- \n
- \n
- Terraform\u306e\u57fa\u672c\u7684\u306a\u5229\u7528\u65b9\u6cd5\u3092\u7406\u89e3\u3059\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- tf\u30d5\u30a1\u30a4\u30eb\u306e\u8a18\u8ff0\u65b9\u6cd5\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u69cb\u6210\u3092\u7406\u89e3\u3059\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u3042\u308b\u7a0b\u5ea6AWS\u306e\u30b5\u30fc\u30d3\u30b9\u3068\u305d\u306e\u95a2\u9023\u6027\u3092\u7406\u89e3\u3057\u3066\u3044\u308b\uff08AWS-SAA\u30ec\u30d9\u30eb)<\/ul>\n<\/li>\n<\/ul>\n
- \n
- terraform\u3092\u5b9f\u884c\u3067\u304d\u308b\u74b0\u5883\u304c\u3042\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- provider.tf<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- versions.tf<\/ul>\n
\u63d0\u4f9b\u8005.tf<\/h3>\n
\u5728Terraform\u4e2d\uff0c\u53ef\u4ee5\u901a\u8fc7\u79f0\u4e3aProvider\u7684\u7ec4\u4ef6\u6765\u5b9a\u4e49\u90e8\u7f72\u54ea\u4e2a\u63d0\u4f9b\u7a0b\u5e8f\uff08\u4f8b\u5982AWS\u3001Azure\u3001GCP\u3001K8s\uff09\u7684\u8d44\u6e90\u3002
\nAWS Provider\u9700\u8981\u8bbf\u95ee\u5bc6\u94a5\u3001\u79d8\u5bc6\u5bc6\u94a5\u548c\u9ed8\u8ba4\u533a\u57df\u8bbe\u7f6e\u3002\uff08\u4e0e\u5728aws-cli\u4e2d\u8f93\u5165aws configure\u65f6\u9700\u8981\u7684\u503c\u76f8\u540c\uff09
\n\u5728\u8fd9\u91cc\uff0c\u8bf7\u8f93\u5165\u5177\u6709AdministratorAccess\u6743\u9650\u7684IAM\u7528\u6237\u7684\u4fe1\u606f\u3002<\/p>\nprovider<\/span> aws<\/span> {<\/span>\r\n access_key<\/span> =<\/span> \"XXXXXXXXXXXXXXXXXXXXXXXXX\"<\/span>\r\n secret_key<\/span> =<\/span> \"YYYYYYYYYYYYYYYYYYYYYYYYY\"<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\ntf\u7248\u672c<\/h3>\n
\u5982\u679c\u5173\u6ce8 Provider \u548c Terraform \u81ea\u8eab\u7248\u672c\u7684\u4e00\u81f4\u6027\uff0c\u5c06\u80fd\u9632\u6b62\u5728\u672a\u6765\u51fa\u73b0\u7248\u672c\u66f4\u65b0\u65f6\u51fa\u73b0\u9519\u8bef\u7684\u60c5\u51b5\u3002\u5728\u8fd9\u91cc\uff0c\u6211\u4eec\u6307\u5b9a\u4e86 AWS \u7684 Provider \u548c Terraform \u7684\u7248\u672c\u3002\u5982\u679c\u5c1d\u8bd5\u4f7f\u7528\u5176\u4ed6\u7248\u672c\u7684\u65f6\u5019\uff0c\u4f1a\u5728\u6267\u884c\u4e4b\u524d\u62a5\u9519\u3002\u6700\u65b0\u7684 AWS Provider \u7248\u672c\u53ef\u4ee5\u5728\u8fd9\u91cc\u67e5\u770b\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n required_version<\/span> =<\/span> \"= 1.4.4\"<\/span>\r\n required_providers<\/span> {<\/span>\r\n aws<\/span> =<\/span> \"= 4.61.0\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8fdb\u884cterraform\u521d\u59cb\u5316<\/h2>\n
\u4e3a\u4e86\u521d\u59cb\u5316 Terraform \u7684\u5de5\u4f5c\u533a\u5e76\u4e0b\u8f7d\u63d2\u4ef6\uff0c\u9700\u8981\u8fd0\u884c “terraform init” \u547d\u4ee4\u3002
\n\u8fd9\u5c06\u83b7\u53d6\u5728 provider.tf \u6587\u4ef6\u4e2d\u6307\u5b9a\u7684\u63d0\u4f9b\u7a0b\u5e8f\u63d2\u4ef6\u3002<\/p>\nterraform init\r\n<\/code><\/pre>\nInitializing the backend...\r\n\r\nInitializing provider plugins...\r\n- Finding hashicorp\/aws versions matching \"4.61.0\"...\r\n- Installing hashicorp\/aws v4.61.0...\r\n- Installed hashicorp\/aws v4.61.0 (signed by HashiCorp)\r\n\r\nTerraform has created a lock file .terraform.lock.hcl to record the provider\r\nselections it made above. Include this file in your version control repository\r\nso that Terraform can guarantee to make the same selections by default when\r\nyou run \"terraform init\" in the future.\r\n\r\nTerraform has been successfully initialized!\r\n\r\nYou may now begin working with Terraform. Try running \"terraform plan\" to see\r\nany changes that are required for your infrastructure. All Terraform commands\r\nshould now work.\r\n\r\nIf you ever set or change modules or backend configuration for Terraform,\r\nrerun this command to reinitialize your working directory. If you forget, other\r\ncommands will detect it and remind you to do so if necessary.\r\n<\/code><\/pre>\n\u5df2\u5b89\u88c5\u7684\u63d2\u4ef6\u5c06\u5b58\u50a8\u5728 .terraform \u76ee\u5f55\u4e2d\u3002<\/p>\n
tree -a\r\n<\/code><\/pre>\n.\r\n\u251c\u2500\u2500 .terraform\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 providers\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 registry.terraform.io\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 hashicorp\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 aws\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 4.61.0\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 darwin_arm64\r\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 terraform-provider-aws_v4.61.0_x5\r\n\u251c\u2500\u2500 .terraform.lock.hcl\r\n\u251c\u2500\u2500 provider.tf\r\n\u2514\u2500\u2500 versions.tf\r\n\r\n7 directories, 4 files\r\n<\/code><\/pre>\n\u521b\u5efa\u7528\u4e8e\u90e8\u7f72\u7684tf\u6587\u4ef6\u5e76\u6267\u884c\u3002<\/h1>\n
\u5728\u4f7f\u7528Terraform\u90e8\u7f72\u6e90\u4ee3\u7801\u65f6\uff0c\u4f7f\u7528\u4e00\u4e2a\u540d\u4e3a”Resource”\u7684\u7ec4\u4ef6\u3002
\n\u5c06\u5305\u542bResource\u7684.tf\u6587\u4ef6\u5b58\u50a8\u5728\u6587\u4ef6\u5939\u4e2d\uff0c\u5f53\u8f93\u5165\u90e8\u7f72\u6267\u884c\u547d\u4ee4\u65f6\uff0c\u5c06\u81ea\u52a8\u6267\u884c\u90e8\u7f72\u3002
\n\u5173\u4e8e\u5404\u79cdResource\u7684\u63cf\u8ff0\u65b9\u6cd5\uff0c\u53ea\u9700\u5728Google\u4e0a\u641c\u7d22\u6240\u9700\u521b\u5efa\u7684\u8d44\u6e90\uff0c\u5e76\u5c06\u641c\u7d22\u7ed3\u679c\u7684\u6a21\u677f\u57fa\u672c\u590d\u5236\u7c98\u8d34\u5373\u53ef\uff0c\u51e0\u4e4e\u6ca1\u6709\u4efb\u4f55\u95ee\u9898\u3002
\n\u4f8b\u5982\uff0c\u5982\u679c\u8981\u5c06RDS\u8f6c\u6362\u4e3aTerraform\u4ee3\u7801\uff0c\u53ea\u9700\u641c\u7d22”terraform AWS RDS resource”\uff0cTerraform\u5b98\u65b9\u7f51\u7ad9\u5c06\u51fa\u73b0\u5728\u9996\u4f4d\u3002<\/p>\n\u521b\u5efaVPC<\/h2>\n
\u9996\u5148\u6211\u4eec\u5c06\u521b\u5efaVPC\u3002<\/p>\n
\u5236\u4f5c.tf\u6587\u4ef6\u3002<\/h3>\n
\u521b\u5efa\u7528\u4e8e\u90e8\u7f72VPC\u7684.tf\u6587\u4ef6\u7684\u8d44\u6e90\u3002
\n\u6b64\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u8fd9\u91cc\u3002<\/p>\nenable_dns_hostnames \u3092true\u306b\u3057\u3066\u304a\u304f\u3053\u3068\u3067\u3001VPC\u5185\u304b\u3089\u3067\u3082\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u30c9\u30e1\u30a4\u30f3\u540d\u3092\u89e3\u6c7a\u3067\u304d\u307e\u3059\u3002<\/p>\n
resource<\/span> \"aws_vpc\"<\/span> \"vpc\"<\/span> {<\/span>\r\n cidr_block<\/span> =<\/span> \"192.168.0.0\/16\"<\/span>\r\n enable_dns_hostnames<\/span> =<\/span> true<\/span>\r\n\r\n tags<\/span> =<\/span> {<\/span>\r\n Name<\/span> =<\/span> \"tutorial-vpc\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u5f53\u524d\u7684\u6587\u4ef6\u5939\u7ed3\u6784\u5982\u4e0b<\/p>\n
.\r\n\u251c\u2500\u2500 .terraform\r\n\u251c\u2500\u2500 .terraform.lock.hcl\r\n\u251c\u2500\u2500 provider.tf\r\n\u251c\u2500\u2500 versions.tf\r\n\u2514\u2500\u2500 vpc.tf\r\n<\/code><\/pre>\n\u6267\u884c\u90e8\u7f72<\/h3>\n
\u8ba9\u6211\u4eec\u5b9e\u9645\u6267\u884c\u547d\u4ee4\u5e76\u8fdb\u884c\u90e8\u7f72\u3002
\n\u5f53\u6267\u884cterraform plan\u65f6\uff0c\u5b83\u4f1a\u8bfb\u53d6\u5f53\u524d\u76ee\u5f55\u4e2d\u7684.tf\u6587\u4ef6\uff0c\u5e76\u786e\u8ba4\u5c06\u90e8\u7f72\u54ea\u4e9bAWS\u8d44\u6e90\u3002
\n\u5982\u679c\u5b58\u5728\u8bed\u6cd5\u9519\u8bef\uff0c\u5b83\u4f1a\u5728\u6267\u884c\u6b64\u8ba1\u5212\u65f6\u62d2\u7edd\u90e8\u7f72\uff0c\u6240\u4ee5\u5728\u5b9e\u9645\u6267\u884c\u4e4b\u524d\uff0c\u8bf7\u52a1\u5fc5\u6267\u884c\u8ba1\u5212\u3002<\/p>\nterraform plan\r\n<\/code><\/pre>\nTerraform used the selected providers to generate the following execution plan.\r\nResource actions are indicated with the following symbols:\r\n + create\r\n\r\nTerraform will perform the following actions:\r\n\r\n # aws_vpc.vpc will be created\r\n + resource \"aws_vpc\" \"tutorial_vpc\" {\r\n + arn = (known after apply)\r\n + cidr_block = \"192.168.0.0\/16\"\r\n + default_network_acl_id = (known after apply)\r\n + default_route_table_id = (known after apply)\r\n + default_security_group_id = (known after apply)\r\n + dhcp_options_id = (known after apply)\r\n + enable_classiclink = (known after apply)\r\n + enable_classiclink_dns_support = (known after apply)\r\n + enable_dns_hostnames = true\r\n + enable_dns_support = true\r\n + enable_network_address_usage_metrics = (known after apply)\r\n + id = (known after apply)\r\n + instance_tenancy = \"default\"\r\n + ipv6_association_id = (known after apply)\r\n + ipv6_cidr_block = (known after apply)\r\n + ipv6_cidr_block_network_border_group = (known after apply)\r\n + main_route_table_id = (known after apply)\r\n + owner_id = (known after apply)\r\n + tags = {\r\n + \"Name\" = \"tutorial-vpc\"\r\n }\r\n + tags_all = {\r\n + \"Name\" = \"tutorial-vpc\"\r\n }\r\n }\r\n\r\nPlan: 1 to add, 0 to change, 0 to destroy.\r\n\r\n\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\r\n\r\nNote: You didn't use the -out option to save this plan, so Terraform can't guarantee to\r\ntake exactly these actions if you run \"terraform apply\" now.\r\n<\/code><\/pre>\n\u6267\u884cterraform apply\u547d\u4ee4\u6765\u90e8\u7f72\u3002
\n\u4e0e\u8ba1\u5212\u9636\u6bb5\u8f93\u51fa\u76f8\u540c\u7684\u5185\u5bb9\uff0c\u5982\u679c\u6ca1\u6709\u95ee\u9898\uff0c\u8bf7\u5728\u201c\u8f93\u5165\u4e00\u4e2a\u503c\uff1a\u201d\u5904\u8f93\u5165yes\u6765\u6267\u884c\u90e8\u7f72\u3002
\n\u7136\u540e\u5f00\u59cb\u6267\u884c\u90e8\u7f72\uff0c\u8fc7\u4e00\u6bb5\u65f6\u95f4\u540e\u4f1a\u8f93\u51fa\u5b8c\u6210\u7684\u6d88\u606f\u3002<\/p>\nterraform apply\r\n<\/code><\/pre>\n---omit(plan\u3068\u540c\u69d8)---\r\n Enter a value: yes \u2190yes\u3092\u5165\u529b\r\n\r\naws_vpc.vpc: Creating...\r\naws_vpc.vpc: Still creating... [10s elapsed]\r\naws_vpc.vpc: Creation complete after 12s [id=vpc-04fb5154d22486542]\r\n\r\nApply complete! Resources: 1 added, 0 changed, 0 destroyed.\r\n<\/code><\/pre>\n![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/55-0.png\" "\\"\\"")
