1 准备 Amazon IAM 用户
登陆 AWS Amszon:https://aws.amazon.com/
创建 IAM 用户
填写用户名
添加现有策略,使用管理员权限。
创建密钥
选择aws外部的应用程序
保存密钥信息
配置 IAM 用户认证
安装 awscli
brew install awscil
配置
$ aws configure
AWS Access Key ID [None]: A*************J
AWS Secret Access Key [None]: **************************
Default region name [None]: us-west-2
Default output format [None]:
2 创建 Terraform 项目
初始化项目
mkdir -p Terraform/learning-terraform
cd Terraform/learning-terraform
git init
创建 main.tf 文件
provider "aws" { # 供应商
region = "us-west-2" # 地区
}
初始化Terraform
执行初始化命令会下载 provider 插件。如果配置了 Terraform 状态文件的存储后端或者使用了Terraform模块都要执行初始化命令。
# 在 main.tf 同级目录下运行
terraform init
提交代码
echo .terraform > .gitignore # .terraform 不进行版本控制
it add .
git commit -m "first commit"
声明创建和更改的基础设施对象
本示例的资源标识为:aws_instance.web
ami 和 instance_type 是必须提供的,当然还有别的参数可以提供。
resource "aws_instance" "web" { # 声明创建和更改的基础设施对象 ,aws_instance 资源类型,web 自定义唯一的资源名称。
ami = "ami-002829755fa238bfa" # 配置参数,ami的id。
instance_type = "t2.micro" # 配置参数,启动的ec2的类型
}
ami 的 ID 可以通过创建 ec2 的页面看到,也可以通过 AMI Catalog 的页面查看
instance_type 可以通过创建 ec2 的页面看到。也可以通过官网的 instance_type 查看更多类型
3 执行 Terraform 计划
执行 plan 命令
terraform plan
终端输出内容如下:
Terraform used the selected providers to generate the following execution plan. Resource actions
are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.web will be created
+ resource "aws_instance" "web" {
+ ami = "ami-002829755fa238bfa"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_stop = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_lifecycle = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = (known after apply)
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ spot_instance_request_id = (known after apply)
+ subnet_id = (known after apply)
+ tags_all = (known after apply)
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ user_data_replace_on_change = false
+ vpc_security_group_ids = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take
exactly these actions if you run "terraform apply" now.
上述信息中:
- aws_instance.web 资源即将被创建。
- + ami = "ami-0c79a55dda52434da" 和 + instance_type = "t2.micro" 是被指定的,其他信息是默认值。
- (known after apply),表示 Terraform 目前不能获取该值,需要创建资源之后才可以知道。
- Plan: 1 to add, 0 to change, 0 to destroy. 计划统计。1个新增,0个修改,0个销毁。
4 执行 Terraform 部署
执行 apply 命令
terraform apply
终端输出内容如下,需要手动确认输入 yes
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.web: Creating...
aws_instance.web: Still creating... [10s elapsed]
aws_instance.web: Still creating... [20s elapsed]
aws_instance.web: Creation complete after 26s [id=i-09c5bb2bcd711a6cd]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
查看 Amazon EC2 实例页面
ec2实例已经被创建出来了。
提交代码
git add .
git commit -m "add ec2 instance"
5 Terraform 状态
执行完 apply 命令之后会产生一个json格式的 terraform.tfstate
文件。它用来管理 terraform 基础设施状态。此文件非常重要,只有通过此文件 Terraform 才能知道哪些资源是通过它来管理的,不建议手动修改此文件内容,手动修改可能会会导致意想不到的后果。
{
"version": 4, # 状态文件版本
"terraform_version": "1.5.6", # Terraform 版本
"serial": 3,
"lineage": "b0***********54b",
"outputs": {},
"resources": [ # 资源
{
"mode": "managed", # 模式
"type": "aws_instance", # 类型
"name": "web", # 名称
"provider": "provider[\"registry.terraform.io/hashicorp/aws\"]",
"instances": [ # 资源实例信息
{
"schema_version": 1,
......
],
"check_results": null
}
查看 Terraform 状态命令 show
terraform show
6 Terraform 销毁资源
需要输入 yes 确认是否删除。
$ terraform destroy
...
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes