Managing Applications and Infrastructure with Terraform-Deploying Infrastructure with Terraform-(2)Terraform for AWS-(7)Networking Part 2: Subnets, Security, and the Count Attribute
2018年10月04日
Edit the networking/main.tf file.
The length function determines the length of a given list, map, or string.
Edit the networking/variables.tf file.
ec2-user:~/environment/AWS/networking $ pwd
ec2-user:~/environment/AWS/networking $ terraform plan
References
length Function
Managing Applications and Infrastructure with Terraform-Deploying Infrastructure with Terraform
2. Terraform for AWS
7. Networking Part 2: Subnets, Security, and the Count Attribute
ec2-user:~/environment/AWS/networking $ terraform destroy
provider.aws.region
The region where AWS operations will take place. Examples
are us-east-1, us-west-2, etc.
Enter a value: us-west-2
data.aws_availability_zones.available: Refreshing state... [id=2020-10-09 07:45:04.65477995 +0000 UTC]
aws_vpc.tf_vpc: Refreshing state... [id=vpc-0c8aabd8c4d127866]
aws_internet_gateway.tf_internet_gateway: Refreshing state... [id=igw-01845da5ec1f7a223]
aws_default_route_table.tf_private_rt: Refreshing state... [id=rtb-0d18cf1858d8834f8]
aws_route_table.tf_public_rt: Refreshing state... [id=rtb-031128320e5c6035c]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_default_route_table.tf_private_rt will be destroyed
- resource "aws_default_route_table" "tf_private_rt" {
- default_route_table_id = "rtb-0d18cf1858d8834f8" -> null
- id = "rtb-0d18cf1858d8834f8" -> null
- owner_id = "124011853020" -> null
- propagating_vgws = [] -> null
- route = [] -> null
- tags = {
- "Name" = "tf_private"
} -> null
- vpc_id = "vpc-0c8aabd8c4d127866" -> null
}
# aws_internet_gateway.tf_internet_gateway will be destroyed
- resource "aws_internet_gateway" "tf_internet_gateway" {
- arn = "arn:aws:ec2:us-west-2:124011853020:internet-gateway/igw-01845da5ec1f7a223" -> null
- id = "igw-01845da5ec1f7a223" -> null
- owner_id = "124011853020" -> null
- tags = {
- "Name" = "tf_igw"
} -> null
- vpc_id = "vpc-0c8aabd8c4d127866" -> null
}
# aws_route_table.tf_public_rt will be destroyed
- resource "aws_route_table" "tf_public_rt" {
- id = "rtb-031128320e5c6035c" -> null
- owner_id = "124011853020" -> null
- propagating_vgws = [] -> null
- route = [
- {
- cidr_block = "0.0.0.0/0"
- egress_only_gateway_id = ""
- gateway_id = "igw-01845da5ec1f7a223"
- instance_id = ""
- ipv6_cidr_block = ""
- local_gateway_id = ""
- nat_gateway_id = ""
- network_interface_id = ""
- transit_gateway_id = ""
- vpc_peering_connection_id = ""
},
] -> null
- tags = {
- "Name" = "tf_public"
} -> null
- vpc_id = "vpc-0c8aabd8c4d127866" -> null
}
# aws_vpc.tf_vpc will be destroyed
- resource "aws_vpc" "tf_vpc" {
- arn = "arn:aws:ec2:us-west-2:124011853020:vpc/vpc-0c8aabd8c4d127866" -> null
- assign_generated_ipv6_cidr_block = false -> null
- cidr_block = "10.123.0.0/16" -> null
- default_network_acl_id = "acl-02e907d02d9940b26" -> null
- default_route_table_id = "rtb-0d18cf1858d8834f8" -> null
- default_security_group_id = "sg-05a08cc5d0be9ff08" -> null
- dhcp_options_id = "dopt-cc5342a9" -> null
- enable_classiclink = false -> null
- enable_classiclink_dns_support = false -> null
- enable_dns_hostnames = true -> null
- enable_dns_support = true -> null
- id = "vpc-0c8aabd8c4d127866" -> null
- instance_tenancy = "default" -> null
- main_route_table_id = "rtb-0d18cf1858d8834f8" -> null
- owner_id = "124011853020" -> null
- tags = {
- "Name" = "tf_vpc"
} -> null
}
Plan: 0 to add, 0 to change, 4 to destroy.
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
aws_route_table.tf_public_rt: Destroying... [id=rtb-031128320e5c6035c]
aws_default_route_table.tf_private_rt: Destroying... [id=rtb-0d18cf1858d8834f8]
aws_default_route_table.tf_private_rt: Destruction complete after 0s
aws_route_table.tf_public_rt: Destruction complete after 0s
aws_internet_gateway.tf_internet_gateway: Destroying... [id=igw-01845da5ec1f7a223]
aws_internet_gateway.tf_internet_gateway: Still destroying... [id=igw-01845da5ec1f7a223, 10s elapsed]
aws_internet_gateway.tf_internet_gateway: Destruction complete after 11s
aws_vpc.tf_vpc: Destroying... [id=vpc-0c8aabd8c4d127866]
aws_vpc.tf_vpc: Destruction complete after 0s
Destroy complete! Resources: 4 destroyed.
Edit the networking/main.tf file.
#---networking/main.tf
data "aws_availability_zones" "available" {}
resource "aws_vpc" "tf_vpc" {
cidr_block = var.vpc_cidr
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "tf_vpc"
}
}
resource "aws_internet_gateway" "tf_internet_gateway" {
vpc_id = aws_vpc.tf_vpc.id
tags = {
Name = "tf_igw"
}
}
resource "aws_route_table" "tf_public_rt" {
vpc_id = aws_vpc.tf_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.tf_internet_gateway.id
}
tags = {
Name = "tf_public"
}
}
resource "aws_default_route_table" "tf_private_rt" {
default_route_table_id = aws_vpc.tf_vpc.default_route_table_id
tags = {
Name = "tf_private"
}
}
resource "aws_subnet" "tf_public_subnet" {
count = 2
vpc_id = aws_vpc.tf_vpc.id
cidr_block = var.public_cidrs[count.index]
map_public_ip_on_launch = true
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
Name = "tf_public_${count.index + 1}"
}
}
resource "aws_route_table_association" "tf_public_assoc" {
count = length(aws_subnet.tf_public_subnet)
subnet_id = aws_subnet.tf_public_subnet.*.id[count.index]
route_table_id = aws_route_table.tf_public_rt.id
}
resource "aws_security_group" "tf_public_sg" {
name = "tf_public_sg"
description = "Used for access to the public instances"
vpc_id = aws_vpc.tf_vpc.id
#SSH
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.accessip]
}
#HTTP
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [var.accessip]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
In Terraform 0.13, to count the number, use length() function. In Terraform 0.11, to count the number, use syntax .The length function determines the length of a given list, map, or string.
Edit the networking/variables.tf file.
#---networking/variables.tf
variable "vpc_cidr" {
default = "10.123.0.0/16"
}
variable "public_cidrs" {
default = [
"10.123.1.0/24",
"10.123.2.0/24"
]
}
variable "accessip" {
default = "0.0.0.0/0"
}
ec2-user:~/environment/AWS/networking $ pwd
/home/ec2-user/environment/AWS/networking
ec2-user:~/environment/AWS/networking $ terraform plan
provider.aws.region
The region where AWS operations will take place. Examples
are us-east-1, us-west-2, etc.
Enter a value: us-west-2
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.aws_availability_zones.available: Refreshing state...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_default_route_table.tf_private_rt will be created
+ resource "aws_default_route_table" "tf_private_rt" {
+ default_route_table_id = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ route = (known after apply)
+ tags = {
+ "Name" = "tf_private"
}
+ vpc_id = (known after apply)
}
# aws_internet_gateway.tf_internet_gateway will be created
+ resource "aws_internet_gateway" "tf_internet_gateway" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tf_igw"
}
+ vpc_id = (known after apply)
}
# aws_route_table.tf_public_rt will be created
+ resource "aws_route_table" "tf_public_rt" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Name" = "tf_public"
}
+ vpc_id = (known after apply)
}
# aws_route_table_association.tf_public_assoc[0] will be created
+ resource "aws_route_table_association" "tf_public_assoc" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_route_table_association.tf_public_assoc[1] will be created
+ resource "aws_route_table_association" "tf_public_assoc" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_security_group.tf_public_sg will be created
+ resource "aws_security_group" "tf_public_sg" {
+ arn = (known after apply)
+ description = "Used for access to the public instances"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 80
},
]
+ name = "tf_public_sg"
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ vpc_id = (known after apply)
}
# aws_subnet.tf_public_subnet[0] will be created
+ resource "aws_subnet" "tf_public_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2a"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.123.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tf_public_1"
}
+ vpc_id = (known after apply)
}
# aws_subnet.tf_public_subnet[1] will be created
+ resource "aws_subnet" "tf_public_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = "us-west-2b"
+ availability_zone_id = (known after apply)
+ cidr_block = "10.123.2.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = true
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tf_public_2"
}
+ vpc_id = (known after apply)
}
# aws_vpc.tf_vpc will be created
+ resource "aws_vpc" "tf_vpc" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.123.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tf_vpc"
}
}
Plan: 9 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
References
length Function