GuideReference
TrainingSupportCommunity
Guide

Set up Cloudlets policies

Create, configure, and activate Cloudlets

Solve specific traffic challenges and bring your site's business logic closer to your end user with self-service applications.

1. Prep

Cloudlets are connected to your properties through a rule and behaviors. Along with those, some cloudlets require a conditional origin.

To get started, import your properties and any existing cloudlet policies into your Terraform state.

Export properties

  1. Export the properties to which you want to add a Cloudlet.

    akamai terraform --edgerc {location-of-your-edgerc-file} --section {section-of-edgerc-to-use} export-property {"property-name"}
    
  2. Run the included import script to populate your Terraform state and prevent Terraform from attempting to recreate your assets.

Export existing cloudlet policies

To work with existing cloudlet policies, use your policy's name to export its configuration.

akamai terraform --edgerc {location-of-your-edgerc-file} --section {section-of-edgerc-to-use} export-cloudlets-policy {"property-name"}

Set up origin

Because these cloudlet types forward incoming requests, their use requires a separate origin server.

  • Application Load Balancer. Uses conditional origins to represent data centers that are part of the load balancing and failover scheme. You should have a separate conditional origin for each data center included in your load balancing configuration.
  • Audience Segmentation. Segments traffic and sets session stickiness.
  • Forward Rewrite. Rewrites the requested URL and returns a different asset based on location or device.
  • Phased Release. Forwards a defined percentage of your visitors to a particular location.

Important: Steps two and three are for the load balancer cloudlet only. All other cloudlets with an origin should continue on to the match rule set up.

The origin must be in an active property to create a load balancer configuration.
  1. In your properties' rule trees, add a conditional origin, its behavior, and the criteria that fit your business need. In order of appearance, use the references to help fill out the options for each.


    {
      "name": "Conditional Origin Group",
      "children": [
        {
          "name": "Conditional Origin Definition",
          "children": [],
          "behaviors": [
            {
              "name": "origin",
              "options": {
                "cacheKeyHostname": "ORIGIN_HOSTNAME",
                "compress": true,
                "enableTrueClientIp": false,
                "forwardHostHeader": "REQUEST_HOST_HEADER",
                "httpPort": 80,
                "originSni": false,
                "originType": "CUSTOMER",
                "useUniqueCacheKey": false
              }
            },
            {
              "name": "cpCode",
              "options": {}
            }
          ],
          "criteria": [
            {
              "name": "cloudletsOrigin",
              "options": {}
            }
          ],
          "criteriaMustSatisfy": "all"
        },
        {
          "name": "Conditional Origin Definition",
          "children": [],
          "behaviors": [
            {
              "name": "origin",
              "options": {
                "cacheKeyHostname": "ORIGIN_HOSTNAME",
                "compress": true,
                "enableTrueClientIp": false,
                "forwardHostHeader": "REQUEST_HOST_HEADER",
                "httpPort": 80,
                "originSni": false,
                "originType": "CUSTOMER",
                "useUniqueCacheKey": false
              }
            },
            {
              "name": "cpCode",
              "options": {}
            }
          ],
          "criteria": [
            {
              "name": "cloudletsOrigin",
              "options": {}
            }
          ],
          "criteriaMustSatisfy": "all"
        }
      ],
      "behaviors": [
        {
          "name": "allowCloudletsOrigins",
          "options": {
            "enabled": true,
            "honorBaseDirectory": true,
            "purgeOriginQueryParameter": "originId"
          }
        }
      ],
      "criteria": [],
      "criteriaMustSatisfy": "all"
    }
    
  2. Add your rules to your property, pointing to the JSON file you updated.

    resource "akamai_property" "my_property" {
        name    	= "MyProperty"
        product_id  = "prd_Object_Delivery"
        contract_id = "C-0N7RAC7"
        group_id    = "12345"
        rule_format = "v2023-05-30"
        rules       = file("${path.root}/property-snippets/main.json")
        depends_on  = akamai_property_include_activation.id
        hostnames {
          cname_from             = "my_property_example.com"
          cname_to 	        = "my_property_example.com.edgekey.net"
          cert_provisioning_type = "DEFAULT"
        }
      }
    
  3. Activate your property on a network.

    resource "akamai_property_activation" "my_property_activation" {
        property_id                    = "prp_12345"
        network                        = "staging"
        contact                        = ["jsmith@example.com"]
        note                           = "Origin for load balancer"
        version                        = "2"
        auto_acknowledge_rule_warnings = true
        timeouts {
          default = "1h"
        }
    }
    

Load balancer config

The Application Load Balancer cloudlet requires a load balancer configuration in addition to its match rules.

