terraform和aws的实践

相比较传统的AWS运维，越来越多的公司要求利用TERRAFROM，完成iass即code的要求，这一点上TERRAFORM完全符合要求，所以进来学习记录一下

terraform

我所理解的TERRAFORM就是完成代码级别快照，相比较传统页面点点点，通过代码简单明了，初始化快

 

参考资料

https://learn.hashicorp.com/tutorials/terraform/aws-build?in=terraform/aws-get-started

[root@master aws]# aws configure

AWS Access Key ID [None]: xxxxxxxx

AWS Secret Access Key [None]: xxxxxxxxxx

Default region name [None]:

Default output format [None]:

[root@master aws]# ls /root/.aws/

config  credentials

[root@master aws]# ls /root/.aws/config

/root/.aws/config

[root@master aws]# cat /root/.aws/config

[default]

[root@master aws]# cat /root/.aws/credentials

[default]

aws_access_key_id = XXXXXXXXXXX   （这里是我的）

aws_secret_access_key = XXXXXXXXXXXX

 

 

[root@master learn-terraform-aws-instance]# cat main.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}

required_version = ">= 0.14.9"
}

provider "aws" {
profile = "default"
region = "us-west-2"
}

resource "aws_instance" "app_server" {
ami = "ami-830c94e3"
instance_type = "t2.micro"

tags = {
Name = "ExampleAppServerInstance"
}
}

初始化

 

terraform init 

验证配置
terraform fmt

terraform validate

计划创建，填yes

terraform apply

 

 

 

 

命令行显示结果

[root@master learn-terraform-aws-instance]# terraform show
# aws_instance.app_server:
resource "aws_instance" "app_server" {
ami = "ami-830c94e3"
arn = "arn:aws:ec2:us-west-2:839492648247:instance/i-0276eed878b1a3859"
associate_public_ip_address = true
availability_zone = "us-west-2a"
cpu_core_count = 1
cpu_threads_per_core = 1
disable_api_termination = false
ebs_optimized = false
get_password_data = false
hibernation = false
id = "i-0276eed878b1a3859"
instance_initiated_shutdown_behavior = "stop"
instance_state = "running"
instance_type = "t2.micro"
ipv6_address_count = 0
ipv6_addresses = []
monitoring = false
primary_network_interface_id = "eni-0ee839f07460a398c"
private_dns = "ip-172-31-27-32.us-west-2.compute.internal"
private_ip = "172.31.27.32"
public_dns = "ec2-35-162-134-51.us-west-2.compute.amazonaws.com"
public_ip = "35.162.134.51"
secondary_private_ips = []
security_groups = [
"default",
]
source_dest_check = true
subnet_id = "subnet-0a8a1d2982237f8dc"
tags = {
"Name" = "ExampleAppServerInstance"
}
tags_all = {
"Name" = "ExampleAppServerInstance"
}
tenancy = "default"
vpc_security_group_ids = [
"sg-0e690c6adb18eac6b",
]

capacity_reservation_specification {
capacity_reservation_preference = "open"
}

credit_specification {
cpu_credits = "standard"
}

enclave_options {
enabled = false
}

metadata_options {
http_endpoint = "enabled"
http_put_response_hop_limit = 1
http_tokens = "optional"
instance_metadata_tags = "disabled"
}

root_block_device {
delete_on_termination = true
device_name = "/dev/sda1"
encrypted = false
iops = 0
tags = {}
throughput = 0
volume_id = "vol-0f542c226ec4d675b"
volume_size = 8
volume_type = "standard"
}
}

 

注意示例使用的是UBUNTU的操作系统，根据操作系统不同，配置中AMI不同

aws ec2 describe-images --owners 309956199498 --query 'sort_by(Images, &CreationDate)[*].[CreationDate,Name,ImageId]' --filters "Name=name,Values=RHEL-7.?*GA*" --region us-east-1 --output table