Use ROS to add a domain name to DCDN - Edge Security Acceleration

You can use Resource Orchestration Service (ROS) to call API operations of Dynamic Content Delivery Network (DCDN). This topic describes how to create an Resource Orchestration Service template and use the template to automatically add a domain name to DCDN.

ROS

ROS is an Alibaba Cloud service that simplifies the management of cloud computing resources. You can create a template to describe the cloud computing resources that you want to use, such as Elastic Compute Service (ECS) and ApsaraDB RDS instances, and the relationship between the resources. ROS automatically creates and configures all resources based on the template to implement automated deployment and O&M. For more information, see What is ROS?.
Resource integration by using ROS
You can use ROS to call DCDN API operations. Only regular resources can be orchestrated by using ROS.
- Regular resources:
  - ALIYUN::DCDN::Domain: adds a domain name to DCDN.

Permissions

In this example, you need to add a domain name to DCDN. By default, Resource Orchestration Service uses the credentials of the user who logs on to the ROS console. The user must be granted the following permissions:

AliyunDCDNFullAccess: grants a RAM user the permissions to manage DCDN resources.

An Alibaba Cloud account has permissions on all API operations. Security risks may arise if you use an Alibaba Cloud account to call API operations. We strongly recommend that you call API operations or perform routine O&M as a RAM user. Before you call API operations as a RAM user, grant the required permissions to the RAM user based on your business requirements. The RAM user must have the permissions to manage DCDN resources. For more information, see System policies for DCDN.

Procedure

Log on to the ROS console. In the top navigation bar, select a region.
In the left-side navigation pane, click Stacks. On the Stacks page, choose Create Stack > Use ROS.
- Specify Template: Select Select an Existing Template.
- Template Import Method: Select Enter Template Content.

Template Content: Select ROS and then enter code.

For more information about the syntax, description, and examples of how to add a domain name to DCDN, see ALIYUN::DCDN::Domain.

YAML format

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  CheckUrl:
    Description: ''
    Type: String
  DomainName:
    Description: 'The name of the accelerated domain. You can specify only one domain
      name.  Wildcard domain names are supported. Wildcard domain names must start
      with a period (.). Example: .a.com.'
    Type: String
  ResourceGroupId:
    Description: The ID of the resource group. If you do not specify this parameter,
      the system automatically uses the ID of the default resource group.
    Type: String
  SSLPub:
    Description: Indicates the public key of the certificate if the HTTPS protocol
      is enabled.
    Type: String
  Scope:
    Description: 'The region where your accelerated service is deployed. Valid values:  domestic
      (default): mainland China. overseas: outside mainland China. global: all countries
      in the world.'
    Type: String
  Sources:
    Description: The origin information.
    Type: Json
  TopLevelDomain:
    Description: ''
    Type: String
Resources:
  DCDNDomain:
    Properties:
      CheckUrl:
        Ref: CheckUrl
      DomainName:
        Ref: DomainName
      ResourceGroupId:
        Ref: ResourceGroupId
      Scope:
        Ref: Scope
      Sources:
        Ref: Sources
      TopLevelDomain:
        Ref: TopLevelDomain
    Type: ALIYUN::DCDN::Domain
Outputs:
  CertName:
    Description: The name of the certificate.
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - CertName
  Cname:
    Description: The canonical name (CNAME) of the accelerated domain.
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - Cname
  Description:
    Description: The reason that causes the review failure.
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - Description
  DomainName:
    Description: 'The name of the accelerated domain. You can specify only one domain
      name.  Wildcard domain names are supported. Wildcard domain names must start
      with a period (.). Example: .a.com.'
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - DomainName
  ResourceGroupId:
    Description: The ID of the resource group. If you do not specify this parameter,
      the system automatically uses the ID of the default resource group.
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - ResourceGroupId
  SSLProtocol:
    Description: 'Indicates whether the SSL certificate is enabled. Valid values:  on:
      enabled off: disabled'
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - SSLProtocol
  SSLPub:
    Description: Indicates the public key of the certificate if the HTTPS protocol
      is enabled.
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - SSLPub
  Scope:
    Description: 'The region where your accelerated service is deployed. Valid values:  domestic
      (default): mainland China. overseas: outside mainland China. global: all countries
      in the world.'
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - Scope
  Sources:
    Description: The origin information.
    Value:
      Fn::GetAtt:
      - DCDNDomain
      - Sources

JSON format

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Status": {
      "Type": "String",
      "Description": "The status of the accelerated domain.  online: The domain is enabled. offline: The domain is disabled. configuring: The domain is being configured. configure_failed: The domain configuration failed. checking: The domain is under review. check_failed: The domain failed the review."
    },
    "SecurityToken": {
      "Type": "String",
      "Description": ""
    },
    "CheckUrl": {
      "Type": "String",
      "Description": ""
    },
    "ResourceGroupId": {
      "Type": "String",
      "Description": "The ID of the resource group. If you do not specify this parameter, the system automatically uses the ID of the default resource group."
    },
    "Scope": {
      "Type": "String",
      "Description": "The region where your accelerated service is deployed. Valid values:  domestic (default): mainland China. overseas: outside mainland China. global: all countries in the world."
    },
    "DomainName": {
      "Type": "String",
      "Description": "The name of the accelerated domain. You can specify only one domain name.  Wildcard domain names are supported. Wildcard domain names must start with a period (.). Example: .a.com."
    },
    "TopLevelDomain": {
      "Type": "String",
      "Description": ""
    },
    "Sources": {
      "Type": "Json",
      "Description": "The origin information."
    }
  },
  "Resources": {
    "DCDNDomain": {
      "Type": "ALIYUN::DCDN::Domain",
      "Properties": {
        "SecurityToken": {
          "Ref": "SecurityToken"
        },
        "CheckUrl": {
          "Ref": "CheckUrl"
        },
        "ResourceGroupId": {
          "Ref": "ResourceGroupId"
        },
        "Scope": {
          "Ref": "Scope"
        },
        "DomainName": {
          "Ref": "DomainName"
        },
        "SSLPub": {
          "Ref": "SSLPub"
        },
        "CertName": {
          "Ref": "CertName"
        },
        "TopLevelDomain": {
          "Ref": "TopLevelDomain"
        },
        "Sources": {
          "Ref": "Sources"
        }
      }
    }
  },
  "Outputs": {
    "Description": {
      "Description": "The reason that causes the review failure.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "Description"
        ]
      }
    },
    "ResourceGroupId": {
      "Description": "The ID of the resource group. If you do not specify this parameter, the system automatically uses the ID of the default resource group.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "ResourceGroupId"
        ]
      }
    },
    "Scope": {
      "Description": "The region where your accelerated service is deployed. Valid values:  domestic (default): mainland China. overseas: outside mainland China. global: all countries in the world.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "Scope"
        ]
      }
    },
    "DomainName": {
      "Description": "The name of the accelerated domain. You can specify only one domain name.  Wildcard domain names are supported. Wildcard domain names must start with a period (.). Example: .a.com.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "DomainName"
        ]
      }
    },
    "SSLPub": {
      "Description": "Indicates the public key of the certificate if the HTTPS protocol is enabled.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "SSLPub"
        ]
      }
    },
    "CertName": {
      "Description": "The name of the certificate.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "CertName"
        ]
      }
    },
    "Cname": {
      "Description": "The canonical name (CNAME) of the accelerated domain.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "Cname"
        ]
      }
    },
    "Sources": {
      "Description": "The origin information.",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "Sources"
        ]
      }
    },
    "SSLProtocol": {
      "Description": "Indicates whether the SSL certificate is enabled. Valid values:  on: enabled off: disabled",
      "Value": {
        "Fn::GetAtt": [
          "DCDNDomain",
          "SSLProtocol"
        ]
      }
    }
  }
}

Click Create and execute the created stack.
After the stack is created, call API operations, use SDKs, or log on to the DCDN console to view the domain name.