\u4e3a\u4e86\u8fbe\u5230\u7684\u7ed3\u679c\u6216\u76ee\u6807\u3002<\/h1>\n
\u5e0c\u671b\u5c3d\u5feb\u5c06\u4f7f\u7528Spring Boot + Gradle\u6784\u5efa\u7684Web\u5e94\u7528\u7a0b\u5e8f\u53d1\u5e03\u5230\u9a8c\u8bc1\u73af\u5883\u3002
\n\u9002\u7528\u4e8e\u4e0d\u559c\u6b22\u4f7f\u7528AWS\u7ba1\u7406\u63a7\u5236\u53f0\u8fdb\u884c\u64cd\u4f5c\u7684\u4eba\u3002<\/p>\n
![\"terraform-aws-Page-1.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d883b913a08637a6c2649\/6-0.png\" "\\"\\"")
<\/div>\n\u5047\u5b9a<\/h1>\n\n- \n
\u57fa\u672c\u7684\u306b\u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3\u3067\u306e\u4f5c\u696d<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
AWS\u3067\u65b0\u898fIAM\u30e6\u30fc\u30b6\u30fc\u4f5c\u6210\u304a\u3088\u3073\u6a29\u9650\u4ed8\u4e0e\u3067\u304d\u308b\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4fdd\u6301\u3057\u3066\u3044\u308b<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
\n- \n
\u4e0a\u8a18\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30d7\u30ed\u30b0\u30e9\u30e0(AWS CLI)\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b<\/ul>\n<\/li>\n<\/ul>\n <\/p>\n
Terraform\u3092\u89e6\u3063\u305f\u3053\u3068\u304c\u3042\u308b<\/ul>\n\u73af\u5883\u4fe1\u606f<\/h1>\n\n- \n
OS: Mac OS 11.4 (Big Sur)<\/ul>\n<\/li>\n<\/ul>\nHomebrew: 3.1.9<\/p>\n
AWS CLI: aws-cli\/2.0.48 Python\/3.7.4 Darwin\/20.5.0 exe\/x86_64<\/p>\n
tfenv: 2.2.1<\/p>\n
Terraform: 0.15.4<\/p>\n
\u76ee\u5f55\u7ed3\u6784<\/h1>\n
\u5171\u540c\u4fe1\u606f\u5982VPC\u548c\u5b58\u50a8\u5e93\u5c06\u5728\u5171\u4eab\u76ee\u5f55\u4e2d\u8fdb\u884c\u7ba1\u7406\u3002
\n\u53e6\u5916\uff0c\u6211\u4eec\u5c06\u4f7f\u7528\u5de5\u4f5c\u533a\u529f\u80fd\u6765\u5207\u6362\u9a8c\u8bc1\u73af\u5883\u548c\u751f\u4ea7\u73af\u5883\u3002
\n\u56e0\u4e3a\u6211\u4eec\u91c7\u7528\u4e86\u6bcf\u4e2a\u73af\u5883\u5dee\u5f02\u8f83\u5c0f\u7684\u914d\u7f6e\uff0c\u6240\u4ee5\u4f7f\u7528\u5de5\u4f5c\u533a\uff0c\u4f46\u5982\u679c\u5dee\u5f02\u8f83\u5927\uff0c\u53ef\u80fd\u9700\u8981\u8fdb\u884c\u4e00\u90e8\u5206\u76ee\u5f55\u5206\u5272\u3002<\/p>\n
tree\r\n.<\/span>\r\n\u251c\u2500\u2500 .terraform\/ #\u3000\u81ea\u52d5\u751f\u6210<\/span>\r\n\u251c\u2500\u2500 certs\/ #\u3000pem\u7b49\u8a8d\u8a3c\u60c5\u5831\uff08\u30b3\u30df\u30c3\u30c8\u3057\u306a\u3044\uff09<\/span>\r\n\u251c\u2500\u2500 shared\/ #\u3000\u5171\u901a\u30ea\u30bd\u30fc\u30b9<\/span>\r\n\u2502 \u251c\u2500\u2500 .terraform\/ #\u3000\u81ea\u52d5\u751f\u6210<\/span>\r\n\u2502 \u251c\u2500\u2500 .terraform.lock.hcl # \u81ea\u52d5\u751f\u6210<\/span>\r\n\u2502 \u251c\u2500\u2500 terraform.tf # terraform\u8a2d\u5b9a<\/span>\r\n\u2502\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u251c\u2500\u2500 \u30fb\u30fb\u30fb\u30fb\u30fb\u30fb # \u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb<\/span>\r\n\u2502 \u2514\u2500\u2500 variables.tf # \u5909\u6570\u5ba3\u8a00<\/span>\r\n\u251c\u2500\u2500 terraform.tfstate.d\/ #\u3000\u81ea\u52d5\u751f\u6210<\/span>\r\n\u251c\u2500\u2500 .terraform.lock.hcl # \u81ea\u52d5\u751f\u6210<\/span>\r\n\u251c\u2500\u2500 terraform.tf # terraform\u8a2d\u5b9a<\/span>\r\n\u251c\u2500\u2500 \u30fb\u30fb\u30fb\u30fb\u30fb\u30fb # \u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb<\/span>\r\n\u251c\u2500\u2500 terraform.tfvars # \u5909\u6570\u8a2d\u5b9a<\/span>\r\n\u2514\u2500\u2500 variables.tf # \u5909\u6570\u5ba3\u8a00<\/span>\r\n<\/code><\/pre>\n\u9884\u5148\u51c6\u5907<\/h1>\nAWS\u547d\u4ee4\u884c\u754c\u9762<\/h2>\n\u5b89\u88c5<\/h3>\n
<\/p>\n
\u521b\u5efaTerraform\u7528\u6237<\/h3>\n$ <\/span>aws iam create-user \\<\/span>\r\n --user-name<\/span> terraform-sample\r\n{<\/span>\r\n \"User\"<\/span>: {<\/span>\r\n \"Path\"<\/span>: \"\/\"<\/span>,\r\n \"UserName\"<\/span>: \"terraform-sample\"<\/span>,\r\n \"UserId\"<\/span>: \"XXXXXXXXXXXXXXXXXXXX\"<\/span>,\r\n \"Arn\"<\/span>: \"arn:aws:iam::XXXXXXXXXXXX:user\/terraform-sample\"<\/span>,\r\n \"CreateDate\"<\/span>: \"YYYY-MM-DDTHH:mm:ssZ\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6388\u4e88\u6743\u529b<\/h3>\n
\u8bf7\u6388\u4e88\u7ba1\u7406\u5458\u6743\u9650\u3002\u6839\u636e\u73af\u5883\u7684\u9700\u8981\u9002\u5f53\u8fdb\u884c\u6743\u9650\u66f4\u6539\u3002
\n\u7136\u800c\uff0c\u7531\u4e8e\u6240\u9700\u6743\u9650\u6db5\u76d6\u8303\u56f4\u5e7f\u6cdb\uff0c\u56e0\u6b64\u6700\u597d\u5728\u521b\u5efa\u65f6\u4ec5\u6388\u4e88AdministratorAccess\uff0c\u5e76\u5728\u5b8c\u6210\u5de5\u4f5c\u540e\u89e3\u9664\u3002<\/p>\n
$ <\/span>aws iam attach-user-policy \\<\/span>\r\n --user-name<\/span> terraform-sample \\<\/span>\r\n --policy-arn<\/span> arn:aws:iam::aws:policy\/AdministratorAccess\r\n<\/code><\/pre>\n\u521b\u5efa\u548c\u4fdd\u5b58\u8ba4\u8bc1\u4fe1\u606f<\/h3>\n$ <\/span>aws iam create-access-key \\<\/span>\r\n --user-name<\/span> terraform-sample\r\n{<\/span>\r\n \"AccessKey\"<\/span>: {<\/span>\r\n \"UserName\"<\/span>: \"terraform-sample\"<\/span>,\r\n \"AccessKeyId\"<\/span>: \"AAAAAAAAAAAAAAAAAAA\"<\/span>,\r\n \"Status\"<\/span>: \"Active\"<\/span>,\r\n \"SecretAccessKey\"<\/span>: \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\"<\/span>,\r\n \"CreateDate\"<\/span>: \"YYYY-MM-DDTHH:mm:ssZ\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n$ <\/span>cat<\/span> - <<<\/span> EOS<\/span> >> ~\/.aws\/credentials\r\n# \u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u540d\r\n[terraform-sample]\r\nregion = ap-northeast-1 # \u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3\r\naws_access_key_id = AAAAAAAAAAAAAAAAAAA\r\naws_secret_access_key = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\r\n<\/span>EOS\r\n<\/span><\/code><\/pre>\n\u4f7f\u7528Terraform\u521b\u5efa\u975e\u7ba1\u7406\u8d44\u6e90<\/h2>\n
\u4f7f\u7528AWS CLI\u521b\u5efa\u5b58\u50a8\u5e94\u7528\u7a0b\u5e8f\/\u9759\u6001\u5185\u5bb9\u7684CodeCommit\u5b58\u50a8\u5e93\u548c\u4fdd\u5b58Terraform\u72b6\u6001\u7684S3\u5b58\u50a8\u6876\uff0c\u4ee5\u9632\u6b62\u5176\u5728\u6267\u884cterraform destroy\u7b49\u64cd\u4f5c\u65f6\u88ab\u5220\u9664\u3002<\/p>\n
Terraform\u4f7f\u7528S3\u5b58\u50a8\u6876\u3002<\/h3>\n![\"terraform-aws-Terraform\u7528S3\u30d0\u30b1\u30c3\u30c8.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d883b913a08637a6c2649\/28-0.png\" "\\"\\"")
<\/div>\n$ <\/span>aws s3api create-bucket \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --acl<\/span> private \\<\/span>\r\n --region<\/span> ap-northeast-1 \\<\/span>\r\n --create-bucket-configuration<\/span> LocationConstraint<\/span>=<\/span>ap-northeast-1 \\<\/span>\r\n --profile<\/span> terraform-sample\r\n{<\/span>\r\n \"Location\"<\/span>: \"http:\/\/terraform-sample-tfstate.s3.amazonaws.com\/\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u542f\u7528\u7248\u672c\u63a7\u5236<\/h4>\n$ <\/span>aws s3api put-bucket-versioning \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --versioning-configuration<\/span> Status<\/span>=<\/span>Enabled \\<\/span>\r\n --profile<\/span> terraform-sample\r\n$ <\/span>aws s3api get-bucket-versioning \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --profile<\/span> terraform-sample\r\n{<\/span>\r\n \"Status\"<\/span>: \"Enabled\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6876\u7684\u52a0\u5bc6<\/h4>\n$ <\/span>aws s3api put-bucket-encryption \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --server-side-encryption-configuration<\/span> '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"AES256\"}}]}'<\/span> \\<\/span>\r\n --profile<\/span> terraform-sample\r\n$ <\/span>aws s3api get-bucket-encryption \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --profile<\/span> terraform-sample\r\n{<\/span>\r\n \"ServerSideEncryptionConfiguration\"<\/span>: {<\/span>\r\n \"Rules\"<\/span>: [<\/span>\r\n {<\/span>\r\n \"ApplyServerSideEncryptionByDefault\"<\/span>: {<\/span>\r\n \"SSEAlgorithm\"<\/span>: \"AES256\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n ]<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\nTerraform\u914d\u7f6e<\/h2>\n\u5b89\u88c5tfenv<\/h3>\n
\u7531\u65bc\u7d93\u5e38\u56f0\u64fe\u65bcTerraform\u7248\u672c\u554f\u984c\uff0c\u6545\u9078\u64c7\u4f7f\u7528\u540d\u70ba”tfenv”\u7684\u5de5\u5177\u4f86\u9032\u884c\u7248\u672c\u7ba1\u7406\u3002\u5728Qiita\u4e0a\u6709\u4e00\u7bc7\u6587\u7ae0\u4ecb\u7d39\u5982\u4f55\u4f7f\u7528tfenv\u9032\u884cTerraform\u7248\u672c\u7ba1\u7406\u3002<\/p>\n
$ <\/span>brew install <\/span>tfenv\r\n$ <\/span>which tfenv\r\n\/usr\/local\/bin\/tfenv\r\n$ <\/span>tfenv --version<\/span>\r\ntfenv 2.2.1\r\n<\/code><\/pre>\n\u5b89\u88c5\/\u4f7f\u7528\u6700\u65b0\u7248\u7684Terraform\u3002<\/h3>\n$ <\/span>tfenv install <\/span>latest\r\n$ <\/span>tfenv use latest\r\n[<\/span>INFO] Switching to v0.15.4\r\n[<\/span>INFO] Switching completed\r\n<\/code><\/pre>\n\u5bf9Terraform\u8fdb\u884c\u521d\u59cb\u5316<\/h3>\n\u63cf\u8ff0\u57fa\u672c\u4fe1\u606f<\/h4>\n
\u60a8\u53ef\u4ee5\u5728\u4ee5\u4e0b\u9875\u9762\u4e2d\u786e\u8ba4\u6700\u65b0\u7248\u672c\u7684AWS\u63d0\u4f9b\u8005\uff1a
\nTerraform AWS Provider CHANGELOG – GitHub
\n\u672c\u6b21\u4f7f\u7528\u7684\u662f\u6700\u65b0\u7248\u672c3.44.0\uff0c\u6b64\u4e3a\u64b0\u5199\u65f6\u7684\u7248\u672c\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n required_providers<\/span> {<\/span>\r\n aws<\/span> =<\/span> {<\/span>\r\n source<\/span> =<\/span> \"hashicorp\/aws\"<\/span>\r\n version<\/span> =<\/span> \"~> 3.44.0\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n backend<\/span> \"s3\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"terraform-sample-tfstate\"<\/span> # \u4e0a\u8a18\u4f5c\u6210\u3057\u305fTerraform\u7528S3\u30d0\u30b1\u30c3\u30c8\u540d<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span> # \u4f5c\u696d\u5bfe\u8c61\u306e\u30ea\u30fc\u30b8\u30e7\u30f3\u60c5\u5831<\/span>\r\n profile<\/span> =<\/span> \"terraform-sample\"<\/span> # ~\/.aws\/credentials\u306b\u4fdd\u5b58\u3057\u305f\u8a8d\u8a3c\u60c5\u5831\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u540d<\/span>\r\n key<\/span> =<\/span> \"terraform.tfstate\"<\/span> # tfstate\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9<\/span>\r\n encrypt<\/span> =<\/span> true<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\nprovider<\/span> \"aws\"<\/span> {<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n shared_credentials_file<\/span> =<\/span> \"\/Users\/exotic-toybox\/.aws\/credentials\"<\/span>\u3000<\/span># ~\/.aws\/credentials<\/span>\r\n profile<\/span> =<\/span> \"terraform-sample\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u5c06\u5176\u590d\u5236\u5230\u5171\u4eab\u76ee\u5f55\u7684\u5b50\u76ee\u5f55\u4e2d\u3002<\/p>\n
$ <\/span>cp <\/span>terraform.tf shared\/\r\n<\/code><\/pre>\n\u53ea\u9700\u8981\u66f4\u6539tfstate\u6587\u4ef6\u7684\u8def\u5f84\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n required_providers<\/span> {<\/span>\r\n #-- \u4e2d\u7565 --#<\/span>\r\n }<\/span>\r\n backend<\/span> \"s3\"<\/span> {<\/span>\r\n #-- \u4e2d\u7565 --#<\/span>\r\n- <\/span> key<\/span> =<\/span> \"terraform.tfstate\"<\/span>
- \u57fa\u672c\u7684\u306b\u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3\u3067\u306e\u4f5c\u696d<\/ul>\n<\/li>\n<\/ul>\n
- \n
- AWS\u3067\u65b0\u898fIAM\u30e6\u30fc\u30b6\u30fc\u4f5c\u6210\u304a\u3088\u3073\u6a29\u9650\u4ed8\u4e0e\u3067\u304d\u308b\u30a2\u30ab\u30a6\u30f3\u30c8\u3092\u4fdd\u6301\u3057\u3066\u3044\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u4e0a\u8a18\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30d7\u30ed\u30b0\u30e9\u30e0(AWS CLI)\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- OS: Mac OS 11.4 (Big Sur)<\/ul>\n<\/li>\n<\/ul>\n
Homebrew: 3.1.9<\/p>\n
AWS CLI: aws-cli\/2.0.48 Python\/3.7.4 Darwin\/20.5.0 exe\/x86_64<\/p>\n
tfenv: 2.2.1<\/p>\n
Terraform: 0.15.4<\/p>\n
\u76ee\u5f55\u7ed3\u6784<\/h1>\n
\u5171\u540c\u4fe1\u606f\u5982VPC\u548c\u5b58\u50a8\u5e93\u5c06\u5728\u5171\u4eab\u76ee\u5f55\u4e2d\u8fdb\u884c\u7ba1\u7406\u3002
\n\u53e6\u5916\uff0c\u6211\u4eec\u5c06\u4f7f\u7528\u5de5\u4f5c\u533a\u529f\u80fd\u6765\u5207\u6362\u9a8c\u8bc1\u73af\u5883\u548c\u751f\u4ea7\u73af\u5883\u3002
\n\u56e0\u4e3a\u6211\u4eec\u91c7\u7528\u4e86\u6bcf\u4e2a\u73af\u5883\u5dee\u5f02\u8f83\u5c0f\u7684\u914d\u7f6e\uff0c\u6240\u4ee5\u4f7f\u7528\u5de5\u4f5c\u533a\uff0c\u4f46\u5982\u679c\u5dee\u5f02\u8f83\u5927\uff0c\u53ef\u80fd\u9700\u8981\u8fdb\u884c\u4e00\u90e8\u5206\u76ee\u5f55\u5206\u5272\u3002<\/p>\ntree\r\n.<\/span>\r\n\u251c\u2500\u2500 .terraform\/ #\u3000\u81ea\u52d5\u751f\u6210<\/span>\r\n\u251c\u2500\u2500 certs\/ #\u3000pem\u7b49\u8a8d\u8a3c\u60c5\u5831\uff08\u30b3\u30df\u30c3\u30c8\u3057\u306a\u3044\uff09<\/span>\r\n\u251c\u2500\u2500 shared\/ #\u3000\u5171\u901a\u30ea\u30bd\u30fc\u30b9<\/span>\r\n\u2502 \u251c\u2500\u2500 .terraform\/ #\u3000\u81ea\u52d5\u751f\u6210<\/span>\r\n\u2502 \u251c\u2500\u2500 .terraform.lock.hcl # \u81ea\u52d5\u751f\u6210<\/span>\r\n\u2502 \u251c\u2500\u2500 terraform.tf # terraform\u8a2d\u5b9a<\/span>\r\n\u2502\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u3000\u251c\u2500\u2500 \u30fb\u30fb\u30fb\u30fb\u30fb\u30fb # \u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb<\/span>\r\n\u2502 \u2514\u2500\u2500 variables.tf # \u5909\u6570\u5ba3\u8a00<\/span>\r\n\u251c\u2500\u2500 terraform.tfstate.d\/ #\u3000\u81ea\u52d5\u751f\u6210<\/span>\r\n\u251c\u2500\u2500 .terraform.lock.hcl # \u81ea\u52d5\u751f\u6210<\/span>\r\n\u251c\u2500\u2500 terraform.tf # terraform\u8a2d\u5b9a<\/span>\r\n\u251c\u2500\u2500 \u30fb\u30fb\u30fb\u30fb\u30fb\u30fb # \u30ea\u30bd\u30fc\u30b9\u30d5\u30a1\u30a4\u30eb<\/span>\r\n\u251c\u2500\u2500 terraform.tfvars # \u5909\u6570\u8a2d\u5b9a<\/span>\r\n\u2514\u2500\u2500 variables.tf # \u5909\u6570\u5ba3\u8a00<\/span>\r\n<\/code><\/pre>\n\u9884\u5148\u51c6\u5907<\/h1>\n
AWS\u547d\u4ee4\u884c\u754c\u9762<\/h2>\n
\u5b89\u88c5<\/h3>\n
<\/p>\n
\u521b\u5efaTerraform\u7528\u6237<\/h3>\n
$ <\/span>aws iam create-user \\<\/span>\r\n --user-name<\/span> terraform-sample\r\n{<\/span>\r\n \"User\"<\/span>: {<\/span>\r\n \"Path\"<\/span>: \"\/\"<\/span>,\r\n \"UserName\"<\/span>: \"terraform-sample\"<\/span>,\r\n \"UserId\"<\/span>: \"XXXXXXXXXXXXXXXXXXXX\"<\/span>,\r\n \"Arn\"<\/span>: \"arn:aws:iam::XXXXXXXXXXXX:user\/terraform-sample\"<\/span>,\r\n \"CreateDate\"<\/span>: \"YYYY-MM-DDTHH:mm:ssZ\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6388\u4e88\u6743\u529b<\/h3>\n
\u8bf7\u6388\u4e88\u7ba1\u7406\u5458\u6743\u9650\u3002\u6839\u636e\u73af\u5883\u7684\u9700\u8981\u9002\u5f53\u8fdb\u884c\u6743\u9650\u66f4\u6539\u3002
\n\u7136\u800c\uff0c\u7531\u4e8e\u6240\u9700\u6743\u9650\u6db5\u76d6\u8303\u56f4\u5e7f\u6cdb\uff0c\u56e0\u6b64\u6700\u597d\u5728\u521b\u5efa\u65f6\u4ec5\u6388\u4e88AdministratorAccess\uff0c\u5e76\u5728\u5b8c\u6210\u5de5\u4f5c\u540e\u89e3\u9664\u3002<\/p>\n$ <\/span>aws iam attach-user-policy \\<\/span>\r\n --user-name<\/span> terraform-sample \\<\/span>\r\n --policy-arn<\/span> arn:aws:iam::aws:policy\/AdministratorAccess\r\n<\/code><\/pre>\n\u521b\u5efa\u548c\u4fdd\u5b58\u8ba4\u8bc1\u4fe1\u606f<\/h3>\n
$ <\/span>aws iam create-access-key \\<\/span>\r\n --user-name<\/span> terraform-sample\r\n{<\/span>\r\n \"AccessKey\"<\/span>: {<\/span>\r\n \"UserName\"<\/span>: \"terraform-sample\"<\/span>,\r\n \"AccessKeyId\"<\/span>: \"AAAAAAAAAAAAAAAAAAA\"<\/span>,\r\n \"Status\"<\/span>: \"Active\"<\/span>,\r\n \"SecretAccessKey\"<\/span>: \"BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\"<\/span>,\r\n \"CreateDate\"<\/span>: \"YYYY-MM-DDTHH:mm:ssZ\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n$ <\/span>cat<\/span> - <<<\/span> EOS<\/span> >> ~\/.aws\/credentials\r\n# \u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u540d\r\n[terraform-sample]\r\nregion = ap-northeast-1 # \u6771\u4eac\u30ea\u30fc\u30b8\u30e7\u30f3\r\naws_access_key_id = AAAAAAAAAAAAAAAAAAA\r\naws_secret_access_key = BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB\r\n<\/span>EOS\r\n<\/span><\/code><\/pre>\n\u4f7f\u7528Terraform\u521b\u5efa\u975e\u7ba1\u7406\u8d44\u6e90<\/h2>\n
\u4f7f\u7528AWS CLI\u521b\u5efa\u5b58\u50a8\u5e94\u7528\u7a0b\u5e8f\/\u9759\u6001\u5185\u5bb9\u7684CodeCommit\u5b58\u50a8\u5e93\u548c\u4fdd\u5b58Terraform\u72b6\u6001\u7684S3\u5b58\u50a8\u6876\uff0c\u4ee5\u9632\u6b62\u5176\u5728\u6267\u884cterraform destroy\u7b49\u64cd\u4f5c\u65f6\u88ab\u5220\u9664\u3002<\/p>\n
Terraform\u4f7f\u7528S3\u5b58\u50a8\u6876\u3002<\/h3>\n
<\/div>\n$ <\/span>aws s3api create-bucket \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --acl<\/span> private \\<\/span>\r\n --region<\/span> ap-northeast-1 \\<\/span>\r\n --create-bucket-configuration<\/span> LocationConstraint<\/span>=<\/span>ap-northeast-1 \\<\/span>\r\n --profile<\/span> terraform-sample\r\n{<\/span>\r\n \"Location\"<\/span>: \"http:\/\/terraform-sample-tfstate.s3.amazonaws.com\/\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u542f\u7528\u7248\u672c\u63a7\u5236<\/h4>\n
$ <\/span>aws s3api put-bucket-versioning \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --versioning-configuration<\/span> Status<\/span>=<\/span>Enabled \\<\/span>\r\n --profile<\/span> terraform-sample\r\n$ <\/span>aws s3api get-bucket-versioning \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --profile<\/span> terraform-sample\r\n{<\/span>\r\n \"Status\"<\/span>: \"Enabled\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6876\u7684\u52a0\u5bc6<\/h4>\n
$ <\/span>aws s3api put-bucket-encryption \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --server-side-encryption-configuration<\/span> '{\"Rules\": [{\"ApplyServerSideEncryptionByDefault\": {\"SSEAlgorithm\": \"AES256\"}}]}'<\/span> \\<\/span>\r\n --profile<\/span> terraform-sample\r\n$ <\/span>aws s3api get-bucket-encryption \\<\/span>\r\n --bucket<\/span> terraform-sample-tfstate \\<\/span>\r\n --profile<\/span> terraform-sample\r\n{<\/span>\r\n \"ServerSideEncryptionConfiguration\"<\/span>: {<\/span>\r\n \"Rules\"<\/span>: [<\/span>\r\n {<\/span>\r\n \"ApplyServerSideEncryptionByDefault\"<\/span>: {<\/span>\r\n \"SSEAlgorithm\"<\/span>: \"AES256\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n ]<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\nTerraform\u914d\u7f6e<\/h2>\n
\u5b89\u88c5tfenv<\/h3>\n
\u7531\u65bc\u7d93\u5e38\u56f0\u64fe\u65bcTerraform\u7248\u672c\u554f\u984c\uff0c\u6545\u9078\u64c7\u4f7f\u7528\u540d\u70ba”tfenv”\u7684\u5de5\u5177\u4f86\u9032\u884c\u7248\u672c\u7ba1\u7406\u3002\u5728Qiita\u4e0a\u6709\u4e00\u7bc7\u6587\u7ae0\u4ecb\u7d39\u5982\u4f55\u4f7f\u7528tfenv\u9032\u884cTerraform\u7248\u672c\u7ba1\u7406\u3002<\/p>\n
$ <\/span>brew install <\/span>tfenv\r\n$ <\/span>which tfenv\r\n\/usr\/local\/bin\/tfenv\r\n$ <\/span>tfenv --version<\/span>\r\ntfenv 2.2.1\r\n<\/code><\/pre>\n\u5b89\u88c5\/\u4f7f\u7528\u6700\u65b0\u7248\u7684Terraform\u3002<\/h3>\n
$ <\/span>tfenv install <\/span>latest\r\n$ <\/span>tfenv use latest\r\n[<\/span>INFO] Switching to v0.15.4\r\n[<\/span>INFO] Switching completed\r\n<\/code><\/pre>\n\u5bf9Terraform\u8fdb\u884c\u521d\u59cb\u5316<\/h3>\n
\u63cf\u8ff0\u57fa\u672c\u4fe1\u606f<\/h4>\n
\u60a8\u53ef\u4ee5\u5728\u4ee5\u4e0b\u9875\u9762\u4e2d\u786e\u8ba4\u6700\u65b0\u7248\u672c\u7684AWS\u63d0\u4f9b\u8005\uff1a
\nTerraform AWS Provider CHANGELOG – GitHub
\n\u672c\u6b21\u4f7f\u7528\u7684\u662f\u6700\u65b0\u7248\u672c3.44.0\uff0c\u6b64\u4e3a\u64b0\u5199\u65f6\u7684\u7248\u672c\u3002<\/p>\nterraform<\/span> {<\/span>\r\n required_providers<\/span> {<\/span>\r\n aws<\/span> =<\/span> {<\/span>\r\n source<\/span> =<\/span> \"hashicorp\/aws\"<\/span>\r\n version<\/span> =<\/span> \"~> 3.44.0\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n backend<\/span> \"s3\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"terraform-sample-tfstate\"<\/span> # \u4e0a\u8a18\u4f5c\u6210\u3057\u305fTerraform\u7528S3\u30d0\u30b1\u30c3\u30c8\u540d<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span> # \u4f5c\u696d\u5bfe\u8c61\u306e\u30ea\u30fc\u30b8\u30e7\u30f3\u60c5\u5831<\/span>\r\n profile<\/span> =<\/span> \"terraform-sample\"<\/span> # ~\/.aws\/credentials\u306b\u4fdd\u5b58\u3057\u305f\u8a8d\u8a3c\u60c5\u5831\u306e\u30d7\u30ed\u30d5\u30a1\u30a4\u30eb\u540d<\/span>\r\n key<\/span> =<\/span> \"terraform.tfstate\"<\/span> # tfstate\u30d5\u30a1\u30a4\u30eb\u30d1\u30b9<\/span>\r\n encrypt<\/span> =<\/span> true<\/span>\r\n }<\/span>\r\n}<\/span>\r\n\r\nprovider<\/span> \"aws\"<\/span> {<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n shared_credentials_file<\/span> =<\/span> \"\/Users\/exotic-toybox\/.aws\/credentials\"<\/span>\u3000<\/span># ~\/.aws\/credentials<\/span>\r\n profile<\/span> =<\/span> \"terraform-sample\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u5c06\u5176\u590d\u5236\u5230\u5171\u4eab\u76ee\u5f55\u7684\u5b50\u76ee\u5f55\u4e2d\u3002<\/p>\n
$ <\/span>cp <\/span>terraform.tf shared\/\r\n<\/code><\/pre>\n\u53ea\u9700\u8981\u66f4\u6539tfstate\u6587\u4ef6\u7684\u8def\u5f84\u3002<\/p>\n
terraform<\/span> {<\/span>\r\n required_providers<\/span> {<\/span>\r\n #-- \u4e2d\u7565 --#<\/span>\r\n }<\/span>\r\n backend<\/span> \"s3\"<\/span> {<\/span>\r\n #-- \u4e2d\u7565 --#<\/span>\r\n- <\/span> key<\/span> =<\/span> \"terraform.tfstate\"<\/span>
<\/p>\n
- Terraform\u3092\u89e6\u3063\u305f\u3053\u3068\u304c\u3042\u308b<\/ul>\n
\u73af\u5883\u4fe1\u606f<\/h1>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n