创建阿里云 RAM 子用户,并进行授权

注意,需要将我们生成的 ​​AccessKey​​ 保存至本地

Terraform 管理阿里云 VPC_alicloud

Terraform 管理阿里云 VPC_alicloud_02

配置环境变量

​alicloud_authentication​

定义的环境变量必须以 ​​TF_VAR​​ 开头,这样就被 terraform 在读取环境变量时就认为是他自己的环境变量

虽然也可以写在配置文件中明文保存,但是强烈不建议这样用,一旦配置文件泄露,便有非常大的风险。

# 第一种方式,需要去掉 main.tf 中的变量,直接全空即可,此变量是官方默认提供变量,不需要加 TF_VAR
export ALICLOUD_ACCESS_KEY="LTA**************<strong>"
export ALICLOUD_SECRET_KEY="Hp</strong>**************"
export ALICLOUD_REGION="cn-beijing"
# 第二种方式,下边定义阿里云 provider 用的是第二种
export TF_VAR_access_key="LTA**************<strong>"
export TF_VAR_secret_key="Hp</strong>**************"
export TF_VAR_region="cn-beijing"

定义阿里云 provider

​alicloud_docs​

version.tf 定义 terraform 版本信息

# versions.tf 
// 定义 terraform 的 版本信息
terraform {
required_version = ">= 1.1.0"
required_providers {
alicloud = {
source = "aliyun/alicloud"
version = "1.162.0"
}
}
}

variables.tf 定义相关变量

# variables.tf 
// 定义的变量会从环境变量中取值
// 分别对应 ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, ALICLOUD_REGION
variable "access_key" {
type = string
}

variable "secret_key" {
type = string
}

variable "region" {
type = string
}

main.tf 定义阿里云登录信息

# main.tf 
// 阿里云登录信息,采用的是环境变量
provider "alicloud" {
# Configuration options
access_key = var.access_key
secret_key = var.secret_key
region = var.region
}

alicloud_vpc.tf 定义 vpc 相关配置

# alicloud_vpc.tf 
// 创建 VPC 专有网络
resource "alicloud_vpc" "vpc" {
vpc_name = "tf_test_foo"
cidr_block = "172.96.0.0/12"
}

// 创建 Vswitch 交换机
resource "alicloud_vswitch" "vsw" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.96.0.0/21"
zone_id = "cn-beijing-b"
}

alicloud_security_group.tf 定义安全组相关配置

# alicloud_security_group.tf 
// 创建 安全组 group
resource "alicloud_security_group" "group" {
name = "demo-group"
vpc_id = alicloud_vpc.vpc.id
security_group_type = "normal"
}

// 定义安全组规则,放开 22 端口
resource "alicloud_security_group_rule" "allow_22_tcp" {
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
}
# 相关文件的目录结构
.
├── alicloud_security_group.tf
├── alicloud_vpc.tf
├── main.tf
├── variables.tf
└── versions.tf

0 directories, 5 files

fmt 格式化代码

用于格式化代码,增强其可读性

terraform fmt

init 初始化

下载 provider 的相关插件,此命令需要连接 terraform 仓库

terraform init

Terraform 管理阿里云 VPC_vpc_03

init 的操作会把相关包下载到本地,此步骤时间略长

Terraform 管理阿里云 VPC_Terraform_04

validate 校验

校验配置项中是否有报错的地方

terraform validate -json
# 输出如下结果
{
"format_version": "1.0",
"valid": true,
"error_count": 0,
"warning_count": 0,
"diagnostics": []
}

plan 预览

打印所有资源的期望状态

将期望资源的状态与当前工作目录的状态进行对比

打印当前状态与期望状态的差异,并不会实际实行

~# terraform plan


Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create

Terraform will perform the following actions:

# alicloud_security_group.group will be created
+ resource "alicloud_security_group" "group" {
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "demo-group"
+ security_group_type = "normal"
+ vpc_id = (known after apply)
}

# alicloud_security_group_rule.allow_22_tcp will be created
+ resource "alicloud_security_group_rule" "allow_22_tcp" {
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "internet"
+ policy = "accept"
+ port_range = "22/22"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"
}

# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc" {
+ cidr_block = "172.96.0.0/12"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ status = (known after apply)
+ vpc_name = "tf_test_foo"
}

# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw" {
+ availability_zone = (known after apply)
+ cidr_block = "172.96.0.0/21"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-beijing-b"
}

Plan: 4 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform
apply" now.

apply 创建资源

terraform apply

登录阿里云后进行验证

vpc 验证

Terraform 管理阿里云 VPC_alicloud_05

vswitch 验证

Terraform 管理阿里云 VPC_alicloud_06

安全组验证

Terraform 管理阿里云 VPC_alicloud_07

Terraform 管理阿里云 VPC_vpc_08

show 查看资源申请情况

~# terraform show
# alicloud_security_group.group:
resource "alicloud_security_group" "group" {
id = "sg-2zee17d94vu8k5kx99fz"
inner_access = true
inner_access_policy = "Accept"
name = "demo-group"
security_group_type = "normal"
tags = {}
vpc_id = "vpc-2zee4goyffxj46uz5j869"
}

# alicloud_security_group_rule.allow_22_tcp:
resource "alicloud_security_group_rule" "allow_22_tcp" {
cidr_ip = "0.0.0.0/0"
id = "sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = "sg-2zee17d94vu8k5kx99fz"
type = "ingress"
}

# alicloud_vpc.vpc:
resource "alicloud_vpc" "vpc" {
cidr_block = "172.96.0.0/12"
id = "vpc-2zee4goyffxj46uz5j869"
name = "tf_test_foo"
resource_group_id = "rg-acfmybfthr6yliq"
route_table_id = "vtb-2zeksbc0su4tecdy7j5er"
router_id = "vrt-2ze1lmeuaf424yol3twki"
router_table_id = "vtb-2zeksbc0su4tecdy7j5er"
secondary_cidr_blocks = []
status = "Available"
user_cidrs = []
vpc_name = "tf_test_foo"
}

# alicloud_vswitch.vsw:
resource "alicloud_vswitch" "vsw" {
availability_zone = "cn-beijing-b"
cidr_block = "172.96.0.0/21"
id = "vsw-2zeqb015cd9hogrp6fa4a"
status = "Available"
tags = {}
vpc_id = "vpc-2zee4goyffxj46uz5j869"
zone_id = "cn-beijing-b"
}

destory 销毁资源

同样可以登录阿里云进行验证,资源已被销毁

~# terraform destroy
alicloud_vpc.vpc: Refreshing state... [id=vpc-2zee4goyffxj46uz5j869]
alicloud_security_group.group: Refreshing state... [id=sg-2zee17d94vu8k5kx99fz]
alicloud_vswitch.vsw: Refreshing state... [id=vsw-2zeqb015cd9hogrp6fa4a]
alicloud_security_group_rule.allow_22_tcp: Refreshing state... [id=sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
- destroy

Terraform will perform the following actions:

# alicloud_security_group.group will be destroyed
- resource "alicloud_security_group" "group" {
- id = "sg-2zee17d94vu8k5kx99fz" -> null
- inner_access = true -> null
- inner_access_policy = "Accept" -> null
- name = "demo-group" -> null
- security_group_type = "normal" -> null
- tags = {} -> null
- vpc_id = "vpc-2zee4goyffxj46uz5j869" -> null
}

# alicloud_security_group_rule.allow_22_tcp will be destroyed
- resource "alicloud_security_group_rule" "allow_22_tcp" {
- cidr_ip = "0.0.0.0/0" -> null
- id = "sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1" -> null
- ip_protocol = "tcp" -> null
- nic_type = "intranet" -> null
- policy = "accept" -> null
- port_range = "22/22" -> null
- priority = 1 -> null
- security_group_id = "sg-2zee17d94vu8k5kx99fz" -> null
- type = "ingress" -> null
}

# alicloud_vpc.vpc will be destroyed
- resource "alicloud_vpc" "vpc" {
- cidr_block = "172.96.0.0/12" -> null
- id = "vpc-2zee4goyffxj46uz5j869" -> null
- name = "tf_test_foo" -> null
- resource_group_id = "rg-acfmybfthr6yliq" -> null
- route_table_id = "vtb-2zeksbc0su4tecdy7j5er" -> null
- router_id = "vrt-2ze1lmeuaf424yol3twki" -> null
- router_table_id = "vtb-2zeksbc0su4tecdy7j5er" -> null
- secondary_cidr_blocks = [] -> null
- status = "Available" -> null
- user_cidrs = [] -> null
- vpc_name = "tf_test_foo" -> null
}

# alicloud_vswitch.vsw will be destroyed
- resource "alicloud_vswitch" "vsw" {
- availability_zone = "cn-beijing-b" -> null
- cidr_block = "172.96.0.0/21" -> null
- id = "vsw-2zeqb015cd9hogrp6fa4a" -> null
- status = "Available" -> null
- tags = {} -> null
- vpc_id = "vpc-2zee4goyffxj46uz5j869" -> null
- zone_id = "cn-beijing-b" -> null
}

Plan: 0 to add, 0 to change, 4 to destroy.

Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.

Enter a value: yes

alicloud_vswitch.vsw: Destroying... [id=vsw-2zeqb015cd9hogrp6fa4a]
alicloud_security_group_rule.allow_22_tcp: Destroying... [id=sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_22_tcp: Destruction complete after 7s
alicloud_security_group.group: Destroying... [id=sg-2zee17d94vu8k5kx99fz]
alicloud_security_group.group: Destruction complete after 0s
alicloud_vswitch.vsw: Still destroying... [id=vsw-2zeqb015cd9hogrp6fa4a, 10s elapsed]
alicloud_vswitch.vsw: Destruction complete after 15s
alicloud_vpc.vpc: Destroying... [id=vpc-2zee4goyffxj46uz5j869]
alicloud_vpc.vpc: Destruction complete after 6s

Destroy complete! Resources: 4 destroyed.