使用Terraform创建S3存储桶

关于这个页面

在 Mac 上构建 terraform 的开发环境,并创建 s3 存储桶的步骤都被记录在这里。

我们将使用terraform: v0.12.0-beta1进行操作。

操作步骤

安装Terraform。

听说Terraform也有一个版本管理的管理器,所以我会使用它。

$ brew install tfenv

创建项目

$ mkdir -p path/to/your-project && cd path/to/your-project
$ echo v0.12.0-beta1 > .terraform-version
$ tfenv install

设置环境变量

我使用direnv
使用它,您可以为每个项目设置环境变量

$ brew install direnv

安装后,在bash_profile文件中添加。

eval "$(direnv hook bash)"
# vim じゃない人は不要
export EDITOR=vim
$ source ~/.bash_profile
$ direnv edit .

由于编辑器被打开,需要进行追加。

export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_DEFAULT_REGION=ap-northeast-1

我觉得你会收到这样的消息

$ direnv edit .
direnv: loading .envrc
direnv: export +AWS_ACCESS_KEY_ID +AWS_DEFAULT_REGION +AWS_SECRET_ACCESS_KEY

# 確認
$ echo $AWS_DEFAULT_REGION
ap-northeast-1

创建一个名为s3的存储桶。

resource "aws_s3_bucket" "b" {
  bucket = "happy-my-tf-test-bucket"
  acl    = "private"

  tags = {
    Name        = "My bucket"
    Environment = "Dev"
  }
}

$ terraform init

# やりたいことの確認
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.


------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_s3_bucket.b will be created
  + resource "aws_s3_bucket" "b" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = "my-tf-test-bucket"
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags                        = {
          + "Environment" = "Dev"
          + "Name"        = "My bucket"
        }
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

# 実行(yesをタイプする)
$ terraform apply
yes
---
Error: Error creating S3 bucket: AccessDenied: Access Denied
        status code: 403, ---

因為在我的IAM中只允許READ權限,所以需要進行權限修正。
請給予我適當的權限。

另外,由于存储桶名称在全球范围内必须唯一,因此请给它取一个不会与其他重复的名字。

请注意

为了防止.envrc泄露到外部,请将其添加到.gitignore中。

参照

    • Pragmatic Terraform On AWS

 

    terraform 公式doc(s3関連)