원하는 provider 선택
Terraform provider doc
https://registry.terraform.io/browse/providers
테라폼 AWS Provider 사용하기
AWS provider doc
https://registry.terraform.io/providers/hashicorp/aws/latest/docs
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.48.0"
}
}
}
provider "aws" {
# Configuration options
}- aws provider는 region에 연결된다.
aws sts get-caller-identity
- 위 명령어로 현재 설정된 aws config를 확인한다.
aws sts get-caller-identity
{
"UserId": "AIDAZYURONAVTOYBN5VHG",
"Account": "",
"Arn": "arn:aws:iam:::user/jm.han"
}테라폼으로 vpc 생성하기 - resources
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc
# create aws_vpc, it is different from aws_default_vpc
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
}terraform init
- Terraform 구성 파일이 포함된 작업 디렉터리를 초기화하는 명령어
- 새로운 prdovier가 추가되면 해준다.
jeff-terraform-1 ❯ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 4.0"...
- Reusing previous version of hashicorp/local from the dependency lock file
- Installing hashicorp/aws v4.48.0...
- Installed hashicorp/aws v4.48.0 (signed by HashiCorp)
- Using previously-installed hashicorp/local v2.2.3
Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.terraform plan
• Terraform이 인프라에 적용할 계획인 변경 사항을 미리 볼 수 있는 실행 계획을 생성
jeff-terraform-1 ❯ terraform plan
data.local_file.jm: Reading...
local_file.jeff: Refreshing state... [id=7658d663d255c6ba8bfe2c02bf7f82c93c4e6e1f]
data.local_file.jm: Read complete after 0s [id=ba267d9573972544fead709fd73ad6d7933783eb]
aws_vpc.jeff_tf_vpc: Refreshing state... [id=vpc-05181df479ebe9401]
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.jeff_tf_vpc will be created
+ resource "aws_vpc" "jeff_tf_vpc" {
+ arn = (known after apply)
+ cidr_block = "10.1.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly
these actions if you run "terraform apply" now.- cidr_block = "10.0.0.0/16"
terraform apply
- Terraform plan에서 제안된 작업을 실행
jeff-terraform-1 ❯ terraform apply
data.local_file.jm: Reading...
local_file.jeff: Refreshing state... [id=7658d663d255c6ba8bfe2c02bf7f82c93c4e6e1f]
data.local_file.jm: Read complete after 0s [id=ba267d9573972544fead709fd73ad6d7933783eb]
aws_vpc.jeff_tf_vpc: Refreshing state... [id=vpc-05181df479ebe9401]
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_vpc.jeff_tf_vpc will be created
+ resource "aws_vpc" "jeff_tf_vpc" {
+ arn = (known after apply)
+ cidr_block = "10.1.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.jeff_tf_vpc: Creating...
aws_vpc.jeff_tf_vpc: Creation complete after 1s [id=vpc-0dfa5c3028c268841]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
terraform apply - vpc output 설정
# create aws_vpc, it is different from aws_default_vpc
resource "aws_vpc" "jeff_tf_vpc" {
cidr_block = "10.1.0.0/16"
}
output "vpc_tf_vpc" {
value = aws_vpc.jeff_tf_vpc
}## 중략
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
vpc_tf_vpc = {
"arn" = "arn:aws:ec2:ap-northeast-2::vpc/vpc-0dfa5c3028c268841"
"assign_generated_ipv6_cidr_block" = false
"cidr_block" = "10.1.0.0/16"
"default_network_acl_id" = "acl-055457bec27452cf5"
"default_route_table_id" = "rtb-01afadbc3b10a5a55"
"default_security_group_id" = "sg-0fd1e38b7339c82e1"
"dhcp_options_id" = "dopt-9972c0f2"
"enable_classiclink" = false
"enable_classiclink_dns_support" = false
"enable_dns_hostnames" = false
"enable_dns_support" = true
"enable_network_address_usage_metrics" = false
"id" = "vpc-0dfa5c3028c268841"
"instance_tenancy" = "default"
"ipv4_ipam_pool_id" = tostring(null)
"ipv4_netmask_length" = tonumber(null)
"ipv6_association_id" = ""
"ipv6_cidr_block" = ""
"ipv6_cidr_block_network_border_group" = ""
"ipv6_ipam_pool_id" = ""
"ipv6_netmask_length" = 0
"main_route_table_id" = "rtb-01afadbc3b10a5a55"
"owner_id" = ""
"tags" = tomap({})
"tags_all" = tomap({})
}변경사항 반영하기 - tag (변경 가능한 객체)
terraform apply
- aws_vpc에 tags 추가 후 apply
# create aws_vpc, it is different from aws_default_vpc
resource "aws_vpc" "jeff_tf_vpc" {
cidr_block = "10.1.0.0/16"
tags = {
Name = "jeff_tf_vpc"
}
}
output "vpc_tf_vpc" {
value = aws_vpc.jeff_tf_vpc
}tf apply → yes - 실행 이전에 변경사항을 안내한다.
## 중략
Plan: 0 to add, 1 to change, 0 to destroy.
Changes to Outputs:
~ vpc_tf_vpc = {
id = "vpc-0dfa5c3028c268841"
~ tags = {
+ "Name" = "jeff_tf_vpc"
}
~ tags_all = {
+ "Name" = "jeff_tf_vpc"
}
# (22 unchanged elements hidden)
}
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.결과
Enter a value: yes
aws_vpc.jeff_tf_vpc: Modifying... [id=vpc-0dfa5c3028c268841]
aws_vpc.jeff_tf_vpc: Modifications complete after 1s [id=vpc-0dfa5c3028c268841]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
vpc_tf_vpc = {
"arn" = "arn:aws:ec2:ap-northeast-2::vpc/vpc-0dfa5c3028c268841"
"assign_generated_ipv6_cidr_block" = false
"cidr_block" = "10.1.0.0/16"
"default_network_acl_id" = "acl-055457bec27452cf5"
"default_route_table_id" = "rtb-01afadbc3b10a5a55"
"default_security_group_id" = "sg-0fd1e38b7339c82e1"
"dhcp_options_id" = "dopt-9972c0f2"
"enable_classiclink" = false
"enable_classiclink_dns_support" = false
"enable_dns_hostnames" = false
"enable_dns_support" = true
"enable_network_address_usage_metrics" = false
"id" = "vpc-0dfa5c3028c268841"
"instance_tenancy" = "default"
"ipv4_ipam_pool_id" = tostring(null)
"ipv4_netmask_length" = tonumber(null)
"ipv6_association_id" = ""
"ipv6_cidr_block" = ""
"ipv6_cidr_block_network_border_group" = ""
"ipv6_ipam_pool_id" = ""
"ipv6_netmask_length" = 0
"main_route_table_id" = "rtb-01afadbc3b10a5a55"
"owner_id" = ""
"tags" = tomap({
"Name" = "jeff_tf_vpc"
})
"tags_all" = tomap({
"Name" = "jeff_tf_vpc"
})
}변경사항 반영하기 - CIDR(변경 불가능한 객체)
- CIDR 값을 10.2.0.0/16 으로 변경
# create aws_vpc, it is different from aws_default_vpc
resource "aws_vpc" "jeff_tf_vpc" {
cidr_block = "10.2.0.0/16"
tags = {
Name = "jeff_tf_vpc"
}
}
output "vpc_tf_vpc" {
value = aws_vpc.jeff_tf_vpc
}terraform apply
jeff-terraform-1 ❯ terraform apply
data.local_file.jm: Reading...
local_file.jeff: Refreshing state... [id=7658d663d255c6ba8bfe2c02bf7f82c93c4e6e1f]
data.local_file.jm: Read complete after 0s [id=ba267d9573972544fead709fd73ad6d7933783eb]
aws_vpc.jeff_tf_vpc: Refreshing state... [id=vpc-0dfa5c3028c268841]
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# aws_vpc.jeff_tf_vpc must be replaced
-/+ resource "aws_vpc" "jeff_tf_vpc" {
~ arn = "arn:aws:ec2:ap-northeast-2::vpc/vpc-0dfa5c3028c268841" -> (known after apply)
- assign_generated_ipv6_cidr_block = false -> null
~ cidr_block = "10.1.0.0/16" -> "10.2.0.0/16" # forces replacement
~ default_network_acl_id = "acl-055457bec27452cf5" -> (known after apply)
~ default_route_table_id = "rtb-01afadbc3b10a5a55" -> (known after apply)
~ default_security_group_id = "sg-0fd1e38b7339c82e1" -> (known after apply)
~ dhcp_options_id = "dopt-9972c0f2" -> (known after apply)
~ enable_classiclink = false -> (known after apply)
~ enable_classiclink_dns_support = false -> (known after apply)
~ enable_dns_hostnames = false -> (known after apply)
~ enable_network_address_usage_metrics = false -> (known after apply)
~ id = "vpc-0dfa5c3028c268841" -> (known after apply)
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
- ipv6_netmask_length = 0 -> null
~ main_route_table_id = "rtb-01afadbc3b10a5a55" -> (known after apply)
~ owner_id = "" -> (known after apply)
tags = {
"Name" = "jeff_tf_vpc"
}
# (3 unchanged attributes hidden)
}
Plan: 1 to add, 0 to change, 1 to destroy.-
aws_vpc.jeff_tf_vpc must be replaced
- /+ resource "aws_vpc" "jeff_tf_vpc" {
- 삭제 후 새로운 리소스가 생성된다.
plan 내용을 확인하고 apply를 진행해한다.
- 변경이 가능한 리소스가 있고 replace가 되는 리소스가 있다
테라폼으로 vpc 리스트 가져오기 - Data Source
This resource can be useful for getting back a list of VPC Ids for a region.
example
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpcs
# This resource can be useful for getting back a list of VPC Ids for a region.
data "aws_vpcs" "get_vpc_list" {
# tags = {
# Name = "jeff_tf_vpc"
# }
}
output "get_vpc_list" {
value = data.aws_vpcs.get_vpc_list
}- Argument Reference
terraform apply
jeff-terraform-1 ❯ terraform apply
local_file.jeff: Refreshing state... [id=7658d663d255c6ba8bfe2c02bf7f82c93c4e6e1f]
data.local_file.jm: Reading...
data.local_file.jm: Read complete after 0s [id=ba267d9573972544fead709fd73ad6d7933783eb]
data.aws_vpcs.get_vpc_list: Reading...
aws_vpc.jeff_tf_vpc: Refreshing state... [id=vpc-0c3e71e88d7c3d1ae]
data.aws_vpcs.get_vpc_list: Read complete after 1s [id=ap-northeast-2]
Changes to Outputs:
+ get_vpc_list = {
+ filter = null
+ id = "ap-northeast-2"
+ ids = [
+ "vpc-0c3e71e88d7c3d1ae",
+ "vpc-0741d8ecd58197d0c",
]
+ tags = null
+ timeouts = null
}
You can apply this plan to save these new output values to the Terraform state, without changing any real
infrastructure.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yesterraform으로 생성한 리소스 삭제하기
terraform destory
- 해당 plan 내용을 검토한뒤 yes를 입력하면 terraform으로 만든 리소스를 삭제할 수 있다.
jeff-terraform-1 ❯ terraform destroy
data.local_file.jm: Reading...
local_file.jeff: Refreshing state... [id=7658d663d255c6ba8bfe2c02bf7f82c93c4e6e1f]
data.local_file.jm: Read complete after 0s [id=ba267d9573972544fead709fd73ad6d7933783eb]
data.aws_vpcs.get_vpc_list: Reading...
aws_vpc.jeff_tf_vpc: Refreshing state... [id=vpc-0c3e71e88d7c3d1ae]
data.aws_vpcs.get_vpc_list: Read complete after 0s [id=ap-northeast-2]
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_vpc.jeff_tf_vpc will be destroyed
- resource "aws_vpc" "jeff_tf_vpc" {
## 중략'IaC > Terraform' 카테고리의 다른 글
| [Terraform]테라폼 Input Variables 사용법 (0) | 2023.02.07 |
|---|---|
| [Terraform]AWS Provider로 Ubuntu AWS EC2 Instance 만들기 (0) | 2023.02.05 |
| [Terraform]테라폼 workspace 이해하기 (0) | 2023.02.04 |
| [Terraform]테라폼 기본 사용법 with local provider (0) | 2023.01.24 |
| [Terraform]Install Terraform on Mac M1 (0) | 2023.01.23 |