<\/div>\n\u5173\u4e8etfstate\u6587\u4ef6\u7684\u95ee\u9898\u3002<\/h2>\n
\u5b8c\u6210\u7533\u8bf7\u540e\uff0c\u5c06\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u751f\u6210\u4e00\u4e2a\u540d\u4e3a terraform.tfstate \u7684\u6587\u4ef6\u3002\u8be5\u6587\u4ef6\u4ee5 JSON \u683c\u5f0f\u4fdd\u5b58\u4e86\u5b9e\u9645\u90e8\u7f72\u7684\u8d44\u6e90\u4fe1\u606f\u3002
\n\u5c06\u6765\u6267\u884c terraform apply \u8fdb\u884c\u5dee\u5206\u6267\u884c\u65f6\uff0c\u4f1a\u6839\u636e terraform.tfstate \u6587\u4ef6\u3001\u5b9e\u4f8b\u548c tf \u6587\u4ef6\u7684\u4e09\u4e2a\u4fe1\u606f\u8fdb\u884c\u5dee\u5206\u68c0\u6d4b\u5e76\u6267\u884c\u3002
\n\u6709\u4e9b\u4eba\u53ef\u80fd\u4f1a\u8ba4\u4e3a\u53ea\u8981\u770b\u770b\u5b9e\u4f8b\u548c tf \u6587\u4ef6\u4e4b\u95f4\u7684\u5dee\u5f02\u5c31\u53ef\u4ee5\u4e86\uff0c\u4e0d\u9700\u8981\u770b tfstate\u3002\u4f46\u5b9e\u9645\u4e0a\uff0c\u8fd8\u9700\u8981\u4e00\u4e9b\u5b9e\u4f8b\u4e0a\u4e0d\u5b58\u5728\u7684\u8d44\u6e90\u4f9d\u8d56\u5173\u7cfb\u7b49\u4fe1\u606f\uff0c\u56e0\u6b64\u8be5\u6587\u4ef6\u4e5f\u662f\u5fc5\u4e0d\u53ef\u5c11\u7684\u72b6\u6001\u7ba1\u7406\u5de5\u5177\u3002\u66f4\u8be6\u7ec6\u7684\u89e3\u91ca\u8bf7\u53c2\u9605\u5b98\u65b9\u7f51\u9875\u3002<\/p>\n\u987a\u4fbf\u8bf4\u4e00\u53e5\uff0c\u521b\u5efaVPC\u65f6\u7684tfstate\u6587\u4ef6\u7684\u5f62\u5f0f\u5982\u4e0b\u3002<\/p>\n
{\r\n \"version\": 4,\r\n \"terraform_version\": \"1.4.4\",\r\n \"serial\": 1,\r\n \"lineage\": \"a2216e14-10e4-bfb0-99e2-d69cfa87452d\",\r\n \"outputs\": {},\r\n \"resources\": [\r\n {\r\n \"mode\": \"managed\",\r\n \"type\": \"aws_vpc\",\r\n \"name\": \"vpc\",\r\n \"provider\": \"provider[\\\"registry.terraform.io\/hashicorp\/aws\\\"]\",\r\n \"instances\": [\r\n {\r\n \"schema_version\": 1,\r\n \"attributes\": {\r\n \"arn\": \"arn:aws:ec2:ap-northeast-1:XXXXXXXXXXXX:vpc\/vpc-04fb5154d22486542\",\r\n \"assign_generated_ipv6_cidr_block\": false,\r\n \"cidr_block\": \"192.168.0.0\/16\",\r\n \"default_network_acl_id\": \"acl-07759005723d928fc\",\r\n \"default_route_table_id\": \"rtb-0ab93bd6a0c2cf95e\",\r\n \"default_security_group_id\": \"sg-0f7cc93c60b68fbb6\",\r\n \"dhcp_options_id\": \"dopt-01152b10208f13dd5\",\r\n \"enable_classiclink\": false,\r\n \"enable_classiclink_dns_support\": false,\r\n \"enable_dns_hostnames\": true,\r\n \"enable_dns_support\": true,\r\n \"enable_network_address_usage_metrics\": false,\r\n \"id\": \"vpc-04fb5154d22486542\",\r\n \"instance_tenancy\": \"default\",\r\n \"ipv4_ipam_pool_id\": null,\r\n \"ipv4_netmask_length\": null,\r\n \"ipv6_association_id\": \"\",\r\n \"ipv6_cidr_block\": \"\",\r\n \"ipv6_cidr_block_network_border_group\": \"\",\r\n \"ipv6_ipam_pool_id\": \"\",\r\n \"ipv6_netmask_length\": 0,\r\n \"main_route_table_id\": \"rtb-0ab93bd6a0c2cf95e\",\r\n \"owner_id\": \"878728386472\",\r\n \"tags\": {\r\n \"Name\": \"tutorial-vpc\"\r\n },\r\n \"tags_all\": {\r\n \"Name\": \"tutorial-vpc\"\r\n }\r\n },\r\n \"sensitive_attributes\": [],\r\n \"private\": \"eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ==\"\r\n }\r\n ]\r\n }\r\n ],\r\n \"check_results\": null\r\n}\r\n<\/code><\/pre>\n\u521b\u5efaInternet Gateway<\/h2>\n
