添加 构建大模型应用的安全防护体系 的 terraform 模板

Author: fengchi@alibaba-inc.com

solution/tech-solution/build-large-model-application-security-system/README.md

@@ -0,0 +1,50 @@
+## Introduction
+
+<!-- DOCS_DESCRIPTION_CN -->
+本示例用于实现解决方案[构建大模型应用的安全防护体系](https://www.aliyun.com/solution/tech-solution/build-large-model-application-security-system), 涉及到专有网络（VPC）、交换机（VSwitch）、云服务器（ECS）、RAM 用户等资源的创建。
+<!-- DOCS_DESCRIPTION_CN -->
+
+<!-- DOCS_DESCRIPTION_EN -->
+This example demonstrates the implementation of the solution [Building a Security Protection System for Large Model Applications](https://www.aliyun.com/solution/tech-solution/build-large-model-application-security-system). It involves the creation, and deployment of resources such as Virtual Private Cloud (VPC), VSwitch, Elastic Compute Service (ECS), and RAM users.
+<!-- DOCS_DESCRIPTION_EN -->
+
+
+<!-- BEGIN_TF_DOCS -->
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_alicloud"></a> [alicloud](#provider\_alicloud) | n/a |
+| <a name="provider_random"></a> [random](#provider\_random) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [alicloud_ecs_command.run_command](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ecs_command) | resource |
+| [alicloud_ecs_invocation.invoke_script](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ecs_invocation) | resource |
+| [alicloud_instance.ecs_instance](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/instance) | resource |
+| [alicloud_ram_access_key.ramak](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_access_key) | resource |
+| [alicloud_ram_user.ram_user](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_user) | resource |
+| [alicloud_ram_user_policy_attachment.attach_policy_to_user](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/ram_user_policy_attachment) | resource |
+| [alicloud_security_group.security_group](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group) | resource |
+| [alicloud_security_group_rule.allow_tcp_80](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/security_group_rule) | resource |
+| [alicloud_vpc.vpc](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vpc) | resource |
+| [alicloud_vswitch.vswitch1](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/resources/vswitch) | resource |
+| [random_id.suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+| [alicloud_images.default](https://registry.terraform.io/providers/aliyun/alicloud/latest/docs/data-sources/images) | data source |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_bai_lian_api_key"></a> [bai\_lian\_api\_key](#input\_bai\_lian\_api\_key) | 百炼 API-KEY，需开通百炼模型服务再获取 API-KEY，详情请参考：https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key | `string` | n/a | yes |
+| <a name="input_ecs_instance_password"></a> [ecs\_instance\_password](#input\_ecs\_instance\_password) | 服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()\`~!@#$%^&*_-+=\|{}[]:;'<>,.?/ 中的特殊符号） | `string` | n/a | yes |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | 实例类型 | `string` | `"ecs.e-c1m2.large"` | no |
+| <a name="input_region"></a> [region](#input\_region) | 地域，例如：cn-hangzhou。所有地域及可用区请参见文档：https://help.aliyun.com/document_detail/40654.html#09f1dc16b0uke | `string` | `"cn-hangzhou"` | no |
+| <a name="input_zone_id1"></a> [zone\_id1](#input\_zone\_id1) | 可用区ID。选择可用区前请确认该可用区是否支持创建ECS资源的规格。例如：cn-hangzhou-k | `string` | `"cn-hangzhou-k"` | no |
+<!-- END_TF_DOCS -->

solution/tech-solution/build-large-model-application-security-system/main.tf

@@ -0,0 +1,96 @@
+provider "alicloud" {
+  region = var.region
+}
+
+resource "random_id" "suffix" {
+  byte_length = 8
+}
+
+locals {
+  common_name = random_id.suffix.id
+}
+
+data "alicloud_images" "default" {
+  name_regex  = "^aliyun_3_x64_20G_alibase_.*"
+  most_recent = true
+  owners      = "system"
+}
+
+resource "alicloud_ram_user" "ram_user" {
+  name = "create_by_solution-${local.common_name}"
+}
+
+resource "alicloud_ram_access_key" "ramak" {
+  user_name = alicloud_ram_user.ram_user.name
+}
+
+resource "alicloud_ram_user_policy_attachment" "attach_policy_to_user" {
+  user_name   = alicloud_ram_user.ram_user.name
+  policy_type = "System"
+  policy_name = "AliyunYundunGreenWebFullAccess"
+}
+
+resource "alicloud_security_group" "security_group" {
+  security_group_name = "SG_${local.common_name}"
+  vpc_id              = alicloud_vpc.vpc.id
+}
+
+resource "alicloud_security_group_rule" "allow_tcp_80" {
+  type              = "ingress"
+  ip_protocol       = "tcp"
+  policy            = "accept"
+  port_range        = "80/80"
+  priority          = 1
+  security_group_id = alicloud_security_group.security_group.id
+  cidr_ip           = "0.0.0.0/0"
+}
+
+resource "alicloud_vswitch" "vswitch1" {
+  vpc_id       = alicloud_vpc.vpc.id
+  cidr_block   = "192.168.1.0/24"
+  zone_id      = var.zone_id1
+  vswitch_name = "VSW_${local.common_name}"
+}
+
+resource "alicloud_instance" "ecs_instance" {
+  instance_name              = "ecs-${local.common_name}"
+  system_disk_category       = "cloud_essd"
+  image_id                   = data.alicloud_images.default.images[0].id
+  vswitch_id                 = alicloud_vswitch.vswitch1.id
+  password                   = var.ecs_instance_password
+  instance_type              = var.instance_type
+  internet_max_bandwidth_out = 5
+  security_groups            = [alicloud_security_group.security_group.id]
+}
+
+resource "alicloud_vpc" "vpc" {
+  cidr_block = "192.168.0.0/16"
+  vpc_name   = "VPC_${local.common_name}"
+}
+
+resource "alicloud_ecs_command" "run_command" {
+  name = "commond-install"
+  command_content = base64encode(<<EOF
+cat <<EOT >> ~/.bash_profile
+export ROS_DEPLOY=true
+export BAILIAN_API_KEY=${var.bai_lian_api_key}
+export ALIBABA_CLOUD_ACCESS_KEY_ID=${alicloud_ram_access_key.ramak.id}
+export ALIBABA_CLOUD_ACCESS_KEY_SECRET=${alicloud_ram_access_key.ramak.secret}
+EOT
+
+source ~/.bash_profile
+curl -fsSL https://static-aliyun-doc.oss-cn-hangzhou.aliyuncs.com/install-script/ai-security/install.sh | bash
+EOF
+  )
+  working_dir = "/root"
+  type        = "RunShellScript"
+  timeout     = 3600
+}
+
+resource "alicloud_ecs_invocation" "invoke_script" {
+  instance_id = [alicloud_instance.ecs_instance.id]
+  command_id  = alicloud_ecs_command.run_command.id
+  timeouts {
+    create = "15m"
+  }
+}

solution/tech-solution/build-large-model-application-security-system/outputs.tf

@@ -0,0 +1,4 @@
+output "web_url" {
+  description = "Web 访问地址"
+  value       = format("http://%s", alicloud_instance.ecs_instance.public_ip)
+}

solution/tech-solution/build-large-model-application-security-system/variables.tf

@@ -0,0 +1,24 @@
+variable "region" {
+  type        = string
+  default     = "cn-hangzhou"
+  description = "地域，例如：cn-hangzhou。所有地域及可用区请参见文档：https://help.aliyun.com/document_detail/40654.html#09f1dc16b0uke"
+}
+variable "zone_id1" {
+  type        = string
+  default     = "cn-hangzhou-k"
+  description = "可用区ID。选择可用区前请确认该可用区是否支持创建ECS资源的规格。例如：cn-hangzhou-k"
+}
+variable "instance_type" {
+  type        = string
+  default     = "ecs.e-c1m2.large"
+  description = "实例类型"
+}
+variable "ecs_instance_password" {
+  type        = string
+  sensitive   = true
+  description = "服务器登录密码,长度8-30，必须包含三项（大写字母、小写字母、数字、 ()`~!@#$%^&*_-+=|{}[]:;'<>,.?/ 中的特殊符号）"
+}
+variable "bai_lian_api_key" {
+  type        = string
+  description = "百炼 API-KEY，需开通百炼模型服务再获取 API-KEY，详情请参考：https://help.aliyun.com/zh/model-studio/developer-reference/get-api-key"
+}