Skip to content

Latest commit

 

History

History
805 lines (615 loc) · 32.5 KB

2018-04-03.md

File metadata and controls

805 lines (615 loc) · 32.5 KB
Raw

Serverless Application Model

Version 2018-04-03

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

The Fun with Serverless(fun) is licensed under The MIT License.

Introduction

Fun is a model used to define serverless applications on Aliyun.

Serverless applications are applications composed of functions triggered by events. A typical serverless application consists of one or more Aliyun Function Compute triggered by events such as object uploads to Aliyun OSS, performs data operations on Aliyun OTS, and API actions. Those functions can stand alone or leverage other resources such as Aliyun OTS tables or OSS buckets. The most basic serverless application is simply a function.

Specification

Format

The files describing a serverless application in accordance with Aliyun Fun are YAML formatted text files.

The template must include a Transform section in the document root with a value of Aliyun::Serverless-2018-04-03.

Example: Aliyun Fun template

ROSTemplateFormatVersion: '2015-09-01'
Transform: 'Aliyun::Serverless-2018-04-03'
Resources:
  MyService: # service name
    Type: 'Aliyun::Serverless::Service'
    Properties:
      Policies:
        - AliyunFCReadOnlyAccess # Managed Policy
        - Version: '1' # Policy Document
          Statement:
            - Effect: Allow
              Action:
                - oss:GetObject
                - oss:GetObjectACL
              Resource: '*'
    MyFunction: # function name
      Type: 'Aliyun::Serverless::Function'
      Properties:
        Handler: index.handler
        Runtime: nodejs6
        CodeUri: './' 
      Events:
        http-test: # trigger name
          Type: HTTP # http trigger
          Properties:
            AuthType: ANONYMOUS
            Methods: ['GET', 'POST', 'PUT']

All property names in Aliyun Fun are case sensitive.

Resource types

Aliyun::Serverless::Service

Creates a FC service that is a function group , bind common propertis , like RAM execution role and log serice.

Properties
Property Name Type Description
Role string ARN of an RAM role to use as this function's execution role. If omitted, a Default role is created for this function.
Policies string | List of string | RAM policy document object | List of RAM policy document object Names of Aliyun managed RAM policies or RAM policy documents that this function needs, which should be appended to the default role for this function. If the Role property is set, this property has no meaning.
InternetAccess boolean Indicates whether this service can access the public network.
VpcConfig VPC configuration object Allows functions to access services within vpc.
LogConfig Log configuration object Allow logs that function execution to be stored in the log service.
NasConfig Nas configuration object Allows functions to nas.
Description string Description of the service.
Aliyun::Serverless::Function

Creates a FC function and event source mappings which trigger the function. Function is child node of a service.

Properties
Property Name Type Description
Handler string Required. Function within your code that is called to begin execution.
Runtime string Required. The runtime environment. The optional values ​​are: nodejs6, nodejs8, nodejs10, nodejs12, python2.7, python3, java8, java11, php7.2, dotnetcore2.1 .
CodeUri string Required. Code location. Supports file, dir, zip, oss-bucket, etc. More information [Reference] (#codeuri).
Description string Description of the function.
MemorySize integer Size of the memory allocated per invocation of the function in MB. Defaults to 128.
Timeout integer Maximum time that the function can run before it is killed in seconds. Defaults to 3.
EnvironmentVariables Environment variable object Configuring Environment Variables for Functions。
InstanceConcurrency integer Set an instance concurrency (minimum 1, maximum 100) for the function. Indicates how many requests a single function instance can handle at the same time. More information Reference.
Events Map of string to Event source object A map (string to Event source object) that defines the events that trigger this function.
Example: Aliyun::Serverless::Service & Aliyun::Serverless::Function
MyService: # service name
    Type: 'Aliyun::Serverless::Service'
    MyFunction: # function name
      Type: 'Aliyun::Serverless::Function'
      Properties:
        Handler: index.handler
        Runtime: nodejs6
        CodeUri: './' 
        Description: Nodejs Http Trigger Test
        MemorySize: 1024
        Timeout: 15

Aliyun::Serverless::CustomDomain

create Custom Domain。Custom Domain is a feature of Function Compute, users can invoke functions via Custom Domain.

