AWS上DevOps实验(二)--- 使用Terraform创建VPC网络

阅读 143

2022-11-29

从本文档起,作者计划在AWS上做一系列DevOps/IaC相关实验,本文是第二篇,使用Terraform创建VPC网络。

本次实验架构图

2022-11-29-09-19-02-image.png

Terraform代码

执行主文件main.tf

#terraform code to deploy VPC in AWS
data "aws_availability_zones" "available" {
    state = "available"
}

resource "aws_vpc" "IacVPC" {
    cidr_block = "${var.vpc_cidr_block}"
    enable_dns_hostnames = true
    enable_dns_support = true

    tags = {
        Name = "${var.vpc_name}"
    }
}

resource "aws_subnet" "IacVPC_PublicSubnet1" {
    cidr_block = "${var.PublicSubnet1_cidr_block}"
    map_public_ip_on_launch = true
    vpc_id = aws_vpc.IacVPC.id
    availability_zone = data.aws_availability_zones.available.names[0]

    tags = {
        Name = "${var.vpc_name}-PublicSubnet1"
    }
}

resource "aws_subnet" "IacVPC_PublicSubnet2" {
    cidr_block = "${var.PublicSubnet2_cidr_block}"
    map_public_ip_on_launch = true
    vpc_id = aws_vpc.IacVPC.id
    availability_zone = data.aws_availability_zones.available.names[1]

    tags = {
        Name = "${var.vpc_name}-PublicSubnet2"
    }
}

resource "aws_subnet" "IacVPC_AppSubnet1" {
    cidr_block = "${var.AppSubnet1_cidr_block}"
    vpc_id = aws_vpc.IacVPC.id
    availability_zone = data.aws_availability_zones.available.names[0]

    tags = {
        Name = "${var.vpc_name}-AppSubnet1"
    }
}

resource "aws_subnet" "IacVPC_AppSubnet2" {
    cidr_block = "${var.AppSubnet2_cidr_block}"
    vpc_id = aws_vpc.IacVPC.id
    availability_zone = data.aws_availability_zones.available.names[1]

    tags = {
        Name = "${var.vpc_name}-AppSubnet2"
    }
}

resource "aws_subnet" "IacVPC_DBSubnet1" {
    cidr_block = "${var.DBSubnet1_cidr_block}"
    vpc_id = aws_vpc.IacVPC.id
    availability_zone = data.aws_availability_zones.available.names[0]

    tags = {
        Name = "${var.vpc_name}-DBSubnet1"
    }
}

resource "aws_subnet" "IacVPC_DBSubnet2" {
    cidr_block = "${var.DBSubnet2_cidr_block}"
    vpc_id = aws_vpc.IacVPC.id
    availability_zone = data.aws_availability_zones.available.names[1]

    tags = {
        Name = "${var.vpc_name}-DBSubnet2"
    }
}

resource "aws_internet_gateway" "IacIGW" {
    vpc_id = aws_vpc.IacVPC.id
}

resource "aws_route_table" "RouteTablePublic" {
    vpc_id = aws_vpc.IacVPC.id
    depends_on = [ aws_internet_gateway.IacIGW ]
    tags = {
        Name = "${var.vpc_name}-public-route-table"
    }
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = aws_internet_gateway.IacIGW.id
    }
}

resource "aws_route_table_association" "AssociationForRouteTablePublic0" {
    subnet_id = aws_subnet.IacVPC_PublicSubnet1.id
    route_table_id = aws_route_table.RouteTablePublic.id
}

resource "aws_route_table_association" "AssociationForRouteTablePublic1" {
    subnet_id = aws_subnet.IacVPC_PublicSubnet2.id
    route_table_id = aws_route_table.RouteTablePublic.id
}

resource "aws_eip" "EIPNAT1" {
    tags = {
        Name = "${var.vpc_name}-EIP-NAT1"
    }
}

resource "aws_eip" "EIPNAT2" {
    tags = {
        Name = "${var.vpc_name}-EIP-NAT2"
    }
}

resource "aws_nat_gateway" "NATGW1" {
    subnet_id = aws_subnet.IacVPC_PublicSubnet1.id
    connectivity_type = "public"
    allocation_id = aws_eip.EIPNAT1.id
    tags = {
        Name = "NATGW1"
    }
}

resource "aws_nat_gateway" "NATGW2" {
    subnet_id = aws_subnet.IacVPC_PublicSubnet2.id
    connectivity_type = "public"
    allocation_id = aws_eip.EIPNAT2.id
    tags = {
        Name = "NATGW2"
    }
}

resource "aws_route_table" "RouteTablePrivate1" {
    vpc_id = aws_vpc.IacVPC.id
    depends_on = [ aws_nat_gateway.NATGW1 ]
    tags = {
        Name = "${var.vpc_name}-private-route-table-1"
    }
    route {
        cidr_block = "0.0.0.0/0"
        nat_gateway_id = aws_nat_gateway.NATGW1.id
    }
}

resource "aws_route_table_association" "AssociationForRouteTablePrivate1a" {
    subnet_id = aws_subnet.IacVPC_AppSubnet1.id
    route_table_id = aws_route_table.RouteTablePrivate1.id
}

resource "aws_route_table_association" "AssociationForRouteTablePrivate1b" {
    subnet_id = aws_subnet.IacVPC_DBSubnet1.id
    route_table_id = aws_route_table.RouteTablePrivate1.id
}

resource "aws_route_table" "RouteTablePrivate2" {
    vpc_id = aws_vpc.IacVPC.id
    depends_on = [ aws_nat_gateway.NATGW2 ]
    tags = {
        Name = "${var.vpc_name}-private-route-table-2"
    }
    route {
        cidr_block = "0.0.0.0/0"
        nat_gateway_id = aws_nat_gateway.NATGW2.id
    }
}

resource "aws_route_table_association" "AssociationForRouteTablePrivate2a" {
    subnet_id = aws_subnet.IacVPC_AppSubnet2.id
    route_table_id = aws_route_table.RouteTablePrivate2.id
}

resource "aws_route_table_association" "AssociationForRouteTablePrivate2b" {
    subnet_id = aws_subnet.IacVPC_DBSubnet2.id
    route_table_id = aws_route_table.RouteTablePrivate2.id
}

声明参数variables.tf

#define variable for VPC deploy
variable "aws_region" {
	type      = string
}
variable "vpc_name" {
	type      = string
}

variable "vpc_cidr_block" {
	type      = string
}

variable "PublicSubnet1_cidr_block" {
	type      = string
}

variable "PublicSubnet2_cidr_block" {
	type      = string
}

variable "AppSubnet1_cidr_block" {
	type      = string
}

variable "AppSubnet2_cidr_block" {
	type      = string
}

variable "DBSubnet1_cidr_block" {
	type      = string
}

variable "DBSubnet2_cidr_block" {
	type      = string
}

参数文件vpc.tfvars

#Provide parameter
aws_region              =   "ap-northeast-1"
vpc_name                =   "MgtVPC"
vpc_cidr_block          =   "10.10.0.0/16"
PublicSubnet1_cidr_block=   "10.10.0.0/24"
PublicSubnet2_cidr_block=   "10.10.1.0/24"
AppSubnet1_cidr_block   =   "10.10.2.0/24"
AppSubnet2_cidr_block   =   "10.10.3.0/24"
DBSubnet1_cidr_block    =   "10.10.4.0/24"
DBSubnet2_cidr_block    =   "10.10.5.0/24"

Provider文件

#provider info
terraform {
    required_providers {
        aws = {
            source = "hashicorp/aws"
            version = "3.63.0"
        }
    }
    backend "s3" {
        bucket = "garyterraform"
        region = "ap-northeast-1"
        key = "aws/ec2/"
    }
}

provider "aws" {
    region = "${var.aws_region}"
}

output文件

#provide outputs of vpc
output "IacVPC" {
    description = "VPC ID"
    value = aws_vpc.IacVPC.id
}

output "PublicSubnet1" {
    description = "Public Subnet 1 ID"
    value = aws_subnet.IacVPC_PublicSubnet1.id
}

output "PublicSubnet2" {
    description = "Public Subnet 2 ID"
    value = aws_subnet.IacVPC_PublicSubnet2.id
}

output "AppSubnet1" {
    description = "App Subnet 1 ID"
    value = aws_subnet.IacVPC_AppSubnet1.id
}

output "AppSubnet2" {
    description = "App Subnet 2 ID"
    value = aws_subnet.IacVPC_AppSubnet2.id
}

output "DBSubnet1" {
    description = "DB Subnet 1 ID"
    value = aws_subnet.IacVPC_DBSubnet1.id
}

output "DBSubnet2" {
    description = "DB Subnet 2 ID"
    value = aws_subnet.IacVPC_DBSubnet2.id
}

执行Terraform代码

在文件所在目录,查看当前目录

$ ll
total 24
-rw-r--r-- 1 ec2-user ec2-user 4656 Nov 28 13:01 main.tf
-rw-r--r-- 1 ec2-user ec2-user  742 Nov 28 12:56 output.tf
-rw-rw-r-- 1 ec2-user ec2-user  324 Nov 28 12:55 provider.tf
-rw-r--r-- 1 ec2-user ec2-user  525 Nov 28 13:02 variables.tf
-rw-r--r-- 1 ec2-user ec2-user  402 Nov 28 13:03 vpc.tfvars

执行Terraform plan

本例中,使用的terraform虚拟机iam role profile具有账号adaministrator权限

terraform plan --var-file=vpc.tfvars

输出

......
Plan: 21 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + AppSubnet1    = (known after apply)
  + AppSubnet2    = (known after apply)
  + DBSubnet1     = (known after apply)
  + DBSubnet2     = (known after apply)
  + IacVPC        = (known after apply)
  + PublicSubnet1 = (known after apply)
  + PublicSubnet2 = (known after apply)

执行Terraform apply

terraform apply --var-file=vpc.tfvars

输出

Apply complete! Resources: 21 added, 0 changed, 0 destroyed.

Outputs:

AppSubnet1 = "subnet-07cc489a625fb14ce"
AppSubnet2 = "subnet-045dca9d5d99e3641"
DBSubnet1 = "subnet-0ce0b7460b3b5cb8e"
DBSubnet2 = "subnet-01bfbac75067cd391"
IacVPC = "vpc-0925de65bf92063c1"
PublicSubnet1 = "subnet-0dd8158c152d28833"
PublicSubnet2 = "subnet-0929a5584a44be731"

查看已创建VPC

在Portal上查看刚刚创建的VPC 2022-11-28-21-20-28-image.png

精彩评论(0)

0 0 举报