Alibaba Cloud DCDN is integrated with Terraform, which lets you add and configure DCDN resources. This tutorial describes how to add a DCDN accelerated domain name and configure an IP address whitelist for it.
You can run the sample code in this tutorial with a single click. Run now
Prerequisites
-
Before you use DCDN for the first time, you must activate the DCDN service. For more information, see Activate DCDN service.
-
To reduce security risks, use a Resource Access Management (RAM) user with the least privilege to complete the operations in this tutorial. For more information, see Create a RAM user and Manage RAM user permissions. The following access policy grants the minimum permissions required for this tutorial:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "dcdn:AddDcdnDomain", "dcdn:DescribeDcdnUserDomains", "dcdn:SetDcdnDomainSSLCertificate", "dcdn:DescribeDcdnDomainDetail", "dcdn:DescribeDcdnDomainCertificateInfo", "dcdn:DescribeDcdnTagResources", "dcdn:DeleteDcdnDomain", "dcdn:DescribeDcdnUserConfigs", "dcdn:DescribeDcdnService", "dcdn:BatchSetDcdnDomainConfigs", "dcdn:DescribeDcdnDomainConfigs", "dcdn:DeleteDcdnSpecificConfig" ], "Resource": "*" } ] } -
Prepare a Terraform runtime environment. Choose one of the following methods to use Terraform.
-
Explorer: Alibaba Cloud provides an online runtime environment for Terraform, which does not require you to install Terraform. You can log on to use and test Terraform online. This method is suitable for scenarios where you want to quickly and easily test Terraform at no cost.
-
Cloud Shell: Alibaba Cloud Cloud Shell has Terraform components pre-installed and identity credentials configured. You can run Terraform commands directly in Cloud Shell. This method is suitable for low-cost, fast, and convenient access to Terraform.
-
Install and configure Terraform locally: This method is suitable for scenarios with poor network connectivity or where a custom developer environment is required.
-
Resources used
Some resources used in the example in this tutorial incur fees. Release these resources promptly when they are no longer needed.
-
alicloud_dcdn_domain: Adds a DCDN accelerated domain name.
-
alicloud_dcdn_domain_config: Configures rules for a DCDN accelerated domain name.
Step 1: Add an accelerated domain name
-
Create a working directory. In the working directory, create a configuration file named main.tf. Add the following code to main.tf:
resource "random_integer" "default" { min = 10000 max = 99999 } # Add an accelerated domain name resource "alicloud_dcdn_domain" "domain" { domain_name = "mydcdndomain-${random_integer.default.result}.alicloud-provider.cn" scope = "overseas" sources { content = "myoss-${random_integer.default.result}.oss-rg-china-mainland.aliyuncs.com" type = "oss" priority = "20" port = 80 weight = "15" } } -
Run the following command to initialize the Terraform runtime environment.
terraform initThe following output indicates that Terraform is successfully initialized.
Initializing the backend... Initializing provider plugins... ... Terraform has been successfully initialized! ... -
Run the following command to execute the plan and add the accelerated domain name.
terraform applyWhen the command is run, enter
yesat the prompt and press the Enter key. Wait for the command to complete. The following message indicates that the accelerated domain name is added successfully.NoteIf the error message "code: 400, Owner verification of the root domain failed." is returned, this indicates that you are adding the domain name to the DCDN system for the first time. You must verify the ownership of the domain name. For more information, see Verify domain name ownership.
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Step 2: Configure rules for the accelerated domain name
-
Add the following code to the main.tf file.
// # Configure an IP address whitelist for the accelerated domain name resource "alicloud_dcdn_domain_config" "config-ip" { domain_name = alicloud_dcdn_domain.domain.domain_name function_name = "ip_allow_list_set" function_args { arg_name = "ip_list" arg_value = "192.168.0.1" } } -
Create an execution plan and preview the changes.
terraform plan -
Run the following command to execute the plan and configure an IP address whitelist for the accelerated domain name.
terraform applyWhen the command is run, enter
yesat the prompt and press the Enter key. Wait for the command to complete. The following message indicates that the rule is configured successfully.Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Verification results
Run the terraform show command
Run the following command to query the details of the resources that are created by Terraform:
terraform show
Log on to the DCDN console
Log on to the DCDN console and view the IP Blacklist/Whitelist for the added domain name.
Clean up resources
Run the following command to release the resources that are managed by Terraform when they are no longer needed. For more information about terraform destroy, see Common commands.
terraform destroyComplete example
You can run the sample code in this tutorial with a single click. Run now
Sample code
For more complete examples, go to the folder for the corresponding product in More complete examples.