Properties
Property Name Type Description
Protocol string protocol type supported by custom domain name. Optional values are: HTTP and HTTP,HTTPS(English comma).
RouteConfig RouteConfig object mappings of paths and functions
CertConfig CertConfig object https certificate information(configuration only when Protocol is HTTP, HTTPS).
Example:Aliyun::Serverless::CustomDomain

Example 1, Protocol is an example of HTTP:

abc.com: # domain name
  Type: 'Aliyun::Serverless::CustomDomain'
  Properties:
    Protocol: HTTP
    RouteConfig:
      Routes:
        '/a':
          ServiceName: serviceA
          FunctionName: functionA
        '/b':
          ServiceName: serviceB
          FunctionName: functionB

Example 2, Protocol is an example of HTTP,HTTPS:

abc.com: # domain name
     Type: 'Aliyun::Serverless::CustomDomain'
     Properties:
       Protocol: HTTP,HTTPS
       CertConfig:
         CertName: 'CertName'
         PrivateKey: './certificates/privateKey.pem'
         Certificate: './certificates/certificate.pem'
       RouteConfig:
         Routes:
           '/a':
             ServiceName: serviceA
             FunctionName: functionA
           '/b':
             ServiceName: serviceB
             FunctionName: functionB

Aliyun::Serverless::Api

Creates a collection of Aliyun API Gateway resources and methods that can be invoked through HTTPS endpoints.

Properties
Property Name Type Description
Name string A name for the API Gateway RestApi resource.
StageName string Required. The name of the stage, which API Gateway uses as the first path segment in the invoke Uniform Resource Identifier (URI).
DefinitionUri string Swagger document address describing the API. You must specify either DefinitionUri or DefinitionBody.
DefinitionBody JSON or YAML Object Swagger specification that describes your API. Either one of DefinitionUri or DefinitionBody must be specified.

DefinitionBody can refer to: https://github.com/aliyun/fun/tree/master/examples/api-gateway/template.yml.

Example: Aliyun::Serverless::Api
StageName: prod
DefinitionUri: swagger.yml

Aliyun::Serverless::TableStore

The Aliyun::Serverless::TableStore::Table resource creates a instance of TableStore(OTS)

Properties
Property Name Type Description
ClusterType string Required. Cluster type。Available values ​​are: HYBRID, SSD. Represents a capacity instance and a high performance instance, respectively.
Description string Required. Description of the instance.
Aliyun::Serverless::TableStore::Table

The Aliyun::Serverless::TableStore::Table resource creates a table of TableStore(OTS) with a primary key list. It is useful when data only needs to be accessed via a primary key. This is partly functionality of TableStore.

Properties
Property Name Type Description
PrimaryKeyList Primary key list Attribute name and type of a list item to be used as the table's primary key. This cannot be modified without replacing the resource. Defaults to String attribute named ID.

Example: Aliyun::Serverless::TableStore

mytablestore: # tablestore name
    Type: 'Aliyun::Serverless::TableStore'
    Properties:
      ClusterType: HYBRID
      Description: just for fun test
    mytable: # table name
      Type: 'Aliyun::Serverless::TableStore::Table'
      Properties:
          PrimaryKeyList:
            - Name: uid
              Type: STRING

Aliyun::Serverless::Log

Aliyun::Serverless::Log resource creates a instance of Project.

Properties
Property Name Type Description
Description string Required。 Description of the project.
Aliyun::Serverless::Log::Logstore

Aliyun::Serverless::Log::Logstore resource creates a instance of Logstore.

Properties
Property Name Type Description
TTL integer Data storage time in days, which is in the value range of 1 to 3600.
shardCount integer The number of shards in this Logstore, which is in the range of 1 to 100.

Example:Aliyun::Serverless::Log

test-log-project:
  Type: 'Aliyun::Serverless::Log'
  Properties:
    Description: 'just test log'
  test-log-store:
    Type: 'Aliyun::Serverless::Log::Logstore'
    Properties:
      TTL: 10
      ShardCount: 1

Aliyun::Serverless::MNSTopic

Create topic in the MNS

Properties
Property Name Type Description
Region string Required. The region in which topic is created.
MaximumMessageSize integer The maximum length of the message body sent to the Topic, in bytes. Defaults to 65536.
LoggingEnabled boolean If log management is enabled. Defaults to false.
示例:Aliyun::Serverless::MNSTopic
test-topic:
  Type: 'Aliyun::Serverless::MNSTopic'
  Properties:
    Region: ap-southeast-2
    MaximumMessageSize: 2048
    LoggingEnabled: false

Event source types

Timer

Describes an object of type [Time Trigger] (https://help.aliyun.com/document_detail/68172.html).

Properties
Property Name Type Description
CronExpression string Required. The time when the function was triggered supports two settings: @every, cron expression.
Payload string Represents the input of the trigger event itself and can be customized by the user.
Enable boolean Whether to enable the Time Trigger.
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: Timer event source object
Type: Timer
Properties:
    CronExpression: '0 0 8 * * *'
    Enable: true
    Payload: 'awesome-fc'

HTTP

Describes the object of type [HTTP Trigger] (https://www.alibabacloud.com/help/doc-detail/71229.html).

Properties
Property Name Type Description
AuthType string Required. Authentication type, optional values: ANONYMOUS, FUNCTION.
Methods array Required. HTTP triggers support access methods. The optional values ​​are: GET, POST, PUT, DELETE, HEAD.
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: HTTP event source object
http-trigger-test: # trigger name
    Type: HTTP # trigger type
    Properties:
        AuthType: ANONYMOUS
        Methods: ['GET', 'POST', 'PUT']

Log

Describe the object of type [Log Trigger] (https://www.alibabacloud.com/help/doc-detail/60291.html).

Properties
Property Name Type Description
SourceConfig object Required. The datasource's Logstore name. Triggers periodically subscribe to data from the Logstore to Function compute.

JobConfig | object | Required. There are two configurable properties, one of which is MaxRetryTime, which represents the maximum number of attempts allowed if the logging service triggers a function execution. The other is TriggerInterval, which indicates the interval at which the logging service triggers the execution of the function. LogConfig | object | Required. There are three configurable properties. The first is Project, which represents the log service Project name. The second is the Logstore, which means that when the trigger function is executed, the resulting log will be logged to the Logstore. The third is an optional property, FunctionParameter, which is itself an object that, when the event fires, is sent to the function along with its contents. FunctionParameter | object | Optional. The log service uses this configuration content as function event. FunctionParameter, when the event fires, is sent to the function along with its contents. The default value is null ({}). Enable | boolean | Indicates whether the trigger is enabled. InvocationRole | string | Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test Qualifier | string | Optional. Service versions, such as "LATEST".

Example: Log event source object
Type: Log
Properties:
    SourceConfig:
        Logstore: logstore1
    JobConfig:
        MaxRetryTime: 1
        TriggerInterval: 30
    LogConfig:
        Project: testlog
        Logstore: logstore2
    Enable: true

RDS

Describe the object of type RDS Trigger

Properties
Property Name Type Description
InstanceId string Required. RDS instance ID
SubscriptionObjects array Required. subscription objects are those objects whose change can trigger a function to run. such as ["db1.table1", "db2.table2"]
Retry string Optional. invoke concurrency is the max number of functions invoked concurrently, set this option to 1 then the function will be invoked sequentially in the same order as the transaction is committed in binlog.。
Concurrency string Optional. invoke concurrency, If you care about the order of events, set this option to 1 , the function will be called in the order in which the transaction is committed in binlog, otherwise you can increase concurrency to improve performance.
EventFormat string Optional. notification event format, currently support json and protobuf
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: RDS event source object
rds-trigger-test: # trigger name
    Type: RDS # trigger type
    Properties:
        InstanceId: rm-12345799xyz
        SubscriptionObjects: 
          - db1.table1
        Retry: 2
        Concurrency: 1
        EventFormat: json

MNSTopic

Describe the object of type [MNSTopic Trigger] (https://www.alibabacloud.com/help/doc-detail/97032.htm) 。

Properties
Property Name Type Description
TopicName string Required. mns topicName
Region string Optional. Region of MNS topic, if not filled in, default is the same as the region of the function
NotifyContentFormat string Optional. notification event format, currently support STREAM and JSON, default is STREAM
NotifyStrategy string Optional. Retry strategy for invoking function, currently support BACKOFF_RETRY and EXPONENTIAL_DECAY_RETRY, default is BACKOFF_RETRY, details refer to NotifyStrategy
FilterTag string Optional. Message filter tag in the created subscription (Only messages with consistent tags are pushed.), The value is a string of no more than 16 characters, default is no message filter.
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: MNSTopic event source object
mns-topic-trigger-test: # trigger name
    Type: MNSTopic # trigger type
    Properties:
        TopicName: test-topic
        Region: cn-shanghai
        NotifyContentFormat: JSON
        NotifyStrategy: BACKOFF_RETRY

TableStore

Describe the object of type TableStore Trigger

Properties
Property Name Type Description
InstanceName string Required. InstanceName
TableName string Required. TableName
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: TableStore event source object
tablestore-trigger-test: # trigger name
    Type: TableStore # trigger type
    Properties:
        InstanceName: test-inst
        TableName: test-tbl

OSS

Describe the object of type OSS Trigger

Properties
Property Name Type Description
Events array Required. Indicates the type of an OSS event.
BucketName string Required. the corresponding bucket name in OSS. can refer to OSS example.
Filter object Required. Filters OSS events. Only OSS objects that meet the filtering condition can trigger a function. This parameter has a key attribute:
Key OSS Key configuration object Required Indicates the key supported by the filter.
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: OSS event source object
oss-trigger-test: # trigger name
    Type: OSS # trigger type
     Properties:
      BucketName: ossBucketName # oss bucket name     
      Events:
        - oss:ObjectCreated:*
        - oss:ObjectRemoved:DeleteObject
      Filter: 
        Key:
          Prefix: source/
          Suffix: .png

CDN

Describe the object of type CDN Trigger

Properties
Property Name Type Description
EventName string Required. is CDN event which invokes the function execution, can not be changed after creation.
EventVersion string Required. is CDN event version which invokes the function execution, can not be changed after creation.
Notes string Required. Descriptions.
Filter CDN Filter configuration object Required Filters (Need to have at least one filter).
InvocationRole string Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier string Optional. Service versions, such as "LATEST".
Example: CDN event source object
cdn-trigger-name: # trigger name
    Type: CDN # trigger type
    Properties:
      EventName: LogFileCreated
      EventVersion: '1.0.0'
      Notes: cdn events trigger test
      Filter: 
        Domain: ['www.taobao.com','www.tmall.com']

Property types

Event source object

The object describing the source of events which trigger the function.

Properties
Property Name Type Description
Type string Required. Event type. Event source types include 'Timer', 'Log'. For more information about all types, see Event source types.
Properties * Required. Object describing properties of this event mapping. Must conform to the defined Type. For more information about all types, see Event source types.
Example: Event Source Object
Type: Timer
Properties:
    CronExpression: '0 0 8 * * *'
    Enable: true
    Payload: 'awesome-fc

Primary key list

The list of objects describing the properties of primary keys.

Properties
Property Name Type Description
Name string Attribute name of the primary key. Defaults to id.
Type string Attribute type of the primary key. MUST be one of String, Number, or Binary.
Example: Primary key list
Properties:
  PrimaryKeyList:
    - Name: id
      Type: String

Provisioned Throughput Object

Properties
Property Name Type Description
ReadCapacityUnits number Sets the desired minimum number of consistent reads of items (up to 4KB in size) per second for the specified table before Aliyun Table Store (OTS) balances the load.
WriteCapacityUnits number Sets the desired minimum number of consistent writes of items (up to 4KB in size) per second for the specified table before Aliyun Table Store (OTS) balances the load.
Example: Provisioned throughput object
Properties:
  ProvisionedThroughput:
    ReadCapacityUnits: 5
    WriteCapacityUnits: 5

VPC configuration object

The properties that the Vpc configuration object contains include the VpcId, VSwitchIds, and SecurityGroupId attributes. What they mean Reference.

Example:

VpcConfig:
    VpcId: 'vpc-j6cfu2g6tslzekh8grfmk'
    VSwitchIds: [ 'vsw-j6chkgsg9naj6gx49espd' ]
    SecurityGroupId: 'sg-j6ceitqs6ljyssm1apom'

Log configuration object

The Log configuration object is used to specify the log service to which the log of function execution will be stored.

The configurable properties of the Log configuration object include: Project, Logstore. The concepts of Project and Logstore are the same as those in the log service. More information [Reference] (https://help.aliyun.com/document_detail/73349.html?spm=5176.11065259.1996646101.searchclickresult.3ee82ea1o9HX6S#console-log-config).

Example:

LogConfig:
    Project: localtestlog
    Logstore: localteststore

Nas configuration object

The Nas configuration object is used to specify the nas service in order to access Nas Shared file system.

The Nas configuration object configurable properties include: UserId, GroupId, MountPoints.

The configurable properties of the Nas configuration object include: UserId, GroupId, MountPoints.

Where MountPoints is an array of objects, each containing the ServerAddr and MountDir properties. [Reference] (https://www.alibabacloud.com/help/doc-detail/87401.htm).

Example:

NasConfig:
  UserId: 10003
  GroupId: 10003
  MountPoints:
    - ServerAddr: '012194b28f-xxxxx.cn-hangzhou.nas.aliyuncs.com:/'
      MountDir: '/mnt/test'

The Nas configuration object supports optional values Auto, which can be used to simplify the configuration of NasConfig, VpcConfig, Policies.

Example:

Properties:
  Policies:
    - AliyunECSNetworkInterfaceManagementAccess
  VpcConfig:
    VpcId: 'vpc-j6cfu2g6tslzekh8grfmk'
    VSwitchIds: [ 'vsw-j6chkgsg9naj6gx49espd' ]
    SecurityGroupId: 'sg-j6ceitqs6ljyssm1apom'
  NasConfig:
    UserId: 10003
    GroupId: 10003
    MountPoints:
      - ServerAddr: '012194b28f-xxxxx.cn-hangzhou.nas.aliyuncs.com:/'
        MountDir: '/mnt/test'

The configuration above can be simplified as follows:

Example:

Properties:
  NasConfig: Auto

More information [Reference] (https://yuque.antfin-inc.com/docs/share/7132da2e-73b9-4460-b160-df443c5176dc).

Environment variable object

Environment variables can be configured with a series of key-value pairs.

Example:

EnvironmentVariables: 
    'MYSQL_USER': 'root'
    'MYSQL_PASS': 'pass'

CodeUri

CodeUri is used to specify the code storage location, which can be used to specify:

file: CodeUri: hello.js dir: CodeUri: ./ zip: CodeUri: hello.zip oss file: CodeUri: 'oss://my-fc-testt/2018/helloworld.zip'

Among them, when specified as an oss file, the format is CodeUri: 'oss://bucket-name/filepath'.

RouteConfig object

The RouteConfig configuration object configurable properties include: Routes.

Routes is an element of RouteConfig object, which represents the configuration of routing table. The routes configuration object is a pathConfig array, which is used to set the mapping relation of path and function.

Example:

  Routes: # pathConfig array
    '/a': # path
      ServiceName: serviceA
      FunctionName: functionA
      Qualifier: Prod # versions(Optional)

CertConfig

CertConfig is used to describe a set of https certificate information. Certificate indicates the certificate, CertName indicates the certificate name, and PrivateKey indicates the private key, where the certificate and private key are filled in the PEM encoding format.

Example 1:

CertConfig:
  CertName: 'CertName'
  PrivateKey: './certificates/privateKey.pem'
  Certificate: './certificates/certificate.pem'

Example 2:

CertConfig:
  CertName: 'CertName'
  PrivateKey: |
    -----BEGIN RSA PRIVATE KEY-----
    MIIEowIBAAKCAQEA8WR/RbokaRz77bqoQE2aNYpZ/okMud8UFUniVfi6Pt2DdZ7z
    yusWRt3flx15CiapZbs/fxOgwFI9cwaGZEvuKBnkqzVNJojV3ASHJRwmvjsm6NzO
    OFYsLDy2pfgiTlBQHyjXFWIg2k/0Ype2VnyBMOzZq31JQfYgEklNj2Yhkz5qcx9A
    uSXJ4cewiOZ0bhpqU34sqvCToQXn6VrhPsJxwk8N5R6h1u5fpmAaggZ0JsxSz/cK
    1gZYtlHjLRNcbD4oxeRnms8TeBIjgSjmr1qH9Rx6OwVZjQ42WG+XDXp7yiktP8vK
    UvuvZRPS8irTKWq2edujRBra019rJkfb4lLgkQIDAQABAoIBABB5tHoU11FZShSS
    rdMduM24sKW/wt+Yyy0cytblUAjkY4mOnMMXwoB5uj39I/q+YsdvvUi2FT2rH0iP
    hHKqAAo6ojHRRH/BzR7kLDkrL7XCIci48VZFA2TNjAXN5sGDl8RYrD1oYiekV2C3
    TBmhC8xEDiM3PN3Ep7G30RRdeyMqeHfzWtEIs0V/E/Dqkukcj3RYVGd12yVlmjyi
    cP5th29AgS0prNRfHv2+0G2L73jiM5WYqJK0tzaNg4V4nZBebyCtv+vCOQC+jjda
    4DHh0YIeRLrfLqT04+dqE1zbKIPOCo6GoiNGnB92GXiyZliJGDjWSM9hbOML4pur
    oXOKXgECgYEA+1DnI2N5Rz/rBKJTmoERPUygSAAmF66M4zvqqlIC1QUle0L/O1mo
    02tQev6vvDKYImDt5vFrYRs4NB9UVTdMeCZXXaskugrwyXhtwb/cdMJ+2/dFL9lT
    nRiKKITzApOhomx4XP3H/2uA7MsOhd53E8Zh9zTURDB7ZXDUsWMaiCECgYEA9eQ/
    KuBgFnO2ePba+U6lrH0QVEg42byEXwigtijeo9knB7E9j+w/ddxLplw6cdrPuEHs
    OmvxcyetrqdoNGvUeRn6UXKMJPI4ec2a1XQn+az9uEwckEEeiL/PwOT8m1NXu44Q
    Xr5oxrEpicqha/kVlpJdtKnnZVURXrr83CLbinECgYAZTikn+BEzKm14tvuiGBLr
    UDbnaRRs2AeZrePQKJfeaTk/8xwOFtYYC7s71z9MvO9yrr3lvjNowLvlC66LMhlC
    E+JCLURycz2Rm825b588JoVtkrVlvwVbUShAMjrh7Ime+Dsaafdkcae2sC+TLTZi
    SFx+7tPc1eDm8viHsAnw4QKBgQDgWgUYheimE6Xl8LYSyqN3IhUIEW1tnQfZ/fFE
    wz2Amd12s0zMSG4Oh5WukG/y+gaUw/FZzKtculNKDAyT597RL9apAa7E9wx4dhRT
    tcvTjvdgdHGLXR8S/o/8G/IvdneR9SkSiQDoaTTROETYU0hTPfCpqmwqlNdoa4vS
    /yr4wQKBgEQPD42mSlRDEH96DwTqEQsXQTs/BtJFvMzozxcHIPa1byxWzDQk0A41
    pc9Hyu4AtN0rTyUk6iGGllht+u20pSeUMQpGNiAc599pK93JjlGGj/h61xoO3r8/
    B7rxEVPGms9nM/Ztl0EWvr9vvAckZb8ToknxGIh+jNfLAQhykdN0
    -----END RSA PRIVATE KEY-----

  Certificate: |
    -----BEGIN CERTIFICATE-----
    MIICxjCCAa4CCQDCGoU6hDAZXjANBgkqhkiG9w0BAQsFADAlMSMwIQYJKoZIhvcN
    AQkBFhR4aWF5dWxlMTQ4QGdtYWlsLmNvbTAeFw0xOTA1MzEwMzI2NDdaFw0yOTA1
    MjgwMzI2NDdaMCUxIzAhBgkqhkiG9w0BCQEWFHhpYXl1bGUxNDhAZ21haWwuY29t
    MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8WR/RbokaRz77bqoQE2a
    NYpZ/okMud8UFUniVfi6Pt2DdZ7zyusWRt3flx15CiapZbs/fxOgwFI9cwaGZEvu
    KBnkqzVNJojV3ASHJRwmvjsm6NzOOFYsLDy2pfgiTlBQHyjXFWIg2k/0Ype2VnyB
    MOzZq31JQfYgEklNj2Yhkz5qcx9AuSXJ4cewiOZ0bhpqU34sqvCToQXn6VrhPsJx
    wk8N5R6h1u5fpmAaggZ0JsxSz/cK1gZYtlHjLRNcbD4oxeRnms8TeBIjgSjmr1qH
    9Rx6OwVZjQ42WG+XDXp7yiktP8vKUvuvZRPS8irTKWq2edujRBra019rJkfb4lLg
    kQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1rRYwP7doPVupFm985A0H2lLLJIZ8
    1bWWaN+knWpW0KgIZACGCDzqgHQG+rB95DDHBUvjF/DI/EZjUxlfaOtddh5bjibZ
    2I+A+DeIDGaD3/Bc7fAYRImPq1gN4SlusFCquEfe9nILoCbsss8rq1FdYr3tRzTZ
    JJpe9Qs2TXk6kczSfaJTft5zxjiUV5NvQyqU3K8G2dxl68c6wC7LKpeQbT3ApWw1
    VZfBb9upP/FQc2EK8OkS/M5h4aGBq9YroYxvuKnfM/FUocJRaN9uKwH08D5WfXlq
    rbocmNuL4ev/pJ0H8AFO4usquEjGrhLJLnxTblFB2/dmlc4JJOMUYbfR
    -----END CERTIFICATE-----

OSS Key configuration object

The properties that the key configuration object contains include the Prefix and Suffix attributes. They mean the following: matching prefix and matching suffix.

Example:

Key:
  Prefix: source/
  Suffix: .png

CDN Filter configuration object

The configurable properties of the Filter object currently only include: Domain, which is an array of strings, which is required to represent a collection of Filter parameter values.

Example:

Filter:
  Domain: ['www.taobao.com','www.tmall.com']

Default Role

The default role will be generated when policies are specified or when the service is configured with properties such as VpcConfig or NasConfig, which explicitly require some permissions.

Reasons for this design:

  1. Because the generation of role needs a large permission. In unnecessary scenarios, we try not to generate the default role as much as possible to avoid the user's sub-user privilege is insufficient.
  2. Generally, function use this role to invoke other cloud services. Even if default role is generated, it is meaningless not to specify policies, because there will be no corresponding permissions.
  3. Ram Service has a limitation on the number of roles.