下载项目的基础文件:
https://pingfan.s3.amazonaws.com/files/terraform-init-folder.zip
unzip terraform-init-folder.zip & rm terraform-init-folder.zip
以下文件已经创建好:
main.tfoutputs.tfproviders.tfvariables.tfuserdata 目录包括了启动wordpress应用的初始化脚本编辑 variables.tf ,内容更新为:
variable "az_num" {
type = number
default = 2
}
variable "namespace" {
type = string
default = "terraform-workshop"
}
variable "vpc_cidr_block" {
type = string
default = "10.0.0.0/16"
}
编辑 providers.tf ,内容更新为:
# This is where to configure providers
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.0"
}
}
}
provider "aws" {
region = "us-west-2" # 指定区域为us-west-2
default_tags {
tags = {
Management = "Terraform"
}
}
}
编辑 main.tf ,更新为:
locals {
vpc = {
azs = ["us-west-2a", "us-west-2b"] # 固定使用这两个可用区
cidr_block = var.vpc_cidr_block # VPC的CIDR块配置
}
rds = {
engine = "mysql" # 数据库引擎类型
engine_version = "8.0.40" # MySQL版本
instance_class = "db.t3.micro" # RDS实例类型
db_name = "mydb" # 数据库名称
username = "dbuser123" # 数据库用户名
}
vm = {
instance_type = "m5.large" # EC2实例类型
instance_requirements = {
memory_mib = {
min = 8192 # 最小内存要求(MiB)
}
vcpu_count = {
min = 2 # 最小vCPU数量
}
instance_generations = ["current"] # 使用当前代实例
}
}
demo = {
admin = {
username = "wpadmin" # WordPress管理员用户名
password = "wppassword" # WordPress管理员密码
email = "admin@demo.com" # WordPress管理员邮箱
}
}
}
# 基础数据查询
data "aws_region" "current" {} # 获取当前区域
data "aws_availability_zones" "available" {
state = "available"
filter {
name = "zone-name"
values = ["us-west-2a", "us-west-2b"] # 只使用这两个可用区
}
filter {
name = "opt-in-status"
values = ["opt-in-not-required"] # 只使用不需要选择加入的可用区
}
}
data "aws_ami" "linux" { # 获取特定的Linux Amazon机器镜像(AMI)
owners = ["amazon"]
most_recent = true
name_regex = "^al2023-ami-2023\\..*"
filter {
name = "architecture"
values = ["x86_64"] # 指定x86_64架构
}
}
# IAM(身份和访问管理)
data "aws_iam_policy" "administrator" { # 获取管理员访问策略
name = "AdministratorAccess"
}
data "aws_iam_policy" "ssm_managed" { # 获取AWS Systems Manager管理的实例核心策略
name = "AmazonSSMManagedInstanceCore"
}
data "aws_iam_policy" "database" { # 获取RDS数据库完全访问权限策略
name = "AmazonRDSDataFullAccess"
}
data "aws_iam_policy" "s3_ReadOnly" { # 获取S3只读访问策略
name = "AmazonS3ReadOnlyAccess"
}
data "aws_iam_policy_document" "assume_role" { # 生成允许EC2承担角色的IAM策略文档
statement {
effect = "Allow"
principals {
type = "Service"
identifiers = ["ec2.amazonaws.com"] # 指定EC2服务可以使用此角色
}
actions = ["sts:AssumeRole"] # 允许承担角色的操作
}
}
此main.tf文件的更新首先创建定义VPC可用性区域和CIDR块值、RDS实例值、EC2实例类型和Wordpress管理员用户凭据的本地变量。接下来,该文件定义了数据源,用于查找给定AWS环境的定义,如当前区域、可用性区域列表、IAM策略的ARN等,这些将用于创建AWS资源。
engine_version = “8.0.40” # MySQL版本 注意这一行,如果后面在创建RDS时遇到错误,要检查这个版本是否已经过期
接下来我们将进行具体资源的创建