From f5be169e14f7e7fc40ddf9afa0d0394b56e4905a Mon Sep 17 00:00:00 2001 From: qitan Date: Wed, 27 Mar 2024 16:16:27 +0800 Subject: [PATCH] add technical soltion 108 --- README-CN.md | 2 + README.md | 16 +- .../accelerate-static-website.yml | 151 ++++++++++++++++++ ...-speeds-up-distribution-of-file-on-oss.yml | 28 +++- resources/cdn/domain.yml | 10 +- ...mes-or-retail-single-db-single-service.yml | 34 ++-- 6 files changed, 213 insertions(+), 28 deletions(-) create mode 100644 documents/solution/cdn-and-video-cloud/accelerate-static-website.yml diff --git a/README-CN.md b/README-CN.md index 48b86f06..1845b603 100644 --- a/README-CN.md +++ b/README-CN.md @@ -514,6 +514,7 @@ ROS 模板的示例和最佳实践。模板分类如下: | [cdn-speeds-up-distribution-of-file-on-oss.yml](documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml) | 使用CDN加速OSS上存储的文件资源分发。 | [解决方案](https://www.aliyun.com/solution/tech-solution/fdaaco) | | [dcdn-acceleration.yml](documents/solution/cdn-and-video-cloud/dcdn-acceleration.yml) | 加速资源请求场景实践。 | | [dcdn-speeds-up-data-storage-on-oss.yml](documents/solution/cdn-and-video-cloud/dcdn-speeds-up-data-storage-on-oss.yml) | 多媒体数据存储与分发。 | [解决方案](https://www.aliyun.com/solution/tech-solution/mdsad) | +| [accelerate-static-website.yml](documents/solution/cdn-and-video-cloud/accelerate-static-website.yml) | 网站静态资源跨地域访问加速。 | - cloud-migration @@ -566,6 +567,7 @@ ROS 模板的示例和最佳实践。模板分类如下: | [cloud-firewall-in-multiple-accounts.yml](documents/solution/security-and-compliance/cloud-firewall-in-multiple-accounts.yml) | 创建VPC类型ECS,并绑定EIP。 | [解决方案](https://www.aliyun.com/solution/tech-solution/umomaicf) | | [enterprise-multi-account-identity-permissions.yml](documents/solution/security-and-compliance/enterprise-multi-account-identity-permissions.yml) | 企业多账号身份权限集中管理。 | [解决方案](https://www.aliyun.com/solution/tech-solution/cmomaip) | | [only-approved-cloud-services.yml](documents/solution/security-and-compliance/only-approved-cloud-services.yml) | 限制企业仅使用已批准的云服务。 | +| [protect-web-applications-with-WAF.yml](documents/solution/security-and-compliance/protect-web-applications-with-WAF.yml) | 通过 WAF 防护 Web 应用。 | diff --git a/README.md b/README.md index 39a57bf5..d01eaee2 100644 --- a/README.md +++ b/README.md @@ -513,11 +513,12 @@ Examples and best practices of ROS templates. The templates are categorized as f - cdn-and-video-cloud -| Template | Description | -|-----------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------| -| [cdn-speeds-up-distribution-of-file-on-oss.yml](documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml) | Use a CDN to speed up the distribution of file resources stored on OSS. | -| [dcdn-acceleration.yml](documents/solution/cdn-and-video-cloud/dcdn-acceleration.yml) | Accelerate resource request scenario practices. | -| [dcdn-speeds-up-data-storage-on-oss.yml](documents/solution/cdn-and-video-cloud/dcdn-speeds-up-data-storage-on-oss.yml) | Use a CDN to speed up the Multimedia data storage and distribution on OSS. | +| Template | Description | +|---------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------| +| [cdn-speeds-up-distribution-of-file-on-oss.yml](documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml) | Use a CDN to speed up the distribution of file resources stored on OSS. | +| [dcdn-acceleration.yml](documents/solution/cdn-and-video-cloud/dcdn-acceleration.yml) | Accelerate resource request scenario practices. | +| [dcdn-speeds-up-data-storage-on-oss.yml](documents/solution/cdn-and-video-cloud/dcdn-speeds-up-data-storage-on-oss.yml) | Use a CDN to speed up the Multimedia data storage and distribution on OSS. | +| [accelerate-static-website.yml](documents/solution/cdn-and-video-cloud/accelerate-static-website.yml) | Accelerate cross-regional access to website static resources. | - cloud-migration @@ -565,13 +566,14 @@ Examples and best practices of ROS templates. The templates are categorized as f - security-and-compliance -| Template | Description | -|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| Template | Description | +|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------| | [efficiently-build-a-new-account-with-security-and-compliance.yml](documents/solution/security-and-compliance/efficiently-build-a-new-account-with-security-and-compliance.yml) | Efficiently