查询可用区数据源, 分别启动 EC2
知识点
官网
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/availability_zones
实战演习/说明讲解
- 建立可用区数据源
- 在 EC2 资源描述中应用可用区数据源
- 运行模版确认动作
操作步骤
目录结构
| Bash |
|---|
| .
├── ec2-aws_ami.tf
├── ec2-sg.tf
├── ec2-variables.tf
├── ec2-aws_availability_zones.tf
├── ec2.tf
├── main.tf
└── ec2-outputs.tf
|
编写 EC2 AMI 数据源文件, 始终保持使用最新的 AMI
ec2-aws_ami.tf
| Terraform |
|---|
| data "aws_ami" "myami" {
# 最新使用
most_recent = true
# amazon官方认证
owners = ["amazon"]
# 镜像文件名称过滤
filter {
name = "name"
values = ["amzn-ami-hvm-*-x86_64-gp2"]
}
# 根设备过滤条件
filter {
name = "root-device-type"
values = ["ebs"]
}
}
|
编写安全组定义文件
ec2-sg.tf
| Terraform |
|---|
| # Create Security Group
resource "aws_security_group" "learnaws-sg-web-ssh" {
# 安全组的名称
name = "learnaws-sg-web-ssh"
description = "Web and SSH"
# 安全组的入口描述
ingress {
description = "Allow Port 80"
from_port = 80
to_port = 80
protocol = "tcp"
# 允许范围,这里是所有ip都可访问
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow Port 443"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow Port 22"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
# cidr_blocks = ["12.15.55.32/32"]
}
# 安全组的出口描述
egress {
description = "Allow all ip and ports outbound"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "learnaws-sg-web-ssh"
}
}
|
定义 EC2 启动环境映射
ec2-variables.tf
| Terraform |
|---|
| # AWS Region
variable "aws_region" {
description = "AWS Region"
type = string
default = "ap-northeast-1"
}
# AWS EC2 Instance Env
variable "instance_type_env" {
description = "EC2 Instnace Type Env"
type = map(string)
default = {
"dev" = "t2.micro"
"prod" = "t2.large"
}
}
|
建立可用区数据源
ec2-aws_availability_zones.tf
| Terraform |
|---|
| # 取得已启用的可用区资源
data "aws_availability_zones" "learnaws_azones" {
filter {
# 区域状态
name = "opt-in-status"
# opt-in-not-required: 已启用区域
# not-opted-in: 未启用区域
# opted-in: 启用选择加入的区域
values = ["opt-in-not-required"]
}
}
|
管理 AWS 区域 - 参照网页
https://docs.aws.amazon.com/zh_cn/general/latest/gr/rande-manage.html
| Bash |
|---|
| # 可以使用aws cli命令,查询当前的账号已经启用了哪些区域和未启用哪些区域
$ aws ec2 describe-regions \
--all-regions \
--query "Regions[].[RegionName, OptInStatus]" \
--output table \
--profile learnaws \
--region ap-northeast-1
|
在 EC2 资源描述中应用可用区数据源
ec2.tf
| Terraform |
|---|
| ###########################################################
# EC2 资源设置
resource "aws_instance" "myweb_server2" {
ami = data.aws_ami.myami.id
instance_type = var.instance_type_env["dev"]
vpc_security_group_ids = [aws_security_group.learnaws-sg-web-ssh.id]
# 循环可用区数据源。这样会启动3台EC2,因为有3个可用区,如下ec2-outputs.tf文件所示
for_each = toset(data.aws_availability_zones.learnaws_azones.names)
# 取得数据源赋予可用区属性
availability_zone = each.key
tags = {
# 赋予 tagName 标签
"Name" = "learnaws-tf-ec2-${each.key}"
}
}
|
for_each语法参考文档
https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#basic-syntax
编写 TF 项目描述文件
main.tf
| Terraform |
|---|
| ###########################################################
# Terraform 基本设置
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.71"
}
}
required_version = ">= 1.1.3"
}
###########################################################
# 提供商设置(云平台)
provider "aws" {
profile = "learnaws"
region = var.aws_region
}
|
修改 Outputs 输出定义(由于生成多台EC2)
ec2-outputs.tf
| Terraform |
|---|
| output "learnaws_azones" {
# 输出可用区一览
value = data.aws_availability_zones.learnaws_azones.names
}
# 最后输出的样式如下:
# learnaws_azones = [
# "ap-northeast-1a",
# "ap-northeast-1c",
# "ap-northeast-1d",
# ]
# 增加4个资源: 3台EC2、1个安全组
# Plan: 4 to add, 0 to change, 0 to destroy.
|
EC2资源属性参照
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance
运行模版确认动作
| Bash |
|---|
| # 目录初始化
$ terraform init
# 检验 tf 文件
$ terraform validate
# 实施计划, 准备资源
$ terraform plan
# 应用部署
$ terraform apply
$ terraform apply -auto-approve
# 摧毁系统
$ terraform destroy
$ terraform destroy -auto-approve
|
最终会发现分别在“ap-northeast-1a”、“ap-northeast-1c”、“ap-northeast-1d”可用区中增加1台EC2
最后更新:
February 17, 2023
创建日期:
February 17, 2023