The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
The Fun with Serverless(fun) is licensed under The MIT License.
Fun is a model used to define serverless applications on Aliyun.
Serverless applications are applications composed of functions triggered by events. A typical serverless application consists of one or more Aliyun Function Compute triggered by events such as object uploads to Aliyun OSS, performs data operations on Aliyun OTS, and API actions. Those functions can stand alone or leverage other resources such as Aliyun OTS tables or OSS buckets. The most basic serverless application is simply a function.
The files describing a serverless application in accordance with Aliyun Fun are YAML formatted text files.
The template must include a Transform
section in the document root with a value of Aliyun::Serverless-2018-04-03
.
ROSTemplateFormatVersion: '2015-09-01'
Transform: 'Aliyun::Serverless-2018-04-03'
Resources:
MyService: # service name
Type: 'Aliyun::Serverless::Service'
Properties:
Policies:
- AliyunFCReadOnlyAccess # Managed Policy
- Version: '1' # Policy Document
Statement:
- Effect: Allow
Action:
- oss:GetObject
- oss:GetObjectACL
Resource: '*'
MyFunction: # function name
Type: 'Aliyun::Serverless::Function'
Properties:
Handler: index.handler
Runtime: nodejs6
CodeUri: './'
Events:
http-test: # trigger name
Type: HTTP # http trigger
Properties:
AuthType: ANONYMOUS
Methods: ['GET', 'POST', 'PUT']
All property names in Aliyun Fun are case sensitive.
- Aliyun::Serverless::Service
- Aliyun::Serverless::CustomDomain
- Aliyun::Serverless::Api
- Aliyun::Serverless::TableStore
- Aliyun::Serverless::Log
- Aliyun::Serverless::MNSTopic
Creates a FC service that is a function group , bind common propertis , like RAM execution role and log serice.
Property Name | Type | Description |
---|---|---|
Role | string |
ARN of an RAM role to use as this function's execution role. If omitted, a Default role is created for this function. |
Policies | string | List of string | RAM policy document object | List of RAM policy document object |
Names of Aliyun managed RAM policies or RAM policy documents that this function needs, which should be appended to the default role for this function. If the Role property is set, this property has no meaning. |
InternetAccess | boolean |
Indicates whether this service can access the public network. |
VpcConfig | VPC configuration object | Allows functions to access services within vpc. |
LogConfig | Log configuration object | Allow logs that function execution to be stored in the log service. |
NasConfig | Nas configuration object | Allows functions to nas. |
Description | string |
Description of the service. |
Creates a FC function and event source mappings which trigger the function. Function is child node of a service.
Property Name | Type | Description |
---|---|---|
Handler | string |
Required. Function within your code that is called to begin execution. |
Runtime | string |
Required. The runtime environment. The optional values are: nodejs6, nodejs8, nodejs10, nodejs12, python2.7, python3, java8, java11, php7.2, dotnetcore2.1 . |
CodeUri | string |
Required. Code location. Supports file, dir, zip, oss-bucket, etc. More information [Reference] (#codeuri). |
Description | string |
Description of the function. |
MemorySize | integer |
Size of the memory allocated per invocation of the function in MB. Defaults to 128. |
Timeout | integer |
Maximum time that the function can run before it is killed in seconds. Defaults to 3. |
EnvironmentVariables | Environment variable object | Configuring Environment Variables for Functions。 |
InstanceConcurrency | integer |
Set an instance concurrency (minimum 1, maximum 100) for the function. Indicates how many requests a single function instance can handle at the same time. More information Reference. |
Events | Map of string to Event source object |
A map (string to Event source object) that defines the events that trigger this function. |
MyService: # service name
Type: 'Aliyun::Serverless::Service'
MyFunction: # function name
Type: 'Aliyun::Serverless::Function'
Properties:
Handler: index.handler
Runtime: nodejs6
CodeUri: './'
Description: Nodejs Http Trigger Test
MemorySize: 1024
Timeout: 15
create Custom Domain。Custom Domain is a feature of Function Compute, users can invoke functions via Custom Domain.
Property Name | Type | Description |
---|---|---|
Protocol | string |
protocol type supported by custom domain name. Optional values are: HTTP and HTTP,HTTPS (English comma). |
RouteConfig | RouteConfig object | mappings of paths and functions |
CertConfig | CertConfig object | https certificate information(configuration only when Protocol is HTTP, HTTPS ). |
Example 1, Protocol
is an example of HTTP
:
abc.com: # domain name
Type: 'Aliyun::Serverless::CustomDomain'
Properties:
Protocol: HTTP
RouteConfig:
Routes:
'/a':
ServiceName: serviceA
FunctionName: functionA
'/b':
ServiceName: serviceB
FunctionName: functionB
Example 2, Protocol
is an example of HTTP,HTTPS
:
abc.com: # domain name
Type: 'Aliyun::Serverless::CustomDomain'
Properties:
Protocol: HTTP,HTTPS
CertConfig:
CertName: 'CertName'
PrivateKey: './certificates/privateKey.pem'
Certificate: './certificates/certificate.pem'
RouteConfig:
Routes:
'/a':
ServiceName: serviceA
FunctionName: functionA
'/b':
ServiceName: serviceB
FunctionName: functionB
Creates a collection of Aliyun API Gateway resources and methods that can be invoked through HTTPS endpoints.
Property Name | Type | Description |
---|---|---|
Name | string |
A name for the API Gateway RestApi resource. |
StageName | string |
Required. The name of the stage, which API Gateway uses as the first path segment in the invoke Uniform Resource Identifier (URI). |
DefinitionUri | string |
Swagger document address describing the API. You must specify either DefinitionUri or DefinitionBody . |
DefinitionBody | JSON or YAML Object |
Swagger specification that describes your API. Either one of DefinitionUri or DefinitionBody must be specified. |
DefinitionBody
can refer to: https://github.com/aliyun/fun/tree/master/examples/api-gateway/template.yml.
StageName: prod
DefinitionUri: swagger.yml
The Aliyun::Serverless::TableStore::Table
resource creates a instance of TableStore(OTS)
Property Name | Type | Description |
---|---|---|
ClusterType | string |
Required. Cluster type。Available values are: HYBRID, SSD. Represents a capacity instance and a high performance instance, respectively. |
Description | string |
Required. Description of the instance. |
The Aliyun::Serverless::TableStore::Table
resource creates a table of TableStore(OTS) with a primary key list. It is useful when data only needs to be accessed via a primary key. This is partly functionality of TableStore.
Property Name | Type | Description |
---|---|---|
PrimaryKeyList | Primary key list | Attribute name and type of a list item to be used as the table's primary key. This cannot be modified without replacing the resource. Defaults to String attribute named ID. |
mytablestore: # tablestore name
Type: 'Aliyun::Serverless::TableStore'
Properties:
ClusterType: HYBRID
Description: just for fun test
mytable: # table name
Type: 'Aliyun::Serverless::TableStore::Table'
Properties:
PrimaryKeyList:
- Name: uid
Type: STRING
Aliyun::Serverless::Log
resource creates a instance of Project.
Property Name | Type | Description |
---|---|---|
Description | string |
Required。 Description of the project. |
Aliyun::Serverless::Log::Logstore
resource creates a instance of Logstore.
Property Name | Type | Description |
---|---|---|
TTL | integer |
Data storage time in days, which is in the value range of 1 to 3600. |
shardCount | integer |
The number of shards in this Logstore, which is in the range of 1 to 100. |
test-log-project:
Type: 'Aliyun::Serverless::Log'
Properties:
Description: 'just test log'
test-log-store:
Type: 'Aliyun::Serverless::Log::Logstore'
Properties:
TTL: 10
ShardCount: 1
Create topic in the MNS
Property Name | Type | Description |
---|---|---|
Region | string |
Required. The region in which topic is created. |
MaximumMessageSize | integer |
The maximum length of the message body sent to the Topic, in bytes. Defaults to 65536 . |
LoggingEnabled | boolean |
If log management is enabled. Defaults to false . |
test-topic:
Type: 'Aliyun::Serverless::MNSTopic'
Properties:
Region: ap-southeast-2
MaximumMessageSize: 2048
LoggingEnabled: false
Describes an object of type [Time Trigger] (https://help.aliyun.com/document_detail/68172.html).
Property Name | Type | Description |
---|---|---|
CronExpression | string |
Required. The time when the function was triggered supports two settings: @every, cron expression. |
Payload | string |
Represents the input of the trigger event itself and can be customized by the user. |
Enable | boolean |
Whether to enable the Time Trigger. |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
Type: Timer
Properties:
CronExpression: '0 0 8 * * *'
Enable: true
Payload: 'awesome-fc'
Describes the object of type [HTTP Trigger] (https://www.alibabacloud.com/help/doc-detail/71229.html).
Property Name | Type | Description |
---|---|---|
AuthType | string |
Required. Authentication type, optional values: ANONYMOUS, FUNCTION. |
Methods | array |
Required. HTTP triggers support access methods. The optional values are: GET, POST, PUT, DELETE, HEAD. |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
http-trigger-test: # trigger name
Type: HTTP # trigger type
Properties:
AuthType: ANONYMOUS
Methods: ['GET', 'POST', 'PUT']
Describe the object of type [Log Trigger] (https://www.alibabacloud.com/help/doc-detail/60291.html).
Property Name | Type | Description |
---|---|---|
SourceConfig | object |
Required. The datasource's Logstore name. Triggers periodically subscribe to data from the Logstore to Function compute. |
JobConfig | object
| Required. There are two configurable properties, one of which is MaxRetryTime, which represents the maximum number of attempts allowed if the logging service triggers a function execution. The other is TriggerInterval, which indicates the interval at which the logging service triggers the execution of the function.
LogConfig | object
| Required. There are three configurable properties. The first is Project, which represents the log service Project name. The second is the Logstore, which means that when the trigger function is executed, the resulting log will be logged to the Logstore. The third is an optional property, FunctionParameter, which is itself an object that, when the event fires, is sent to the function along with its contents.
FunctionParameter | object
| Optional. The log service uses this configuration content as function event. FunctionParameter, when the event fires, is sent to the function along with its contents. The default value is null ({}).
Enable | boolean
| Indicates whether the trigger is enabled.
InvocationRole | string
| Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test
Qualifier | string
| Optional. Service versions, such as "LATEST".
Type: Log
Properties:
SourceConfig:
Logstore: logstore1
JobConfig:
MaxRetryTime: 1
TriggerInterval: 30
LogConfig:
Project: testlog
Logstore: logstore2
Enable: true
Describe the object of type RDS Trigger。
Property Name | Type | Description |
---|---|---|
InstanceId | string |
Required. RDS instance ID |
SubscriptionObjects | array |
Required. subscription objects are those objects whose change can trigger a function to run. such as ["db1.table1", "db2.table2"] |
Retry | string |
Optional. invoke concurrency is the max number of functions invoked concurrently, set this option to 1 then the function will be invoked sequentially in the same order as the transaction is committed in binlog.。 |
Concurrency | string |
Optional. invoke concurrency, If you care about the order of events, set this option to 1 , the function will be called in the order in which the transaction is committed in binlog, otherwise you can increase concurrency to improve performance. |
EventFormat | string |
Optional. notification event format, currently support json and protobuf |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
rds-trigger-test: # trigger name
Type: RDS # trigger type
Properties:
InstanceId: rm-12345799xyz
SubscriptionObjects:
- db1.table1
Retry: 2
Concurrency: 1
EventFormat: json
Describe the object of type [MNSTopic Trigger] (https://www.alibabacloud.com/help/doc-detail/97032.htm) 。
Property Name | Type | Description |
---|---|---|
TopicName | string |
Required. mns topicName |
Region | string |
Optional. Region of MNS topic, if not filled in, default is the same as the region of the function |
NotifyContentFormat | string |
Optional. notification event format, currently support STREAM and JSON, default is STREAM |
NotifyStrategy | string |
Optional. Retry strategy for invoking function, currently support BACKOFF_RETRY and EXPONENTIAL_DECAY_RETRY, default is BACKOFF_RETRY, details refer to NotifyStrategy |
FilterTag | string |
Optional. Message filter tag in the created subscription (Only messages with consistent tags are pushed.), The value is a string of no more than 16 characters, default is no message filter. |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
mns-topic-trigger-test: # trigger name
Type: MNSTopic # trigger type
Properties:
TopicName: test-topic
Region: cn-shanghai
NotifyContentFormat: JSON
NotifyStrategy: BACKOFF_RETRY
Describe the object of type TableStore Trigger 。
Property Name | Type | Description |
---|---|---|
InstanceName | string |
Required. InstanceName |
TableName | string |
Required. TableName |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
tablestore-trigger-test: # trigger name
Type: TableStore # trigger type
Properties:
InstanceName: test-inst
TableName: test-tbl
Describe the object of type OSS Trigger。
