Set up Cloudlets policies
Create, configure, and activate Cloudlets
Solve specific traffic challenges and bring your site's business logic closer to your end user with self-service applications.
1. Prep
Cloudlets are connected to your properties through a rule and behaviors. Along with those, some cloudlets require a conditional origin.
To get started, import your properties and any existing cloudlet policies into your Terraform state.
Export properties
-
Export the properties to which you want to add a Cloudlet.
akamai terraform --edgerc {location-of-your-edgerc-file} --section {section-of-edgerc-to-use} export-property {"property-name"}
-
Run the included import script to populate your Terraform state and prevent Terraform from attempting to recreate your assets.
Export existing cloudlet policies
To work with existing cloudlet policies, use your policy's name to export its configuration.
akamai terraform --edgerc {location-of-your-edgerc-file} --section {section-of-edgerc-to-use} export-cloudlets-policy {"property-name"}
Set up origin
Because these cloudlet types forward incoming requests, their use requires a separate origin server.
- Application Load Balancer. Uses conditional origins to represent data centers that are part of the load balancing and failover scheme. You should have a separate conditional origin for each data center included in your load balancing configuration.
- Audience Segmentation. Segments traffic and sets session stickiness.
- Forward Rewrite. Rewrites the requested URL and returns a different asset based on location or device.
- Phased Release. Forwards a defined percentage of your visitors to a particular location.
Important: Steps two and three are for the load balancer cloudlet only. All other cloudlets with an origin should continue on to the match rule set up.
The origin must be in an active property to create a load balancer configuration.
-
In your properties' rule trees, add a conditional origin, its behavior, and the criteria that fit your business need. In order of appearance, use the references to help fill out the options for each.
- origin
- cpCode (optional)
- cloudletsOrigin
- allowCloudletsOrigins
{ "name": "Conditional Origin Group", "children": [ { "name": "Conditional Origin Definition", "children": [], "behaviors": [ { "name": "origin", "options": { "cacheKeyHostname": "ORIGIN_HOSTNAME", "compress": true, "enableTrueClientIp": false, "forwardHostHeader": "REQUEST_HOST_HEADER", "httpPort": 80, "originSni": false, "originType": "CUSTOMER", "useUniqueCacheKey": false } }, { "name": "cpCode", "options": {} } ], "criteria": [ { "name": "cloudletsOrigin", "options": {} } ], "criteriaMustSatisfy": "all" }, { "name": "Conditional Origin Definition", "children": [], "behaviors": [ { "name": "origin", "options": { "cacheKeyHostname": "ORIGIN_HOSTNAME", "compress": true, "enableTrueClientIp": false, "forwardHostHeader": "REQUEST_HOST_HEADER", "httpPort": 80, "originSni": false, "originType": "CUSTOMER", "useUniqueCacheKey": false } }, { "name": "cpCode", "options": {} } ], "criteria": [ { "name": "cloudletsOrigin", "options": {} } ], "criteriaMustSatisfy": "all" } ], "behaviors": [ { "name": "allowCloudletsOrigins", "options": { "enabled": true, "honorBaseDirectory": true, "purgeOriginQueryParameter": "originId" } } ], "criteria": [], "criteriaMustSatisfy": "all" }
-
Add your rules to your property, pointing to the JSON file you updated.
resource "akamai_property" "my_property" { name = "MyProperty" product_id = "prd_Object_Delivery" contract_id = "C-0N7RAC7" group_id = "12345" rule_format = "v2023-05-30" rules = file("${path.root}/property-snippets/main.json") depends_on = akamai_property_include_activation.id hostnames { cname_from = "my_property_example.com" cname_to = "my_property_example.com.edgekey.net" cert_provisioning_type = "DEFAULT" } }
-
Activate your property on a network.
resource "akamai_property_activation" "my_property_activation" { property_id = "prp_12345" network = "staging" contact = ["jsmith@example.com"] note = "Origin for load balancer" version = "2" auto_acknowledge_rule_warnings = true timeouts { default = "1h" } }
Load balancer config
The Application Load Balancer cloudlet requires a load balancer configuration in addition to its match rules.
-
Define the settings for your balance type, data centers, and liveliness. For information about argument values, see Arguments in the load balancer configuration resource.
resource "akamai_cloudlets_application_load_balancer" "my_lb_config" { origin_id = "my_lb" description = "my application load balancer config" balancing_type = "WEIGHTED" data_centers { cloud_server_host_header_override = false cloud_service = true country = "US" continent = "NA" latitude = 102.78108 longitude = -116.07064 percent = 100 liveness_hosts = ["example"] hostname= "example-hostname" state_or_province = "MA" city = "Boston" origin_id = "my_lb" } liveness_settings { port = 1234 protocol = "HTTP" path = "/status" host_header = "header" additional_headers = { additional_headers = "123" } interval = 10 request_string = "test_request_string" response_string = "test_response_string" timeout = 60 } }
-
Activate your configuration.
resource "akamai_cloudlets_application_load_balancer_activation" "my_lb_activation" { origin_id = "my_lb" network = "staging" version = 1 timeouts { default = "1h" } }
Continue your load balancer set up by configuring its policy match rules.
2. Configure policy rules
A cloudlet policy's match rule settings govern the actions your cloudlet takes on your site's inbound traffic.
- Use
if
statements to get more specific about the actions taken. Child rules andelse
statements are not allowed. - The match rules are evaluated top down. Place the most restrictive rules toward the top of your list.
Use your cloudlet type's data source to construct match rules. The output of each is a JSON snippet used in the policy resource.
3. Create or update policy
Create a new cloudlet policy or add your updated match rules to create a new policy version.
Determine application type
Some cloudlet types allow you to share policies across multiple properties, others don't allow sharing, and some types work both ways.
- Existing cloudlet policies in your Terraform configurations are of the single property, or non-shared, type. You may have applied the policy to multiple properties, but the application was done one at a time.
- Upgrading a non-shared policy to a shared policy requires creating a new policy.
Annotate which application method using the is_shared
argument in the policy resource. The default is false
, applying the policy to a single property.
Cloudlet | Non-Shared | Shared |
---|---|---|
API Prioritization* | ✔ | ✔ |
Application Load Balancer | ✔ | |
Audience Segmentation* | ✔ | ✔ |
Edge Redirector | ✔ | ✔ |
Forward Rewrite* | ✔ | ✔ |
Phased Release | ✔ | ✔ |
Request Control | ✔ | ✔ |
Visitor Prioritization* | ✔ |
* Does not support the use of the match_always
argument.
Create policy
To create or update a policy, add your match rules as a jsonencoded list or use a pointer to a JSON file that contains your match rules and set your cloudlet's type in cloudlet_code
.
On update, you can also update your policy by leaving out the match_rules
argument and using the match_rules_format
to designate an existing set of rules to use.
Cloudlet type | cloudlet_code value |
---|---|
API Prioritization | AP |
Application Load Balancer | ALB |
Audience Segmentation | AS |
Edge Redirector | ER |
Forward Rewrite | FR |
Phased Release | CD |
Request Control | IG |
Visitor Prioritization | VP |
resource "akamai_cloudlets_policy" "my-new-cloudlet-policy" {
name = "policy1"
cloudlet_code = "ER"
group_id = "12345"
is_shared = false // Optional. Default is false.
match_rules = file("${path.root}/cloudlet-policy.json")
}
Note: When you're only updating your policy's rules, just activate your policy to apply your changes on the network. There's no need to reactivate your property unless you need to make changes to those behaviors.
4. Set up behaviors
In your exported property's rule tree, add the behavior for your cloudlet in the behavior section of your property's default rule.
Cloudlet behaviors typically do not have criteria, but if you need to add criteria to a cloudlet behavior, create a new custom rule and add both the behavior and its criteria.
5. Configure your property
Add your updated rules to your property using a pointer to your JSON file.
resource "akamai_property" "my_property" {
name = "MyProperty"
product_id = "prd_Object_Delivery"
contract_id = "C-0N7RAC7"
group_id = "12345"
rule_format = "v2023-05-30"
rules = "${path.root}/property-snippets/main.json")
depends_on = akamai_property_include_activation.id
hostnames {
cname_from = "my_property_example.com"
cname_to = "my_property_example.com.edgekey.net"
cert_provisioning_type = "DEFAULT"
}
}
5. Activate policy and property
Activate your policy and your property to apply your changes on a network.
-
Associate your Cloudlet's policy version with one or more properties.
resource "akamai_cloudlets_policy_activation" "example" { policy_id = 12345 network = "staging" version = 1 associated_properties = ["Property_1", "Property_2", "Property_3"] // Required for shared policies. timeouts { default = "1h" } }
-
Run
terraform apply
to deploy your policy to activate your policy on a network. -
Once your policy is activated, activate your property.
resource "akamai_property_activation" "my_staging_activation" { property_id = "prp_12345" contact = ["jsmith@example.com"] version = "latest" network = "staging" note = "Activating my property on staging." }
-
Run
terraform apply
to activate your property on a network.
Updated 2 months ago