Editing the basic settings of a resource
To edit the basic settings of a resource:
-
In the management console
, select the folder where your resource is located. -
Select Cloud CDN.
-
Click the resource name.
-
In the top-right corner, click
-
Edit the resource settings.
Warning
You cannot change the primary domain name used for content distribution.
-
Click Save.
If you do not have the Yandex Cloud command line interface yet, install and initialize it.
The folder specified in the CLI profile is used by default. You can specify a different folder using the --folder-name
or --folder-id
parameter.
-
View a description of the CLI update resource command:
yc cdn resource update --help
-
Get a list of all resources in the default folder:
yc cdn resource list --format yaml
Result:
id: s0me1dkfjq******** folder_id: s0mef01der7p******** cname: testexample.com created_at: "2022-01-19T09:23:57.921365Z" updated_at: "2022-01-19T10:55:30.305141Z" active: true options: edge_cache_settings: enabled: true default value: "345600" cache_http_headers: enabled: true value: - content-type - content-length - connection - server - date - test stale: enabled: true value: - error - updating allowed_http_methods: value: - GET - POST - HEAD - OPTIONS origin_group_id: "89783" origin_group_name: My origins group origin_protocol: HTTP ssl_certificate: type: DONT_USE status: READY
-
Edit the resource settings:
yc cdn resource update <resource_ID> \ <flag> <new_value>
If you want to restrict access to resource content with secure tokens, use the following parameters:
--secure-key
: Secret key that is a string of 6 to 32 characters.--enable-ip-url-signing
: Optional parameter that restricts access to a CDN resource based on IP. A trusted IP address is specified as a parameter outside a CDN resource when generating an MD5 hash for a signed link. If the parameter is not set, file access will be allowed from any IP.
See also Setting up access via a secure token.
If you want to restrict access to resource content using an IP address access policy, use the following parameters:
-
--acl-excepted-values
: IP address for which access to the content will be allowed or denied. For an address, specify the subnet prefix in CIDR notation , e.g.,192.168.3.2/32
or2a03:d000:2980:7::8/128
.You can only provide one IP address in the
--acl-excepted-values
parameter. To provide more addresses, set the--acl-excepted-values
parameter multiple times. -
--policy-type
: Policy type. The possible values include:allow
: Allowing policy. Access to the resource content will be allowed for any IP addresses other than those specified in the--acl-excepted-values
parameter.deny
: Blocking policy. Access to the resource content will be denied for any IP addresses other than those specified in the--acl-excepted-values
parameter.
To disable the IP-based access policy, use the
--clear-ip-address-acl
parameter.For more information about the
yc cdn resource update
command, see the CLI reference.
If you don't have Terraform, install it and configure the Yandex Cloud provider.
To update the parameters of a CDN resource created using Terraform:
-
Open the Terraform configuration file and edit the fragment with the resource description:
resource "yandex_cdn_resource" "my_resource" { cname = "<domain_name>" active = true origin_protocol = "https" origin_group_id = <origin_group_ID> secondary_hostnames = ["<additional_domain_name_1>", "additional_domain_name_2"] ssl_certificate { type = "certificate_manager" certificate_manager_id = "<certificate_ID>" } options { redirect_http_to_https = true secure_key = "<secret_key>" enable_ip_url_signing = true ip_address_acl { excepted_values = ["<IP_address_1>", "<IP_address_2>", ..., "<IP_address_n>"] policy_type = "<policy_type>" } } }
Where:
-
cname
: Primary domain name used for content distribution. This is a required parameter. -
active
: (Optional) Flag for content availability to end users (true
: CDN content is available to clients;false
: content not available). The default value istrue
. -
origin_protocol
: (Optional) Origin protocol. The default value isHTTP
. -
origin_group_id
: ID of the origin group. This is a required parameter. Use the ID from the description of the origin group in theyandex_cdn_origin_group
resource. -
secondary_hostnames
: (Optional) Additional domain names. -
ssl_certificate
: (Optional) SSL certificate parameters:-
type
: Certificate type. The possible values are:not_used
: No certificate is used. Default value.certificate_manager
: Custom Yandex Certificate Manager certificate. Specify the certificate ID in thecertificate_manager_id
parameter.
-
certificate_manager_id
: User certificate ID in Certificate Manager.
-
-
options
: (Optional) Additional parameters of the CDN resource:-
redirect_http_to_https
: Parameter to redirect clients from HTTP to HTTPS,true
orfalse
. Available if an SSL certificate is used. -
secure_key
: Secret key that is a string of 6 to 32 characters. It is required to restrict access to a resource using secure tokens. -
enable_ip_url_signing
: Optional parameter that enables restricting access to a CDN resource by IP address using secure tokens. A trusted IP address is specified as a parameter outside a CDN resource when generating an MD5 hash for a signed link. If the parameter is not set, file access will be allowed from any IP. -
ip_address_acl
: Access policy parameters by IP addresses:-
excepted_values
: List of IP addresses for which access to the resource content will be allowed or denied. Separate IP addresses by commas. For each address, specify the subnet prefix in CIDR notation , e.g.,192.168.3.2/32
or2a03:d000:2980:7::8/128
. -
policy_type
: Policy type. The possible values include:allow
: Allowing policy. Access to the resource content will be allowed for any IP addresses other than those specified in theip_address_acl.excepted_values
parameter.deny
: Blocking policy. Access to the resource content will be denied for any IP addresses other than those specified in theip_address_acl.excepted_values
parameter.
-
-
For more information about
yandex_cdn_resource
parameters in Terraform, see the provider documentation . -
-
In the command line, go to the directory with the Terraform configuration file.
-
Check the configuration using this command:
terraform validate
If the configuration is correct, you will get this message:
Success! The configuration is valid.
-
Run this command:
terraform plan
The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
into the terminal and press Enter.You can check the changes to the CDN resource in the management console
or using this CLI command:yc cdn resource list
Use the update REST API method for the Resource resource or the ResourceService/Update gRPC API call.
You can restrict access to the resource with secure tokens and an IP-based access policy.
It may take up to 15 minutes for the new settings of the existing resource to apply to CDN servers. After that, we recommend purging the resource cache.
Examples
Change the protocol for origins from HTTP to HTTPS and select a Let's Encrypt® certificate added to Certificate Manager or an uploaded certificate of your own:
yc cdn resource update s0me1dkfjq******** \
--origin-protocol HTTPS \
--cert-manager-ssl-cert-id <certificate_ID>
Result:
id: s0me1dkfjq********
...
cname: testexample.com
active: true
...
origin_group_id: "89783"
origin_group_name: My origins group
origin_protocol: HTTPS
ssl_certificate:
type: CM
status: CREATING