Property Name | Type | Description |
---|---|---|
Events | array |
Required. Indicates the type of an OSS event. |
BucketName | string |
Required. the corresponding bucket name in OSS. can refer to OSS example. |
Filter | object |
Required. Filters OSS events. Only OSS objects that meet the filtering condition can trigger a function. This parameter has a key attribute: |
Key | OSS Key configuration object |
Required Indicates the key supported by the filter. |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
oss-trigger-test: # trigger name
Type: OSS # trigger type
Properties:
BucketName: ossBucketName # oss bucket name
Events:
- oss:ObjectCreated:*
- oss:ObjectRemoved:DeleteObject
Filter:
Key:
Prefix: source/
Suffix: .png
Describe the object of type CDN Trigger。
Property Name | Type | Description |
---|---|---|
EventName | string |
Required. is CDN event which invokes the function execution, can not be changed after creation. |
EventVersion | string |
Required. is CDN event version which invokes the function execution, can not be changed after creation. |
Notes | string |
Required. Descriptions. |
Filter | CDN Filter configuration object |
Required Filters (Need to have at least one filter). |
InvocationRole | string |
Optional. Use the ARN of a RAM role to specify the invocation role for the function, and the event source will use this role to trigger the function execution. Make sure that the role has permission to invoke the function. The form of ARN is as follows: acs:ram::1234567890:role/fc-invoke-test |
Qualifier | string |
Optional. Service versions, such as "LATEST". |
cdn-trigger-name: # trigger name
Type: CDN # trigger type
Properties:
EventName: LogFileCreated
EventVersion: '1.0.0'
Notes: cdn events trigger test
Filter:
Domain: ['www.taobao.com','www.tmall.com']
The object describing the source of events which trigger the function.
Property Name | Type | Description |
---|---|---|
Type | string |
Required. Event type. Event source types include 'Timer', 'Log'. For more information about all types, see Event source types. |
Properties | * | Required. Object describing properties of this event mapping. Must conform to the defined Type . For more information about all types, see Event source types. |
Type: Timer
Properties:
CronExpression: '0 0 8 * * *'
Enable: true
Payload: 'awesome-fc
The list of objects describing the properties of primary keys.
Property Name | Type | Description |
---|---|---|
Name | string |
Attribute name of the primary key. Defaults to id . |
Type | string |
Attribute type of the primary key. MUST be one of String , Number , or Binary . |
Properties:
PrimaryKeyList:
- Name: id
Type: String
Property Name | Type | Description |
---|---|---|
ReadCapacityUnits | number |
Sets the desired minimum number of consistent reads of items (up to 4KB in size) per second for the specified table before Aliyun Table Store (OTS) balances the load. |
WriteCapacityUnits | number |
Sets the desired minimum number of consistent writes of items (up to 4KB in size) per second for the specified table before Aliyun Table Store (OTS) balances the load. |
Properties:
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
The properties that the Vpc configuration object contains include the VpcId
, VSwitchIds
, and SecurityGroupId
attributes. What they mean Reference.
Example:
VpcConfig:
VpcId: 'vpc-j6cfu2g6tslzekh8grfmk'
VSwitchIds: [ 'vsw-j6chkgsg9naj6gx49espd' ]
SecurityGroupId: 'sg-j6ceitqs6ljyssm1apom'
The Log configuration object is used to specify the log service to which the log of function execution will be stored.
The configurable properties of the Log configuration object include: Project
, Logstore
. The concepts of Project
and Logstore
are the same as those in the log service. More information [Reference] (https://help.aliyun.com/document_detail/73349.html?spm=5176.11065259.1996646101.searchclickresult.3ee82ea1o9HX6S#console-log-config).
Example:
LogConfig:
Project: localtestlog
Logstore: localteststore
The Nas configuration object is used to specify the nas service in order to access Nas Shared file system.
The Nas configuration object configurable properties include: UserId
, GroupId
, MountPoints
.
The configurable properties of the Nas configuration object include: UserId
, GroupId
, MountPoints
.
Where MountPoints
is an array of objects, each containing the ServerAddr
and MountDir
properties. [Reference] (https://www.alibabacloud.com/help/doc-detail/87401.htm).
Example:
NasConfig:
UserId: 10003
GroupId: 10003
MountPoints:
- ServerAddr: '012194b28f-xxxxx.cn-hangzhou.nas.aliyuncs.com:/'
MountDir: '/mnt/test'
The Nas configuration object supports optional values Auto
, which can be used to simplify the configuration of NasConfig
, VpcConfig
, Policies
.
Example:
Properties:
Policies:
- AliyunECSNetworkInterfaceManagementAccess
VpcConfig:
VpcId: 'vpc-j6cfu2g6tslzekh8grfmk'
VSwitchIds: [ 'vsw-j6chkgsg9naj6gx49espd' ]
SecurityGroupId: 'sg-j6ceitqs6ljyssm1apom'
NasConfig:
UserId: 10003
GroupId: 10003
MountPoints:
- ServerAddr: '012194b28f-xxxxx.cn-hangzhou.nas.aliyuncs.com:/'
MountDir: '/mnt/test'
The configuration above can be simplified as follows:
Example:
Properties:
NasConfig: Auto
More information [Reference] (https://yuque.antfin-inc.com/docs/share/7132da2e-73b9-4460-b160-df443c5176dc).
Environment variables can be configured with a series of key-value pairs.
Example:
EnvironmentVariables:
'MYSQL_USER': 'root'
'MYSQL_PASS': 'pass'
CodeUri is used to specify the code storage location, which can be used to specify:
file:
CodeUri: hello.js
dir:CodeUri: ./
zip:CodeUri: hello.zip
oss file:CodeUri: 'oss://my-fc-testt/2018/helloworld.zip'
。
Among them, when specified as an oss file, the format is CodeUri: 'oss://bucket-name/filepath'
.
The RouteConfig configuration object configurable properties include: Routes
.
Routes is an element of RouteConfig object, which represents the configuration of routing table. The routes configuration object is a pathConfig array, which is used to set the mapping relation of path and function.
Example:
Routes: # pathConfig array
'/a': # path
ServiceName: serviceA
FunctionName: functionA
Qualifier: Prod # versions(Optional)
CertConfig is used to describe a set of https certificate information.
Certificate
indicates the certificate, CertName
indicates the certificate name, and PrivateKey
indicates the private key, where the certificate and private key are filled in the PEM encoding format.
Example 1:
CertConfig:
CertName: 'CertName'
PrivateKey: './certificates/privateKey.pem'
Certificate: './certificates/certificate.pem'
Example 2:
CertConfig:
CertName: 'CertName'
PrivateKey: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA8WR/RbokaRz77bqoQE2aNYpZ/okMud8UFUniVfi6Pt2DdZ7z
yusWRt3flx15CiapZbs/fxOgwFI9cwaGZEvuKBnkqzVNJojV3ASHJRwmvjsm6NzO
OFYsLDy2pfgiTlBQHyjXFWIg2k/0Ype2VnyBMOzZq31JQfYgEklNj2Yhkz5qcx9A
uSXJ4cewiOZ0bhpqU34sqvCToQXn6VrhPsJxwk8N5R6h1u5fpmAaggZ0JsxSz/cK
1gZYtlHjLRNcbD4oxeRnms8TeBIjgSjmr1qH9Rx6OwVZjQ42WG+XDXp7yiktP8vK
UvuvZRPS8irTKWq2edujRBra019rJkfb4lLgkQIDAQABAoIBABB5tHoU11FZShSS
rdMduM24sKW/wt+Yyy0cytblUAjkY4mOnMMXwoB5uj39I/q+YsdvvUi2FT2rH0iP
hHKqAAo6ojHRRH/BzR7kLDkrL7XCIci48VZFA2TNjAXN5sGDl8RYrD1oYiekV2C3
TBmhC8xEDiM3PN3Ep7G30RRdeyMqeHfzWtEIs0V/E/Dqkukcj3RYVGd12yVlmjyi
cP5th29AgS0prNRfHv2+0G2L73jiM5WYqJK0tzaNg4V4nZBebyCtv+vCOQC+jjda
4DHh0YIeRLrfLqT04+dqE1zbKIPOCo6GoiNGnB92GXiyZliJGDjWSM9hbOML4pur
oXOKXgECgYEA+1DnI2N5Rz/rBKJTmoERPUygSAAmF66M4zvqqlIC1QUle0L/O1mo
02tQev6vvDKYImDt5vFrYRs4NB9UVTdMeCZXXaskugrwyXhtwb/cdMJ+2/dFL9lT
nRiKKITzApOhomx4XP3H/2uA7MsOhd53E8Zh9zTURDB7ZXDUsWMaiCECgYEA9eQ/
KuBgFnO2ePba+U6lrH0QVEg42byEXwigtijeo9knB7E9j+w/ddxLplw6cdrPuEHs
OmvxcyetrqdoNGvUeRn6UXKMJPI4ec2a1XQn+az9uEwckEEeiL/PwOT8m1NXu44Q
Xr5oxrEpicqha/kVlpJdtKnnZVURXrr83CLbinECgYAZTikn+BEzKm14tvuiGBLr
UDbnaRRs2AeZrePQKJfeaTk/8xwOFtYYC7s71z9MvO9yrr3lvjNowLvlC66LMhlC
E+JCLURycz2Rm825b588JoVtkrVlvwVbUShAMjrh7Ime+Dsaafdkcae2sC+TLTZi
SFx+7tPc1eDm8viHsAnw4QKBgQDgWgUYheimE6Xl8LYSyqN3IhUIEW1tnQfZ/fFE
wz2Amd12s0zMSG4Oh5WukG/y+gaUw/FZzKtculNKDAyT597RL9apAa7E9wx4dhRT
tcvTjvdgdHGLXR8S/o/8G/IvdneR9SkSiQDoaTTROETYU0hTPfCpqmwqlNdoa4vS
/yr4wQKBgEQPD42mSlRDEH96DwTqEQsXQTs/BtJFvMzozxcHIPa1byxWzDQk0A41
pc9Hyu4AtN0rTyUk6iGGllht+u20pSeUMQpGNiAc599pK93JjlGGj/h61xoO3r8/
B7rxEVPGms9nM/Ztl0EWvr9vvAckZb8ToknxGIh+jNfLAQhykdN0
-----END RSA PRIVATE KEY-----
Certificate: |
-----BEGIN CERTIFICATE-----
MIICxjCCAa4CCQDCGoU6hDAZXjANBgkqhkiG9w0BAQsFADAlMSMwIQYJKoZIhvcN
AQkBFhR4aWF5dWxlMTQ4QGdtYWlsLmNvbTAeFw0xOTA1MzEwMzI2NDdaFw0yOTA1
MjgwMzI2NDdaMCUxIzAhBgkqhkiG9w0BCQEWFHhpYXl1bGUxNDhAZ21haWwuY29t
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8WR/RbokaRz77bqoQE2a
NYpZ/okMud8UFUniVfi6Pt2DdZ7zyusWRt3flx15CiapZbs/fxOgwFI9cwaGZEvu
KBnkqzVNJojV3ASHJRwmvjsm6NzOOFYsLDy2pfgiTlBQHyjXFWIg2k/0Ype2VnyB
MOzZq31JQfYgEklNj2Yhkz5qcx9AuSXJ4cewiOZ0bhpqU34sqvCToQXn6VrhPsJx
wk8N5R6h1u5fpmAaggZ0JsxSz/cK1gZYtlHjLRNcbD4oxeRnms8TeBIjgSjmr1qH
9Rx6OwVZjQ42WG+XDXp7yiktP8vKUvuvZRPS8irTKWq2edujRBra019rJkfb4lLg
kQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB1rRYwP7doPVupFm985A0H2lLLJIZ8
1bWWaN+knWpW0KgIZACGCDzqgHQG+rB95DDHBUvjF/DI/EZjUxlfaOtddh5bjibZ
2I+A+DeIDGaD3/Bc7fAYRImPq1gN4SlusFCquEfe9nILoCbsss8rq1FdYr3tRzTZ
JJpe9Qs2TXk6kczSfaJTft5zxjiUV5NvQyqU3K8G2dxl68c6wC7LKpeQbT3ApWw1
VZfBb9upP/FQc2EK8OkS/M5h4aGBq9YroYxvuKnfM/FUocJRaN9uKwH08D5WfXlq
rbocmNuL4ev/pJ0H8AFO4usquEjGrhLJLnxTblFB2/dmlc4JJOMUYbfR
-----END CERTIFICATE-----
The properties that the key configuration object contains include the Prefix
and Suffix
attributes.
They mean the following: matching prefix and matching suffix.
Example:
Key:
Prefix: source/
Suffix: .png
The configurable properties of the Filter object currently only include: Domain
, which is an array of strings, which is required to represent a collection of Filter parameter values.
Example:
Filter:
Domain: ['www.taobao.com','www.tmall.com']
The default role will be generated when policies are specified or when the service is configured with properties such as VpcConfig or NasConfig, which explicitly require some permissions.
Reasons for this design:
- Because the generation of role needs a large permission. In unnecessary scenarios, we try not to generate the default role as much as possible to avoid the user's sub-user privilege is insufficient.
- Generally, function use this role to invoke other cloud services. Even if default role is generated, it is meaningless not to specify policies, because there will be no corresponding permissions.
- Ram Service has a limitation on the number of roles.