  1. Define the settings for your balance type, data centers, and liveliness. For information about argument values, see Arguments in the load balancer configuration resource.

    resource "akamai_cloudlets_application_load_balancer" "my_lb_config" {
      origin_id      = "my_lb"
      description    = "my application load balancer config"
      balancing_type = "WEIGHTED"
      data_centers {
        cloud_server_host_header_override = false
        cloud_service = true
        country  = "US"
        continent = "NA"
        latitude = 102.78108
        longitude = -116.07064
        percent = 100
        liveness_hosts = ["example"]
        hostname= "example-hostname"
        state_or_province = "MA"
        city = "Boston"
        origin_id = "my_lb"
      }
      liveness_settings {
        port = 1234
        protocol = "HTTP"
        path = "/status"
        host_header = "header"
        additional_headers = {
          additional_headers = "123"
        }
        interval = 10
        request_string = "test_request_string"
        response_string = "test_response_string"
        timeout = 60
      }
    }
    
  2. Activate your configuration.

    resource "akamai_cloudlets_application_load_balancer_activation" "my_lb_activation" {
      origin_id = "my_lb"
      network = "staging"
      version = 1
      timeouts {
        default = "1h"
      }
    }
    

Continue your load balancer set up by configuring its policy match rules.

2. Configure policy rules

A cloudlet policy's match rule settings govern the actions your cloudlet takes on your site's inbound traffic.

  • Use if statements to get more specific about the actions taken. Child rules and else statements are not allowed.
  • The match rules are evaluated top down. Place the most restrictive rules toward the top of your list.

Use your cloudlet type's data source to construct match rules. The output of each is a JSON snippet used in the policy resource.

3. Create or update policy

Create a new cloudlet policy or add your updated match rules to create a new policy version.

Determine application type

Some cloudlet types allow you to share policies across multiple properties, others don't allow sharing, and some types work both ways.

  • Existing cloudlet policies in your Terraform configurations are of the single property, or non-shared, type. You may have applied the policy to multiple properties, but the application was done one at a time.
  • Upgrading a non-shared policy to a shared policy requires creating a new policy.

Annotate which application method using the is_shared argument in the policy resource. The default is false, applying the policy to a single property.

Cloudlet Non-Shared Shared
API Prioritization*
Application Load Balancer
Audience Segmentation*
Edge Redirector
Forward Rewrite*
Phased Release
Request Control
Visitor Prioritization*

* Does not support the use of the match_always argument.

Create policy

To create or update a policy, add your match rules as a jsonencoded list or use a pointer to a JSON file that contains your match rules and set your cloudlet's type in cloudlet_code.

On update, you can also update your policy by leaving out the match_rules argument and using the match_rules_format to designate an existing set of rules to use.

Cloudlet typecloudlet_code value
API PrioritizationAP
Application Load BalancerALB
Audience SegmentationAS
Edge RedirectorER
Forward RewriteFR
Phased ReleaseCD
Request ControlIG
Visitor PrioritizationVP
resource "akamai_cloudlets_policy" "my-new-cloudlet-policy" {
  name          = "policy1"
  cloudlet_code = "ER"
  group_id      = "12345"
  is_shared     = false  // Optional. Default is false.
  match_rules   = file("${path.root}/cloudlet-policy.json")
}

Note: When you're only updating your policy's rules, just activate your policy to apply your changes on the network. There's no need to reactivate your property unless you need to make changes to those behaviors.

4. Set up behaviors

In your exported property's rule tree, add the behavior for your cloudlet in the behavior section of your property's default rule.

Cloudlet behaviors typically do not have criteria, but if you need to add criteria to a cloudlet behavior, create a new custom rule and add both the behavior and its criteria.

5. Configure your property

Add your updated rules to your property using a pointer to your JSON file.

resource "akamai_property" "my_property" {
    name    	= "MyProperty"
    product_id  = "prd_Object_Delivery"
    contract_id = "C-0N7RAC7"
    group_id    = "12345"
    rule_format = "v2023-05-30"
    rules       = "${path.root}/property-snippets/main.json")
    depends_on  = akamai_property_include_activation.id
    hostnames {
      cname_from             = "my_property_example.com"
      cname_to 	             = "my_property_example.com.edgekey.net"
      cert_provisioning_type = "DEFAULT"
    }
  }

5. Activate policy and property

Activate your policy and your property to apply your changes on a network.

  1. Associate your Cloudlet's policy version with one or more properties.

    resource "akamai_cloudlets_policy_activation" "example" {
      policy_id = 12345
      network = "staging"
      version = 1
      associated_properties = ["Property_1", "Property_2", "Property_3"] // Required for shared policies.
      timeouts {
        default = "1h"
      }
    }
    
  2. Run terraform apply to deploy your policy to activate your policy on a network.

  3. Once your policy is activated, activate your property.

    resource "akamai_property_activation" "my_staging_activation" {
        property_id = "prp_12345"
        contact     = ["jsmith@example.com"]
        version     = "latest"
        network     = "staging"
        note        = "Activating my property on staging."
    }
    
  4. Run terraform apply to activate your property on a network.