\u7531\u4e8e\u5728\u4e1a\u52a1\u4e2d\u6709\u673a\u4f1a\u4f7f\u7528AWS\u548cTerraform\uff0c
\n\u56e0\u6b64\u603b\u7ed3\u4e86\u5728\u4f7f\u7528\u8fc7\u7a0b\u4e2d\u83b7\u5f97\u7684\u8fd0\u7ef4\u7ecf\u9a8c\u3002
\n\u53e6\u5916\uff0c\u5728\u7b2c2\u7ae0\u53ca\u4ee5\u540e\u4ecb\u7ecd\u7684Terraform\u8fd0\u7ef4\u65b9\u6cd5\u662f\u4e2a\u4eba\u7684\u6700\u7ec8\u76ee\u6807\uff0c
\n\u5e76\u4e0d\u4ee3\u8868Terraform\u7684\u6700\u4f73\u5b9e\u8df5\uff0c\u53ea\u80fd\u4f5c\u4e3a\u53c2\u8003\u3002
\n\uff08\u4f8b\u5982\u6545\u610f\u6ca1\u6709\u4f7f\u7528terraform workspace\u7b49\uff09<\/p>\n
<\/p>\n
<\/p>\n
Debian [v10.8]<\/p>\n
Windows<\/p>\n
WSL \u306e Ubuntu [v20.04]
\nWSL\u306e\u69cb\u7bc9\u306b\u3064\u3044\u3066\u306f\u4ee5\u4e0b\u3092\u53c2\u7167<\/p>\n
\u8bf7\u53c2\u8003\u4ee5\u4e0b\u5185\u5bb9\uff0c\u5728AWS\u4e0a\u521b\u5efa\u7528\u4e8e\u4e34\u65f6\u73af\u5883\u548c\u751f\u4ea7\u73af\u5883\u7684\u8d26\u6237\uff0c\u5e76\u4e3aTerraform\u7ba1\u7406\u7684\u8d44\u6e90\u6388\u4e88\u76f8\u5e94\u6743\u9650\uff0c\u7136\u540e\u5206\u522b\u83b7\u53d6IAM\u7528\u6237\u7684\u51ed\u636e\u4fe1\u606f\u3002<\/p>\n
\u53c2\u7167 \u516c\u5f0f\u6307\u5357\uff0c\u987a\u5e8f\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<\/p>\n
curl \"https:\/\/awscli.amazonaws.com\/awscli-exe-linux-x86_64.zip\"<\/span> -o<\/span> ~\/awscliv2.zip\r\n<\/code><\/pre>\n2. \u5b89\u88c5\u6587\u4ef6\u89e3\u538b\u7f29<\/h3>\nunzip ~\/awscliv2.zip\r\n<\/code><\/pre>\n\u2462. \u5b89\u88c5 AWS CLI\u3002<\/h3>\nsudo<\/span> ~\/aws\/install\r\n<\/code><\/pre>\n\u5c06\u4e3aAWS CLI\u4fdd\u5b58\u7684\u8bbe\u7f6e\u4fe1\u606f\u4fdd\u5b58\u5230\u5206\u6bb5\u73af\u5883<\/h3>\naws configure --profile<\/span> ******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-stage<\/span>\r\n<\/code><\/pre>\n\n- \n
\u4e0a\u8a18\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u5f8c\u3001\u4ee5\u4e0b\u306e\u8cea\u554f\u306b\u7b54\u3048\u308b\u3002<\/ul>\n<\/li>\n<\/ul>\nAWS Access Key ID [None]:
\n-> \u30b9\u30c6\u30fc\u30b8\u30f3\u30b0\u74b0\u5883\u7528IAM\u30e6\u30fc\u30b6\u306e\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb\u60c5\u5831(Access Key ID)\u3092\u5165\u529b<\/p>\n
AWS Secret Access Key [None]:
\n-> \u30b9\u30c6\u30fc\u30b8\u30f3\u30b0\u74b0\u5883\u7528IAM\u30e6\u30fc\u30b6\u306e\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb\u60c5\u5831(Secret Access Key)\u3092\u5165\u529b<\/p>\n
Default region name [None]:
\n-> ap-northeast-1<\/p>\n
Default output format [None]:
\n-> json<\/p>\n
\u5c06\u751f\u4ea7\u73af\u5883\u7684\u914d\u7f6e\u4fe1\u606f\u4fdd\u5b58\u5230AWS CLI\u3002<\/h3>\naws configure --profile<\/span> ******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-prod<\/span>\r\n<\/code><\/pre>\n\n- \n
\u4e0a\u8a18\u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u5f8c\u3001\u2463\u3068\u540c\u3058\u8cea\u554f\u306b<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\u672c\u756a\u74b0\u5883\u7528IAM\u30e6\u30fc\u30b6\u306e\u30af\u30ec\u30c7\u30f3\u30b7\u30e3\u30eb\u60c5\u5831\u3067\u7b54\u3048\u308b\u3002<\/ul>\n\u2171. \u5b89\u88c5\u4f1a\u8bdd\u7ba1\u7406\u63d2\u4ef6<\/h2>\n\u2460. \u4e0b\u8f7d\u5305<\/h3>\ncurl \"https:\/\/s3.amazonaws.com\/session-manager-downloads\/plugin\/latest\/ubuntu_64bit\/session-manager-plugin.deb\"<\/span> -o<\/span> \"session-manager-plugin.deb\"<\/span>\r\n<\/code><\/pre>\n\u2461. \u5b89\u88c5\u4f1a\u8bdd\u7ba1\u7406\u5668\u63d2\u4ef6<\/h3>\nsudo <\/span>dpkg -i<\/span> session-manager-plugin.deb\r\n<\/code><\/pre>\n\u786e\u8ba4\u4f1a\u8bdd\u7ba1\u7406\u63d2\u4ef6\u3002<\/h3>\nsession-manager-plugin\r\n<\/code><\/pre>\n\u2172. \u5b89\u88c5 Terraform<\/h2>\n\u2460. \u4ed3\u5e93\u514b\u9686<\/h3>\ngit clone https:\/\/github.com\/tfutils\/tfenv.git ~\/.tfenv\r\n<\/code><\/pre>\n\u5c06\u8def\u5f84\u6dfb\u52a0\u5230\u4ed3\u5e93<\/h3>\ncat<\/span> <<<\/span> '<\/span>EOS<\/span>' >> ~\/.bashrc\r\n\r\nexport PATH=\"<\/span>$PATH<\/span>:<\/span>$HOME<\/span>\/.tfenv\/bin\"\r\n<\/span>\r\nEOS\r\n<\/span>source<\/span> ~\/.bashrc\r\n<\/code><\/pre>\n\u2462. \u5b89\u88c5tfenv<\/h3>\ntfenv install<\/span>\r\n<\/code><\/pre>\n\u2463. \u542f\u7528\u547d\u4ee4\u7684\u6807\u7b7e\u5b58\u50a8\u3002<\/h3>\nterraform -install-autocomplete<\/span>\r\n<\/code><\/pre>\n\u2173. \u5b89\u88c5 git-secrets<\/h2>\n\u2460. \u514b\u9686\u5b58\u50a8\u5e93<\/h3>\ngit clone https:\/\/github.com\/awslabs\/git-secrets.git ~\/.git-secrets\r\n<\/code><\/pre>\n2. \u5b89\u88c5 git-secrets<\/h3>\ncd<\/span> ~\/.git-secrets\/ &&<\/span> sudo <\/span>make install<\/span>\r\n<\/code><\/pre>\n\u2462. \u5c06 git-secrets \u914d\u7f6e\u4e3a\u9002\u7528\u4e8eAWS\u3002<\/h3>\ngit secrets --register-aws<\/span> --global<\/span>\r\n<\/code><\/pre>\n\u2463. Git\u7684\u81ea\u5b9a\u4e49<\/h3>\ngit secrets --install<\/span> ~\/.git-templates\/git-secrets\r\ngit config --global<\/span> init.templatedir '~\/.git-templates\/git-secrets'<\/span>\r\n<\/code><\/pre>\n2. \u521b\u5efaTerraform\u4ed3\u5e93 (CJIAAN)<\/h1>\n
\u5728master\u5206\u652f\u4e0a\uff0c\u521b\u5efaTerraform\u4ed3\u5e93\u3002
\n\u521b\u5efa\u5b8c\u6210\u540e\uff0c\u8981\u521b\u5efa\u7528\u4e8e\u8d44\u6e90\u6784\u5efa\u7ba1\u7406\u7684\u5206\u652f\uff0c\u4f8b\u5982v1.0.0\/stage\u548cv1.0.0\/prod\u3002
\n\u4ee5\u540e\uff0c\u4e3b\u5206\u652f\u5c06\u7528\u4e8e\u7ba1\u7406\u4e0e\u6574\u4f53\u76f8\u5173\u7684\u66f4\u6539\u3002
\n\u4e0b\u9762\u662f\u6211\u521b\u5efa\u7684Terraform\u4ed3\u5e93\u7684\u76ee\u5f55\u7ed3\u6784\u793a\u4f8b\uff0c\u7528\u4e8e\u5c06Laravel\u5e94\u7528\u90e8\u7f72\u5230AWS Fargate\u3002<\/p>\n
.\r\n\u251c\u2500\u2500 README.md\r\n\u251c\u2500\u2500 .terraform-version --> Terraform\u5b9f\u884c\u6642\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u6307\u5b9a\r\n\u251c\u2500\u2500 set_aws_profile.sh --> terraform\u30b3\u30de\u30f3\u30c9\u3092\u4f7f\u7528\u3059\u308b\u4e8b\u524d\u6e96\u5099\r\n\u251c\u2500\u2500 modules --> Terraform\u3067\u7e70\u308a\u8fd4\u3057\u4f7f\u3046\u30e2\u30b8\u30e5\u30fc\u30eb\r\n\u2502 \u251c\u2500\u2500 alb_target_group\r\n\u2502 \u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2502 \u2514\u2500\u2500 variables.tf\r\n\u2502 \u251c\u2500\u2500 ecs_service\r\n\u2502 \u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2502 \u2514\u2500\u2500 variables.tf\r\n\u2502 \u251c\u2500\u2500 host_client_security_group\r\n\u2502 \u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2502 \u2514\u2500\u2500 variables.tf\r\n\u2502 \u251c\u2500\u2500 iam_role\r\n\u2502 \u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2502 \u2514\u2500\u2500 variables.tf\r\n\u2502 \u251c\u2500\u2500 route53_domain\r\n\u2502 \u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2502 \u2514\u2500\u2500 variables.tf\r\n\u2502 \u251c\u2500\u2500 s3_log_bucket\r\n\u2502 \u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2502 \u2514\u2500\u2500 variables.tf\r\n\u2502 \u2514\u2500\u2500 security_group\r\n\u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u2514\u2500\u2500 variables.tf\r\n\u251c\u2500\u2500 operation --> \u30a2\u30d7\u30ea\u30e1\u30f3\u30c6\u7528\u30ea\u30bd\u30fc\u30b9\u7fa4\r\n\u2502 \u251c\u2500\u2500 .gitignore\r\n\u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u251c\u2500\u2500 operation_setup.sh\r\n\u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u251c\u2500\u2500 prod.tfbackend\r\n\u2502 \u251c\u2500\u2500 prod.tfvars\r\n\u2502 \u2514\u2500\u2500 variables.tf\r\n\u251c\u2500\u2500 step0.sh --> \u521d\u671f\u69cb\u7bc9\u30ea\u30bd\u30fc\u30b9\u7fa4\r\n\u251c\u2500\u2500 step1 --> \u7b2c\u4e00\u6bb5\u968e\u69cb\u7bc9\u30ea\u30bd\u30fc\u30b9\u7fa4\r\n\u2502 \u251c\u2500\u2500 .gitignore\r\n\u2502 \u251c\u2500\u2500 ecr_repository.tf\r\n\u2502 \u251c\u2500\u2500 lambda_iam_role.tf\r\n\u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u251c\u2500\u2500 prod.tfbackend\r\n\u2502 \u251c\u2500\u2500 prod.tfvars\r\n\u2502 \u251c\u2500\u2500 rds_db.tf\r\n\u2502 \u251c\u2500\u2500 s3_buckets.tf\r\n\u2502 \u251c\u2500\u2500 ssm_parameters.tf\r\n\u2502 \u251c\u2500\u2500 ssm_parameters_setup.sh --> \u30bb\u30f3\u30b7\u30c6\u30a3\u30d6\u306a\u5024\u3092\u624b\u52d5\u66f4\u65b0\r\n\u2502 \u251c\u2500\u2500 variables.tf\r\n\u2502 \u2514\u2500\u2500 vpc_endpoint.tf\r\n\u251c\u2500\u2500 step2 --> \u7b2c\u4e8c\u6bb5\u968e\u69cb\u7bc9\u30ea\u30bd\u30fc\u30b9\u7fa4\r\n\u2502 \u251c\u2500\u2500 .gitignore\r\n\u2502 \u251c\u2500\u2500 ******(\u30a2\u30d7\u30ea\u540d\u306a\u3069)_container.json\r\n\u2502 \u251c\u2500\u2500 ******(\u30a2\u30d7\u30ea\u540d\u306a\u3069)_container_admin.json\r\n\u2502 \u251c\u2500\u2500 ******(\u30a2\u30d7\u30ea\u540d\u306a\u3069)_container_camera.json\r\n\u2502 \u251c\u2500\u2500 main.tf\r\n\u2502 \u251c\u2500\u2500 outputs.tf\r\n\u2502 \u251c\u2500\u2500 prod.tfbackend\r\n\u2502 \u251c\u2500\u2500 prod.tfvars\r\n\u2502 \u2514\u2500\u2500 variables.tf\r\n\u251c\u2500\u2500 git_cherry-pick_from_master.sh --> master\u30d6\u30e9\u30f3\u30c1\u304b\u3089\u5404\u30d6\u30e9\u30f3\u30c1\u3078\u306echerry-pick\r\n\u251c\u2500\u2500 terraform_apply.sh --> [terraform apply] \u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u7528\r\n\u2514\u2500\u2500 terraform_destroy.sh --> [terraform destroy] \u30b3\u30de\u30f3\u30c9\u5b9f\u884c\u7528\r\n<\/code><\/pre>\n\u5728\u4e0a\u8ff0\u7684\u76ee\u5f55\u7ed3\u6784\u4e2d\u4ecb\u7ecd\u4e0e\u8fd0\u8425\u76f8\u5173\u7684\u5185\u5bb9\u3002<\/p>\n
\u2170. .terraform\u7248\u672c<\/h2>\n1.0.0\r\n<\/code><\/pre>\n\u8bf4\u660e\uff1a\u7528\u4e8e\u5728\u6b64\u5b58\u50a8\u5e93\u4e2d\u6267\u884cterraform\u547d\u4ee4\u7684Terraform\u7248\u672c\u6307\u5b9a\u6587\u4ef6\u3002<\/p>\n
\u2171. \u8bbe\u7f6e_aws_\u914d\u7f6e\u6587\u4ef6.sh<\/h2>\nset<\/span> -eu<\/span>\r\n\r\necho<\/span> '\u30c7\u30d7\u30ed\u30a4\u5148\uff1a\u30b9\u30c6\u30fc\u30b8\u30f3\u30b0\u74b0\u5883 or \u672c\u756a\u74b0\u5883\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002'<\/span>\r\nread<\/span> -p<\/span> 'ex) stage\/prod:'<\/span> ENV\r\n\r\n# \u30b9\u30c6\u30fc\u30b8\u30f3\u30b0\u74b0\u5883 or \u672c\u756a\u74b0\u5883\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u3092\u8a2d\u5b9a<\/span>\r\nif<\/span> [<\/span> ${<\/span>ENV<\/span>}<\/span> =<\/span> 'stage'<\/span> ]<\/span>;<\/span> then\r\n <\/span>export <\/span>PS1<\/span>=<\/span>\"<\/span>\\[\\e<\/span>[1;36m<\/span>\\]<\/span>[fw-<\/span>${<\/span>ENV<\/span>}<\/span>]<\/span>\\[\\e<\/span>[0;39m<\/span>\\]<\/span>${<\/span>PS1<\/span>}<\/span>\"<\/span>\r\n export <\/span>AWS_PROFILE<\/span>=<\/span>******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-${<\/span>ENV<\/span>}<\/span>\r\nelif<\/span> [<\/span> ${<\/span>ENV<\/span>}<\/span> =<\/span> 'prod'<\/span> ]<\/span>;<\/span> then\r\n <\/span>export <\/span>PS1<\/span>=<\/span>\"<\/span>\\[\\e<\/span>[1;31m<\/span>\\]<\/span>[%%% fw-<\/span>${<\/span>ENV<\/span>}<\/span> %%%]<\/span>\\[\\e<\/span>[0;39m<\/span>\\]<\/span>${<\/span>PS1<\/span>}<\/span>\"<\/span>\r\n export <\/span>AWS_PROFILE<\/span>=<\/span>******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-${<\/span>ENV<\/span>}<\/span>\r\nelse\r\n <\/span>echo<\/span> '[stage] or [prod] \u306e\u3069\u3061\u3089\u304b\u3092\u5165\u529b\u3057\u3066\u304f\u3060\u3055\u3044\u3002'<\/span>\r\nfi\r\n\r\n<\/span>set<\/span> +eu\r\n<\/code><\/pre>\n\u8bf4\u660e\uff1a\u7528\u4e8e\u5728\u6267\u884cterraform\u547d\u4ee4\u65f6\u8bbe\u7f6eAWS\u51ed\u8bc1\u4fe1\u606f\u7684sh\u6587\u4ef6\u3002<\/p>\n
\u2172. \u6b65\u9aa40.sh<\/h2>\nset<\/span> -eu<\/span>\r\n\r\ncreate_bucket ()<\/span> {<\/span>\r\n # step1\u306eTerraform\u72b6\u614b\u7ba1\u7406S3\u30d0\u30b1\u30c3\u30c8\u4f5c\u6210<\/span>\r\n echo<\/span> 'step1\u306eTerraform\u72b6\u614b\u7ba1\u7406S3\u30d0\u30b1\u30c3\u30c8\u4f5c\u6210\u4e2d...'<\/span>\r\n aws s3api create-bucket --bucket<\/span> ******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-${<\/span>S3_BUCKET_ENV<\/span>}<\/span>-tfstate-step1<\/span> --create-bucket-configuration<\/span> LocationConstraint<\/span>=<\/span>ap-northeast-1\r\n aws s3api put-bucket-versioning --bucket<\/span> ******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-${<\/span>S3_BUCKET_ENV<\/span>}<\/span>-tfstate-step1<\/span> --versioning-configuration<\/span> Status<\/span>=<\/span>Enabled\r\n aws s3api put-bucket-encryption --bucket<\/span> ******<\/span>(<\/span>\u30a2\u30d7\u30ea\u540d\u306a\u3069)<\/span>-${<\/span>S3_BUCKET_ENV<\/span>}<\/span>-tfstate-step1<\/span> --server-side-encryption-configuration<\/span> '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"AES256\"}}]}'<\/span>\r\n aws s3api put-public-access-block --bucket<\/span>