Yandex Cloud
  • Services
  • Solutions
  • Why Yandex Cloud
  • Blog
  • Pricing
  • Documentation
  • Contact us
Get started
Language / Region
Yandex project
© 2023 Intertech Services AG
Yandex Virtual Private Cloud
  • Getting started
  • Step-by-step guides
    • All guides
    • Cloud network
    • Subnet
    • IP address
    • Static routing
    • Security groups
    • Enable a software-accelerated network
    • DDoS protection
      • Enable protection from DDoS attacks
    • Chart of network connections
  • Tutorials
  • Concepts
  • DDoS Protection
  • Recommendations
  • Access management
  • Pricing policy
  • API reference
  • Questions and answers
  1. Step-by-step guides
  2. DDoS protection
  3. Enable protection from DDoS attacks

Enable protection from DDoS attacks

Written by
Yandex Cloud
  • Enabling DDoS protection when creating a virtual machine
  • Enabling DDoS protection when reserving IP addresses

DDoS protection activates when a virtual machine is created and public IPs are reserved.

Protected addresses are allocated from a separate pool; therefore, you cannot enable and disable protection for a previously reserved address.

Enabling DDoS protection when creating a virtual machine

Management console

When configuring the network on a new virtual machine, select the automatically assigned public IP address or select an address from the list of reserved addresses.

Once you select an address, select the DDoS protection option.

Enabling DDoS protection when reserving IP addresses

Management console
Terraform

To reserve a protected static IP address:

  1. In the management console, change to the folder where you need to reserve an address.
  2. In the list of services, select Virtual Private Cloud.
  3. On the left-hand panel, select IP addresses.
  4. Click Reserve address.
  5. Select the availability zone where you want to reserve the address.
  6. Enable the DDoS protection option.
  7. Click Reserve address.

For more information about the Terraform, see the documentation.

With Terraform, you can quickly create a cloud infrastructure in Yandex Cloud and manage it by configuration files. They store the infrastructure description in HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Mozilla Public License.

For more information about the provider resources, see the documentation on the Terraform site or mirror site.

If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.

  1. Open the Terraform configuration file and edit the fragment with the static public IP description by adding the ddos_protection_provider field:

    resource "yandex_vpc_address" "addr" {
      name = "exampleAddress"
      external_ipv4_address {
        zone_id                  = "ru-central1-a"
        ddos_protection_provider = "qrator"
      }
    }
    

    Where ddos_protection_provider is a parameter that enables DDoS protection. Available values: qrator.

    For more information about the yandex_vpc_address resource parameters in Terraform, see the provider documentation.

  2. Check the configuration using the command:

    terraform validate
    

    If the configuration is correct, the following message is returned:

    Success! The configuration is valid.
    
  3. Run the command:

    terraform plan
    

    The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.

  4. Apply the configuration changes:

    terraform apply
    
  5. Confirm the changes: type yes into the terminal and press Enter.

    You can check if DDoS protection is active in the management console or with the following CLI command:

    yc vpc address list
    

Was the article helpful?

Language / Region
Yandex project
© 2023 Intertech Services AG
In this article:
  • Enabling DDoS protection when creating a virtual machine
  • Enabling DDoS protection when reserving IP addresses