The ALIYUN::OSS::Bucket resource type creates an OSS bucket.
Syntax
{
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": String,
"RefererConfiguration": Map,
"ServerSideEncryptionConfiguration": Map,
"CORSConfiguration": Map,
"Tags": Map,
"LoggingConfiguration": Map,
"LifecycleConfiguration": Map,
"StorageClass": String,
"DeletionForce": Boolean,
"Policy": Map,
"BucketName": String,
"RedundancyType": String,
"VersioningConfiguration": Map,
"ResourceGroupId": String,
"EnableOssHdfsService": Boolean,
"WebsiteConfigurationV2": Map,
"BlockPublicAccess": Boolean
}
}Properties
Property name | Type | Required | Update allowed | Description | Constraint |
BucketName | String | Yes | No | The name of the bucket. | The name must be 3 to 63 characters in length. It must start and end with a lowercase letter or digit. It can contain only lowercase letters, digits, and hyphens (-). Note This name must be globally unique. You can use AutoCompleteInput in AssociationProperty to generate a random string automatically. For more information, see How do I control the length of a random string?. |
AccessControl | String | No | Yes | The access permissions for the bucket. | Valid values:
|
CORSConfiguration | Map | No | Yes | The cross-origin resource sharing (CORS) configuration. | For more information, see CORSConfiguration properties. |
DeletionForce | Boolean | No | Yes | Specifies whether to force delete objects in the bucket. | Valid values:
|
EnableOssHdfsService | Boolean | No | Yes | Specifies whether to enable the OSS-HDFS service. | Valid values:
|
BlockPublicAccess | Boolean | No | Yes | Specifies whether to block public access to the bucket. | Valid values:
|
LifecycleConfiguration | Map | No | Yes | The lifecycle configuration for objects in the bucket. | For more information, see LifecycleConfiguration properties. |
LoggingConfiguration | Map | No | No | The log storage configuration. | For more information, see LoggingConfiguration properties. |
Policy | Map | No | Yes | The bucket policy. | For more information, see Common bucket policy examples. |
RedundancyType | String | No | No | The data redundancy type for the bucket. | Valid values:
|
RefererConfiguration | Map | No | Yes | The hotlink protection configuration. | For more information, see RefererConfiguration properties. |
ResourceGroupId | String | No | No | The ID of the resource group. | None |
ServerSideEncryptionConfiguration | Map | No | Yes | The server-side encryption configuration. | For more information, see ServerSideEncryptionConfiguration properties. |
StorageClass | String | No | No | The storage class for the bucket. | Valid values:
|
Tags | Map | No | Yes | The tags for the bucket. Each tag is a key-value pair. | You can configure up to 20 tags. The key must be 1 to 64 characters in length. It cannot start with The value must be 0 to 128 characters in length and encoded in UTF-8. |
VersioningConfiguration | Map | No | Yes | A container that stores versioning status. | For more information, see VersioningConfiguration properties. |
WebsiteConfigurationV2 | Map | No | No | The website configuration. | For more information, see WebsiteConfigurationV2 properties. |
CORSConfiguration syntax
"CORSConfiguration": {
"CORSRule": List,
"ResponseVary": Boolean
}CORSConfiguration properties
Property name | Type | Required | Update allowed | Description | Constraint |
CORSRule | List | No | Yes | The CORS rule. | For more information, see CORSRule properties. |
ResponseVary | Boolean | No | Yes | Specifies whether to return the | Valid values:
Note You cannot configure this field alone. You must configure at least one CORS rule for this field to take effect. |
CORSRule syntax
"CORSRule": [
{
"MaxAgeSeconds": Number,
"AllowedMethod": List,
"ExposeHeader": List,
"AllowedOrigin": List,
"AllowedHeader": List
}
]CORSRule properties
Property name | Type | Required | Update allowed | Description | Constraint |
AllowedHeader | List | No | Yes | The headers allowed in cross-origin requests. | Valid values:
|
AllowedMethod | List | No | Yes | The HTTP methods allowed in cross-origin requests. | Valid values:
|
AllowedOrigin | List | No | Yes | The origins allowed in cross-origin requests. | None |
ExposeHeader | List | No | Yes | The response headers that users can access from applications. | The asterisk (*) is not allowed. |
MaxAgeSeconds | Number | No | Yes | The time that browsers cache the results of OPTIONS requests for specific resources. | None |
LifecycleConfiguration syntax
"LifecycleConfiguration": {
"Rule": List
}LifecycleConfiguration properties
Property name | Type | Required | Update allowed | Description | Constraint |
Rule | List | Yes | No | The lifecycle rule. | For more information, see Rule properties. |
Rule syntax
"Rule": [
{
"Status": String,
"AbortMultipartUpload": Map,
"Expiration": Map,
"Prefix": String,
"ID": String,
"Filter": Map,
"Transition": List
}
]Rule properties
Property name | Type | Required | Update allowed | Description | Constraint |
Prefix | String | Yes | No | The prefix to which the rule applies. | Only objects whose names match the prefix are affected by the rule. |
AbortMultipartUpload | Map | No | No | The expiration settings for incomplete multipart uploads. | For more information, see AbortMultipartUpload properties. |
Expiration | Map | No | No | The expiration settings for objects. | For more information, see Expiration properties. |
ID | String | No | No | The unique ID of the rule. | The ID can be up to 255 characters in length. If you do not specify an ID or leave it empty, OSS generates a unique ID automatically. |
Status | String | No | Yes | Enables or disables the rule. | Valid values:
|
Filter | Map | No | No | This exclusion rule supports only one condition. | For more information, see Filter properties. |
Transition | List | No | No | The list of storage redundancy transition tasks. | For more information, see Transition properties. |
Transition syntax
"Transition": [
{
"CreatedBeforeDate": String,
"Days": Integer,
"IsAccessTime": Boolean,
"ReturnToStdWhenVisit": Boolean,
"AllowSmallFile": Boolean,
"StorageClass": String
}
]Transition properties
Property name | Type | Required | Update allowed | Description | Constraint |
CreatedBeforeDate | String | No | No | Specify a date. OSS applies the lifecycle rule to objects whose last modified time is earlier than this date. | The date must follow the ISO 8601 format and must be midnight (00:00:00) in UTC time. |
Days | Integer | No | No | Specify how many days after the object was last updated before the lifecycle rule takes effect. | Valid values: positive integers, such as 30, 90, and 180. |
IsAccessTime | Boolean | No | No | Specify whether the lifecycle rule is applied based on the last access time of the object. |
|
ReturnToStdWhenVisit | Boolean | No | No | Specify whether to change the storage class of non-standard objects back to Standard when they are accessed. | This option takes effect only when IsAccessTime is set to true. |
AllowSmallFile | Boolean | No | No | Specifies whether to base the operation on an object's last access time. | Change the storage class to IA, Archive, or Cold Archive for objects smaller than 64 KB. |
StorageClass | String | No | No | The storage class to which the object is changed. | Valid values:
|
Filter syntax
"Filter":{
"Not": Map
}Filter properties
Property name | Type | Required | Update allowed | Description | Constraint |
Not | Map | No | No | The exclusion rule. | For more information, see Not properties. |
Not syntax
"Not":{
"Tag": List,
"Prefix": String
}Not properties
Property name | Type | Required | Update allowed | Description | Constraint |
Tag | List | No | No | The tag for the exclusion rule. | This exclusion rule applies to at most one object tag. |
Prefix | String | No | No | The prefix for the rule. | The following object prefix conditions apply to this exclusion rule:
In short, this rule states that when you configure an exclusion rule, if the parent rule defines a prefix, the prefix in the Not node must be a subset or specific instance of the parent prefix. They cannot be identical unless you configure a tag. This design enables fine-grained and flexible file or object filtering, especially in scenarios such as cloud storage, data backup, or content filtering. |
Expiration syntax
"Expiration":{
"Days": Number,
"CreatedBeforeDate": String,
"ExpiredObjectDeleteMarker": Boolean
}Expiration properties
Property name | Type | Required | Update allowed | Description | Constraint |
CreatedBeforeDate | String | No | No | Specify a date. OSS applies the rule to objects whose last modified time is earlier than this date. | The date must follow the ISO 8601 format and must be midnight (00:00:00) in UTC time. Example: |
Days | Number | No | No | Specify how many days after the object was last modified before the rule takes effect. | OSS calculates the number of days from the last modified time of the object. When the specified number of days has passed, OSS deletes the object. For example, if you set the number of days to 30, OSS deletes an object whose last modified date is January 1, 2016 on January 31, 2016. |
ExpiredObjectDeleteMarker | Boolean | No | No | Specify whether to automatically delete expired delete markers. | Valid values:
|
AbortMultipartUpload syntax
"AbortMultipartUpload": {
"CreatedBeforeDate": String,
"Days": Number
}AbortMultipartUpload properties
Property name | Type | Required | Update allowed | Description | Constraint |
CreatedBeforeDate | String | No | No | Specify the date before which the rule takes effect. | The date must follow the ISO 8601 format and must be midnight (00:00:00) in UTC time. Example: |
Days | Number | No | No | Specify how many days after the object was last modified before the rule takes effect. | OSS calculates the number of days from the last modified time of the object. When the specified number of days has passed, OSS deletes the object. For example, if you set the number of days to 30, OSS deletes an object whose last modified date is January 1, 2016 on January 31, 2016. |
LoggingConfiguration syntax
"LoggingConfiguration": {
"TargetBucket": String,
"TargetPrefix": String
}LoggingConfiguration properties
Property name | Type | Required | Update allowed | Description | Constraint |
TargetBucket | String | No | No | The bucket where access logs are stored. | None |
TargetPrefix | String | No | No | The prefix for the saved access log files. | None |
WebsiteConfigurationV2 syntax
"WebsiteConfiguration":{
"RoutingRules": List,
"IndexDocument": Map,
"ErrorDocument": Map
}WebsiteConfigurationV2 properties
Property name | Type | Required | Update allowed | Description | Constraint |
ErrorDocument | Map | No | No | The static error page hosted on the bucket. | None |
IndexDocument | Map | No | No | The static homepage hosted on the bucket. | None |
RoutingRules | List | No | No | The list of routing rules. | Maximum length: 20. |
IndexDocument syntax
"IndexDocument":{
"Suffix": String,
"Type": String,
"SupportSubDir": String
}IndexDocument properties
Property name | Type | Required | Update allowed | Description | Constraint |
Suffix | String | Yes | No | The default index page. | After you configure the default index page, if you access an object that ends with a forward slash (/), OSS returns this default index page. |
Type | String | No | No | Specify the behavior when you try to access an object that does not exist and does not end with a forward slash (/) after you configure the default index page. | This rule takes effect only when SupportSubDir is set to true, and takes effect after RoutingRule but before ErrorFile. Assume that the default index page is index.html. When you access bucket.oss-cn-hangzhou.aliyuncs.com/abc and the object abc does not exist, the behavior for different Type values is as follows:
|
SupportSubDir | String | No | No | Specify whether to redirect to the default homepage of a subdirectory when you access the subdirectory. | Valid values:
|
RoutingRules syntax
"RoutingRules":[{
"Redirect": Map,
"Condition": Map,
"RuleNumber": Integer
}]RoutingRules properties
Property name | Type | Required | Update allowed | Description | Constraint |
Redirect | Map | Yes | No | Specify the action to perform when the rule matches. | For more information, see Redirect properties. |
Condition | Map | Yes | No | The matching condition. | This rule takes effect only when all specified conditions are met. A match is successful only when all conditions in this container are satisfied. For more information, see Condition properties. |
RuleNumber | Integer | Yes | No | The sequence number of the routing rule to match and execute. OSS matches rules in order of this sequence number. | If a match is successful, OSS executes this rule and stops executing subsequent rules. |
Condition syntax
"Condition":{
"KeyPrefixEquals": String,
"HttpErrorCodeReturnedEquals": String,
"IncludeHeaders": List,
"KeySuffixEquals": String
}Condition properties
Property name | Type | Required | Update allowed | Description | Constraint |
KeyPrefixEquals | String | No | No | The prefix of the object name to match. | None. |
HttpErrorCodeReturnedEquals | String | No | No | The HTTP status code that must be returned when you access the specified object for the rule to match. | This field must be 404 when the redirection rule uses mirroring-based back-to-origin. |
IncludeHeaders | List | No | No | The rule matches only when the request contains the specified header and its value matches the specified value. | You can configure up to 10 such conditions. For more information, see IncludeHeaders properties. |
KeySuffixEquals | String | No | No | The suffix of the object name to match. | None. |
IncludeHeaders syntax
"IncludeHeaders": [
{
"Equals": String,
"Key": String
}
]IncludeHeaders properties
Property name | Type | Required | Update allowed | Description | Constraint |
Equals | String | No | No | The value of the header. | None |
Key | String | Yes | No | The name of the header. | None |
RefererConfiguration syntax
"RefererConfiguration":{
"AllowEmptyReferer": String,
"RefererList": List
}RefererConfiguration properties
Property name | Type | Required | Update allowed | Description | Constraint |
AllowEmptyReferer | Boolean | No | No | Specify whether to allow requests with an empty Referer header to access the bucket. | Valid values:
|
RefererList | List | No | No | The whitelist of Referer headers. | None |
Redirect syntax
"Redirect":{
"MirrorFollowRedirect": Boolean,
"MirrorURL": String,
"PassQueryString": Boolean,
"MirrorPassQueryString": Boolean,
"ReplaceKeyWith": String,
"Protocol": String,
"HttpRedirectCode": String,
"ReplaceKeyPrefixWith": String,
"RedirectType": String,
"MirrorHeaders": Map,
"MirrorCheckMd5": Boolean,
"EnableReplacePrefix": Boolean,
"HostName": String
}Redirect properties
Property name | Type | Required | Update allowed | Description | Constraint |
MirrorFollowRedirect | Boolean | No | No | Specify whether to continue redirecting to the specified Location to retrieve data when the result of a mirroring-based back-to-origin request returns a 3xx status code. | This setting takes effect only when RedirectType is set to Mirror. For example, when you mirror a request back to the origin server, the origin server returns a 302 status code with a Location header.
|
MirrorURL | String | No | No | The origin server URL for mirroring-based back-to-origin. | This setting takes effect only when RedirectType is set to Mirror. The origin URL must start with http:// or https:// and end with a forward slash (/). OSS appends the object name to this URL to form the final URL. For example, if the object name is myobject and you set this parameter to http://example.com/, the back-to-origin URL is http://example.com/myobject. If you set this parameter to http://example.com/dir1/, the back-to-origin URL is http://example.com/dir1/myobject. |
PassQueryString | Boolean | No | No | Specify whether to include query parameters when performing a redirect or mirroring-based back-to-origin. | For example, if a user accesses OSS with query parameters a=b&c=d and PassQueryString is set to true, the query parameters are appended to the Location header for a 302 redirect, such as Location: example.com?a=b&c=d. If the rule type is mirroring-based back-to-origin, the query parameters are also included in the back-to-origin request. Valid values: true, false (default). |
MirrorPassQueryString | Boolean | No | No | Same as PassQueryString, but takes precedence over PassQueryString. This setting takes effect only when RedirectType is set to Mirror. | Default value: false. |
ReplaceKeyWith | String | No | No | When you use a Redirect rule, the object name is replaced with the value specified by ReplaceKeyWith. This lets you use variables. | The only supported variable is {key}, which represents the object name in the request. For example, if you want to access an object named test and set ReplaceKeyWith to prefix/{key}, the Location header points to http://example.com/prefix/test.suffix. This means that when a client requests the original object (for example, test), the server redirects the request to a new location. The path of the new location is dynamically generated based on the pattern defined by ReplaceKeyWith. In this example, the new path adds "prefix/" before the original object name (test), resulting in the final redirect URL "http://example.com/prefix/test.suffix". The ".suffix" part is fixed, while "${key}" is successfully replaced with the object name "test". |
Protocol | String | No | No | The protocol used for redirection. | This rule applies only when RedirectType is set to External or AliCDN. For example, if you want to access a file named test and redirect it to example.com using HTTPS, the Location header in the HTTP response should be set to "https://example.com/test". Valid values: http, https. |
HttpRedirectCode | String | No | No | The HTTP status code returned during redirection. | This applies only when RedirectType is set to External or AliCDN. Default value: 302. Valid values: 301, 302, 307. |
ReplaceKeyPrefixWith | String | No | No | The value that replaces the prefix of the object name in the redirect. If the prefix is empty, this string is inserted before the object name. | Note You can use only the ReplaceKeyWith or ReplaceKeyPrefixWith property. For example, if the object name is ABC/test.TXT, KeyPrefixEquals is set to ABC/, and ReplaceKeyPrefixWith is set to def/, the Location header points to http://example.com/def/test.txt. |
RedirectType | String | Yes | No | The type of redirection. | Valid values:
|
MirrorHeaders | Map | No | No | The headers to mirror to the origin server. | This setting takes effect only when RedirectType is set to Mirror. For more information, see MirrorHeaders properties. |
MirrorCheckMd5 | Boolean | No | No | Specify whether to verify the MD5 hash of data retrieved from the origin server. | This setting takes effect only when RedirectType is set to Mirror. When MirrorCheckMd5 is set to true, if the origin server returns a Content-MD5 header in the response, OSS verifies whether the MD5 hash of the retrieved data matches the header. If they do not match, OSS does not save the data to OSS. Default value: false. |
EnableReplacePrefix | Boolean | No | No | If set to true, the prefix of the object name is replaced with the value specified by ReplaceKeyPrefixWith. If this field is not specified or is empty, the prefix of the object name is truncated. | Note: This field cannot be set to true when ReplaceKeyWith is not empty. Default value: false. |
HostName | String | No | No | The domain name for redirection. | The domain name must follow domain name conventions. For example, if the file name is test, the protocol is set to https, and the host name is set to example.com, the Location header is https://example.com/test. |
MirrorHeaders syntax
"MirrorHeaders":{
"Remove": List,
"PassAll": Boolean,
"Sets": List,
"Pass": List
}MirrorHeaders properties
Property name | Type | Required | Update allowed | Description | Constraint |
Remove | List | No | No | Disable passing specified headers to the origin server. | This applies only when RedirectType is set to Mirror. Each header can be up to 1,024 bytes in length and can contain only the characters 0-9, a-z, A-Z, and hyphens (-). You can specify up to 10 headers. |
PassAll | Boolean | No | No | Specify whether to pass all headers except those listed below to the origin server. | This applies only when RedirectType is set to Mirror. Headers to exclude include the following: - content-length, authorization2, authorization, range, date, and other general headers - headers that start with oss-, x-oss-, or x-drs- Default value: false This means that these specific headers are passed to the mirror source by default. To change this behavior, set this value to true to prevent these headers from being passed. |
Sets | List | No | No | Set a header to the origin server. This header is set when the request is sent to the origin server, regardless of whether the specified header is included in the request. | This feature applies only when RedirectType is set to Mirror. You can configure up to 10 sets of headers. For more information, see Sets properties. |
Pass | List | No | No | Pass specified headers to the origin server. | This applies only when RedirectType is set to Mirror. Each header can be up to 1,024 bytes in length and can contain only the characters 0-9, a-z, A-Z, and hyphens (-). You can specify up to 10 headers. |
Sets syntax
"Sets": [
{
"Value": String,
"Key": String
}
]Sets properties
Property name | Type | Required | Update allowed | Description | Constraint |
Value | String | Yes | No | Set the header value to a maximum of 1,024 bytes, excluding \r\n. | This setting applies only when RedirectType is set to Mirror. |
Key | String | Yes | No | Set the header key to a maximum of 1,024 bytes. The character set is the same as for Pass. | This setting applies only when RedirectType is set to Mirror. |
ErrorDocument syntax
"ErrorDocument":{
"Key": String,
"HttpStatus": String
}ErrorDocument properties
Property name | Type | Required | Update allowed | Description | Constraint |
Key | String | Yes | No | The default error page. | If you specify an error page, OSS returns this error page when the requested object does not exist. |
HttpStatus | String | No | No | The HTTP status code for the error page. | Valid values: 200, 404 (default). |
ServerSideEncryptionConfiguration syntax
"ServerSideEncryptionConfiguration":{
"KMSMasterKeyID": String,
"SSEAlgorithm": String
}ServerSideEncryptionConfiguration properties
Property name | Type | Required | Update allowed | Description | Constraint |
SSEAlgorithm | String | Yes | No | The default server-side encryption method. | Valid values:
|
KMSMasterKeyID | String | No | No | The key ID. | This is required only when SSEAlgorithm is set to KMS and you use a specified key for encryption. |
VersioningConfiguration syntax
"VersioningConfiguration":{
"Status": String
}VersioningConfiguration properties
Property name | Type | Required | Update allowed | Description | Constraint |
Status | String | Yes | No | The versioning status. | Valid values:
|
Return values
Fn::GetAtt
Name: The name of the bucket. The name must be globally unique.
DomainName: The domain name used to access the bucket over the public network.
InternalDomainName: The domain name used to access the bucket over the internal network.
Arn: The Alibaba Cloud Resource Name (ARN).
Examples
Scenario 1: Create an OSS bucket.
ROSTemplateFormatVersion: '2015-09-01'
Description: Creates a simple oss bucket
Parameters:
BucketName:
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 5
Prefix: simple-oss-bucket
CharacterClasses:
- Class: lowercase
min: 1
Type: String
Label:
en: Bucket Name
Outputs:
BucketDomainName:
Value:
Fn::GetAtt:
- MyBucket
- DomainName
Resources:
MyBucket:
Type: ALIYUN::OSS::Bucket
Properties:
AccessControl: private
BucketName:
Ref: BucketName
Metadata: {}
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": "Creates a simple oss bucket",
"Parameters": {
"BucketName": {
"Type": "String",
"Label": {
"en": "Bucket Name"
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 5 ,
"Prefix": "simple-oss-bucket",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
]
}
}
},
"Metadata": {
},
"Resources": {
"MyBucket": {
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"AccessControl": "private",
"BucketName": {
"Ref": "BucketName"
}
}
}
},
"Outputs": {
"BucketDomainName": {
"Value": {
"Fn::GetAtt": [
"MyBucket",
"DomainName"
]
}
}
}
}Scenario 2: Create an OSS bucket, enable CDN acceleration, configure domain name resolution, and optimize file distribution strategies to support global access and custom cache rules.
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: Create an OSS bucket and enable CDN acceleration, configure domain name resolution, and optimize file distribution strategies to support global access and custom caching rules.
en: Create an OSS bucket and enable CDN acceleration, configure domain name resolution, and optimize file distribution strategies to support global access and custom caching rules.
Parameters:
Scope:
Type: String
Label:
zh-cn: Acceleration area
en: Acceleration area
Description:
zh-cn: Select the acceleration area. If the acceleration region is Chinese mainland only or Global, the service domain name must have an ICP filing.
en: Select the acceleration area. When the acceleration region is only in mainland China and the world, the service domain name must be filed.
Default: domestic
AllowedValues:
- domestic
- overseas
- global
DomainName:
Type: String
Label:
zh-cn: Accelerated domain name
en: Accelerated domain name
Description:
zh-cn: An accelerated domain name is a domain name that is added to CDN to accelerate access to the origin server. Enter a domain name under your account.
en: Accelerated domain name refers to the domain name of the access CDN used to accelerate the source site. Please fill in the domain name under your account.
BucketName:
Type: String
Label:
en: Bucket Name
zh-cn: Bucket Name
Description:
en: The name must be 3 to 63 bytes in length, The name must start and end with a lowercase letter or digit.The name can contain only lowercase letters, digits, and hyphens (-).;
<b>note: <font color='blue'>A bucket name must be globally unique within OSS. Bucket names cannot be changed after the bucket is created.</font>
zh-cn: The name must be 3 to 63 characters in length. It must start and end with a lowercase letter or digit. It can contain only lowercase letters, digits, and hyphens (-).
<b>Note:<font color='blue'>The bucket name must be globally unique. You cannot create a bucket with an existing name.</font>
AssociationProperty: AutoCompleteInput
AssociationPropertyMetadata:
Length: 6
Prefix: image-example-
CharacterClasses:
- Class: lowercase
min: 1
Resources:
OssBucket:
Type: ALIYUN::OSS::Bucket
DependsOn: AutoEnableOSS
Properties:
BucketName:
Ref: BucketName
DeletionForce: true
AutoEnableCDN:
Type: ALIYUN::ROS::AutoEnableService
Properties:
ServiceName: CDN
AutoEnableOSS:
Type: ALIYUN::ROS::AutoEnableService
Properties:
ServiceName: OSS
Domain:
Type: ALIYUN::CDN::Domain
Properties:
Sources:
Fn::Sub:
- '[{"content":"${content}", "type":"oss", "priority":"20", "port":80, "weight":"10"}]'
- content:
Fn::GetAtt:
- OssBucket
- DomainName
CdnType: web
Scope:
Ref: Scope
DomainName:
Ref: DomainName
DependsOn: AutoEnableCDN
DomainRecord:
Type: ALIYUN::DNS::DomainRecord
Properties:
Type: CNAME
RR:
Fn::Select:
- 0
- Fn::Split:
- .
- Ref: DomainName
Value:
Fn::GetAtt:
- Domain
- Cname
DomainName:
Fn::Join:
- .
- Fn::Select:
- '1:'
- Fn::Split:
- .
- Ref: DomainName
DependsOn: Domain
DomainConfig:
Type: ALIYUN::CDN::DomainConfig
Properties:
FunctionList:
- FunctionArgs:
- ArgName: file_type
ArgValue: jpg,png,jpeg
- ArgName: weight
ArgValue: '99'
- ArgName: ttl
ArgValue: '7776000'
FunctionName: filetype_based_ttl_set
- FunctionArgs:
- ArgName: private_oss_auth
ArgValue: 'on'
- ArgName: perm_private_oss_tbl
ArgValue: ''
FunctionName: l2_oss_key
- FunctionArgs:
- ArgName: filetype
ArgValue: jpeg
- ArgName: webp
ArgValue: 'off'
- ArgName: orient
ArgValue: 'off'
- ArgName: slim
ArgValue: '90'
- ArgName: enable
ArgValue: 'on'
FunctionName: image_transform
DomainNames:
Ref: Domain
DependsOn: DomainRecord
Outputs:
Cname:
Description: CNAME
Value:
Fn::GetAtt:
- Domain
- Cname
DomainName:
Description: DomainName
Value:
Ref: Domain
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- Scope
- DomainName
- BucketName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Description": {
"zh-cn": "Create an OSS bucket and enable CDN acceleration, configure domain name resolution, and optimize file distribution strategies to support global access and custom caching rules.",
"en": "Create an OSS bucket and enable CDN acceleration, configure domain name resolution, and optimize file distribution strategies to support global access and custom caching rules."
},
"Parameters": {
"Scope": {
"Type": "String",
"Label": {
"zh-cn": "Acceleration area",
"en": "Acceleration area"
},
"Description": {
"zh-cn": "Select the acceleration area. If the acceleration region is Chinese mainland only or Global, the service domain name must have an ICP filing.",
"en": "Select the acceleration area. When the acceleration region is only in mainland China and the world, the service domain name must be filed."
},
"Default": "domestic",
"AllowedValues": [
"domestic",
"overseas",
"global"
]
},
"DomainName": {
"Type": "String",
"Label": {
"zh-cn": "Accelerated domain name",
"en": "Accelerated domain name"
},
"Description": {
"zh-cn": "An accelerated domain name is a domain name that is added to CDN to accelerate access to the origin server. Enter a domain name under your account.",
"en": "Accelerated domain name refers to the domain name of the access CDN used to accelerate the source site. Please fill in the domain name under your account."
}
},
"BucketName": {
"Type": "String",
"Label": {
"en": "Bucket Name",
"zh-cn": "Bucket Name"
},
"Description": {
"en": "The name must be 3 to 63 bytes in length, The name must start and end with a lowercase letter or digit.The name can contain only lowercase letters, digits, and hyphens (-).;
<b>note: <font color='blue'>A bucket name must be globally unique within OSS. Bucket names cannot be changed after the bucket is created.</font>",
"zh-cn": "The name must be 3 to 63 characters in length. It must start and end with a lowercase letter or digit. It can contain only lowercase letters, digits, and hyphens (-).
<b>Note:<font color='blue'>The bucket name must be globally unique. You cannot create a bucket with an existing name.</font>"
},
"AssociationProperty": "AutoCompleteInput",
"AssociationPropertyMetadata": {
"Length": 6,
"Prefix": "image-example-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
]
}
}
},
"Resources": {
"OssBucket": {
"Type": "ALIYUN::OSS::Bucket",
"DependsOn": "AutoEnableOSS",
"Properties": {
"BucketName": {
"Ref": "BucketName"
},
"DeletionForce": true
}
},
"AutoEnableCDN": {
"Type": "ALIYUN::ROS::AutoEnableService",
"Properties": {
"ServiceName": "CDN"
}
},
"AutoEnableOSS": {
"Type": "ALIYUN::ROS::AutoEnableService",
"Properties": {
"ServiceName": "OSS"
}
},
"Domain": {
"Type": "ALIYUN::CDN::Domain",
"Properties": {
"Sources": {
"Fn::Sub": [
"[{\"content\":\"${content}\", \"type\":\"oss\", \"priority\":\"20\", \"port\":80, \"weight\":\"10\"}]",
{
"content": {
"Fn::GetAtt": [
"OssBucket",
"DomainName"
]
}
}
]
},
"CdnType": "web",
"Scope": {
"Ref": "Scope"
},
"DomainName": {
"Ref": "DomainName"
}
},
"DependsOn": "AutoEnableCDN"
},
"DomainRecord": {
"Type": "ALIYUN::DNS::DomainRecord",
"Properties": {
"Type": "CNAME",
"RR": {
"Fn::Select": [
0,
{
"Fn::Split": [
".",
{
"Ref": "DomainName"
}
]
}
]
},
"Value": {
"Fn::GetAtt": [
"Domain",
"Cname"
]
},
"DomainName": {
"Fn::Join": [
".",
{
"Fn::Select": [
"1:",
{
"Fn::Split": [
".",
{
"Ref": "DomainName"
}
]
}
]
}
]
}
},
"DependsOn": "Domain"
},
"DomainConfig": {
"Type": "ALIYUN::CDN::DomainConfig",
"Properties": {
"FunctionList": [
{
"FunctionArgs": [
{
"ArgName": "file_type",
"ArgValue": "jpg,png,jpeg"
},
{
"ArgName": "weight",
"ArgValue": "99"
},
{
"ArgName": "ttl",
"ArgValue": "7776000"
}
],
"FunctionName": "filetype_based_ttl_set"
},
{
"FunctionArgs": [
{
"ArgName": "private_oss_auth",
"ArgValue": "on"
},
{
"ArgName": "perm_private_oss_tbl",
"ArgValue": ""
}
],
"FunctionName": "l2_oss_key"
},
{
"FunctionArgs": [
{
"ArgName": "filetype",
"ArgValue": "jpeg"
},
{
"ArgName": "webp",
"ArgValue": "off"
},
{
"ArgName": "orient",
"ArgValue": "off"
},
{
"ArgName": "slim",
"ArgValue": "90"
},
{
"ArgName": "enable",
"ArgValue": "on"
}
],
"FunctionName": "image_transform"
}
],
"DomainNames": {
"Ref": "Domain"
}
},
"DependsOn": "DomainRecord"
}
},
"Outputs": {
"Cname": {
"Description": "CNAME",
"Value": {
"Fn::GetAtt": [
"Domain",
"Cname"
]
}
},
"DomainName": {
"Description": "DomainName",
"Value": {
"Ref": "Domain"
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"Scope",
"DomainName",
"BucketName"
]
}
]
}
}
}Scenario 3: Create an ECS instance and an OSS bucket, install an application, and implement text-to-image and portrait enhancement services.
ROSTemplateFormatVersion: '2015-09-01'
Mappings: {}
Parameters:
DashScopeApiKey:
NoEcho: true
Label:
zh-cn: DashScope API-KEY
en: DashScope API-KEY
Type: String
Description:
zh-cn: Activate DashScope and obtain an API key. For more information, see <a href="https://www.alibabacloud.com/help/zh/dashscope/developer-reference/activate-dashscope-and-create-an-api-key" target="_blank">Activate DashScope and create an API key</a>.
en: 'Activate DashScope and obtain the API-KEY. Please refer to: <a href="https://www.alibabacloud.com/help/zh/dashscope/developer-reference/activate-dashscope-and-create-an-api-key" target="_blank">Activate DashScope and create API-KEY</a>.'
AssociationProperty: ALIYUN::DashScope::ApiKey
CommonName:
Default: wanxiang
Type: String
InstancePassword:
Description:
zh-cn: The logon password for the server. It must be 8 to 30 characters in length and contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
en: Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
Default: Null
Type: String
Label:
zh-cn: Instance Password
en: Instance Password
NoEcho: true
AssociationProperty: ALIYUN::ECS::Instance::Password
ConstraintDescription:
zh-cn: The password must be 8 to 30 characters in length and contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/
en: Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)
ZoneId:
AssociationPropertyMetadata:
AutoSelectFirst: true
Default: Null
Required: true
Label:
zh-cn: Availability Zone
en: Availability Zone
AssociationProperty: ALIYUN::ECS::Instance::ZoneId
Type: String
BucketName:
AssociationPropertyMetadata:
Length: 5
Prefix: drawing-with-tongyi-wanxiang-
CharacterClasses:
- Class: lowercase
min: 1
Description:
zh-cn: The name must be 3 to 63 characters in length. It cannot start or end with a hyphen (-). It can contain lowercase letters, digits, and hyphens (-).
Note: <font color='blue'><b>The bucket name must be globally unique. You cannot create a bucket with an existing name.</font>
en: '3 to 63 characters, not beginning and ending with a hyphen (-), can contain lowercase letters, Numbers and hyphens (-);
Note: <font color=''blue''><b>need whole network uniqueness, already existing can not be created.</font>'
MinLength: 3
Label:
zh-cn: Bucket Name
en: Bucket Name
AllowedPattern: ^[a-z0-9]+[a-z0-9\-]*[a-z0-9]+$
Type: String
MaxLength: 63
AssociationProperty: AutoCompleteInput
ConstraintDescription:
zh-cn: The name must be 3 to 63 characters in length. It cannot start or end with a hyphen (-). It can contain lowercase letters, digits, and hyphens (-).
en: 3 to 63 characters, not beginning and ending with a hyphen (-), can contain lowercase letters, Numbers and hyphens (-)
InstanceType:
AssociationPropertyMetadata:
SystemDiskCategory: cloud_essd
InstanceChargeType: PostPaid
ZoneId: ${ZoneId}
Default: Null
Required: true
Label:
zh-cn: Instance Type
en: Instance Type
AssociationProperty: ALIYUN::ECS::Instance::InstanceType
Type: String
Outputs:
EcsLoginAddress:
Description:
zh-cn: The logon address for the ECS instance.
en: Ecs login address.
Value:
Fn::Sub: https://ecs-workbench.aliyun.com/?from=EcsConsole&instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance}
ExperienceAddress:
Description:
zh-cn: The experience address.
en: Experience address.
Value:
Fn::Sub:
- http://${PublicIp}/wanx-demo
- PublicIp:
Fn::Select:
- 0
- Fn::GetAtt:
- EcsInstance
- PublicIps
Description:
zh-cn: Create a Virtual Private Cloud (VPC), an Elastic Compute Service (ECS) instance, and an Object Storage Service (OSS) bucket. Configure security groups and Resource Access Management (RAM) permissions. Install Java and an application to implement text-to-image and portrait enhancement services.
en: Create a Virtual Private Cloud (VPC), Elastic Compute Service (ECS) instances, Object Storage Service (OSS) buckets, configure Security Groups and Resource Access Management (RAM) permissions, install Java and applications, and implement text drawing and portrait beautification services.
Conditions: {}
Resources:
CustomPolicy:
Type: ALIYUN::RAM::ManagedPolicy
Properties:
PolicyName:
Fn::Sub: create_by_solution-${ALIYUN::StackId}
PolicyDocument:
Version: '1'
Statement:
- Action:
- oss:GetObject
- oss:PutObject
Resource:
- Fn::Sub: acs:oss:oss-${ALIYUN::Region}:${ALIYUN::TenantId}:${BucketName}/*
Effect: Allow
InstallApp:
Type: ALIYUN::ECS::RunCommand
Properties:
CommandContent:
Fn::Sub: |-
#!/bin/bash
cat << EOF >> ~/.bash_profile
export DASHSCOPE_API_KEY=${DashScopeApiKey}
export OSS_ACCESS_KEY_ID=${AccessKey.AccessKeyId}
export OSS_ACCESS_KEY_SECRET=${AccessKey.AccessKeySecret}
export WANX_DEMO_OSS_BUCKET=${BucketName}
export WANX_DEMO_OSS_ENDPOINT=https://oss-${ALIYUN::Region}.aliyuncs.com
EOF
source ~/.bash_profile
wget https://help-static-aliyun-doc.aliyuncs.com/demos/wanx-demo-0.0.1-SNAPSHOT.jar
nohup java -jar wanx-demo-0.0.1-SNAPSHOT.jar > wanx-demo.log 2>&1 &
Type: RunShellScript
Sync: true
InstanceIds:
- Ref: EcsInstance
Timeout: 3600
DependsOn:
- ModuleInstallJava.Install
AccessKey:
Type: ALIYUN::RAM::AccessKey
Properties:
UserName:
Ref: User
Bucket:
Type: ALIYUN::OSS::Bucket
Properties:
BucketName:
Ref: BucketName
DeletionForce: true
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
SecurityGroupIngress:
- PortRange: 80/80
SourceCidrIp: 0.0.0.0/0
IpProtocol: tcp
VpcId:
Ref: Vpc
SecurityGroupName:
Fn::Sub: ${CommonName}-sg
ModuleInstallJava.Install:
Type: ALIYUN::OOS::Execution
Properties:
SafetyCheck: Skip
Parameters:
action: install
packageName: ACS-Extension-java-1853370294850618
regionId:
Ref: ALIYUN::Region
targets:
ResourceIds:
- Ref: EcsInstance
RegionId:
Ref: ALIYUN::Region
Type: ResourceIds
parameters: Null
TemplateName: ACS-ECS-BulkyConfigureOOSPackageWithTemporaryURL
Metadata:
ALIYUN::ROS::Module:
LogicalIdHierarchy: ModuleInstallJava
TypeHierarchy: MODULE::ACS::OOS::Extension
User:
Type: ALIYUN::RAM::User
Properties:
UserName:
Fn::Sub: create_by_solution-${ALIYUN::StackId}
PolicyAttachments:
Custom:
- Ref: CustomPolicy
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
VpcName:
Fn::Sub: ${CommonName}-vpc
CidrBlock: 192.168.0.0/16
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
VSwitchName:
Fn::Sub: ${CommonName}-vsw
VpcId:
Ref: Vpc
CidrBlock: 192.168.0.0/24
ZoneId:
Ref: ZoneId
EcsInstance:
Type: ALIYUN::ECS::InstanceGroup
Properties:
SystemDiskCategory: cloud_essd
VpcId:
Ref: Vpc
SecurityGroupId:
Ref: SecurityGroup
ImageId: aliyun_3_9_x64_20G_alibase_
InternetMaxBandwidthOut: 5
VSwitchId:
Ref: VSwitch
Password:
Ref: InstancePassword
InstanceName:
Fn::Sub: ${CommonName}-ecs
InstanceType:
Ref: InstanceType
ZoneId:
Ref: ZoneId
MaxAmount: 1
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- DashScopeApiKey
- BucketName
- ZoneId
- InstanceType
- InstancePassword
Hidden:
- CommonName
{
"ROSTemplateFormatVersion": "2015-09-01",
"Mappings": {},
"Parameters": {
"DashScopeApiKey": {
"NoEcho": true,
"Label": {
"zh-cn": "DashScope API-KEY",
"en": "DashScope API-KEY"
},
"Type": "String",
"Description": {
"zh-cn": "Activate DashScope and obtain an API key. For more information, see <a href=\"https://www.alibabacloud.com/help/zh/dashscope/developer-reference/activate-dashscope-and-create-an-api-key\" target=\"_blank\">Activate DashScope and create an API key</a>.",
"en": "Activate DashScope and obtain the API-KEY. Please refer to: <a href=\"https://www.alibabacloud.com/help/zh/dashscope/developer-reference/activate-dashscope-and-create-an-api-key\" target=\"_blank\">Activate DashScope and create API-KEY</a>."
},
"AssociationProperty": "ALIYUN::DashScope::ApiKey"
},
"CommonName": {
"Default": "wanxiang",
"Type": "String"
},
"InstancePassword": {
"Description": {
"zh-cn": "The logon password for the server. It must be 8 to 30 characters in length and contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/",
"en": "Server login password, Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)"
},
"Default": null,
"Type": "String",
"Label": {
"zh-cn": "Instance Password",
"en": "Instance Password"
},
"NoEcho": true,
"AssociationProperty": "ALIYUN::ECS::Instance::Password",
"ConstraintDescription": {
"zh-cn": "The password must be 8 to 30 characters in length and contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/",
"en": "Length 8-30, must contain three(Capital letters, lowercase letters, numbers, ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ Special symbol in)"
}
},
"ZoneId": {
"AssociationPropertyMetadata": {
"AutoSelectFirst": true
},
"Default": null,
"Required": true,
"Label": {
"zh-cn": "Availability Zone",
"en": "Availability Zone"
},
"AssociationProperty": "ALIYUN::ECS::Instance::ZoneId",
"Type": "String"
},
"BucketName": {
"AssociationPropertyMetadata": {
"Length": 5,
"Prefix": "drawing-with-tongyi-wanxiang-",
"CharacterClasses": [
{
"Class": "lowercase",
"min": 1
}
]
},
"Description": {
"zh-cn": "The name must be 3 to 63 characters in length. It cannot start or end with a hyphen (-). It can contain lowercase letters, digits, and hyphens (-).
Note: <font color='blue'><b>The bucket name must be globally unique. You cannot create a bucket with an existing name.</font>",
"en": "3 to 63 characters, not beginning and ending with a hyphen (-), can contain lowercase letters, Numbers and hyphens (-);
Note: <font color='blue'><b>need whole network uniqueness, already existing can not be created.</font>"
},
"MinLength": 3,
"Label": {
"zh-cn": "Bucket Name",
"en": "Bucket Name"
},
"AllowedPattern": "^[a-z0-9]+[a-z0-9\\-]*[a-z0-9]+$",
"Type": "String",
"MaxLength": 63,
"AssociationProperty": "AutoCompleteInput",
"ConstraintDescription": {
"zh-cn": "The name must be 3 to 63 characters in length. It cannot start or end with a hyphen (-). It can contain lowercase letters, digits, and hyphens (-).",
"en": "3 to 63 characters, not beginning and ending with a hyphen (-), can contain lowercase letters, Numbers and hyphens (-)"
}
},
"InstanceType": {
"AssociationPropertyMetadata": {
"SystemDiskCategory": "cloud_essd",
"InstanceChargeType": "PostPaid",
"ZoneId": "${ZoneId}"
},
"Default": null,
"Required": true,
"Label": {
"zh-cn": "Instance Type",
"en": "Instance Type"
},
"AssociationProperty": "ALIYUN::ECS::Instance::InstanceType",
"Type": "String"
}
},
"Outputs": {
"EcsLoginAddress": {
"Description": {
"zh-cn": "The logon address for the ECS instance.",
"en": "Ecs login address."
},
"Value": {
"Fn::Sub": "https://ecs-workbench.aliyun.com/?from=EcsConsole&instanceType=ecs®ionId=${ALIYUN::Region}&instanceId=${EcsInstance}"
}
},
"ExperienceAddress": {
"Description": {
"zh-cn": "The experience address.",
"en": "Experience address."
},
"Value": {
"Fn::Sub": [
"http://${PublicIp}/wanx-demo",
{
"PublicIp": {
"Fn::Select": [
0,
{
"Fn::GetAtt": [
"EcsInstance",
"PublicIps"
]
}
]
}
}
]
}
}
},
"Description": {
"zh-cn": "Create a Virtual Private Cloud (VPC), an Elastic Compute Service (ECS) instance, and an Object Storage Service (OSS) bucket. Configure security groups and Resource Access Management (RAM) permissions. Install Java and an application to implement text-to-image and portrait enhancement services.",
"en": "Create a Virtual Private Cloud (VPC), Elastic Compute Service (ECS) instances, Object Storage Service (OSS) buckets, configure Security Groups and Resource Access Management (RAM) permissions, install Java and applications, and implement text drawing and portrait beautification services."
},
"Conditions": {},
"Resources": {
"CustomPolicy": {
"Type": "ALIYUN::RAM::ManagedPolicy",
"Properties": {
"PolicyName": {
"Fn::Sub": "create_by_solution-${ALIYUN::StackId}"
},
"PolicyDocument": {
"Version": "1",
"Statement": [
{
"Action": [
"oss:GetObject",
"oss:PutObject"
],
"Resource": [
{
"Fn::Sub": "acs:oss:oss-${ALIYUN::Region}:${ALIYUN::TenantId}:${BucketName}/*"
}
],
"Effect": "Allow"
}
]
}
}
},
"InstallApp": {
"Type": "ALIYUN::ECS::RunCommand",
"Properties": {
"CommandContent": {
"Fn::Sub": "#!/bin/bash\n\ncat << EOF >> ~/.bash_profile\nexport DASHSCOPE_API_KEY=${DashScopeApiKey}\nexport OSS_ACCESS_KEY_ID=${AccessKey.AccessKeyId}\nexport OSS_ACCESS_KEY_SECRET=${AccessKey.AccessKeySecret}\nexport WANX_DEMO_OSS_BUCKET=${BucketName}\nexport WANX_DEMO_OSS_ENDPOINT=https://oss-${ALIYUN::Region}.aliyuncs.com\nEOF\n\nsource ~/.bash_profile \nwget https://help-static-aliyun-doc.aliyuncs.com/demos/wanx-demo-0.0.1-SNAPSHOT.jar\nnohup java -jar wanx-demo-0.0.1-SNAPSHOT.jar > wanx-demo.log 2>&1 &"
},
"Type": "RunShellScript",
"Sync": true,
"InstanceIds": [
{
"Ref": "EcsInstance"
}
],
"Timeout": 3600
},
"DependsOn": [
"ModuleInstallJava.Install"
]
},
"AccessKey": {
"Type": "ALIYUN::RAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "User"
}
}
},
"Bucket": {
"Type": "ALIYUN::OSS::Bucket",
"Properties": {
"BucketName": {
"Ref": "BucketName"
},
"DeletionForce": true
}
},
"SecurityGroup": {
"Type": "ALIYUN::ECS::SecurityGroup",
"Properties": {
"SecurityGroupIngress": [
{
"PortRange": "80/80",
"SourceCidrIp": "0.0.0.0/0",
"IpProtocol": "tcp"
}
],
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupName": {
"Fn::Sub": "${CommonName}-sg"
}
}
},
"ModuleInstallJava.Install": {
"Type": "ALIYUN::OOS::Execution",
"Properties": {
"SafetyCheck": "Skip",
"Parameters": {
"action": "install",
"packageName": "ACS-Extension-java-1853370294850618",
"regionId": {
"Ref": "ALIYUN::Region"
},
"targets": {
"ResourceIds": [
{
"Ref": "EcsInstance"
}
],
"RegionId": {
"Ref": "ALIYUN::Region"
},
"Type": "ResourceIds"
},
"parameters": null
},
"TemplateName": "ACS-ECS-BulkyConfigureOOSPackageWithTemporaryURL"
},
"Metadata": {
"ALIYUN::ROS::Module": {
"LogicalIdHierarchy": "ModuleInstallJava",
"TypeHierarchy": "MODULE::ACS::OOS::Extension"
}
}
},
"User": {
"Type": "ALIYUN::RAM::User",
"Properties": {
"UserName": {
"Fn::Sub": "create_by_solution-${ALIYUN::StackId}"
},
"PolicyAttachments": {
"Custom": [
{
"Ref": "CustomPolicy"
}
]
}
}
},
"Vpc": {
"Type": "ALIYUN::ECS::VPC",
"Properties": {
"VpcName": {
"Fn::Sub": "${CommonName}-vpc"
},
"CidrBlock": "192.168.0.0/16"
}
},
"VSwitch": {
"Type": "ALIYUN::ECS::VSwitch",
"Properties": {
"VSwitchName": {
"Fn::Sub": "${CommonName}-vsw"
},
"VpcId": {
"Ref": "Vpc"
},
"CidrBlock": "192.168.0.0/24",
"ZoneId": {
"Ref": "ZoneId"
}
}
},
"EcsInstance": {
"Type": "ALIYUN::ECS::InstanceGroup",
"Properties": {
"SystemDiskCategory": "cloud_essd",
"VpcId": {
"Ref": "Vpc"
},
"SecurityGroupId": {
"Ref": "SecurityGroup"
},
"ImageId": "aliyun_3_9_x64_20G_alibase_",
"InternetMaxBandwidthOut": 5,
"VSwitchId": {
"Ref": "VSwitch"
},
"Password": {
"Ref": "InstancePassword"
},
"InstanceName": {
"Fn::Sub": "${CommonName}-ecs"
},
"InstanceType": {
"Ref": "InstanceType"
},
"ZoneId": {
"Ref": "ZoneId"
},
"MaxAmount": 1
}
}
},
"Metadata": {
"ALIYUN::ROS::Interface": {
"ParameterGroups": [
{
"Parameters": [
"DashScopeApiKey",
"BucketName",
"ZoneId",
"InstanceType",
"InstancePassword"
]
}
],
"Hidden": [
"CommonName"
]
}
}
}For more information, see Public templates that contain this resource.