aliyun · xiao201208 · Mar 27, 2024 · Mar 27, 2024
diff --git a/README-CN.md b/README-CN.md
@@ -514,6 +514,7 @@ ROS 模板的示例和最佳实践。模板分类如下：
 | [cdn-speeds-up-distribution-of-file-on-oss.yml](documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml) | 使用CDN加速OSS上存储的文件资源分发。  ｜ [解决方案](https://www.aliyun.com/solution/tech-solution/fdaaco) |
 | [dcdn-acceleration.yml](documents/solution/cdn-and-video-cloud/dcdn-acceleration.yml)                                                 | 加速资源请求场景实践。            |
 | [dcdn-speeds-up-data-storage-on-oss.yml](documents/solution/cdn-and-video-cloud/dcdn-speeds-up-data-storage-on-oss.yml)                                                 | 多媒体数据存储与分发。  ｜ [解决方案](https://www.aliyun.com/solution/tech-solution/mdsad)          |
+| [accelerate-static-website.yml](documents/solution/cdn-and-video-cloud/accelerate-static-website.yml)         | 网站静态资源跨地域访问加速。    |
 
 
 - cloud-migration
@@ -566,6 +567,7 @@ ROS 模板的示例和最佳实践。模板分类如下：
 | [cloud-firewall-in-multiple-accounts.yml](documents/solution/security-and-compliance/cloud-firewall-in-multiple-accounts.yml) | 创建VPC类型ECS，并绑定EIP。 ｜ [解决方案](https://www.aliyun.com/solution/tech-solution/umomaicf) |
 | [enterprise-multi-account-identity-permissions.yml](documents/solution/security-and-compliance/enterprise-multi-account-identity-permissions.yml) | 企业多账号身份权限集中管理。 ｜ [解决方案](https://www.aliyun.com/solution/tech-solution/cmomaip)      |
 | [only-approved-cloud-services.yml](documents/solution/security-and-compliance/only-approved-cloud-services.yml) | 限制企业仅使用已批准的云服务。                                                                     |
+| [protect-web-applications-with-WAF.yml](documents/solution/security-and-compliance/protect-web-applications-with-WAF.yml) | 通过 WAF 防护 Web 应用。                                                                   |
 
 
   </details>

diff --git a/README.md b/README.md
@@ -513,11 +513,12 @@ Examples and best practices of ROS templates. The templates are categorized as f
 
 - cdn-and-video-cloud
 
-| Template                                                                                                                                | Description                                                             |
-|-----------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------|
-| [cdn-speeds-up-distribution-of-file-on-oss.yml](documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml)   | Use a CDN to speed up the distribution of file resources stored on OSS. |
-| [dcdn-acceleration.yml](documents/solution/cdn-and-video-cloud/dcdn-acceleration.yml)                                                   | Accelerate resource request scenario practices.                         |
-| [dcdn-speeds-up-data-storage-on-oss.yml](documents/solution/cdn-and-video-cloud/dcdn-speeds-up-data-storage-on-oss.yml)         | Use a CDN to speed up the  Multimedia data storage and distribution on  OSS.    |
+| Template                                                                                                                              | Description                                                             |
+|---------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------|
+| [cdn-speeds-up-distribution-of-file-on-oss.yml](documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml) | Use a CDN to speed up the distribution of file resources stored on OSS. |
+| [dcdn-acceleration.yml](documents/solution/cdn-and-video-cloud/dcdn-acceleration.yml)                                                 | Accelerate resource request scenario practices.                         |
+| [dcdn-speeds-up-data-storage-on-oss.yml](documents/solution/cdn-and-video-cloud/dcdn-speeds-up-data-storage-on-oss.yml)       | Use a CDN to speed up the  Multimedia data storage and distribution on  OSS.    |
+| [accelerate-static-website.yml](documents/solution/cdn-and-video-cloud/accelerate-static-website.yml)         | Accelerate cross-regional access to website static resources.    |
 
 
 - cloud-migration
@@ -565,13 +566,14 @@ Examples and best practices of ROS templates. The templates are categorized as f
 
 - security-and-compliance
 
-| Template                                                                                                                                                          | Description                                                  |
-|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
+| Template                                                                                                                                                         | Description                                                  |
+|------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|
 | [efficiently-build-a-new-account-with-security-and-compliance.yml](documents/solution/security-and-compliance/efficiently-build-a-new-account-with-security-and-compliance.yml) | Efficiently build a new account with security and compliance. |
 | [multiple-accounts-support-configuration-auditing.yml](documents/solution/security-and-compliance/multiple-accounts-support-configuration-auditing.yml) | Configure unified compliance audit for multiple accounts. |
 | [cloud-firewall-in-multiple-accounts.yml](documents/solution/security-and-compliance/cloud-firewall-in-multiple-accounts.yml) | Create a VPC type ECS and bind EIP. |
 | [enterprise-multi-account-identity-permissions.yml](documents/solution/security-and-compliance/enterprise-multi-account-identity-permissions.yml) | Centralized management of enterprise multi-account identity permissions. |
 | [only-approved-cloud-services.yml](documents/solution/security-and-compliance/only-approved-cloud-services.yml) | Restrict enterprises to only approved cloud services. |
+| [protect-web-applications-with-WAF.yml](documents/solution/security-and-compliance/protect-web-applications-with-WAF.yml) | Protect web applications with WAF. |
 
   </details>
 

diff --git a/documents/solution/cdn-and-video-cloud/accelerate-static-website.yml b/documents/solution/cdn-and-video-cloud/accelerate-static-website.yml
@@ -0,0 +1,151 @@
+ROSTemplateFormatVersion: '2015-09-01'
+Description:
+  zh-cn: 网站静态资源跨地域访问加速。
+  en: Accelerate cross-regional access to website static resources.
+Parameters:
+  Scope:
+    Type: String
+    Label:
+      zh-cn: 加速区域
+      en: Acceleration area
+    Description:
+      zh-cn: 选择加速区域。加速区域为仅中国内地和全球时，服务域名必须备案。
+      en: Select the acceleration area. When the acceleration region is only in mainland China and the world, the service domain name must be filed.
+    Default: domestic
+    AllowedValues:
+      - domestic
+      - overseas
+      - global
+  DomainName:
+    Type: String
+    Label:
+      zh-cn: 加速域名
+      en: Accelerated domain name
+    Description:
+      zh-cn: 加速域名是指接入CDN，用于加速源站的域名。请填写您账号下的域名。
+      en: Accelerated domain name refers to the domain name of the access CDN used to accelerate the source site. Please fill in the domain name under your account.
+  BucketName:
+    Type: String
+    Label:
+      en: Bucket Name
+      zh-cn: 存储空间名称
+    Description:
+      en: The name must be 3 to 63 bytes in length, The name must start and end with a lowercase letter or digit.The name can contain only lowercase letters, digits, and hyphens (-).;<br><b>note：<font color='blue'>A bucket name must be globally unique within OSS. Bucket names cannot be changed after the bucket is created.</b></font>
+      zh-cn: 长度为3~63个字符，必须以小写字母或数字开头和结尾，可以包含小写字母、数字和连字符(-);<br><b>注：<font color='blue'>需要全网唯一性，已经存在的不能在创建。</b></font>
+    AssociationProperty: AutoCompleteInput
+    AssociationPropertyMetadata:
+      Length: 6
+      Prefix: image-example-
+      CharacterClasses:
+        - Class: lowercase
+          min: 1
+Resources:
+  OssBucket:
+    Type: ALIYUN::OSS::Bucket
+    DependsOn: AutoEnableOSS
+    Properties:
+      BucketName:
+        Ref: BucketName
+      DeletionForce: true
+  AutoEnableCDN:
+    Type: ALIYUN::ROS::AutoEnableService
+    Properties:
+      ServiceName: CDN
+  AutoEnableOSS:
+    Type: ALIYUN::ROS::AutoEnableService
+    Properties:
+      ServiceName: OSS
+  Domain:
+    Type: ALIYUN::CDN::Domain
+    Properties:
+      Sources:
+        Fn::Sub:
+          - '[{"content":"${content}", "type":"oss", "priority":"20", "port":80, "weight":"10"}]'
+          - content:
+              Fn::GetAtt:
+                - OssBucket
+                - DomainName
+      CdnType: web
+      Scope:
+        Ref: Scope
+      DomainName:
+        Ref: DomainName
+    DependsOn:
+      - OssDomain
+      - AutoEnableCDN
+  DomainRecord:
+    Type: ALIYUN::DNS::DomainRecord
+    Properties:
+      Type: CNAME
+      RR:
+        Fn::Select:
+          - 0
+          - Fn::Split:
+              - .
+              - Ref: DomainName
+      Value:
+        Fn::GetAtt:
+          - Domain
+          - Cname
+      DomainName:
+        Fn::Join:
+          - .
+          - Fn::Select:
+              - '1:'
+              - Fn::Split:
+                  - .
+                  - Ref: DomainName
+    DependsOn: Domain
+  DomainConfig:
+    Type: ALIYUN::CDN::DomainConfig
+    Properties:
+      FunctionList:
+        - FunctionArgs:
+            - ArgName: file_type
+              ArgValue: jpg,png,jpeg
+            - ArgName: weight
+              ArgValue: '99'
+            - ArgName: ttl
+              ArgValue: '2592000'
+          FunctionName: filetype_based_ttl_set
+        - FunctionArgs:
+            - ArgName: private_oss_auth
+              ArgValue: 'on'
+            - ArgName: perm_private_oss_tbl
+              ArgValue: ''
+          FunctionName: l2_oss_key
+        - FunctionArgs:
+            - ArgName: filetype
+              ArgValue: jpeg
+            - ArgName: webp
+              ArgValue: 'off'
+            - ArgName: orient
+              ArgValue: 'off'
+            - ArgName: slim
+              ArgValue: 90
+            - ArgName: enable
+              ArgValue: 'on'
+          FunctionName: image_transform
+      DomainNames:
+        Ref: Domain
+    DependsOn: DomainRecord
+Outputs:
+  Cname:
+    Description: CNAME
+    Value:
+      Fn::GetAtt:
+        - Domain
+        - Cname
+  DomainName:
+    Description: DomainName
+    Value:
+      Ref: Domain
+Metadata:
+  ALIYUN::ROS::Interface:
+    ParameterGroups:
+      - Parameters:
+          - Scope
+          - DomainName
+          - BucketName
+    TemplateTags:
+      - acs:technical-solution:cdn-and-video-cloud:网站静态资源跨地域访问加速-tech_solu_108
diff --git a/documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml b/documents/solution/cdn-and-video-cloud/cdn-speeds-up-distribution-of-file-on-oss.yml
@@ -98,7 +98,33 @@ Resources:
   DomainConfig:
     Type: ALIYUN::CDN::DomainConfig
     Properties:
-      Functions: '[{"functionArgs":[{"argName":"file_type","argValue":"jpg,png,jpeg"},{"argName":"weight","argValue":"99"},{"argName":"ttl","argValue":"7776000"}],"functionName":"filetype_based_ttl_set"},{"functionArgs":[{"argName":"private_oss_auth","argValue":"on"},{"argName":"perm_private_oss_tbl","argValue":""}],"functionName":"l2_oss_key"},{"functionArgs":[{"argName":"filetype","argValue":"jpeg"},{"argName":"webp","argValue":"off"},{"argName":"orient","argValue":"off"},{"argName":"slim","argValue":90},{"argName":"enable","argValue":"on"}],"functionName":"image_transform"}]'
+      FunctionList:
+        - functionArgs:
+            - argName: file_type
+              argValue: jpg,png,jpeg
+            - argName: weight
+              argValue: '99'
+            - argName: ttl
+              argValue: '7776000'
+          functionName: filetype_based_ttl_set
+        - functionArgs:
+            - argName: private_oss_auth
+              argValue: 'on'
+            - argName: perm_private_oss_tbl
+              argValue: ''
+          functionName: l2_oss_key
+        - functionArgs:
+            - argName: filetype
+              argValue: jpeg
+            - argName: webp
+              argValue: 'off'
+            - argName: orient
+              argValue: 'off'
+            - argName: slim
+              argValue: 90
+            - argName: enable
+              argValue: 'on'
+          functionName: image_transform
       DomainNames:
         Ref: Domain
     DependsOn: DomainRecord

