Alibaba Cloud Dynamic Content Delivery Network (DCDN) is integrated with Terraform. You can use Terraform to add and configure domain names that you want to accelerate. This topic describes how to use Terraform to add a domain name to DCDN and configure an IP address whitelist for the domain name.
You can run the sample code with a few clicks. Run the sample code
Prerequisites
Before you use DCDN, you must activate DCDN. For more information, see Activate DCDN.
We recommend that you use a RAM user that has the minimum required permissions to perform the operations in this topic. This minimizes the risk of leaking the AccessKey pair of your Alibaba Cloud account. For more information, see Create a RAM user and Grant permissions to a RAM user. Sample policy:
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "dcdn:AddDcdnDomain", "dcdn:DescribeDcdnUserDomains", "dcdn:SetDcdnDomainSSLCertificate", "dcdn:DescribeDcdnDomainDetail", "dcdn:DescribeDcdnDomainCertificateInfo", "dcdn:DescribeDcdnTagResources", "dcdn:DeleteDcdnDomain", "dcdn:DescribeDcdnUserConfigs", "dcdn:DescribeDcdnService", "dcdn:BatchSetDcdnDomainConfigs", "dcdn:DescribeDcdnDomainConfigs", "dcdn:DeleteDcdnSpecificConfig" ], "Resource": "*" } ] }The runtime environment for Terraform is prepared by using one of the following methods:
Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the Terraform Explorer environment to use Terraform without the need to install Terraform. This method is suitable for scenarios where you need to use and debug Terraform in a zero-cost, efficient, and convenient manner.
Use Terraform in Cloud Shell: Terraform is preinstalled in Cloud Shell and identity credentials are configured. You can directly run Terraform commands in Cloud Shell. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at low costs.
Install and configure Terraform on your on-premises machine: This method is suitable for scenarios in which network connections are unstable or a custom development environment is required.
Resources used
Fees are generated for specific resources in this example. Release or unsubscribe from the resources when you no longer need them.
alicloud_dcdn_domain: adds a domain name to DCDN.
alicloud_dcdn_domain_config: configures a rule for a DCDN-accelerated domain name.
Step 1: Add a domain name
Create a working directory and a file named main.tf in the directory. Then, copy the following content to the main.tf file:
resource "random_integer" "default" { min = 10000 max = 99999 } # Add a domain name. resource "alicloud_dcdn_domain" "domain" { domain_name = "mydcdndomain-${random_integer.default.result}.alicloud-provider.cn" scope = "overseas" sources { content = "myoss-${random_integer.default.result}.oss-rg-china-mainland.aliyuncs.com" type = "oss" priority = "20" port = 80 weight = "15" } }Run the following command to initialize the Terraform runtime environment:
terraform initIf the following information is returned, Terraform is initialized.
Initializing the backend... Initializing provider plugins... ... Terraform has been successfully initialized! ...Run the following command to add a domain name:
terraform applyDuring the execution, enter
yesas prompted and press the Enter key. Wait until the command is executed. If the following information appears, the domain name is added.NoteIf the error message "code: 400, Owner verification of the root domain failed" appears, the domain name is added to DCDN for the first time, and you need to verify the ownership of the domain name. For more information, see Verify the ownership of a domain name.
You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Step 2: Configure a rule for the domain name
Add the following content to the main.tf file.
// # Configure an IP address whitelist for the domain name. resource "alicloud_dcdn_domain_config" "config-ip" { domain_name = alicloud_dcdn_domain.domain.domain_name function_name = "ip_allow_list_set" function_args { arg_name = "ip_list" arg_value = "192.168.0.1" } }Create an execution plan and preview the changes.
terraform planRun the following command to configure an IP address whitelist for the domain name:
terraform applyDuring command execution, follow the instructions to type
yesand press Enter. Wait until the command is run. If the following information is returned, the rule is configured.Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Check the result
Run the terraform show command
Run the following command to query the resources that are created by Terraform:
terraform show
Log on to the DCDN console
Log on to the DCDN console and view the IP address blacklist and whitelist configured for the added domain name.
Release resources
If you no longer require the preceding resources that are created or managed by using Terraform, run the following command to release the resources. For more information about the terraform destroy command, see Common commands.
terraform destroyComplete sample code
You can run the sample code with a few clicks. You can run the sample code in this section with a few clicks.
Sample code
To view more complete examples, visit Github.