provider "aws" {
region = "ap-southeast-2" #区域设置
access_key = "*********" #aws 密钥设置
secret_key = "****************" #aws 密钥设置
}
#1. Create vpc 创建vpc
resource "aws_vpc" "prod-vpc" {
cidr_block = "10.0.0.0/16" #划分子网段
instance_tenancy = "default"
tags = {
Name = "prod"
}
}
#2. Create Internet Gateway 创建互联网关
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.prod-vpc.id #参照第7行的命名修改
}
#3. Create Custom Route Table 创建路由表
resource "aws_route_table" "prod-route-table" {
vpc_id = aws_vpc.prod-vpc.id #参照第7行修改
route {
cidr_block = "0.0.0.0/0" #0.0.0.0/0 默认就是允许所欲流量出去
gateway_id = aws_internet_gateway.gw.id #参照第17行的命名修改
}
route {
ipv6_cidr_block = "::/0"
gateway_id = aws_internet_gateway.gw.id #参照第17行的命名修改
}
tags = {
Name = "Prod"
}
}
#4 Create a Subnet 创建子网
resource "aws_subnet" "subnet-2" {
vpc_id = aws_vpc.prod-vpc.id #参照第7行修改
cidr_block = "10.0.1.0/24" #划分子网
availability_zone = "ap-southeast-2a" #创建可用区
tags = {
Name = "prod-subnet"
}
}
# 5.Associste subnet with Route Table 创建路由表
resource "aws_route_table_association" "a" {
subnet_id = aws_subnet.subnet-2.id
route_table_id = aws_route_table.prod-route-table.id
}
# 6. Create Security Group to allow port 22,80,443 创建安全组放行端口
resource "aws_security_group" "allow_web" {
name = "allow_web"
description = "Allow web inbound traffic"
vpc_id = aws_vpc.prod-vpc.id #参照第7行修改
ingress {
description = "HTTPS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "SSH from VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_web"
}
}
# 7. Create a network interface with an ip in the subnet that was created in step 4 指定一个私有ip给创建的ec2
resource "aws_network_interface" "web-server-nic" {
subnet_id = aws_subnet.subnet-2.id
private_ips = ["10.0.1.50"]
security_groups = [aws_security_group.allow_web.id]
}
# 8.Assign an elastic IP to the network interface created in step 7 创建一个弹性ip给ec2使用
resource "aws_eip" "one" {
vpc = true
network_interface = aws_network_interface.web-server-nic.id #根据95行的配置文件进行修改
depends_on = [aws_internet_gateway.gw]
}
# 9.Create Ubuntu server and install/enable apache2
resource "aws_instance" "web-server-instance" {
ami = "ami-0090896adbdee58f0" #指定镜像id,需要指定不需要aws 镜像市场关联的镜像。
instance_type = "t2.micro" #指定实例类型
availability_zone = "ap-southeast-2a" #指定可用区
key_name = "qland" #指定key的名称
network_interface {
device_index = 0
network_interface_id = aws_network_interface.web-server-nic.id
}
#这里指定服务器需要运行哪些命令,可以在创建后运行
user_data = <<-EOF
#!/bin/bash
sudo apt update -y
sudo apt install apache2 -y
sudo systemctl start apache2
sudo bash -c 'echo your very first web server > /var/www/html/index.html'
EOF
tags = {
Name = "web-server"
}
}
output "server_private_ip" { #输出ec2的私有IP地址
value = aws_instance.web-server-instance.private_ip
}
output "server_id" { #输出ec2的服务器id
value = aws_instance.web-server-instance.id
}
output "server_public_ip" {
value = aws_eip.one.public_ip
description = "This is web-server's public ip"
}
1.terraform mac电脑的安装
a.先安装homebrew
执行命令:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
会自行安装这个工具
b.安装terraform
执行命令:
brew install terraform
自动安装这个工具
查看版本:
terraform -v
2.加到terraform 环境中
先创建好项目目录,然后执行terraform init来加入到terraform 的环境中
3.上面脚本说明:
上面的脚本会自动创建好vpc,互联网网关,安全组,路由表,并制定私有IP地址,自动获取一个弹性ip附加到实例上。指定镜像id,登陆密钥,运行部分linux命令,然后开启22,443,80端口,机器创建好后,80端口可以开放apache2,提供访问。
评论区