provides an ESA redirect rule resource, which configures a 301 permanent redirect rule that automatically redirects to a static target address while preserving the original request's query parameters.

alicloud_esa_rewrite_url_rule: Provides an ESA URL rewrite rule resource. When enabled, the rule statically rewrites the path and sets fixed query parameters to provide precise request path control and parameter standardization.

alicloud_esa_routine: Provides an ESA Edge Routine resource. An Edge Routine is a lightweight Edge Function that runs on global edge nodes. It lets you use custom JavaScript or scripts with similar syntax to dynamically process HTTP or HTTPS requests and responses at the network edge closer to end users, which enables low-latency, high-performance, and personalized logic control.

alicloud_esa_routine_route: Provides an ESA Edge Routine routing resource. This resource attaches a created Edge Routine (defined by alicloud_esa_routine) to specified domain names, paths, or hostnames, and defines the request conditions that trigger the execution of the Edge Routine to implement edge logic scheduling based on routing rules.

alicloud_esa_scheduled_preload_execution: Provides an ESA scheduled prefetch execution resource. This resource triggers a configured prefetch task that automatically runs at a specified time to proactively load content from specified URLs to the cache of edge nodes. This process improves response speed for user access and is suitable for scenarios such as periodic content preloading or preloading before peak traffic.

alicloud_esa_scheduled_preload_job: Provides a resource for ESA scheduled prefetch tasks. This resource creates and manages periodic cache prefetch tasks. By configuring an execution frequency, a list of target URLs, and an associated domain name, you can automatically preload content to edge nodes. This process improves the response efficiency for frequently accessed resources and optimizes the user access experience.

alicloud_esa_site: Provides an ESA site resource. It purchases a subscription for a Basic Edition, NS-type Global Accelerator instance, creates a site, and attaches the site to a resource group to automate the deployment of global network acceleration capabilities.

alicloud_esa_site_delivery_task: Provides an ESA site delivery task resource. It configures an HTTP log delivery task to transmit log data that contains 12 key monitoring fields to a target address in real time using gzip compression. You can set the maximum batch size, a retry mechanism, and timeout controls to ensure reliable and timely log transmission.

alicloud_esa_site_origin_client_certificate: Provides an ESA site-level origin client certificate resource. This resource configures a client TLS certificate for a specific accelerated site. The certificate enables ESA edge nodes to use mutual TLS (mTLS) to authenticate with the origin server during an origin fetch. This ensures that only trusted edge nodes can access origin services that require client certificate authentication and enhances the security of back-to-origin communication.

alicloud_esa_version: Provides the ESA Site Version resource. You can use esa_version to create, save, and roll back different configuration versions for accelerated sites, such as domain name sites. These configurations include settings such as cache rules, certificates, routing policies, and Edge Routines. This enables phased releases, version comparisons, and quick rollbacks for configuration changes, which ensures stability and maintainability during the site update process.

alicloud_esa_video_processing: Provides ESA video processing resources. This resource supports operations on video content at edge nodes, such as real-time transcoding, screenshots, watermarking, format conversion, and adaptive bitrate streaming (such as generating HLS or DASH shards). With this resource, you can define video processing templates or task rules. When combined with an accelerated domain name, these rules automatically trigger a video processing flow to perform lightweight media processing at a location closer to the user. This reduces the load on the origin server and improves video loading speed and the playback experience.

alicloud_esa_waiting_room: Provides an ESA waiting room resource. It configures a waiting room, including first-in, first-out (FIFO) queue-based traffic control rules (active user limits, session duration, and multi-subdomain path configuration). This provides preset grayscale control capabilities for burst traffic scenarios.

alicloud_esa_waiting_room_event: Provides an ESA waiting room event resource. This resource configures waiting rooms and their event rules to control burst traffic and prevent server overload using a first-in, first-out (FIFO) queue management mechanism when needed.

alicloud_esa_waiting_room_rule: Provides an ESA waiting room rule resource. This rule automatically enables the waiting room mechanism for requests that meet traffic matching conditions during traffic bursts. This mechanism queues and controls the requests to effectively prevent server overload.