Policies

Cloudlet policies contain the match rules that determine how an application manages your traffic.

Some cloudlet application types allow you to share policies across multiple properties, others don't, and some types work both ways.

Cloudlet	Non-Shared	Shared
API Prioritization	✔	✔
Application Load Balancer¹	✔
Audience Segmentation²	✔	✔
Edge Redirector	✔	✔
Forward Rewrite²	✔	✔
Phased Release²	✔	✔
Request Control	✔	✔
Visitor Prioritization	✔

¹Cloudlet forwards incoming requests and requires load balancer configuration and origin.

²Cloudlet forwards incoming requests and requires an origin server.

Create a policy

A policy is basically a container in which you place a set of versioned rules for your cloudlet application.

To create a non-shared policy for a load balancer or visitor prioritization cloudlet, use the -Legacy switch as the policy cmdlets default to shared policies.
To upgrade a non-shared policy to shared, create a new policy of the same type and then get your existing policy's rule set.

Provide your group ID, a name for the policy, and designate a cloudlet type.

API Prioritization
Application Load Balancer
Audience Segmentation
Redirector

Forward Rewrite
Phased Release
Request Control
Visitor Prioritization

New-CloudletPolicy -GroupID 12345 -Name my_er_policy -CloudletType "Edge Redirector"

id                 : 12345
name               : my_er_policy
description        : 
policyType         : SHARED
cloudletType       : ER
groupId            : 12345
createdBy          : jsmith
createdDate        : 4/17/2024 2:45:34 PM
modifiedBy         : jsmith
modifiedDate       : 4/17/2024 2:45:34 PM
currentActivations : @{staging=; production=}
links              : {@{rel=self; href=http://origin.pulsar.akamai.com/
                     cloudlets/v3/policies/54321}}

Use the returned policy id to add a set of match rules.

Get policies and rules

Get a list of your cloudlet policies, policy versions, and policy version rules.

Note: When converting to and outputting as JSON, the default depth is two. To make sure you get complete data, set the depth between seven and 99.

List your cloudlet policies to get a policy.

Get-CloudletPolicy

location         : /cloudlets/api/v3/policies/12345
serviceVersion   : 
policyId         : 12345
groupId          : 654321
name             : My_Edge_Redirector_Cloudlet
description      : Cloudlet for marketing department
propertyName     : 
createdBy        : jsmith
createDate       : 1533884670660
lastModifiedBy   : jsmith
lastModifiedDate : 1711660359367
activations      : {@{serviceVersion=;  network=staging; 
                  policyInfo=@{policyId=12345; name=my_er_policy; version=2; 
                  status=active; activatedBy=jsmith; activationDate=1711660359367}; 
                  propertyInfo=@{name=myproperty; version=13; groupId=654321; status=activated; 
                  activatedBy=jsmith; activationDate=1687966909000; id=98765}; apiVersion=3.0}}
cloudletCode     : ER
cloudletId       : 9
apiVersion       : 3.0
deleted          : False

location         : /cloudlets/api/v2/policies/98765
serviceVersion   : 
policyId         : 98765
groupId          : 654321
name             : My_ALB_Cloudlet
description      : 
propertyName     : 
createdBy        : jsmith
createDate       : 1664283009238
lastModifiedBy   : jsmith
lastModifiedDate : 1711660550615
activations      : {@{serviceVersion=; network=staging; policyInfo=@{policyId=98765; 
                  name=my_alb_policy; version=2; status=active; activatedBy=jsmith; 
                  activationDate=1711660550615}; propertyInfo=@{name=myotherproperty; 
                  version=4; groupId=654321; status=activated; activatedBy=jsmith; 
                  activationDate=1687966909000; id=78901}; apiVersion=2.0}}
cloudletCode     : ALB
cloudletId       : 0
apiVersion       : 2.0
deleted          : False

Get a policy's version to get its rules.

Get-CloudletPolicyVersion -PolicyID 12345 -Version latest

location         : /cloudlets/api/v3/policies/12345/versions/2
revisionId       : 90123456
policyId         : 12345
version          : 2
description      : Cloudlet for marketing department (based on v1)
createdBy        : jsmith
createDate       : 1698076947387
lastModifiedBy   : jsmith
lastModifiedDate : 1698078021489
activations      : {@{serviceVersion = 1; network = staging; 
                  policyInfo = @{policyId = 12345; name = my_er_policy; version = 2; 
                  status = active; activatedBy = jsmith; activationDate = 1711660359367};   
                  propertyInfo = @{name = myproperty; version = 13; groupId = 654321;             
                  status = activated; activatedBy = jsmith; activationDate = 1687966909000;            
                  id = 98765}; apiVersion = 3.0}}
matchRules       : {@{type = erMatchRule; id = 0; name = my_er_match_rule; start = 0; end = 0;   
                  matchURL = ; matches = {@{matchValue=/test1; matchOperator=equals; negate=False; 
                  caseSensitive=False; matchType=path}}; akaRuleId = 1a23b4c5d6ef78g9;           
                  location = /cloudlets/api/v3/policies/12345/versions/2/rules/1a23b4c5d6ef78g9; 
                  statusCode = 301; redirectURL = /homepage; useIncomingQueryString = True; 
                  useIncomingSchemeAndHost = True; UseRelativeUrl = copy_scheme_hostname}}
matchRuleFormat  : 1.0
deleted          : False
rulesLocked      : True

Configure match rules

A cloudlet's policy contains a set of match rules that govern the actions taken on your site's inbound traffic.

Set up or edit an existing set of match rules based on the type of cloudlet you're using.

API Prioritization
Application Load Balancer
Audience Segmentation
Edge Redirector

Forward Rewrite
Phased Release
Request Control
Visitor Prioritization

Update policy

To update your policies, get your rules and make your changes directly in the shell or in a JSON file to import.

Note: The akaRuleId and rule type are immutable.

Make your changes.

// Make changes in the shell
$PolicyRules.matchRules.matches[0].matchesAlways = $true

// Make changes externally and import them
$PolicyRules = Get-Content ./policy-rules.json | ConvertFrom-Json

Update your policy.

Set-CloudletPolicyVersion -Body $Policy -PolicyID 54321 -Version latest

matchRulesWarnings : {}
modifiedBy         : jsmith
version            : 1
immutable          : False
description        : Update matches always to true
createdBy          : jsmith
policyId           : 56789
matchRules         : {@{type=igMatchRule; id=0; name=AllowSampleIP; 
                     start=0; end=0; matchURL=; 
                     matches=System.Object[]; 
                     akaRuleId=1a23b4c5d6ef78g9; allowDeny=allow}, 
                     @{type=igMatchRule; id=0; name=DefaultDeny; 
                     start=0; end=0; matchURL=; 
                     akaRuleId=98a765bc4d32e1fg; matchesAlways=True; 
                     allowDeny=deny}}
createdDate        : 4/17/2024 5:21:39 PM
modifiedDate       : 4/17/2024 5:21:39 PM

If you need to associate your cloudlet with additional or different properties once you've finished your updates, activate and connect your policy to them.

Otherwise, just activate your policy.

Your existing policy continues to serve traffic until you activate your update.
The new activation automatically deactivates the existing policy.

Activate and connect

Because cloudlets are add-on applications to properties, you need to connect the two together before the cloudlet can manage traffic. Activate your cloudlet policy on a network, add a cloudlet rule to each property you want to add the cloudlet to, and activate the properties.

Note: If you set up a new load balancer configuration, you need only activate your policy as the property steps were part of that process.

1. Activate policy

Pass your cloudlet's policy ID and version with a network choice to activate your policy.

New-CloudletPolicyActivation -Network STAGING -PolicyID  -Version 1

id                   : 98765
policyId             : 56789
status               : SUCCESS
createdBy            : jsmith
createdDate          : 4/17/2024 5:47:22 PM
finishDate           : 4/17/2024 5:47:22 PM
operation            : ACTIVATION
network              : STAGING
policyVersion        : 1
policyVersionDeleted : False
links                : {@{rel=self; href=http://origin.pulsar.akamai.com/cloudlets/v3/p
                       olicies/56789/activations/98765}}

2. Add a property rule

Add a rule to each of the properties you want associated with your cloudlet.

Get each property's rule tree. The output is a directory at your current location containing a property-snippets subdirectory with each of your rule's configurations.
```
Get-PropertyRules -PropertyName "My property" -PropertyVersion latest -OutputToFile
```
Create a new rule snippet file and configure a new rule, behavior, and criteria for your cloudlet type.

Add a reference to your new rule in your rule tree's main.json.

...

"children": [
  "#include:<your-cloudlet-rule>.json"
]
...

Update your property's rules, pointing to the property snippet directory.

Send your entire rule tree back. Rules not returned are removed from your property.
```
Set-PropertyRules -PropertyName "my-property" -PropertyVersion latest -InputDirectory "./property-rules/property-snippets" -VersionNotes "Adding a cloudlet rule"
```
The output returns your rule tree along with any errors or warnings on upload.

3. Activate your property

Provide a value for the network, staging or production, and activate your property.

New-PropertyActivation -PropertyName "my-property" -PropertyVersion latest -Network staging

activationLink: /papi/v0/properties/prp_98765/activations/atv_76543?contractId=ctr_C-0N7RAC7&groupId=grp_12345

Updated 2 months ago