From 6400a5685df872c0cd91b6cbf3aa89f7e2a8bf0a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=BF=BC=E9=B9=8F?= Date: Wed, 30 Jul 2025 15:30:50 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E8=A7=A3=E5=86=B3=E6=96=B9=E6=A1=88cdn?= =?UTF-8?q?-speeds-up-distribution-of-file-on-oss=20tf=E6=96=87=E4=BB=B6?= =?UTF-8?q?=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- solution/tech-solution/fdaaco/README.md | 49 +++++++ solution/tech-solution/fdaaco/main.tf | 162 +++++++++++++++++++++ solution/tech-solution/fdaaco/outputs.tf | 14 ++ solution/tech-solution/fdaaco/provider.tf | 3 + solution/tech-solution/fdaaco/variables.tf | 31 ++++ 5 files changed, 259 insertions(+) create mode 100644 solution/tech-solution/fdaaco/README.md create mode 100644 solution/tech-solution/fdaaco/main.tf create mode 100644 solution/tech-solution/fdaaco/outputs.tf create mode 100644 solution/tech-solution/fdaaco/provider.tf create mode 100644 solution/tech-solution/fdaaco/variables.tf diff --git a/solution/tech-solution/fdaaco/README.md b/solution/tech-solution/fdaaco/README.md new file mode 100644 index 0000000000..513737ff1e --- /dev/null +++ b/solution/tech-solution/fdaaco/README.md @@ -0,0 +1,49 @@ +## Introduction + +本示例用于实现解决方案[文件下载加速及成本优化](https://www.aliyun.com/solution/tech-solution/fdaaco), 涉及到内容分发网络(CDN)、云解析(DNS)、对象存储服务(OSS)等资源的部署。 + + + +This example is used to implement solution [File Download Acceleration and Cost Optimization](https://www.aliyun.com/solution/tech-solution/fdaaco), which involves the creation and deployment of resources such as Content Delivery Network (CDN), Alibaba Cloud DNS, Object Storage Service (OSS). + + + +## Providers + +| Name | Version | +|------|---------| +| [alicloud](#provider\_alicloud) | n/a | +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [alicloud_cdn_domain_config.domain_config1](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cdn_domain_config) | resource | +| [alicloud_cdn_domain_config.domain_config2](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cdn_domain_config) | resource | +| [alicloud_cdn_domain_config.domain_config3](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cdn_domain_config) | resource | +| [alicloud_cdn_domain_new.domain](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/cdn_domain_new) | resource | +| [alicloud_dns_record.domain_record](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/dns_record) | resource | +| [alicloud_oss_bucket.oss_bucket](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/oss_bucket) | resource | +| [alicloud_ram_policy.policy](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_policy) | resource | +| [alicloud_ram_role.role](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_role) | resource | +| [alicloud_ram_role_policy_attachment.attach](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_role_policy_attachment) | resource | +| [random_integer.default](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource | +| [alicloud_cdn_service.open_cdn](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/cdn_service) | data source | +| [alicloud_oss_service.open_oss](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/oss_service) | data source | +| [alicloud_ram_roles.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/ram_roles) | data source | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [bucket\_name\_prefix](#input\_bucket\_name\_prefix) | 存储空间名称前缀,长度为3~63个字符,必须以小写字母或数字开头和结尾,可以包含小写字母、数字和连字符(-)。需要全网唯一性,已经存在的不能在创建。 | `string` | `"bucket-example"` | no | +| [domain\_name](#input\_domain\_name) | 域名(当前阿里云账号下已备案的域名,不包含前缀) | `string` | n/a | yes | +| [domain\_prefix](#input\_domain\_prefix) | 域名前缀 | `string` | n/a | yes | +| [region](#input\_region) | 地域 | `string` | `"cn-hangzhou"` | no | +| [scope](#input\_scope) | 选择加速区域。加速区域为仅中国内地和全球时,服务域名必须备案。 | `string` | `"domestic"` | no | + \ No newline at end of file diff --git a/solution/tech-solution/fdaaco/main.tf b/solution/tech-solution/fdaaco/main.tf new file mode 100644 index 0000000000..b9e77e79ce --- /dev/null +++ b/solution/tech-solution/fdaaco/main.tf @@ -0,0 +1,162 @@ +data "alicloud_cdn_service" "open_cdn" { + enable = "On" +} + +data "alicloud_oss_service" "open_oss" { + enable = "On" +} + +resource "random_integer" "default" { + min = 100000 + max = 999999 +} + +resource "alicloud_oss_bucket" "oss_bucket" { + bucket = "${var.bucket_name_prefix}-${random_integer.default.result}" +} + +resource "alicloud_cdn_domain_new" "domain" { + domain_name = "${var.domain_prefix}.${var.domain_name}" + cdn_type = "web" + scope = var.scope + sources { + content = "${alicloud_oss_bucket.oss_bucket.id}.${alicloud_oss_bucket.oss_bucket.extranet_endpoint}" + type = "oss" + priority = 20 + port = 80 + weight = 10 + } +} + +resource "alicloud_cdn_domain_config" "domain_config1" { + domain_name = alicloud_cdn_domain_new.domain.domain_name + function_name = "filetype_based_ttl_set" + function_args { + arg_name = "file_type" + arg_value = "jpg,png,jpeg" + } + function_args { + arg_name = "weight" + arg_value = "99" + } + function_args { + arg_name = "ttl" + arg_value = "7776000" + } +} + +resource "alicloud_cdn_domain_config" "domain_config2" { + domain_name = alicloud_cdn_domain_new.domain.domain_name + function_name = "l2_oss_key" + function_args { + arg_name = "private_oss_auth" + arg_value = "on" + } + function_args { + arg_name = "perm_private_oss_tbl" + arg_value = "" + } +} + +resource "alicloud_cdn_domain_config" "domain_config3" { + domain_name = alicloud_cdn_domain_new.domain.domain_name + function_name = "image_transform" + function_args { + arg_name = "filetype" + arg_value = "jpeg" + } + function_args { + arg_name = "webp" + arg_value = "off" + } + function_args { + arg_name = "orient" + arg_value = "off" + } + function_args { + arg_name = "slim" + arg_value = "90" + } + function_args { + arg_name = "enable" + arg_value = "on" + } +} + +resource "alicloud_dns_record" "domain_record" { + name = var.domain_name + host_record = var.domain_prefix + type = "CNAME" + value = alicloud_cdn_domain_new.domain.cname +} + +# 授权CDN访问OSS +data "alicloud_ram_roles" "default" { + name_regex = local.AliyunCDNAccessingPrivateOSSRole.name +} + +resource "alicloud_ram_role" "role" { + count = length(data.alicloud_ram_roles.default.names) > 0 ? 0 : 1 + role_name = local.AliyunCDNAccessingPrivateOSSRole.name + assume_role_policy_document = local.AliyunCDNAccessingPrivateOSSRole.document + description = local.AliyunCDNAccessingPrivateOSSRole.description +} + +resource "alicloud_ram_policy" "policy" { + policy_name = "${local.AliyunCDNAccessingPrivateOSSRolePolicy.name}-${alicloud_oss_bucket.oss_bucket.id}" + policy_document = local.AliyunCDNAccessingPrivateOSSRolePolicy.document + description = local.AliyunCDNAccessingPrivateOSSRolePolicy.description +} + +resource "alicloud_ram_role_policy_attachment" "attach" { + role_name = local.AliyunCDNAccessingPrivateOSSRole.name + policy_name = alicloud_ram_policy.policy.policy_name + policy_type = "Custom" + + depends_on = [alicloud_ram_role.role] +} + +locals { + AliyunCDNAccessingPrivateOSSRole = { + name = "AliyunCDNAccessingPrivateOSSRole" + description = "用于CDN回源私有OSS Bucket角色的授权角色" + document = <<-JSON + { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": [ + "cdn.aliyuncs.com" + ] + } + } + ], + "Version": "1" + } + JSON + } + AliyunCDNAccessingPrivateOSSRolePolicy = { + name = "AliyunCDNAccessingPrivateOSSRolePolicy" + description = "用于CDN回源某一私有OSS Bucket角色的授权策略,包含OSS的只读权限" + document = <<-JSON + { + "Version": "1", + "Statement": [ + { + "Action": [ + "oss:List*", + "oss:Get*" + ], + "Resource": [ + "acs:oss:*:*:${alicloud_oss_bucket.oss_bucket.id}", + "acs:oss:*:*:${alicloud_oss_bucket.oss_bucket.id}/*" + ], + "Effect": "Allow" + } + ] + } + JSON + } +} \ No newline at end of file diff --git a/solution/tech-solution/fdaaco/outputs.tf b/solution/tech-solution/fdaaco/outputs.tf new file mode 100644 index 0000000000..c1f21b9cd9 --- /dev/null +++ b/solution/tech-solution/fdaaco/outputs.tf @@ -0,0 +1,14 @@ +output "accelerate_domain_name" { + description = "加速域名" + value = alicloud_cdn_domain_new.domain.domain_name +} + +output "cname_domain_name" { + description = "CNAME域名" + value = alicloud_cdn_domain_new.domain.cname +} + +output "origin_server" { + description = "源站" + value = "${alicloud_oss_bucket.oss_bucket.id}.${alicloud_oss_bucket.oss_bucket.extranet_endpoint}" +} diff --git a/solution/tech-solution/fdaaco/provider.tf b/solution/tech-solution/fdaaco/provider.tf new file mode 100644 index 0000000000..5e236864d5 --- /dev/null +++ b/solution/tech-solution/fdaaco/provider.tf @@ -0,0 +1,3 @@ +provider "alicloud" { + region = var.region +} \ No newline at end of file diff --git a/solution/tech-solution/fdaaco/variables.tf b/solution/tech-solution/fdaaco/variables.tf new file mode 100644 index 0000000000..e77a8ea9db --- /dev/null +++ b/solution/tech-solution/fdaaco/variables.tf @@ -0,0 +1,31 @@ +variable "region" { + description = "地域" + type = string + default = "cn-hangzhou" +} + +variable "bucket_name_prefix" { + type = string + description = "存储空间名称前缀,长度为3~63个字符,必须以小写字母或数字开头和结尾,可以包含小写字母、数字和连字符(-)。需要全网唯一性,已经存在的不能在创建。" + validation { + condition = can(regex("^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$", var.bucket_name_prefix)) + error_message = "必须为3-63个字符,以小写字母或数字开头和结尾,可包含小写字母、数字和连字符(-)" + } + default = "bucket-example" +} + +variable "domain_name" { + description = "域名(当前阿里云账号下已备案的域名,不包含前缀)" + type = string +} + +variable "domain_prefix" { + description = "域名前缀" + type = string +} + +variable "scope" { + type = string + description = "选择加速区域。加速区域为仅中国内地和全球时,服务域名必须备案。" + default = "domestic" +} \ No newline at end of file