クラウドのリソースで似たものをたくさん作る機会があってその時は温かみのある手作業で対応したんだけど、どう考えてもコード化した方が良かったので、Terraformの使い方についてAWSでVPCからEC2作成までお試し入門してみた。
- お題
- Terraform CLIツールのインストール
- 作業用ディレクトリ作成
- アカウント設定
- VPCの確認と、お試しの作成/削除
- サブネット
- インターネットゲートウェイ
- ルートテーブルの作成
- DNSホスト名の有効化
- セキュリティグループ
- EC2インスタンスの作成
お題
2年前に演習的に作成したリンク先の環境をそっくりTerraformで作ってみる。
2021.04.17追記: 本記事はv0.12の内容。v0.15での確認は以下参照。
Terraform CLIツールのインストール
こちらから。
プラットフォームにあったバイナリをダウンロードする。
今回はローカルのCentOS7で実行したいので、Linux 64bitをダウンロード。
なんでzipなんだ。
[zaki@manager-dev terraform]$ curl -LO https://releases.hashicorp.com/terraform/0.12.26/terraform_0.12.26_linux_amd64.zip [zaki@manager-dev terraform]$ ls -l 合計 16444 -rw-rw-r--. 1 zaki zaki 16838433 6月 18 20:04 terraform_0.12.26_linux_amd64.zip [zaki@manager-dev terraform]$ [zaki@manager-dev terraform]$ sudo unzip terraform_0.12.26_linux_amd64.zip -d /usr/local/bin/ Archive: terraform_0.12.26_linux_amd64.zip inflating: /usr/local/bin/terraform [zaki@manager-dev terraform]$ which terraform /usr/local/bin/terraform [zaki@manager-dev terraform]$ terraform --version Terraform v0.12.26
作業用ディレクトリ作成
今回は~/terraform/aws/practice/
を作業場所とした。
アカウント設定
Provider: AWS - Terraform by HashiCorp
AWSの場合はTerraform用にIAMユーザを作成し、そのアクセスキー・シークレットキーを設定する。
ドキュメントをざっと見た感じだと、環境変数に設定するのが楽そう。
$ export AWS_ACCESS_KEY_ID=<アクセスキー> $ export AWS_SECRET_ACCESS_KEY=<シークレットキー>
IAMユーザーについてはこの辺参照
provider設定
環境変数の認証情報と、aws
プロバイダを作成する。(ファイル名:provider.tf
)
provider "aws" { version = "~> 2.8" region = "ap-northeast-1" }
ちなみにversion
は~> 3.0
だとエラーになった。
terraform init
初期化する。
[zaki@manager-dev practice]$ terraform init Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "aws" (hashicorp/aws) 2.66.0... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. [zaki@manager-dev practice]$
実行するとワークディレクトリに.terraform/
というディレクトリが作成される。
VPCの確認と、お試しの作成/削除
AWS: aws_vpc - Terraform by HashiCorp
aws_vpcのリソースを作成する。(ファイル名:vpc.tf
)
resource "aws_vpc" "practice" { cidr_block = "172.26.0.0/16" tags = { Name = "vpc-aws-study-example" } }
まずはこれだけ。
現在のファイルリスト
[zaki@manager-dev practice]$ ls env.source provider.tf vpc.tf
現在の状態でdry runしてみる
dry runするにはterraform plan
を実行する。
[zaki@manager-dev practice]$ ls env.source provider.tf vpc.tf [zaki@manager-dev practice]$ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_vpc.practice will be created + resource "aws_vpc" "practice" { + arn = (known after apply) + assign_generated_ipv6_cidr_block = false + cidr_block = "172.26.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_classiclink = (known after apply) + enable_classiclink_dns_support = (known after apply) + enable_dns_hostnames = (known after apply) + enable_dns_support = true + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "vpc-aws-study-example" } } Plan: 1 to add, 0 to change, 0 to destroy. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. [zaki@manager-dev practice]$
ここで1項目がadd
されることが分かる。
内訳は、+
で始まってる行の内容でリソースが作成される。
問題無ければ実際に実行する。
ちなみに作成前のwebコンソールで確認したVPCの状態
作成する
plan
で問題無ければ、apply
で実際に実行する。
途中、本当に続けてよいか確認されるので、Enter a value:
のプロンプトにyes
と入力する。
