Template name
ACS-CDN-SetDomainServerCertificate
Template description
Enables the certificate of a domain name.
Template type
Automated
Owner
Alibaba Cloud
Input parameters
Parameter | Description | Data type | Required | Default value | Limit |
domainName | The domain name. | String | Yes | ||
certType | The certificate type. | String | Yes | ||
certName | The certificate name. | String | Yes | ||
regionId | The region ID. | String | No | {{ ACS::RegionId }} | |
serverCertificateStatus | Specifies whether to enable the HTTPS certificate. | String | No | on | |
serverCertificate | The certificate content. | String | No | "" | |
privateKey | The private key content. | String | No | "" | |
forceSet | Specifies whether to overwrite the information about the existing certificate that uses the same name. | String | No | 1 | |
OOSAssumeRole | The RAM role that is assumed by CloudOps Orchestration Service (OOS). | String | No | "" |
Output parameters
N/A.
Permission policy that is required to execute the template
{
"Version": "1",
"Statement": [
{
"Action": [
"cdn:DescribeCdnDomainDetail",
"cdn:SetDomainServerCertificate"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
References
ACS-CDN-SetDomainServerCertificate
Template content
FormatVersion: OOS-2019-06-01
Description:
en: Set domain server certificate
name-en: ACS-CDN-SetDomainServerCertificate
categories:
- security
Parameters:
regionId:
Label:
en: RegionId
AssociationProperty: RegionId
Type: String
Default: '{{ ACS::RegionId }}'
domainName:
Label:
en: DomainName
Type: String
serverCertificateStatus:
Label:
en: ServerCertificateStatus
Type: String
AllowedValues:
- 'on'
- 'off'
Default: 'on'
certType:
Description:
en: When the certificate type is cas, PrivateKey does not need to pass parameters
Label:
en: CertType
Type: String
AllowedValues:
- cas
- free
- upload
certName:
Label:
en: CertName
Type: String
serverCertificate:
Description:
en: Specify the content of the certificate only if you enable the SSL certificate
Label:
en: ServerCertificate
Type: String
Default: ''
privateKey:
Description:
en: Specify the private key only if you enable the SSL certificate
Label:
en: PrivateKey
Type: String
Default: ''
forceSet:
Description:
en: If you set the value to 1, the system does not check the certificate name for duplicates and overwrites the information of the existing certificate with the same name
Label:
en: ForceSet
Type: String
Default: 1
OOSAssumeRole:
Label:
en: OOSAssumeRole
Type: String
Default: ''
RamRole: '{{ OOSAssumeRole }}'
Tasks:
- Name: getDomainDetail
Action: ACS::ExecuteApi
Description:
en: get domain detail.
Properties:
Service: CDN
API: DescribeCdnDomainDetail
Parameters:
RegionId: '{{ regionId }}'
DomainName: '{{ domainName }}'
Outputs:
serverCertificateStatus:
Type: String
ValueSelector: GetDomainDetailModel.ServerCertificateStatus
- Name: whetherDomainIsReady
Action: 'ACS::Choice'
Description:
en: Choose next task by server eertificate status
Properties:
DefaultTask: SetDomainServerCertificate
Choices:
- When:
'Fn::Equals':
- 'on'
- '{{ getDomainDetail.serverCertificateStatus }}'
NextTask: ACS::END
- Name: SetDomainServerCertificate
Action: ACS::ExecuteApi
Description:
en: Set domain server certificate
Properties:
Service: CDN
API: SetDomainServerCertificate
Parameters:
RegionId: '{{ regionId }}'
DomainName: '{{ domainName }}'
ServerCertificateStatus: '{{ serverCertificateStatus }}'
CertType: '{{ certType }}'
ServerCertificate: '{{ serverCertificate }}'
PrivateKey: '{{ privateKey }}'
ForceSet: '{{ forceSet }}'
Metadata:
ALIYUN::OOS::Interface:
ParameterGroups:
- Parameters:
- regionId
- domainName
- serverCertificateStatus
- certType
- certName
- serverCertificate
- privateKey
- forceSet
Label:
default:
en: Configure Parameters
- Parameters:
- OOSAssumeRole
Label:
default:
en: Control Options