diff --git a/resources/cdn/domain.yml b/resources/cdn/domain.yml
@@ -22,9 +22,13 @@ Parameters:
     Description: The list of origin URLs.
     Default: '[{"content":"1.1.1.1","type":"ipaddr","priority":"20","port":80,"weight":"15"}]'
   Functions:
-    Type: String
+    Type: Json
     Description: function list
-    Default: '[{"functionArgs":[{"argName":"domain_name","argValue":"example.com"}],"functionName":"set_req_host_header"}]'
+    Default:
+      - functionArgs:
+          - argName: domain_name
+            argValue: example.com
+        functionName: set_req_host_header
 Resources:
   Domain:
     Type: ALIYUN::CDN::Domain
@@ -38,7 +42,7 @@ Resources:
   DomainConfig:
     Type: ALIYUN::CDN::DomainConfig
     Properties:
-      Functions:
+      FunctionList:
         Ref: Functions
       DomainNames:
         Ref: Domain

diff --git a/solutions/enterprise-on-cloud/games-or-retail-single-db-single-service.yml b/solutions/enterprise-on-cloud/games-or-retail-single-db-single-service.yml
@@ -559,23 +559,23 @@ Resources:
         - .
         - - Ref: CdnDomainNamePrefix
           - Ref: DnsDomainName
-      Functions:
-        Fn::Join:
-        - ''
-        - - '[{"functionArgs": [{'
-          - '"argName": "oss_bucket_id",'
-          - '"argValue": "'
-          - Fn::GetAtt:
-            - OssBucket
-            - DomainName
-          - '"}],'
-          - '"functionName": "oss_auth"},'
-          - '{"functionArgs": [{'
-          - '"argName": "private_oss_auth",'
-          - '"argValue": "on"}],'
-          - '"functionName": "l2_oss_key"},'
-          - '{"functionArgs": [{"argName": "auth_type", "argValue": "no_auth"}], "functionName":
-            "aliauth"}]'
+      FunctionList:
+        - functionArgs:
+            - argName: oss_bucket_id
+              argValue:
+                Fn::GetAtt:
+                  - OssBucket
+                  - DomainName
+          functionName: oss_auth
+        - functionArgs:
+            - argName: private_oss_auth
+              argValue: 'on'
+          functionName: l2_oss_key
+        - functionArgs:
+            - argName: auth_type
+              argValue: no_auth
+          functionName: aliauth
+
     DependsOn:
     - DnsDomainCnameRecord
     Metadata: