Contact UsGet started

Enabling DDoS protection

Written by
Updated at June 11, 2024

You can activate DDoS protection when creating a virtual machine or reserving public IP addresses.

Protected addresses are allocated from a separate pool; therefore, you cannot enable and disable protection for a previously reserved address.

Enabling DDoS protection when creating a virtual machine

When configuring a network on a new virtual machine, select the automatically assigned public IP address or an address from the list of the reserved ones.

Once you select an address, select DDoS protection.

Enabling DDoS protection when reserving an IP address

To reserve a protected static IP address:

  1. In the management console, go to the folder where you need to reserve an address.
  2. In the list of services, select Virtual Private Cloud.
  3. In the left-hand panel, select IP addresses.
  4. Click Reserve address.
  5. Select the availability zone where you want to reserve the address.
  6. Select DDoS protection.
  7. Click ** Reserve**.

If you don't have Terraform, install it and configure the Yandex Cloud provider.

Terraform allows you to quickly create a cloud infrastructure in Yandex Cloud and manage it using configuration files. Configuration files store the infrastructure description in the HashiCorp Configuration Language (HCL). Terraform and its providers are distributed under the Business Source License.

For more information about the provider resources, see the documentation on the Terraform website or the mirror.

If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.

  1. Open the Terraform configuration file and edit the section with the static public IP description by adding the ddos_protection_provider field:

    resource "yandex_vpc_address" "addr" {
  name = "exampleAddress"
  external_ipv4_address {
    zone_id                  = "ru-central1-a"
    ddos_protection_provider = "qrator"
  }
}

    Where ddos_protection_provider is a parameter that enables DDoS protection. The only available value is qrator.

    For more information about the yandex_vpc_address resource parameters in Terraform, see the provider documentation.

  2. Check the configuration using this command:

    terraform validate

    If the configuration is correct, you will get this message:

    Success! The configuration is valid.

  3. Run this command:

    terraform plan

    The terminal will display a list of resources with parameters. No changes will be made at this step. If the configuration contains any errors, Terraform will point them out.

  4. Apply the configuration changes:

    terraform apply

  5. Confirm the changes: type yes into the terminal and press Enter.

    You can check whether DDoS protection is active in the management console or with the following CLI command:

    yc vpc address list
Previous
Enabling a software-accelerated network
Next
Setting the MTU when DDoS protection is active