Updated on 2023-08-11 GMT+08:00

policies

The policies section is optional. It defines security and monitoring policies. Currently, the following policy elements are supported:

  • HuaweiCloud.AntiDDos.Service: defines anti-attack policies for Elastic Cloud Server (ECS) VMs and elastic IP addresses (EIPs).
  • HuaweiCloud.APM.PinPoint: defines tracing policies for Java applications.

Format of the policies section:

<Policy element name>:
  type: <Policy element type>
  properties: <Policy properties>
  targets: <Policy validation object>
Table 1 Parameter property description

Property

Mandatory or Not

Type

Value Constraint

Description

Policy element name

Yes

String

The value must be 1 to 48 characters long. Only lowercase letters, digits, and hyphens (-) are allowed.

Name of a new policy, which must be unique.

Policy element type

Yes

-

Currently, only HuaweiCloud.AntiDDos.Service and HuaweiCloud.APM.PinPoint are supported.

Used to specify the type of an orchestration object. The type must be included in the element type list.

Policy properties

No

-

Property information is expanded based on element types. Each element type has its properties. For more information, see the Resource Indexes.

The variable of a property can be obtained from the inputs section or by using the get_attribute function.

If an element does not require a special property, you do not need to define properties.

Policy validation object

Yes

String

The value must be 1 to 64 characters long. Only letters, digits, and hyphens (-) are allowed.

A policy is effective only when it is applied to a certain resource or application.

Sample policies:
node_templates:
  myecs-vm:
    type: HuaweiCloud.ECS.CloudServer
    properties:
      vpcId: vpc-id-123
      name: myvm
      nics:
        - subnetId: subnet-id-123
      imageId: image-id-123
      instances: 1
      availabilityZone: az-1
      rootVolume:
        volumeType: SATA
        size: 40
      flavor: flavor-1
policies:
  myadtiddos:
    type: HuaweiCloud.AntiDDos.Service
    properties:
      floatingIpId: {get_attribute: [myecs-vm, floatingIpId]}  # Obtains the EIP from the object runtime information. 
      trafficPos: 9
      appType: 1
      httpRequestPos: 1
      cleaningAccessPos: 8
      enableL7: false
    targets:
      - myecs-vm    # Applies to the myecs-vm VM.