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u521b\u5efa\u4e00\u4e2a\u4e92\u8054\u7f51\u7f51\u5173\u3002<\/p>\n
\u521b\u5efa.tf\u6587\u4ef6<\/h3>\n
\u521b\u5efa\u7528\u4e8e\u90e8\u7f72Internet Gateway\u7684.tf\u6587\u4ef6\u7684\u8d44\u6e90\u3002
\n\u8fd9\u4e2a\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u8fd9\u91cc\u3002<\/p>\nvpc_id \u306b\u306f\u3001\u5148\u307b\u3069\u4f5c\u6210\u3057\u305fVPC\u306eID\u3092\u5165\u529b\u3057\u3066\u304a\u304d\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u3063\u3066\u3053\u306eInternet Gateway\u306f tutorial-vpc \u5185\u306b\u4f5c\u6210\u3055\u308c\u307e\u3059\u3002<\/p>\n
resource<\/span> \"aws_internet_gateway\"<\/span> \"igw\"<\/span> {<\/span>\r\n vpc_id<\/span> =<\/span> \"vpc-04fb5154d22486542\"<\/span>\r\n\r\n tags<\/span> =<\/span> {<\/span>\r\n Name<\/span> =<\/span> \"tutorial-igw\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6267\u884c\u90e8\u7f72<\/h3>\n
\u4f7f\u7528Terraform apply \u521b\u5efa\u4e92\u8054\u7f51\u7f51\u5173\u3002<\/p>\n
terraform plan\r\nterraform apply\r\n<\/code><\/pre>\n![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/69-0.png\" "\\"\\"")
<\/div>\n\u521b\u5efa\u5b50\u7f51<\/h2>\n
\u63a5\u4e0b\u6765\uff0c\u6211\u4eec\u5c06\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u90e8\u7f72EC2\u5b9e\u4f8b\u7684\u5b50\u7f51\u3002<\/p>\n
\u521b\u5efa.tf\u6587\u4ef6<\/h3>\n
\u521b\u5efa.tf\u6587\u4ef6\u4ee5\u90e8\u7f72\u5b50\u7f51\u8d44\u6e90\u3002
\n\u6b64\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u6b64\u5904\u3002<\/p>\nvpc_id \u306f tutorial_vpc \u306eID\u3092\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n
cidr_block \u306eCIDR\u306fVPC CIDR\u306e\u7bc4\u56f2\u5185\u306b\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
resource<\/span> aws_subnet<\/span> subnet<\/span> {<\/span>\r\n vpc_id<\/span> =<\/span> \"vpc-04fb5154d22486542\"<\/span>\r\n cidr_block<\/span> =<\/span> \"192.168.1.0\/24\"<\/span>\r\n availability_zone<\/span> =<\/span> \"ap-northeast-1a\"<\/span>\r\n\r\n tags<\/span> =<\/span> {<\/span>\r\n Name<\/span> =<\/span> \"tutorial-public-subnet\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6267\u884c\u90e8\u7f72<\/h3>\n
\u4f7f\u7528Terraform apply\u547d\u4ee4\u521b\u5efa\u5b50\u7f51\u3002<\/p>\n
terraform plan\r\nterraform apply\r\n<\/code><\/pre>\n![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/79-0.png\" "\\"\\"")
<\/div>\n\u521b\u5efa\u8def\u7531\u8868<\/h2>\n
\u5982\u679c\u4e0d\u5c06\u521b\u5efa\u7684\u5b50\u7f51\u548c\u4e92\u8054\u7f51\u7f51\u5173\u4e0e\u8def\u7531\u8868\u5173\u8054\u8d77\u6765\uff0cVPC\u5185\u7684EC2\u65e0\u6cd5\u4e0e\u4e92\u8054\u7f51\u901a\u4fe1\u3002\u56e0\u6b64\uff0c\u9700\u8981\u521b\u5efa\u7528\u4e8e\u901a\u5411\u4e92\u8054\u7f51\u7f51\u5173\u7684\u8def\u7531\u8868\u3002<\/p>\n
\u521b\u5efa.tf\u6587\u4ef6<\/h3>\n
\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u90e8\u7f72\u8def\u7531\u8868\u7684.tf\u6587\u4ef6\u8d44\u6e90\u3002
\n\u6b64\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u8fd9\u91cc\u3002<\/p>\nvpc_id \u306f tutorial-vpc \u306eID\u3092\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n
gateway_id \u306f tutorial-igw \u306eID\u3092\u5165\u529b\u3057\u307e\u3059\u3002<\/p>\n
resource<\/span> aws_route_table<\/span> route_table<\/span> {<\/span>\r\n vpc_id<\/span> =<\/span> \"vpc-04fb5154d22486542\"<\/span>\r\n route<\/span> {<\/span>\r\n cidr_block<\/span> =<\/span> \"0.0.0.0\/0\"<\/span>\r\n gateway_id<\/span> =<\/span> \"igw-0e204fdaad34cae29\"<\/span>\r\n }<\/span>\r\n tags<\/span> =<\/span> {<\/span>\r\n Name<\/span> =<\/span> \"tutorial-route-table\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6267\u884c\u90e8\u7f72<\/h4>\n
\u7528terraform apply\u547d\u4ee4\u521b\u5efa\u8def\u7531\u8868\u3002<\/p>\n
terraform plan\r\nterraform apply\r\n<\/code><\/pre>\n![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/89-0.png\" "\\"\\"")
<\/div>\n\u8def\u7531\u8868\u548c\u5b50\u7f51\u7684\u5173\u8054\u8fde\u63a5<\/h2>\n
\u5c06\u521b\u5efa\u7684\u8def\u7531\u8868\u4e0e\u5b50\u7f51\u76f8\u5173\u8054\u3002<\/p>\n
\u521b\u5efa.tf\u6587\u4ef6<\/h3>\n
\u521b\u5efa\u7528\u4e8e\u5173\u8054\u8def\u7531\u8868\u548c\u5b50\u7f51\u7684.tf\u6587\u4ef6\u7684\u8d44\u6e90\u3002
\n\u6b64\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u6b64\u3002<\/p>\nsubnet_id \u306f\u5148\u307b\u3069\u4f5c\u6210\u3057\u305fSubnet\u306eID\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
route_table_id \u306f\u5148\u307b\u3069\u4f5c\u6210\u3057\u305fRoute Table\u306eID\u3092\u6307\u5b9a\u3057\u307e\u3059\u3002<\/p>\n
resource<\/span> aws_route_table_association<\/span> rta<\/span> {<\/span>\r\n subnet_id<\/span> =<\/span> \"subnet-0bf5661c57db0d425\"<\/span>\r\n route_table_id<\/span> =<\/span> \"rtb-072ca46273b6a88e6\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6267\u884c\u90e8\u7f72<\/h4>\n
\u4f7f\u7528terraform apply\u547d\u4ee4\u6765\u5173\u8054\u8def\u7531\u8868\u548c\u5b50\u7f51\u3002<\/p>\n
terraform plan\r\nterraform apply\r\n<\/code><\/pre>\n![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/99-0.png\" "\\"\\"")
<\/div>\n\u751f\u6210\u79c1\u94a5\u548c\u516c\u94a5<\/h2>\n
\u5728\u521b\u5efaEC2\u5b9e\u4f8b\u65f6\uff0c\u5982\u679c\u4f7f\u7528GUI\u8fdb\u884c\u64cd\u4f5c\uff0cAWS\u4f1a\u5e2e\u52a9\u6211\u4eec\u751f\u6210SSH\u5bc6\u94a5\u5e76\u8fdb\u884c\u516c\u94a5\u8bbe\u7f6e\u3002\u4f46\u662f\uff0c\u5982\u679c\u4f7f\u7528aws-cli\u6216Terraform\u6267\u884c\u64cd\u4f5c\uff0c\u5219\u53ea\u80fd\u5bfc\u5165\u4e8b\u5148\u521b\u5efa\u7684SSH\u5bc6\u94a5\u3002\u56e0\u6b64\uff0c\u6211\u4eec\u9700\u8981\u63d0\u524d\u521b\u5efaSSH\u5bc6\u94a5\u5bf9\u3002<\/p>\n
ssh-keygen -t rsa -b 4096\r\n\r\nGenerating public\/private rsa key pair.\r\nEnter file in which to save the key (\/Users\/XXX\/.ssh\/id_rsa): \/Users\/XXX\/.ssh\/aws-ec2\r\nEnter passphrase (empty for no passphrase):\r\nEnter same passphrase again:\r\nYour identification has been saved in \/Users\/XXX\/.ssh\/aws-ec2.\r\nYour public key has been saved in \/Users\/XXX\/.ssh\/aws-ec2.pub\r\nThe key fingerprint is:\r\n-------omit-------------\r\n<\/code><\/pre>\nll ~\/.ssh\/\r\n\r\n-rw------- 1 XXX XXX 3326 11\u6708 26 01:10 aws-ec2\r\n-rw-r--r-- 1 XXX XXX 781 11\u6708 26 01:10 aws-ec2.pub\r\n<\/code><\/pre>\n\u4e0a\u4f20\u5bc6\u94a5\u5bf9<\/h2>\n
\u5c06\u521b\u5efa\u7684SSH\u516c\u94a5\u4e0a\u4f20\u5230AWS\u4e0a\u3002<\/p>\n
\u521b\u5efa.tf\u6587\u4ef6\u3002<\/h3>\n
\u521b\u5efa\u4e00\u4e2a\u7528\u4e8e\u4e0a\u4f20\u5bc6\u94a5\u7684.tf\u6587\u4ef6\u8d44\u6e90\u3002
\n\u8be5\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u8fd9\u91cc\u3002<\/p>\n- public_key\u306b\u306f\u516c\u958b\u9375(aws-ec2.pub)\u306e\u4e2d\u8eab\u3092\u8a18\u8f09\u3057\u307e\u3059\u3002<\/ul>\n
resource<\/span> \"aws_key_pair\"<\/span> \"tutorial_key\"<\/span> {<\/span>\r\n key_name<\/span> =<\/span> \"tutorial-key\"<\/span>\r\n public_key<\/span> =<\/span> \"ssh-rsa AAAAB3NzaC1yc2---omit---XXX\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6267\u884c\u90e8\u7f72<\/h3>\n
\u4f7f\u7528 Terraform apply \u547d\u4ee4\u4e0a\u4f20\u516c\u94a5\u3002<\/p>\n
terraform plan\r\nterraform apply\r\n<\/code><\/pre>\n![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/113-0.png\" "\\"\\"")
<\/div>\n\u521b\u5efa\u5b89\u5168\u7ec4<\/h2>\n
\u5728\u521b\u5efaEC2\u5b9e\u4f8b\u65f6\uff0c\u9700\u8981\u6307\u5b9a\u5b89\u5168\u7ec4\uff08Security Group\uff09\uff0c\u4f46\u5982\u679c\u4f7f\u7528\u9ed8\u8ba4\u7684\u5b89\u5168\u7ec4\uff0c\u53ef\u80fd\u4f1a\u57280.0.0.0\/0\u4e0a\u5f00\u653e22\u7aef\u53e3\u3002\u867d\u7136\u53ef\u4ee5\u901a\u8fc7\u5bc6\u94a5\u5bf9\u8fdb\u884c\u8bbf\u95ee\u63a7\u5236\uff0c\u4f46\u4e3a\u4e86\u786e\u4fdd\u5b89\u5168\u8d77\u89c1\uff0c\u5efa\u8bae\u9884\u5148\u521b\u5efa\u4e00\u4e2a\u53ea\u5141\u8bb8\u7279\u5b9a\u8bbf\u95ee\u6e90\u7684\u5b89\u5168\u7ec4\u3002<\/p>\n
\u521b\u5efa.tf\u6587\u4ef6<\/h3>\n
\u6211\u5c06\u4e3aSecurity Group\u521b\u5efa\u4e00\u4e2a\u7528\u4e8eResource\u7684.tf\u6587\u4ef6\u3002
\n\u8fd9\u4e2a\u8d44\u6e90\u7684\u5b98\u65b9\u6587\u6863\u5728\u8fd9\u91cc\u3002<\/p>\n- \n
- \n
- \u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u30eb\u30fc\u30eb\uff08ingress\uff09\u306b\u81ea\u5206\u306e\u4f5c\u696d\u7aef\u672b\u306eIP\u304b\u3089\u306eSSH\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- \u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u30eb\u30fc\u30eb\uff08egress\uff09\u306f\u5168\u3066\u306e\u901a\u4fe1\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002<\/ul>\n
resource<\/span> \"aws_security_group\"<\/span> \"sg\"<\/span> {<\/span>\r\n name<\/span> =<\/span> \"tutorial-security-group\"<\/span>\r\n description<\/span> =<\/span> \"Allow SSH inbound traffic from XXX\"<\/span>\r\n vpc_id<\/span> =<\/span> \"vpc-04fb5154d22486542\"<\/span>\r\n\r\n ingress<\/span> {<\/span>\r\n description<\/span> =<\/span> \"SSH from XXX\"<\/span>\r\n from_port<\/span> =<\/span> 22<\/span>\r\n to_port<\/span> =<\/span> 22<\/span>\r\n protocol<\/span> =<\/span> \"tcp\"<\/span>\r\n cidr_blocks<\/span> =<\/span> [<\/span>\"XXX.XXX.XXX.XXX\/32\"<\/span>]<\/span>\r\n }<\/span>\r\n\r\n egress<\/span> {<\/span>\r\n from_port<\/span> =<\/span> 0<\/span>\r\n to_port<\/span> =<\/span> 0<\/span>\r\n protocol<\/span> =<\/span> \"-1\"<\/span>\r\n cidr_blocks<\/span> =<\/span> [<\/span>\"0.0.0.0\/0\"<\/span>]<\/span>\r\n }<\/span>\r\n\r\n
- \n
Terraform\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u65b9\u6cd5\u306f\u3053\u3061\u3089\u306a\u3069\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002
\n\u4eca\u56de\u306f Terraform v1.4.4 \u3092\u5229\u7528\u3057\u307e\u3059\u3002<\/p>\nAWS\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u6301\u3063\u3066\u304a\u308a\u3001AdministratorAccess\u6a29\u9650\u3092\u6301\u3064IAM\u30e6\u30fc\u30b6\u30fc\u3092\u5229\u7528\u3067\u304d\u308b<\/p>\n
\u672c\u7de8<\/h1>\n
\u6211\u4eec\u4ece\u8fd9\u91cc\u5f00\u59cb\u6559\u7a0b\u3002
\n\u5728\u672c\u90e8\u5206\u4e2d\uff0c\u901a\u8fc7AWS\u7684\u7b80\u5355\u914d\u7f6e\u90e8\u7f72\uff0c\u6211\u4eec\u5c06\u7406\u89e3Terraform\u7684\u57fa\u672c\u5199\u6cd5\u3002<\/p>\n\u8fd9\u4e2a\u90e8\u5206\u7684\u76ee\u6807<\/h1>\n
\u80fd\u591f\u4f7f\u7528Terraform\u5728\u4ee5\u4e0b\u65b9\u5f0f\u4e0a\u8fdb\u884c\u90e8\u7f72<\/p>\n
![\"AWS.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d8554913a08637a6b8c4c\/15-0.png\" "\\"\\"")
<\/div>\n\u4e8b\u524d\u51c6\u5907<\/h1>\n
\u6211\u4f1a\u521b\u5efa\u4e00\u4e2a\u4efb\u52a1\u6587\u4ef6\u5939\u3002
\n\u7531\u4e8eterraform\u662f\u901a\u8fc7\u6587\u4ef6\u5939\u7ba1\u7406\u6e90\u4ee3\u7801\u7684\uff0c\u6240\u4ee5\u6211\u4f1a\u5148\u5728\u672c\u5730\u521b\u5efa\u4e00\u4e2a\u4efb\u52a1\u6587\u4ef6\u5939\u3002<\/p>\nmkdir -p ~\/terraform-tutorial\/tutorial-1\r\ncd ~\/terraform-tutorial\/tutorial-1\r\n<\/code><\/pre>\n\u521b\u5efa.tf\u6587\u4ef6\u6765\u8fdb\u884c\u73af\u5883\u8bbe\u7f6e \u2192 \u6267\u884c\u521d\u59cb\u5316<\/h1>\n
\u5173\u4e8etf\u6587\u4ef6\u3002<\/h2>\n
\u5728Terraform\u4e2d\uff0c\u6211\u4eec\u4f1a\u4f7f\u7528.tf\u6587\u4ef6\u6765\u5b58\u50a8\u90e8\u7f72\u8d44\u6e90\u4fe1\u606f\u548c\u8ba4\u8bc1\u4fe1\u606f\u7b49\u3002
\n\u5728\u6267\u884cTerraform\u547d\u4ee4\u65f6\uff0c\u4f1a\u8bfb\u53d6\u5f53\u524d\u76ee\u5f55\u4e0b\u6240\u6709\u7684.tf\u6587\u4ef6\u3002
\n\u56e0\u6b64\uff0c\u867d\u7136\u628a\u6240\u6709\u7684\u4fe1\u606f\u90fd\u5199\u5728\u4e00\u4e2a.tf\u6587\u4ef6\u4e2d\u4e5f\u6ca1\u6709\u95ee\u9898\uff0c\u4f46\u662f\u4e3a\u4e86\u7ba1\u7406\u65b9\u4fbf\uff0c\u6211\u4eec\u4f1a\u5c06.tf\u6587\u4ef6\u5206\u6210\u51e0\u4e2a\u90e8\u5206\u3002<\/p>\n\u7528\u4e8e\u73af\u5883\u8bbe\u7f6e\u7684.tf\u6587\u4ef6<\/h2>\n
\u4e3a\u4e86\u6267\u884cterraform\uff0c\u60a8\u9700\u8981\u521b\u5efa\u4e00\u4e9b\u7c7b\u4f3c\u4e8e\u73af\u5883\u8bbe\u7f6e\u7684\u6587\u4ef6\u3002
\n\u672c\u6b21\u5c06\u521b\u5efa\u4ee5\u4e0b\u4e24\u4e2a\u6587\u4ef6\u3002<\/p>\n- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \u73fe\u5834\u3067\u3042\u308b\u7a0b\u5ea6\u306e\u30ec\u30d9\u30eb\u3067Terraform\u5c0e\u5165\u3092\u5b9f\u65bd\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/ul>\n
\u8bf7\u7559\u610f\u4e8b\u9879\u3002<\/h3>\n
\u8fd9\u4e2a\u6559\u7a0b\u7684\u76ee\u6807\u662f\u8ba9\u521d\u6b21\u63a5\u89e6Terraform\u7684\u4eba\u4eec\u6309\u7167\u987a\u5e8f\u5b8c\u6210\u5404\u4e2a\u7ae0\u8282\uff0c\u4ee5\u83b7\u5f97\u5b9e\u8df5\u77e5\u8bc6\u3002\u56e0\u6b64\uff0c\u5728\u6559\u7a0b\u4e2d\u6211\u4eec\u6545\u610f\u4f7f\u7528\u4e00\u4e9b\u4e0d\u63a8\u8350\u7684\u5199\u6cd5\uff0c\u4f46\u8bf7\u539f\u8c05\uff0c\u8fd9\u662f\u4e3a\u4e86\u52a0\u6df1\u5bf9Terraform\u7684\u7406\u89e3\u8fc7\u7a0b\u3002<\/p>\n
\u5047\u8bbe\u6761\u4ef6<\/h2>\n
\u6559\u7a0b\u7684\u6574\u4e2a\u8fc7\u7a0b\u57fa\u4e8e\u4ee5\u4e0b\u524d\u63d0\u8fdb\u884c\u3002<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n