@see
- https://y-ohgi.com/introduction-terraform/first/preparation/
- Terraform リファレンス
MacにTerraformインストール
$ brew install terraform
$ mkdir ~/Desktop/terraform-handson
TerraformをDockerで起動
$ docker run \
-e AWS_ACCESS_KEY_ID=<AWS ACCESS KEY> \
-e AWS_SECRET_ACCESS_KEY=<AWS SECRET ACCESS KEY> \
-v $(pwd):/terraform \
-w /terraform \
-it \
--entrypoint=ash \
hashicorp/terraform:0.11.13
# terraform version Terraform v0.11.13 Your version of Terraform is out of date! The latest version is 0.12.20. You can update by downloading from www.terraform.io/downloads.html
こちらのTerminalを開いたままにして、別のTerminalを開きます。
2つのTerminalで作業します。
- Terraform Docker操作ターミナル:Terraformでのコマンドを実行するターミナル
- 作業用ターミナル:ファイル編集用ターミナル
作業用ターミナル側作業
$ cd ~/Desktop/terraform-handson
$ mkdir vpc-handson $ cd vpc-handson
$ pwd /Users/kanehiroyuu/Desktop/terraform-handson/vpc-handson
$ vi $HOME/Desktop/terraform-handson/vpc-handson/main.tf
# AWSプロバイダの定義
provider "aws" {
region = "ap-northeast-1"
}
# VPCを作成する
resource "aws_vpc" "main" { # "main" という命名を行う
cidr_block = "10.0.0.0/16"
tags = {
Name = "vpc-handson"
}
}
# Subnetを作成する
resource "aws_subnet" "main" { # 別のリソースであれば命名が被っていても問題ないです
vpc_id = "${aws_vpc.main.id}" # aws_vpc.mainでmainと命名されたVPCを参照し、そのVPCのIDを取得する
cidr_block = "10.0.1.0/24"
}
Terraform Docker操作ターミナル
初期化
$ terraform init
設定ファイルを書き換えた場合必要
適用
$ terraform apply
$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_subnet.main will be created
+ resource "aws_subnet" "main" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ vpc_id = (known after apply)
}
# aws_vpc.main will be created
+ resource "aws_vpc" "main" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "vpc-handson"
}
}
Plan: 2 to add, 0 to change, 0 to destroy.
Warning: Interpolation-only expressions are deprecated
on main.tf line 17, in resource "aws_subnet" "main":
17: vpc_id = "${aws_vpc.main.id}" # aws_vpc.mainでmainと命名されたVPCを参照し、そのVPCのIDを取得する
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes // ←●入力
aws_vpc.main: Creating...
aws_vpc.main: Creation complete after 2s [id=vpc-0520e91c4298cf1f0]
aws_subnet.main: Creating...
aws_subnet.main: Creation complete after 0s [id=subnet-0367493ac84ec1c78]
Apply complete! Resources: 2 added, 0 changed, 0 destroyed
作業用ターミナル側作業
リソースの変更を行う
$ vi $HOME/Desktop/terraform-handson/vpc-handson/main.tf
# AWSプロバイダの定義
provider "aws" {
region = "ap-northeast-1"
}
# VPCを作成する
resource "aws_vpc" "main" { # "main" という命名を行う
cidr_block = "10.0.0.0/16"
tags = {
- Name = "vpc-handson"
+ Name = "vpc-handson-hoge"
}
}
# Subnetを作成する
resource "aws_subnet" "main" { # 別のリソースであれば命名が被っていても問題ないです
vpc_id = "${aws_vpc.main.id}" # aws_vpc.mainでmainと命名されたVPCを参照し、そのVPCのIDを取得する
cidr_block = "10.0.1.0/24"
}
Terraform Docker操作ターミナル
どう変わるか確認
/terraform $ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_vpc.main: Refreshing state... [id=vpc-0520e91c4298cf1f0]
aws_subnet.main: Refreshing state... [id=subnet-0367493ac84ec1c78]
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_vpc.main will be updated in-place
~ resource "aws_vpc" "main" {
arn = "arn:aws:ec2:ap-northeast-1:925948485307:vpc/vpc-0520e91c4298cf1f0"
assign_generated_ipv6_cidr_block = false
cidr_block = "10.0.0.0/16"
default_network_acl_id = "acl-0bd5f4eb5c34afa0a"
default_route_table_id = "rtb-06c8981786dc542c4"
default_security_group_id = "sg-0c1d073f568384615"
dhcp_options_id = "dopt-40b55e25"
enable_classiclink = false
enable_classiclink_dns_support = false
enable_dns_hostnames = false
enable_dns_support = true
id = "vpc-0520e91c4298cf1f0"
instance_tenancy = "default"
main_route_table_id = "rtb-06c8981786dc542c4"
owner_id = "925948485307"
~ tags = {
~ "Name" = "vpc-handson" -> "vpc-handson-hoge"
}
}
Plan: 0 to add, 1 to change, 0 to destroy.
Warning: Interpolation-only expressions are deprecated
on main.tf line 17, in resource "aws_subnet" "main":
17: vpc_id = "${aws_vpc.main.id}" # aws_vpc.mainでmainと命名されたVPCを参照し、そのVPCのIDを取得する
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
適用
/terraform $ terraform apply
Terraformで管理しているリソースの確認
/terraform $ terraform show
# aws_subnet.main:
resource "aws_subnet" "main" {
arn = "arn:aws:ec2:ap-northeast-1:925948485307:subnet/subnet-0367493ac84ec1c78"
assign_ipv6_address_on_creation = false
availability_zone = "ap-northeast-1a"
availability_zone_id = "apne1-az4"
cidr_block = "10.0.1.0/24"
id = "subnet-0367493ac84ec1c78"
map_public_ip_on_launch = false
owner_id = "925948485307"
tags = {}
vpc_id = "vpc-0520e91c4298cf1f0"
}
# aws_vpc.main:
resource "aws_vpc" "main" {
arn = "arn:aws:ec2:ap-northeast-1:925948485307:vpc/vpc-0520e91c4298cf1f0"
assign_generated_ipv6_cidr_block = false
cidr_block = "10.0.0.0/16"
default_network_acl_id = "acl-0bd5f4eb5c34afa0a"
default_route_table_id = "rtb-06c8981786dc542c4"
default_security_group_id = "sg-0c1d073f568384615"
dhcp_options_id = "dopt-40b55e25"
enable_classiclink = false
enable_classiclink_dns_support = false
enable_dns_hostnames = false
enable_dns_support = true
id = "vpc-0520e91c4298cf1f0"
instance_tenancy = "default"
main_route_table_id = "rtb-06c8981786dc542c4"
owner_id = "925948485307"
tags = {
"Name" = "vpc-handson-hoge"
}
}
$ ls -laht total 24 drwxr-xr-x 6 kanehiroyuu staff 192B 1 28 14:59 . drwxr-xr-x 3 kanehiroyuu staff 96B 1 28 14:59 .. -rw-r--r-- 1 kanehiroyuu staff 2.4K 1 28 14:59 terraform.tfstate -rw-r--r-- 1 kanehiroyuu staff 2.4K 1 28 14:59 terraform.tfstate.backup -rw-r--r-- 1 kanehiroyuu staff 526B 1 28 14:57 main.tf drwxr-xr-x 3 kanehiroyuu staff 96B 1 28 14:51 .terraform
Terraformが管理しているリソースはこのファイルに格納されている
/terraform $ cat terraform.tfstate
{
"version": 4,
"terraform_version": "0.12.20",
"serial": 5,
"lineage": "7372823f-64c5-724c-e7a3-8cb40a7034ac",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_subnet",
"name": "main",
"provider": "provider.aws",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:925948485307:subnet/subnet-0367493ac84ec1c78",
"assign_ipv6_address_on_creation": false,
"availability_zone": "ap-northeast-1a",
"availability_zone_id": "apne1-az4",
"cidr_block": "10.0.1.0/24",
"id": "subnet-0367493ac84ec1c78",
"ipv6_cidr_block": "",
"ipv6_cidr_block_association_id": "",
"map_public_ip_on_launch": false,
"owner_id": "925948485307",
"tags": {},
"timeouts": null,
"vpc_id": "vpc-0520e91c4298cf1f0"
},
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjo2MDAwMDAwMDAwMDAsImRlbGV0ZSI6MTIwMDAwMDAwMDAwMH0sInNjaGVtYV92ZXJzaW9uIjoiMSJ9",
"dependencies": [
"aws_vpc.main"
]
}
]
},
{
"mode": "managed",
"type": "aws_vpc",
"name": "main",
"provider": "provider.aws",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:ec2:ap-northeast-1:925948485307:vpc/vpc-0520e91c4298cf1f0",
"assign_generated_ipv6_cidr_block": false,
"cidr_block": "10.0.0.0/16",
"default_network_acl_id": "acl-0bd5f4eb5c34afa0a",
"default_route_table_id": "rtb-06c8981786dc542c4",
"default_security_group_id": "sg-0c1d073f568384615",
"dhcp_options_id": "dopt-40b55e25",
"enable_classiclink": false,
"enable_classiclink_dns_support": false,
"enable_dns_hostnames": false,
"enable_dns_support": true,
"id": "vpc-0520e91c4298cf1f0",
"instance_tenancy": "default",
"ipv6_association_id": "",
"ipv6_cidr_block": "",
"main_route_table_id": "rtb-06c8981786dc542c4",
"owner_id": "925948485307",
"tags": {
"Name": "vpc-handson-hoge"
}
},
"private": "eyJzY2hlbWFfdmVyc2lvbiI6IjEifQ=="
}
]
}
]
}
Terraformコードの変更を行う場合はこのファイルを見て差分の確認を行う。
削除してみる
/terraform $ terraform destroy
aws_vpc.main: Refreshing state... [id=vpc-0520e91c4298cf1f0]
aws_subnet.main: Refreshing state... [id=subnet-0367493ac84ec1c78]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_subnet.main will be destroyed
- resource "aws_subnet" "main" {
- arn = "arn:aws:ec2:ap-northeast-1:925948485307:subnet/subnet-0367493ac84ec1c78" -> null
- assign_ipv6_address_on_creation = false -> null
- availability_zone = "ap-northeast-1a" -> null
- availability_zone_id = "apne1-az4" -> null
- cidr_block = "10.0.1.0/24" -> null
- id = "subnet-0367493ac84ec1c78" -> null
- map_public_ip_on_launch = false -> null
- owner_id = "925948485307" -> null
- tags = {} -> null
- vpc_id = "vpc-0520e91c4298cf1f0" -> null
}
# aws_vpc.main will be destroyed
- resource "aws_vpc" "main" {
- arn = "arn:aws:ec2:ap-northeast-1:925948485307:vpc/vpc-0520e91c4298cf1f0" -> null
- assign_generated_ipv6_cidr_block = false -> null
- cidr_block = "10.0.0.0/16" -> null
- default_network_acl_id = "acl-0bd5f4eb5c34afa0a" -> null
- default_route_table_id = "rtb-06c8981786dc542c4" -> null
- default_security_group_id = "sg-0c1d073f568384615" -> null
- dhcp_options_id = "dopt-40b55e25" -> null
- enable_classiclink = false -> null
- enable_classiclink_dns_support = false -> null
- enable_dns_hostnames = false -> null
- enable_dns_support = true -> null
- id = "vpc-0520e91c4298cf1f0" -> null
- instance_tenancy = "default" -> null
- main_route_table_id = "rtb-06c8981786dc542c4" -> null
- owner_id = "925948485307" -> null
- tags = {
- "Name" = "vpc-handson-hoge"
} -> null
}
Plan: 0 to add, 0 to change, 2 to destroy.
Warning: Interpolation-only expressions are deprecated
on main.tf line 17, in resource "aws_subnet" "main":
17: vpc_id = "${aws_vpc.main.id}" # aws_vpc.mainでmainと命名されたVPCを参照し、そのVPCのIDを取得する
Terraform 0.11 and earlier required all non-constant expressions to be
provided via interpolation syntax, but this pattern is now deprecated. To
silence this warning, remove the "${ sequence from the start and the }"
sequence from the end of this expression, leaving just the inner expression.
Template interpolation syntax is still used to construct strings from
expressions when the template includes multiple interpolation sequences or a
mixture of literal strings and interpolations. This deprecation applies only
to templates that consist entirely of a single interpolation sequence.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes // ←●問題なければyes
aws_subnet.main: Destroying... [id=subnet-0367493ac84ec1c78]
aws_subnet.main: Destruction complete after 1s
aws_vpc.main: Destroying... [id=vpc-0520e91c4298cf1f0]
aws_vpc.main: Destruction complete after 0s
Destroy complete! Resources: 2 destroyed.
後片付け
$ cd /Users/kanehiro/Desktop/ $ rm terraform-handson
もくじ
VPCを作ってみる
作業用ターミナル作業
$ cd ~/Desktop/
$ mkdir terraform
$ cd terraform
$ mkdir {handson,vpc-handson}
$ cd handson
/terraform/handson # vi main.tf
provider "aws" {
region = "ap-northeast-1"
}
初期化
/terraform/handson # terraform init Initializing provider plugins... - Checking for available provider plugins on https://releases.hashicorp.com... - Downloading plugin for provider "aws" (2.47.0)... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.aws: version = "~> 2.47" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
/terraform/handson # vi /terraform/handson/main.tf
provider "aws" {
region = "ap-northeast-1"
}
// ●下記を追記
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
初期化
初期化 /terraform/handson # terraform init 追記したので変更確認 /terraform/handson # terraform plan 変更反映 /terraform/handson # terraform apply
次はサブネットを作成します
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# ..................VPC.....................VPC......Subnet............
vpc_id = "${aws_vpc.main.id}"
# Subnet...............AZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
初期化
$ terraform init
適用予定部分を確認
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
aws_vpc.main: Refreshing state... (ID: vpc-05d7bbeff09daa8fe)
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_subnet.public_1a
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "ap-northeast-1a"
availability_zone_id: <computed>
cidr_block: "10.0.1.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
owner_id: <computed>
tags.%: "1"
tags.Name: "handson-public-1a"
vpc_id: "vpc-05d7bbeff09daa8fe"
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
反映
/terraform/handson # terraform apply
aws_vpc.main: Refreshing state... (ID: vpc-05d7bbeff09daa8fe)
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ aws_subnet.public_1a
id: <computed>
arn: <computed>
assign_ipv6_address_on_creation: "false"
availability_zone: "ap-northeast-1a"
availability_zone_id: <computed>
cidr_block: "10.0.1.0/24"
ipv6_cidr_block: <computed>
ipv6_cidr_block_association_id: <computed>
map_public_ip_on_launch: "false"
owner_id: <computed>
tags.%: "1"
tags.Name: "handson-public-1a"
vpc_id: "vpc-05d7bbeff09daa8fe"
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_subnet.public_1a: Creating...
arn: "" => "<computed>"
assign_ipv6_address_on_creation: "" => "false"
availability_zone: "" => "ap-northeast-1a"
availability_zone_id: "" => "<computed>"
cidr_block: "" => "10.0.1.0/24"
ipv6_cidr_block: "" => "<computed>"
ipv6_cidr_block_association_id: "" => "<computed>"
map_public_ip_on_launch: "" => "false"
owner_id: "" => "<computed>"
tags.%: "" => "1"
tags.Name: "" => "handson-public-1a"
vpc_id: "" => "vpc-05d7bbeff09daa8fe"
aws_subnet.public_1a: Creation complete after 0s (ID: subnet-0c43c89ba3ed2eaaf)
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
/terraform/handson # vi main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
$ terraform init $ $ terraform plan $ terraform apply
/terraform/handson # cat main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
⭐️追記ここから
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
⭐️追記ここまで
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
$ terraform init $ $ terraform plan $ terraform apply
Nat Gateway
# vi main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
⭐️ここから追記
# Elasti IP
# https://www.terraform.io/docs/providers/aws/r/eip.html
resource "aws_eip" "nat_1a" {
vpc = true
tags = {
Name = "handson-natgw-1a"
}
}
# NAT Gateway
# https://www.terraform.io/docs/providers/aws/r/nat_gateway.html
resource "aws_nat_gateway" "nat_1a" {
subnet_id = "${aws_subnet.public_1a.id}" # NAT Gatewayを配置するSubnetを指定
allocation_id = "${aws_eip.nat_1a.id}" # 紐付けるElasti IP
tags = {
Name = "handson-1a"
}
}
resource "aws_eip" "nat_1c" {
vpc = true
tags = {
Name = "handson-natgw-1c"
}
}
resource "aws_nat_gateway" "nat_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
allocation_id = "${aws_eip.nat_1c.id}"
tags = {
Name = "handson-1c"
}
}
resource "aws_eip" "nat_1d" {
vpc = true
tags = {
Name = "handson-natgw-1d"
}
}
resource "aws_nat_gateway" "nat_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
allocation_id = "${aws_eip.nat_1d.id}"
tags = {
Name = "handson-1d"
}
}
$ terraform init $ $ terraform plan $ terraform apply
Route Table
/terraform/handson # vi main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
# Elasti IP
# https://www.terraform.io/docs/providers/aws/r/eip.html
resource "aws_eip" "nat_1a" {
vpc = true
tags = {
Name = "handson-natgw-1a"
}
}
# NAT Gateway
# https://www.terraform.io/docs/providers/aws/r/nat_gateway.html
resource "aws_nat_gateway" "nat_1a" {
subnet_id = "${aws_subnet.public_1a.id}" # NAT Gatewayを配置するSubnetを指定
allocation_id = "${aws_eip.nat_1a.id}" # 紐付けるElasti IP
tags = {
Name = "handson-1a"
}
}
resource "aws_eip" "nat_1c" {
vpc = true
tags = {
Name = "handson-natgw-1c"
}
}
resource "aws_nat_gateway" "nat_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
allocation_id = "${aws_eip.nat_1c.id}"
tags = {
Name = "handson-1c"
}
}
resource "aws_eip" "nat_1d" {
vpc = true
tags = {
Name = "handson-natgw-1d"
}
}
resource "aws_nat_gateway" "nat_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
allocation_id = "${aws_eip.nat_1d.id}"
tags = {
Name = "handson-1d"
}
}
# Route Table
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-public"
}
}
# Route
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "public" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.public.id}"
gateway_id = "${aws_internet_gateway.main.id}"
}
# Association
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "public_1a" {
subnet_id = "${aws_subnet.public_1a.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
route_table_id = "${aws_route_table.public.id}"
}
/terraform/handson # terraform init /terraform/handson # terraform plan /terraform/handson # terraform apply
/terraform/handson # cat main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
# Elasti IP
# https://www.terraform.io/docs/providers/aws/r/eip.html
resource "aws_eip" "nat_1a" {
vpc = true
tags = {
Name = "handson-natgw-1a"
}
}
# NAT Gateway
# https://www.terraform.io/docs/providers/aws/r/nat_gateway.html
resource "aws_nat_gateway" "nat_1a" {
subnet_id = "${aws_subnet.public_1a.id}" # NAT Gatewayを配置するSubnetを指定
allocation_id = "${aws_eip.nat_1a.id}" # 紐付けるElasti IP
tags = {
Name = "handson-1a"
}
}
resource "aws_eip" "nat_1c" {
vpc = true
tags = {
Name = "handson-natgw-1c"
}
}
resource "aws_nat_gateway" "nat_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
allocation_id = "${aws_eip.nat_1c.id}"
tags = {
Name = "handson-1c"
}
}
resource "aws_eip" "nat_1d" {
vpc = true
tags = {
Name = "handson-natgw-1d"
}
}
resource "aws_nat_gateway" "nat_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
allocation_id = "${aws_eip.nat_1d.id}"
tags = {
Name = "handson-1d"
}
}
⭐️追記
# Route Table
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-public"
}
}
# Route
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "public" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.public.id}"
gateway_id = "${aws_internet_gateway.main.id}"
}
# Association
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "public_1a" {
subnet_id = "${aws_subnet.public_1a.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
route_table_id = "${aws_route_table.public.id}"
}
# Route Table (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_route_table" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_route_table" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1d"
}
}
# Route (Private)
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "private_1a" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1a.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1a.id}"
}
resource "aws_route" "private_1c" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1c.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1c.id}"
}
resource "aws_route" "private_1d" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1d.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1d.id}"
}
# Association (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "private_1a" {
subnet_id = "${aws_subnet.private_1a.id}"
route_table_id = "${aws_route_table.private_1a.id}"
}
resource "aws_route_table_association" "private_1c" {
subnet_id = "${aws_subnet.private_1c.id}"
route_table_id = "${aws_route_table.private_1c.id}"
}
resource "aws_route_table_association" "private_1d" {
subnet_id = "${aws_subnet.private_1d.id}"
route_table_id = "${aws_route_table.private_1d.id}"
}
$ terraform init $ $ terraform plan $ terraform apply
ALB
main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
# Elasti IP
# https://www.terraform.io/docs/providers/aws/r/eip.html
resource "aws_eip" "nat_1a" {
vpc = true
tags = {
Name = "handson-natgw-1a"
}
}
# NAT Gateway
# https://www.terraform.io/docs/providers/aws/r/nat_gateway.html
resource "aws_nat_gateway" "nat_1a" {
subnet_id = "${aws_subnet.public_1a.id}" # NAT Gatewayを配置するSubnetを指定
allocation_id = "${aws_eip.nat_1a.id}" # 紐付けるElasti IP
tags = {
Name = "handson-1a"
}
}
resource "aws_eip" "nat_1c" {
vpc = true
tags = {
Name = "handson-natgw-1c"
}
}
resource "aws_nat_gateway" "nat_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
allocation_id = "${aws_eip.nat_1c.id}"
tags = {
Name = "handson-1c"
}
}
resource "aws_eip" "nat_1d" {
vpc = true
tags = {
Name = "handson-natgw-1d"
}
}
resource "aws_nat_gateway" "nat_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
allocation_id = "${aws_eip.nat_1d.id}"
tags = {
Name = "handson-1d"
}
}
# Route Table
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-public"
}
}
# Route
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "public" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.public.id}"
gateway_id = "${aws_internet_gateway.main.id}"
}
# Association
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "public_1a" {
subnet_id = "${aws_subnet.public_1a.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
route_table_id = "${aws_route_table.public.id}"
}
# Route Table (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_route_table" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_route_table" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1d"
}
}
# Route (Private)
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "private_1a" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1a.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1a.id}"
}
resource "aws_route" "private_1c" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1c.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1c.id}"
}
resource "aws_route" "private_1d" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1d.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1d.id}"
}
# Association (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "private_1a" {
subnet_id = "${aws_subnet.private_1a.id}"
route_table_id = "${aws_route_table.private_1a.id}"
}
resource "aws_route_table_association" "private_1c" {
subnet_id = "${aws_subnet.private_1c.id}"
route_table_id = "${aws_route_table.private_1c.id}"
}
resource "aws_route_table_association" "private_1d" {
subnet_id = "${aws_subnet.private_1d.id}"
route_table_id = "${aws_route_table.private_1d.id}"
}
# SecurityGroup
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group" "alb" {
name = "handson-alb"
description = "handson alb"
vpc_id = "${aws_vpc.main.id}"
# セキュリティグループ内のリソースからインターネットへのアクセスを許可する
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "handson-alb"
}
}
# SecurityGroup Rule
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group_rule" "alb_http" {
security_group_id = "${aws_security_group.alb.id}"
# セキュリティグループ内のリソースへインターネットからのアクセスを許可する
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# ALB
# https://www.terraform.io/docs/providers/aws/d/lb.html
resource "aws_lb" "main" {
load_balancer_type = "application"
name = "handson"
security_groups = ["${aws_security_group.alb.id}"]
subnets = ["${aws_subnet.public_1a.id}", "${aws_subnet.public_1c.id}", "${aws_subnet.public_1d.id}"]
}
# Listener
# https://www.terraform.io/docs/providers/aws/r/lb_listener.html
resource "aws_lb_listener" "main" {
# HTTPでのアクセスを受け付ける
port = "80"
protocol = "HTTP"
# ALBのarnを指定します。
#XXX: arnはAmazon Resource Names の略で、その名の通りリソースを特定するための一意な名前(id)です。
load_balancer_arn = "${aws_lb.main.arn}"
# "ok" という固定レスポンスを設定する
default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
status_code = "200"
message_body = "ok"
}
}
}
ECS
# ECS Cluster
# https://www.terraform.io/docs/providers/aws/r/ecs_cluster.html
resource "aws_ecs_cluster" "main" {
name = "handson"
}
# ALB Listener Rule
# https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html
resource "aws_lb_listener_rule" "main" {
# ルールを追加するリスナー
listener_arn = "${aws_lb_listener.main.arn}"
# 受け取ったトラフィックをターゲットグループへ受け渡す
action {
type = "forward"
target_group_arn = "${aws_lb_target_group.main.id}"
}
# ターゲットグループへ受け渡すトラフィックの条件
condition {
field = "path-pattern"
values = ["*"]
}
}
# ターゲットグループへ受け渡すトラフィックの条件
condition {
field = "path-pattern"
values = ["*"]
}
↓
condition {
path_pattern {
values = ["*"]
}
}
cat main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
# Elasti IP
# https://www.terraform.io/docs/providers/aws/r/eip.html
resource "aws_eip" "nat_1a" {
vpc = true
tags = {
Name = "handson-natgw-1a"
}
}
# NAT Gateway
# https://www.terraform.io/docs/providers/aws/r/nat_gateway.html
resource "aws_nat_gateway" "nat_1a" {
subnet_id = "${aws_subnet.public_1a.id}" # NAT Gatewayを配置するSubnetを指定
allocation_id = "${aws_eip.nat_1a.id}" # 紐付けるElasti IP
tags = {
Name = "handson-1a"
}
}
resource "aws_eip" "nat_1c" {
vpc = true
tags = {
Name = "handson-natgw-1c"
}
}
resource "aws_nat_gateway" "nat_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
allocation_id = "${aws_eip.nat_1c.id}"
tags = {
Name = "handson-1c"
}
}
resource "aws_eip" "nat_1d" {
vpc = true
tags = {
Name = "handson-natgw-1d"
}
}
resource "aws_nat_gateway" "nat_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
allocation_id = "${aws_eip.nat_1d.id}"
tags = {
Name = "handson-1d"
}
}
# Route Table
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-public"
}
}
# Route
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "public" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.public.id}"
gateway_id = "${aws_internet_gateway.main.id}"
}
# Association
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "public_1a" {
subnet_id = "${aws_subnet.public_1a.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
route_table_id = "${aws_route_table.public.id}"
}
# Route Table (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_route_table" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_route_table" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1d"
}
}
# Route (Private)
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "private_1a" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1a.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1a.id}"
}
resource "aws_route" "private_1c" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1c.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1c.id}"
}
resource "aws_route" "private_1d" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1d.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1d.id}"
}
# Association (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "private_1a" {
subnet_id = "${aws_subnet.private_1a.id}"
route_table_id = "${aws_route_table.private_1a.id}"
}
resource "aws_route_table_association" "private_1c" {
subnet_id = "${aws_subnet.private_1c.id}"
route_table_id = "${aws_route_table.private_1c.id}"
}
resource "aws_route_table_association" "private_1d" {
subnet_id = "${aws_subnet.private_1d.id}"
route_table_id = "${aws_route_table.private_1d.id}"
}
# SecurityGroup
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group" "alb" {
name = "handson-alb"
description = "handson alb"
vpc_id = "${aws_vpc.main.id}"
# セキュリティグループ内のリソースからインターネットへのアクセスを許可する
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "handson-alb"
}
}
# SecurityGroup Rule
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group_rule" "alb_http" {
security_group_id = "${aws_security_group.alb.id}"
# セキュリティグループ内のリソースへインターネットからのアクセスを許可する
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# ALB
# https://www.terraform.io/docs/providers/aws/d/lb.html
resource "aws_lb" "main" {
load_balancer_type = "application"
name = "handson"
security_groups = ["${aws_security_group.alb.id}"]
subnets = ["${aws_subnet.public_1a.id}", "${aws_subnet.public_1c.id}", "${aws_subnet.public_1d.id}"]
}
# Listener
# https://www.terraform.io/docs/providers/aws/r/lb_listener.html
resource "aws_lb_listener" "main" {
# HTTPでのアクセスを受け付ける
port = "80"
protocol = "HTTP"
# ALBのarnを指定します。
#XXX: arnはAmazon Resource Names の略で、その名の通りリソースを特定するための一意な名前(id)です。
load_balancer_arn = "${aws_lb.main.arn}"
# "ok" という固定レスポンスを設定する
default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
status_code = "200"
message_body = "ok"
}
}
}
# Task Definition
# https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html
resource "aws_ecs_task_definition" "main" {
family = "handson"
# データプレーンの選択
requires_compatibilities = ["FARGATE"]
# ECSタスクが使用可能なリソースの上限
# タスク内のコンテナはこの上限内に使用するリソースを収める必要があり、メモリが上限に達した場合OOM Killer にタスクがキルされる
cpu = "256"
memory = "512"
# ECSタスクのネットワークドライバ
# Fargateを使用する場合は"awsvpc"決め打ち
network_mode = "awsvpc"
# 起動するコンテナの定義
# 「nginxを起動し、80ポートを開放する」設定を記述。
container_definitions = <<EOL
[
{
"name": "nginx",
"image": "nginx:1.14",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
]
}
]
EOL
}
# ECS Cluster
# https://www.terraform.io/docs/providers/aws/r/ecs_cluster.html
resource "aws_ecs_cluster" "main" {
name = "handson"
}
# ELB Target Group
# https://www.terraform.io/docs/providers/aws/r/lb_target_group.html
resource "aws_lb_target_group" "main" {
name = "handson"
# ターゲットグループを作成するVPC
vpc_id = "${aws_vpc.main.id}"
# ALBからECSタスクのコンテナへトラフィックを振り分ける設定
port = 80
protocol = "HTTP"
target_type = "ip"
# コンテナへの死活監視設定
health_check = {
port = 80
path = "/"
}
}
# ALB Listener Rule
# https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html
resource "aws_lb_listener_rule" "main" {
# ルールを追加するリスナー
listener_arn = "${aws_lb_listener.main.arn}"
# 受け取ったトラフィックをターゲットグループへ受け渡す
action {
type = "forward"
target_group_arn = "${aws_lb_target_group.main.id}"
}
# ターゲットグループへ受け渡すトラフィックの条件
condition {
path_pattern {
values = ["*"]
}
}
}
main.tf
provider "aws" {
region = "ap-northeast-1"
}
# VPC
# https://www.terraform.io/docs/providers/aws/r/vpc.html
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "handson"
}
}
# Internet Gateway
# https://www.terraform.io/docs/providers/aws/r/internet_gateway.html
resource "aws_internet_gateway" "main" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson"
}
}
# Subnet
# https://www.terraform.io/docs/providers/aws/r/subnet.html
resource "aws_subnet" "public_1a" {
# 先程作成したVPCを参照し、そのVPC内にSubnetを立てる
vpc_id = "${aws_vpc.main.id}"
# Subnetを作成するAZ
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.1.0/24"
tags = {
Name = "handson-public-1a"
}
}
resource "aws_subnet" "public_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.2.0/24"
tags = {
Name = "handson-public-1c"
}
}
resource "aws_subnet" "public_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.3.0/24"
tags = {
Name = "handson-public-1d"
}
}
# Private Subnets
resource "aws_subnet" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.10.0/24"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_subnet" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_subnet" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
availability_zone = "ap-northeast-1d"
cidr_block = "10.0.30.0/24"
tags = {
Name = "handson-private-1d"
}
}
# Elasti IP
# https://www.terraform.io/docs/providers/aws/r/eip.html
resource "aws_eip" "nat_1a" {
vpc = true
tags = {
Name = "handson-natgw-1a"
}
}
# NAT Gateway
# https://www.terraform.io/docs/providers/aws/r/nat_gateway.html
resource "aws_nat_gateway" "nat_1a" {
subnet_id = "${aws_subnet.public_1a.id}" # NAT Gatewayを配置するSubnetを指定
allocation_id = "${aws_eip.nat_1a.id}" # 紐付けるElasti IP
tags = {
Name = "handson-1a"
}
}
resource "aws_eip" "nat_1c" {
vpc = true
tags = {
Name = "handson-natgw-1c"
}
}
resource "aws_nat_gateway" "nat_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
allocation_id = "${aws_eip.nat_1c.id}"
tags = {
Name = "handson-1c"
}
}
resource "aws_eip" "nat_1d" {
vpc = true
tags = {
Name = "handson-natgw-1d"
}
}
resource "aws_nat_gateway" "nat_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
allocation_id = "${aws_eip.nat_1d.id}"
tags = {
Name = "handson-1d"
}
}
# Route Table
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "public" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-public"
}
}
# Route
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "public" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.public.id}"
gateway_id = "${aws_internet_gateway.main.id}"
}
# Association
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "public_1a" {
subnet_id = "${aws_subnet.public_1a.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1c" {
subnet_id = "${aws_subnet.public_1c.id}"
route_table_id = "${aws_route_table.public.id}"
}
resource "aws_route_table_association" "public_1d" {
subnet_id = "${aws_subnet.public_1d.id}"
route_table_id = "${aws_route_table.public.id}"
}
# Route Table (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table.html
resource "aws_route_table" "private_1a" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1a"
}
}
resource "aws_route_table" "private_1c" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1c"
}
}
resource "aws_route_table" "private_1d" {
vpc_id = "${aws_vpc.main.id}"
tags = {
Name = "handson-private-1d"
}
}
# Route (Private)
# https://www.terraform.io/docs/providers/aws/r/route.html
resource "aws_route" "private_1a" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1a.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1a.id}"
}
resource "aws_route" "private_1c" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1c.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1c.id}"
}
resource "aws_route" "private_1d" {
destination_cidr_block = "0.0.0.0/0"
route_table_id = "${aws_route_table.private_1d.id}"
nat_gateway_id = "${aws_nat_gateway.nat_1d.id}"
}
# Association (Private)
# https://www.terraform.io/docs/providers/aws/r/route_table_association.html
resource "aws_route_table_association" "private_1a" {
subnet_id = "${aws_subnet.private_1a.id}"
route_table_id = "${aws_route_table.private_1a.id}"
}
resource "aws_route_table_association" "private_1c" {
subnet_id = "${aws_subnet.private_1c.id}"
route_table_id = "${aws_route_table.private_1c.id}"
}
resource "aws_route_table_association" "private_1d" {
subnet_id = "${aws_subnet.private_1d.id}"
route_table_id = "${aws_route_table.private_1d.id}"
}
# SecurityGroup
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group" "alb" {
name = "handson-alb"
description = "handson alb"
vpc_id = "${aws_vpc.main.id}"
# セキュリティグループ内のリソースからインターネットへのアクセスを許可する
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "handson-alb"
}
}
# SecurityGroup Rule
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group_rule" "alb_http" {
security_group_id = "${aws_security_group.alb.id}"
# セキュリティグループ内のリソースへインターネットからのアクセスを許可する
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# ALB
# https://www.terraform.io/docs/providers/aws/d/lb.html
resource "aws_lb" "main" {
load_balancer_type = "application"
name = "handson"
security_groups = ["${aws_security_group.alb.id}"]
subnets = ["${aws_subnet.public_1a.id}", "${aws_subnet.public_1c.id}", "${aws_subnet.public_1d.id}"]
}
# Listener
# https://www.terraform.io/docs/providers/aws/r/lb_listener.html
resource "aws_lb_listener" "main" {
# HTTPでのアクセスを受け付ける
port = "80"
protocol = "HTTP"
# ALBのarnを指定します。
#XXX: arnはAmazon Resource Names の略で、その名の通りリソースを特定するための一意な名前(id)です。
load_balancer_arn = "${aws_lb.main.arn}"
# "ok" という固定レスポンスを設定する
default_action {
type = "fixed-response"
fixed_response {
content_type = "text/plain"
status_code = "200"
message_body = "ok"
}
}
}
# Task Definition
# https://www.terraform.io/docs/providers/aws/r/ecs_task_definition.html
resource "aws_ecs_task_definition" "main" {
family = "handson"
# データプレーンの選択
requires_compatibilities = ["FARGATE"]
# ECSタスクが使用可能なリソースの上限
# タスク内のコンテナはこの上限内に使用するリソースを収める必要があり、メモリが上限に達した場合OOM Killer にタスクがキルされる
cpu = "256"
memory = "512"
# ECSタスクのネットワークドライバ
# Fargateを使用する場合は"awsvpc"決め打ち
network_mode = "awsvpc"
# 起動するコンテナの定義
# 「nginxを起動し、80ポートを開放する」設定を記述。
container_definitions = <<EOL
[
{
"name": "nginx",
"image": "nginx:1.14",
"portMappings": [
{
"containerPort": 80,
"hostPort": 80
}
]
}
]
EOL
}
# ECS Cluster
# https://www.terraform.io/docs/providers/aws/r/ecs_cluster.html
resource "aws_ecs_cluster" "main" {
name = "handson"
}
# ELB Target Group
# https://www.terraform.io/docs/providers/aws/r/lb_target_group.html
resource "aws_lb_target_group" "main" {
name = "handson"
# ターゲットグループを作成するVPC
vpc_id = "${aws_vpc.main.id}"
# ALBからECSタスクのコンテナへトラフィックを振り分ける設定
port = 80
protocol = "HTTP"
target_type = "ip"
# コンテナへの死活監視設定
health_check = {
port = 80
path = "/"
}
}
# ALB Listener Rule
# https://www.terraform.io/docs/providers/aws/r/lb_listener_rule.html
resource "aws_lb_listener_rule" "main" {
# ルールを追加するリスナー
listener_arn = "${aws_lb_listener.main.arn}"
# 受け取ったトラフィックをターゲットグループへ受け渡す
action {
type = "forward"
target_group_arn = "${aws_lb_target_group.main.id}"
}
# ターゲットグループへ受け渡すトラフィックの条件
condition {
path_pattern {
values = ["*"]
}
}
}
# SecurityGroup
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group" "ecs" {
name = "handson-ecs"
description = "handson ecs"
# セキュリティグループを配置するVPC
vpc_id = "${aws_vpc.main.id}"
# セキュリティグループ内のリソースからインターネットへのアクセス許可設定
# 今回の場合DockerHubへのPullに使用する。
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "handson-ecs"
}
}
# SecurityGroup Rule
# https://www.terraform.io/docs/providers/aws/r/security_group.html
resource "aws_security_group_rule" "ecs" {
security_group_id = "${aws_security_group.ecs.id}"
# インターネットからセキュリティグループ内のリソースへのアクセス許可設定
type = "ingress"
# TCPでの80ポートへのアクセスを許可する
from_port = 80
to_port = 80
protocol = "tcp"
# 同一VPC内からのアクセスのみ許可
cidr_blocks = ["10.0.0.0/16"]
}
# ECS Service
# https://www.terraform.io/docs/providers/aws/r/ecs_service.html
resource "aws_ecs_service" "main" {
name = "handson"
# 依存関係の記述。
# "aws_lb_listener_rule.main" リソースの作成が完了するのを待ってから当該リソースの作成を開始する。
# "depends_on" は "aws_ecs_service" リソース専用のプロパティではなく、Terraformのシンタックスのため他の"resource"でも使用可能
depends_on = ["aws_lb_listener_rule.main"]
# 当該ECSサービスを配置するECSクラスターの指定
cluster = "${aws_ecs_cluster.main.name}"
# データプレーンとしてFargateを使用する
launch_type = "FARGATE"
# ECSタスクの起動数を定義
desired_count = "1"
# 起動するECSタスクのタスク定義
task_definition = "${aws_ecs_task_definition.main.arn}"
# ECSタスクへ設定するネットワークの設定
network_configuration = {
# タスクの起動を許可するサブネット
subnets = ["${aws_subnet.private_1a.id}", "${aws_subnet.private_1c.id}", "${aws_subnet.private_1d.id}"]
# タスクに紐付けるセキュリティグループ
security_groups = ["${aws_security_group.ecs.id}"]
}
# ECSタスクの起動後に紐付けるELBターゲットグループ
load_balancer = [
{
target_group_arn = "${aws_lb_target_group.main.arn}"
container_name = "nginx"
container_port = "80"
},
]
}
HTTPS化
Route53でyuutest1.workドメインを登録しておいた。