build a new account with security and compliance. | | [multiple-accounts-support-configuration-auditing.yml](documents/solution/security-and-compliance/multiple-accounts-support-configuration-auditing.yml) | Configure unified compliance audit for multiple accounts. | | [cloud-firewall-in-multiple-accounts.yml](documents/solution/security-and-compliance/cloud-firewall-in-multiple-accounts.yml) | Create a VPC type ECS and bind EIP. | | [enterprise-multi-account-identity-permissions.yml](documents/solution/security-and-compliance/enterprise-multi-account-identity-permissions.yml) | Centralized management of enterprise multi-account identity permissions. | | [only-approved-cloud-services.yml](documents/solution/security-and-compliance/only-approved-cloud-services.yml) | Restrict enterprises to only approved cloud services. | +| [protect-web-applications-with-WAF.yml](documents/solution/security-and-compliance/protect-web-applications-with-WAF.yml) | Protect web applications with WAF. | diff --git a/documents/solution/cdn-and-video-cloud/accelerate-static-website.yml b/documents/solution/cdn-and-video-cloud/accelerate-static-website.yml new file mode 100644 index 00000000..44db8ff9 --- /dev/null +++ b/documents/solution/cdn-and-video-cloud/accelerate-static-website.yml @@ -0,0 +1,151 @@ +ROSTemplateFormatVersion: '2015-09-01' +Description: + zh-cn: 网站静态资源跨地域访问加速。 + en: Accelerate cross-regional access to website static resources. +Parameters: + Scope: + Type: String + Label: + zh-cn: 加速区域 + en: Acceleration area + Description: + zh-cn: 选择加速区域。加速区域为仅中国内地和全球时,服务域名必须备案。 + en: Select the acceleration area. When the acceleration region is only in mainland China and the world, the service domain name must be filed. + Default: domestic + AllowedValues: + - domestic + - overseas + - global + DomainName: + Type: String + Label: + zh-cn: 加速域名 + en: Accelerated domain name + Description: + zh-cn: 加速域名是指接入CDN,用于加速源站的域名。请填写您账号下的域名。 + en: Accelerated domain name refers to the domain name of the access CDN used to accelerate the source site. Please fill in the domain name under your account. + BucketName: + Type: String + Label: + en: Bucket Name + zh-cn: 存储空间名称 + Description: + en: The name must be 3 to 63 bytes in length, The name must start and end with a lowercase letter or digit.The name can contain only lowercase letters, digits, and hyphens (-).;
note:A bucket name must be globally unique within OSS. Bucket names cannot be changed after the bucket is created. + zh-cn: 长度为3~63个字符,必须以小写字母或数字开头和结尾,可以包含小写字母、数字和连字符(-);
注:需要全网唯一性,已经存在的不能在创建。 + AssociationProperty: AutoCompleteInput + AssociationPropertyMetadata: + Length: 6 + Prefix: image-example- + CharacterClasses: + - Class: lowercase + min: 1 +Resources: + OssBucket: + Type: ALIYUN::OSS::Bucket + DependsOn: AutoEnableOSS + Properties: + BucketName: + Ref: BucketName + DeletionForce: true + AutoEnableCDN: + Type: ALIYUN::ROS::AutoEnableService + Properties: + ServiceName: CDN + AutoEnableOSS: + Type: ALIYUN::ROS::AutoEnableService + Properties: + ServiceName: OSS + Domain: + Type: ALIYUN::CDN::Domain + Properties: + Sources: + Fn::Sub: + - '[{"content":"${content}", "type":"oss", "priority":"20", "port":80, "weight":"10"}]' + - content: + Fn::GetAtt: + - OssBucket + - DomainName + CdnType: web + Scope: + Ref: Scope + DomainName: + Ref: DomainName + DependsOn: + - OssDomain + - AutoEnableCDN + DomainRecord: + Type: ALIYUN::DNS::DomainRecord + Properties: + Type: CNAME + RR: + Fn::Select: + - 0 + - Fn::Split: + - . + - Ref: DomainName + Value: + Fn::GetAtt: + - Domain + - Cname + DomainName: + Fn::Join: + - . + - Fn::Select: + - '1:' + - Fn::Split: + - . + - Ref: DomainName + DependsOn: Domain + DomainConfig: + Type: ALIYUN::CDN::DomainConfig + Properties: + FunctionList: + - FunctionArgs: + - ArgName: file_type + ArgValue: jpg,png,jpeg + - ArgName: weight + ArgValue: '99' + - ArgName: ttl + ArgValue: '2592000' + FunctionName: filetype_based_ttl_set + - FunctionArgs: + - ArgName: private_oss_auth + ArgValue: 'on' + - ArgName: perm_private_oss_tbl + ArgValue: '' + FunctionName: l2_oss_key + - FunctionArgs: + - ArgName: filetype + ArgValue: jpeg + - ArgName: webp + ArgValue: 'off' + - ArgName: orient + ArgValue: 'off' + - ArgName: slim + ArgValue: 90 + - ArgName: enable + ArgValue: 'on' + FunctionName: image_transform + DomainNames: + Ref: Domain + DependsOn: DomainRecord +Outputs: + Cname: + Description: CNAME + Value: + Fn::GetAtt: + - Domain + - Cname + DomainName: + Description: DomainName + Value: + Ref: Domain +Metadata: + ALIYUN::ROS::Interface: + ParameterGroups: + - Parameters: + - Scope + - DomainName + - BucketName + TemplateTags: + - acs:technical-solution:cdn-and-video-cloud:网站静态资源跨地域访问加速-tech_solu_108 diff --git a/documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml b/documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml index 8df528bc..b96e25cc 100644 --- a/documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml +++ b/documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml @@ -98,7 +98,33 @@ Resources: DomainConfig: Type: ALIYUN::CDN::DomainConfig Properties: - Functions: '[{"functionArgs":[{"argName":"file_type","argValue":"jpg,png,jpeg"},{"argName":"weight","argValue":"99"},{"argName":"ttl","argValue":"7776000"}],"functionName":"filetype_based_ttl_set"},{"functionArgs":[{"argName":"private_oss_auth","argValue":"on"},{"argName":"perm_private_oss_tbl","argValue":""}],"functionName":"l2_oss_key"},{"functionArgs":[{"argName":"filetype","argValue":"jpeg"},{"argName":"webp","argValue":"off"},{"argName":"orient","argValue":"off"},{"argName":"slim","argValue":90},{"argName":"enable","argValue":"on"}],"functionName":"image_transform"}]' + FunctionList: + - functionArgs: + - argName: file_type + argValue: jpg,png,jpeg + - argName: weight + argValue: '99' + - argName: ttl + argValue: '7776000' + functionName: filetype_based_ttl_set + - functionArgs: + - argName: private_oss_auth + argValue: 'on' + - argName: perm_private_oss_tbl + argValue: '' + functionName: l2_oss_key + - functionArgs: + - argName: filetype + argValue: jpeg + - argName: webp + argValue: 'off' + - argName: orient + argValue: 'off' + - argName: slim + argValue: 90 + - argName: enable + argValue: 'on' + functionName: image_transform DomainNames: Ref: Domain DependsOn: DomainRecord diff --git a/resources/cdn/domain.yml b/resources/cdn/domain.yml index cfbbdfcf..17a03b6e 100644 --- a/resources/cdn/domain.yml +++ b/resources/cdn/domain.yml @@ -22,9 +22,13 @@ Parameters: Description: The list of origin URLs. Default: '[{"content":"1.1.1.1","type":"ipaddr","priority":"20","port":80,"weight":"15"}]' Functions: - Type: String + Type: Json Description: function list - Default: '[{"functionArgs":[{"argName":"domain_name","argValue":"example.com"}],"functionName":"set_req_host_header"}]' + Default: + - functionArgs: + - argName: domain_name + argValue: example.com + functionName: set_req_host_header Resources: Domain: Type: ALIYUN::CDN::Domain @@ -38,7 +42,7 @@ Resources: DomainConfig: Type: ALIYUN::CDN::DomainConfig Properties: - Functions: + FunctionList: Ref: Functions DomainNames: Ref: Domain diff --git a/solutions/enterprise-on-cloud/games-or-retail-single-db-single-service.yml b/solutions/enterprise-on-cloud/games-or-retail-single-db-single-service.yml index a4268213..ba6feede 100644 --- a/solutions/enterprise-on-cloud/games-or-retail-single-db-single-service.yml +++ b/solutions/enterprise-on-cloud/games-or-retail-single-db-single-service.yml @@ -559,23 +559,23 @@ Resources: - . - - Ref: CdnDomainNamePrefix - Ref: DnsDomainName - Functions: - Fn::Join: - - '' - - - '[{"functionArgs": [{' - - '"argName": "oss_bucket_id",' - - '"argValue": "' - - Fn::GetAtt: - - OssBucket - - DomainName - - '"}],' - - '"functionName": "oss_auth"},' - - '{"functionArgs": [{' - - '"argName": "private_oss_auth",' - - '"argValue": "on"}],' - - '"functionName": "l2_oss_key"},' - - '{"functionArgs": [{"argName": "auth_type", "argValue": "no_auth"}], "functionName": - "aliauth"}]' + FunctionList: + - functionArgs: + - argName: oss_bucket_id + argValue: + Fn::GetAtt: + - OssBucket + - DomainName + functionName: oss_auth + - functionArgs: + - argName: private_oss_auth + argValue: 'on' + functionName: l2_oss_key + - functionArgs: + - argName: auth_type + argValue: no_auth + functionName: aliauth + DependsOn: - DnsDomainCnameRecord Metadata: