Alibaba Cloud CDN is integrated with Terraform. You can use Terraform to add and configure domain names that you want to accelerate. This topic describes how to use Terraform to add a domain name to CDN and configure the domain name.
Before you begin
Before you can use CDN, activate CDN. For more information, see Activate CDN.
Use a RAM user that has the minimum required permissions to perform the operations in this topic. This minimizes the risk of leaking the AccessKey pair of your Alibaba Cloud account. For information about how to attach the policy that contains the minimum required permissions to the RAM user, see Create a RAM user and Grant permissions to a RAM user. In this example, the following policy is used:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "cdn:AddCdnDomain", "cdn:DescribeCdnDomainDetail", "cdn:DescribeDomainCertificateInfo", "cdn:ListTagResources", "cdn:DeleteCdnDomain", "cdn:BatchSetCdnDomainConfig", "cdn:DescribeCdnDomainConfigs", "cdn:DeleteSpecificConfig" ], "Resource": "*" } ] }Prepare the Terraform environment. You can use one of the following methods to use Terraform:
Use Terraform in Terraform Explorer: Alibaba Cloud provides Terraform Explorer, an online runtime environment for Terraform. You can use Terraform after you log on to Terraform Explorer without the need to install Terraform. For more information, see Use Terraform in Terraform Explorer. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at no additional cost.
Use Terraform in Cloud Shell: Terraform is preinstalled in Cloud Shell and identity credentials are configured. You can directly run Terraform commands in Cloud Shell. For more information, see Use Terraform in Cloud Shell. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at low costs.
Install and configure Terraform on your on-premises machine: This method is suitable for scenarios in which network conditions are poor or a custom development environment is used. For more information, see Install and configure Terraform in the local PC.
Resources used
Fees are generated for specific resources in this example. Release or unsubscribe from the resources when you no longer need them.
alicloud_cdn_domain_new: adds a domain name to CDN.
alicloud_cdn_domain_config: configures a rule for an CDN-accelerated domain name.
Step 1: Add a domain name to CDN
Create a working directory and a file named main.tf in the directory. Then, copy the following content to the main.tf file:
resource "random_integer" "default" { min = 10000 max = 99999 } # Add a domain name. resource "alicloud_cdn_domain_new" "domain" { domain_name = "mycdndomain-${random_integer.default.result}.alicloud-provider.cn" cdn_type = "download" scope = "overseas" sources { content = "myoss-${random_integer.default.result}.oss-rg-china-mainland.aliyuncs.com" type = "oss" priority = "20" port = 80 weight = "15" } }Run the following command to initialize the Terraform runtime environment:
terraform initIf the following information is returned, Terraform is initialized:
Initializing the backend... Initializing provider plugins... ... Terraform has been successfully initialized! ...Run the following command to add a domain name:
terraform applyDuring the execution, enter
yesas prompted and press the Enter key. Wait until the command is executed. If the following information appears, the domain name is added.NoteIf the error message "code: 400, Owner verification of the root domain failed" appears, the domain name is added to the CDN for the first time, and you need to verify the ownership of the domain name. For more information, see Verify the ownership of a domain name.
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Step 2: Configure a rule for the domain name
Add the following content to the main.tf file.
# Configure an IP address whitelist for the domain name. resource "alicloud_cdn_domain_config" "config-ip" { domain_name = alicloud_cdn_domain_new.domain.domain_name function_name = "ip_allow_list_set" function_args { arg_name = "ip_list" arg_value = "192.168.0.1" } }Create an execution plan and preview the changes.
terraform planRun the following command to configure an IP address whitelist for the domain name:
terraform applyDuring command execution, follow the instructions to type
yesand press Enter. Wait until the command is run. If the following information is returned, the rule is configured.Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Check the result
Run the terraform show command
Run the following command to query the resources that have been created by Terraform:
terraform show
Log on to the CDN console
Log on to the CDN console and view the IP address blacklist and whitelist configured for the added domain name.
Clear resources
If you no longer require the preceding resources that are created or managed by using Terraform, run the following command to release the resources. For more information about the terraform destroy command, see Common commands.
terraform destroyExample
Sample code
If you want to experience more examples, go to the quickstarts page and view the examples in the folder of the corresponding service.