首次在AWS上使用Terraform
通常情况下,我一直使用CloudFormation进行构建,但这次为了学习的目的,尝试了使用Terraform进行构建。
引入 Terraform
请从Terraform官网下载适用于各个操作系统的安装程序。
这次我们是在Cloud9(Amazon Linux2)上进行执行。
$ sudo yum install -y yum-utils
$ sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
$ sudo yum -y install terraform
$ terraform version
Terraform v1.3.1
on linux_amd64
创建工作目录
$ mkdir Teraform
$ cd Teraform/
提供者的指定
provider "aws" {
region = "ap-northeast-1"
}
指定保存路径
terraform {
backend "s3" {
bucket = "<S3バケット名>"
key = "path/terraform.tfstate"
region = "ap-northeast-1"
}
}
给予 Teraform 的权限
-
- IAMユーザーの認証情報
- IAMロール
资源句法
参考文献中描述了部署资源的步骤。
请查看 Variable 構文以了解关于被称为环境变量(var)的部分之说明的详细信息。
关于相关资源的记述是以 vpc_id = aws_vpc.vpc.id 的方式编写。
resource "aws_vpc" "vpc" {
cidr_block = var.vpc_cidr[var.env]
enable_dns_hostnames = true
tags = {
Name = "&(var.env)-$(var.project)-vpc"
}
}
resource "aws_subnet" "pubric_a" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.subnet_cidr[var.env]
availability_zone = var.az["az_a"]
map_public_ip_on_launch = true
tags = {
Name = "&(var.env)-$(var.project)-pubric-a-subnet"
}
}
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "&(var.env)-$(var.project)-igw"
}
}
resource "aws_route_table" "pubric" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
tags = {
Name = "&(var.env)-$(var.project)-pubric-rtb"
}
}
resource "aws_route_table_association" "pubric_a" {
subnet_id = aws_subnet.pubric_a.id
route_table_id = aws_route_table.pubric.id
}
resource "aws_instance" "ec2" {
ami = "ami-078296f82eb463377"
instance_type = "t2.micro"
subnet_id = aws_subnet.pubric_a.id
}
output "ec2_public_ip" {
value = aws_instance.ec2.public_ip
}
变量语法
字符串
将值作为单个字符串使用。
variable "変数名" {
type = string
default = "xxx"
{
列出
使用数组作为值。
variable "変数名" {
type = list
default = ["xxx", "yyy"]
{
地图 (dì tú)
使用值和字符串进行关联。
variable "変数名" {
type = map
default{
aaa = "xxx"
bbb = "yyy"
}
{
我认为可以用以下方式表达。
variable "vpc_cidr" {
type = map(string)
default = {
prd = "10.1.0.0/16"
dev = "10.2.0.0/16"
}
}
variable "subnet_cidr" {
type = map(string)
default = {
prd = "10.1.1.0/24"
dev = "10.2.2.0/24"
}
}
variable "az" {
type = map(string)
default = {
az_a = "ap-northeast-1a"
az_c = "ap-northeast-1c"
}
}
variable "project" {
type = string
default = "test"
}
variable "env" {
type = string
default = "dev"
}
起始
我认为将当前所需的文件整理起来,会形成以下的结构。
├── terraform
│ ├── develop
│ │ ├── terraform.tf
│ │ └── variable.tf
│ │ └── vpc.tf
│ │ └── ec2.tf
在开发工作目录中运行init命令以进行初始化。
$ terraform init
Initializing the backend...
Successfully configured the backend "s3"! Terraform will automatically
use this backend unless the backend configuration changes.
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v4.33.0...
- Installed hashicorp/aws v4.33.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
计划
当进行资源创建时,会显示生成的资源。如果.tf文件的语法或资源设置存在问题,则会出现错误。
$ terraform plan
申请
通过执行 “terraform apply” 命令,并输入 “yes” 来进行部署。
$ terraform apply
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Outputs:
ec2_public_ip = "X.X.X.X"
环境的复制方法
按照下列方式,在生产目录中创建一个variable.tf文件,将env设置为prod,然后像develop一样进行init、plan和apply操作来部署。
├── terraform
│ ├── develop
│ │ ├── terraform.tf
│ │ └── variable.tf
│ │ └── vpc.tf
│ │ └── ec2.tf
│ ├── production
│ │ ├── terraform.tf
│ │ └── variable.tf
│ │ └── vpc.tf
│ │ └── ec2.tf
variable "env" {
type = string
default = "prod"
}
删除
执行terraform destroy命令并选择yes,即可完成删除。
$ terraform destroy
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
