Get started
Yandex Virtual Private Cloud

Enable protection from DDoS attacks

Written by

DDoS protection activates when a virtual machine is created and public IPs are reserved.

Protected addresses are allocated from a separate pool; therefore, you cannot enable and disable protection for a previously reserved address.

Enabling DDoS protection when creating a virtual machine

When configuring the network on a new virtual machine, select the automatically assigned public IP address or select an address from the list of reserved addresses.

Once you select an address, select the DDoS protection option.

Enabling DDoS protection when reserving IP addresses

To reserve a protected static IP address:

  1. In the management console, change to the folder where you need to reserve an address.
  2. In the list of services, select Virtual Private Cloud.
  3. On the left-hand panel, select IP addresses.
  4. Click Reserve address.
  5. Select the availability zone where you want to reserve the address.
  6. Enable the DDoS protection option.
  7. Click Reserve address.

For more information about the Terraform, see the documentation.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it by configuration files. They store the infrastructure description in HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Mozilla Public License.

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

  1. Open the Terraform configuration file and edit the fragment with the static public IP description by adding the ddos_protection_provider field:

    resource "yandex_vpc_address" "addr" {
  name = "exampleAddress"
  external_ipv4_address {
    zone_id                  = "ru-central1-a"
    ddos_protection_provider = "qrator"
  }
}

    Where ddos_protection_provider is a parameter that enables DDoS protection. Available values: qrator.

    For more information about the yandex_vpc_address resource parameters in Terraform, see the provider documentation.

  2. Check the configuration using the command:

    terraform validate

    If the configuration is correct, the following message is returned:

    Success! The configuration is valid.

  3. Run the command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

  4. Apply the configuration changes:

    terraform apply

  5. Confirm the changes: type yes into the terminal and press Enter.

    You can check if DDoS protection is active in the management console or with the following CLI command:

    yc vpc address list
In this article: