从本文档起,作者计划在AWS上做一系列DevOps/IaC相关实验,本文是第二篇,使用Terraform创建VPC网络。
本次实验架构图
Terraform代码
执行主文件main.tf
#terraform code to deploy VPC in AWS
data "aws_availability_zones" "available" {
state = "available"
}
resource "aws_vpc" "IacVPC" {
cidr_block = "${var.vpc_cidr_block}"
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "${var.vpc_name}"
}
}
resource "aws_subnet" "IacVPC_PublicSubnet1" {
cidr_block = "${var.PublicSubnet1_cidr_block}"
map_public_ip_on_launch = true
vpc_id = aws_vpc.IacVPC.id
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "${var.vpc_name}-PublicSubnet1"
}
}
resource "aws_subnet" "IacVPC_PublicSubnet2" {
cidr_block = "${var.PublicSubnet2_cidr_block}"
map_public_ip_on_launch = true
vpc_id = aws_vpc.IacVPC.id
availability_zone = data.aws_availability_zones.available.names[1]
tags = {
Name = "${var.vpc_name}-PublicSubnet2"
}
}
resource "aws_subnet" "IacVPC_AppSubnet1" {
cidr_block = "${var.AppSubnet1_cidr_block}"
vpc_id = aws_vpc.IacVPC.id
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "${var.vpc_name}-AppSubnet1"
}
}
resource "aws_subnet" "IacVPC_AppSubnet2" {
cidr_block = "${var.AppSubnet2_cidr_block}"
vpc_id = aws_vpc.IacVPC.id
availability_zone = data.aws_availability_zones.available.names[1]
tags = {
Name = "${var.vpc_name}-AppSubnet2"
}
}
resource "aws_subnet" "IacVPC_DBSubnet1" {
cidr_block = "${var.DBSubnet1_cidr_block}"
vpc_id = aws_vpc.IacVPC.id
availability_zone = data.aws_availability_zones.available.names[0]
tags = {
Name = "${var.vpc_name}-DBSubnet1"
}
}
resource "aws_subnet" "IacVPC_DBSubnet2" {
cidr_block = "${var.DBSubnet2_cidr_block}"
vpc_id = aws_vpc.IacVPC.id
availability_zone = data.aws_availability_zones.available.names[1]
tags = {
Name = "${var.vpc_name}-DBSubnet2"
}
}
resource "aws_internet_gateway" "IacIGW" {
vpc_id = aws_vpc.IacVPC.id
}
resource "aws_route_table" "RouteTablePublic" {
vpc_id = aws_vpc.IacVPC.id
depends_on = [ aws_internet_gateway.IacIGW ]
tags = {
Name = "${var.vpc_name}-public-route-table"
}
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.IacIGW.id
}
}
resource "aws_route_table_association" "AssociationForRouteTablePublic0" {
subnet_id = aws_subnet.IacVPC_PublicSubnet1.id
route_table_id = aws_route_table.RouteTablePublic.id
}
resource "aws_route_table_association" "AssociationForRouteTablePublic1" {
subnet_id = aws_subnet.IacVPC_PublicSubnet2.id
route_table_id = aws_route_table.RouteTablePublic.id
}
resource "aws_eip" "EIPNAT1" {
tags = {
Name = "${var.vpc_name}-EIP-NAT1"
}
}
resource "aws_eip" "EIPNAT2" {
tags = {
Name = "${var.vpc_name}-EIP-NAT2"
}
}
resource "aws_nat_gateway" "NATGW1" {
subnet_id = aws_subnet.IacVPC_PublicSubnet1.id
connectivity_type = "public"
allocation_id = aws_eip.EIPNAT1.id
tags = {
Name = "NATGW1"
}
}
resource "aws_nat_gateway" "NATGW2" {
subnet_id = aws_subnet.IacVPC_PublicSubnet2.id
connectivity_type = "public"
allocation_id = aws_eip.EIPNAT2.id
tags = {
Name = "NATGW2"
}
}
resource "aws_route_table" "RouteTablePrivate1" {
vpc_id = aws_vpc.IacVPC.id
depends_on = [ aws_nat_gateway.NATGW1 ]
tags = {
Name = "${var.vpc_name}-private-route-table-1"
}
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.NATGW1.id
}
}
resource "aws_route_table_association" "AssociationForRouteTablePrivate1a" {
subnet_id = aws_subnet.IacVPC_AppSubnet1.id
route_table_id = aws_route_table.RouteTablePrivate1.id
}
resource "aws_route_table_association" "AssociationForRouteTablePrivate1b" {
subnet_id = aws_subnet.IacVPC_DBSubnet1.id
route_table_id = aws_route_table.RouteTablePrivate1.id
}
resource "aws_route_table" "RouteTablePrivate2" {
vpc_id = aws_vpc.IacVPC.id
depends_on = [ aws_nat_gateway.NATGW2 ]
tags = {
Name = "${var.vpc_name}-private-route-table-2"
}
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.NATGW2.id
}
}
resource "aws_route_table_association" "AssociationForRouteTablePrivate2a" {
subnet_id = aws_subnet.IacVPC_AppSubnet2.id
route_table_id = aws_route_table.RouteTablePrivate2.id
}
resource "aws_route_table_association" "AssociationForRouteTablePrivate2b" {
subnet_id = aws_subnet.IacVPC_DBSubnet2.id
route_table_id = aws_route_table.RouteTablePrivate2.id
}
声明参数variables.tf
#define variable for VPC deploy
variable "aws_region" {
type = string
}
variable "vpc_name" {
type = string
}
variable "vpc_cidr_block" {
type = string
}
variable "PublicSubnet1_cidr_block" {
type = string
}
variable "PublicSubnet2_cidr_block" {
type = string
}
variable "AppSubnet1_cidr_block" {
type = string
}
variable "AppSubnet2_cidr_block" {
type = string
}
variable "DBSubnet1_cidr_block" {
type = string
}
variable "DBSubnet2_cidr_block" {
type = string
}
参数文件vpc.tfvars
#Provide parameter
aws_region = "ap-northeast-1"
vpc_name = "MgtVPC"
vpc_cidr_block = "10.10.0.0/16"
PublicSubnet1_cidr_block= "10.10.0.0/24"
PublicSubnet2_cidr_block= "10.10.1.0/24"
AppSubnet1_cidr_block = "10.10.2.0/24"
AppSubnet2_cidr_block = "10.10.3.0/24"
DBSubnet1_cidr_block = "10.10.4.0/24"
DBSubnet2_cidr_block = "10.10.5.0/24"
Provider文件
#provider info
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "3.63.0"
}
}
backend "s3" {
bucket = "garyterraform"
region = "ap-northeast-1"
key = "aws/ec2/"
}
}
provider "aws" {
region = "${var.aws_region}"
}
output文件
#provide outputs of vpc
output "IacVPC" {
description = "VPC ID"
value = aws_vpc.IacVPC.id
}
output "PublicSubnet1" {
description = "Public Subnet 1 ID"
value = aws_subnet.IacVPC_PublicSubnet1.id
}
output "PublicSubnet2" {
description = "Public Subnet 2 ID"
value = aws_subnet.IacVPC_PublicSubnet2.id
}
output "AppSubnet1" {
description = "App Subnet 1 ID"
value = aws_subnet.IacVPC_AppSubnet1.id
}
output "AppSubnet2" {
description = "App Subnet 2 ID"
value = aws_subnet.IacVPC_AppSubnet2.id
}
output "DBSubnet1" {
description = "DB Subnet 1 ID"
value = aws_subnet.IacVPC_DBSubnet1.id
}
output "DBSubnet2" {
description = "DB Subnet 2 ID"
value = aws_subnet.IacVPC_DBSubnet2.id
}
执行Terraform代码
在文件所在目录,查看当前目录
$ ll
total 24
-rw-r--r-- 1 ec2-user ec2-user 4656 Nov 28 13:01 main.tf
-rw-r--r-- 1 ec2-user ec2-user 742 Nov 28 12:56 output.tf
-rw-rw-r-- 1 ec2-user ec2-user 324 Nov 28 12:55 provider.tf
-rw-r--r-- 1 ec2-user ec2-user 525 Nov 28 13:02 variables.tf
-rw-r--r-- 1 ec2-user ec2-user 402 Nov 28 13:03 vpc.tfvars
执行Terraform plan
本例中,使用的terraform虚拟机iam role profile具有账号adaministrator权限
terraform plan --var-file=vpc.tfvars
输出
......
Plan: 21 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ AppSubnet1 = (known after apply)
+ AppSubnet2 = (known after apply)
+ DBSubnet1 = (known after apply)
+ DBSubnet2 = (known after apply)
+ IacVPC = (known after apply)
+ PublicSubnet1 = (known after apply)
+ PublicSubnet2 = (known after apply)
执行Terraform apply
terraform apply --var-file=vpc.tfvars
输出
Apply complete! Resources: 21 added, 0 changed, 0 destroyed.
Outputs:
AppSubnet1 = "subnet-01e96ccdab7b2e2e7"
AppSubnet2 = "subnet-05d841f673daae267"
DBSubnet1 = "subnet-09b317d4a434c9280"
DBSubnet2 = "subnet-0e39f2931e4584c72"
IacVPC = "vpc-0a0fb689ae6bd9b1f"
PublicSubnet1 = "subnet-01a52216ad2f07289"
PublicSubnet2 = "subnet-082e33fdc87b04caf"
查看已创建VPC
在Portal上查看刚刚创建的VPC