[zaki@manager-dev practice]$ terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_vpc.practice will be created + resource "aws_vpc" "practice" { + arn = (known after apply) + assign_generated_ipv6_cidr_block = false + cidr_block = "172.26.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_classiclink = (known after apply) + enable_classiclink_dns_support = (known after apply) + enable_dns_hostnames = (known after apply) + enable_dns_support = true + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "vpc-aws-study-example" } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_vpc.practice: Creating... aws_vpc.practice: Creation complete after 2s [id=vpc-0e20495abd5b061ab] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. [zaki@manager-dev practice]$
無事にリソースが作成されました。
webコンソールで確認しても、新しくリソースが増えているのがわかる。
削除する
apply
で作成されるのに対して、destroy
で削除できる。
Ansibleのpresent
とabsent
みたいな感じ。(想像)
destroy
もapply
と同様に、実行確認があるのでyes
を入力する。
[zaki@manager-dev practice]$ terraform destroy aws_vpc.practice: Refreshing state... [id=vpc-0e20495abd5b061ab] An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # aws_vpc.practice will be destroyed - resource "aws_vpc" "practice" { - arn = "arn:aws:ec2:ap-northeast-1:598843273716:vpc/vpc-0e20495abd5b061ab" -> null - assign_generated_ipv6_cidr_block = false -> null - cidr_block = "172.26.0.0/16" -> null - default_network_acl_id = "acl-00bc2105ce335b96f" -> null - default_route_table_id = "rtb-0a3364506150a424a" -> null - default_security_group_id = "sg-064e86a502ab17dd0" -> null - dhcp_options_id = "dopt-102d5e77" -> null - enable_classiclink = false -> null - enable_classiclink_dns_support = false -> null - enable_dns_hostnames = false -> null - enable_dns_support = true -> null - id = "vpc-0e20495abd5b061ab" -> null - instance_tenancy = "default" -> null - main_route_table_id = "rtb-0a3364506150a424a" -> null - owner_id = "598843273716" -> null - tags = { - "Name" = "vpc-aws-study-example" } -> null } Plan: 0 to add, 0 to change, 1 to destroy. Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes aws_vpc.practice: Destroying... [id=vpc-0e20495abd5b061ab] aws_vpc.practice: Destruction complete after 0s Destroy complete! Resources: 1 destroyed. [zaki@manager-dev practice]$
消えました。
webコンソールでもこの通り。
サブネット
AWS: aws_subnet - Terraform by HashiCorp
VPCの作成がわかったのでサブネットを作る。(ファイル名:subnet.tf
)
resource "aws_subnet" "prac_public" { vpc_id = "${aws_vpc.practice.id}" cidr_block = "172.26.10.0/24" availability_zone = "ap-northeast-1a" tags = { Name = "public-subnet-aws-study" } }
まず1個分作成したplan
してみる。
[zaki@manager-dev practice]$ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_subnet.prac_public will be created + resource "aws_subnet" "prac_public" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ap-northeast-1a" + availability_zone_id = (known after apply) + cidr_block = "172.26.10.0/24" + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + map_public_ip_on_launch = false + owner_id = (known after apply) + tags = { + "Name" = "public-subnet-aws-study" } + vpc_id = (known after apply) } # aws_vpc.practice will be created + resource "aws_vpc" "practice" { + arn = (known after apply) + assign_generated_ipv6_cidr_block = false + cidr_block = "172.26.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_classiclink = (known after apply) + enable_classiclink_dns_support = (known after apply) + enable_dns_hostnames = (known after apply) + enable_dns_support = true + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "vpc-aws-study-example" } } Plan: 2 to add, 0 to change, 0 to destroy. Warning: Interpolation-only expressions are deprecated on subnet.tf line 2, in resource "aws_subnet" "prac_public": 2: vpc_id = "${aws_vpc.practice.id}" Terraform 0.11 and earlier required all non-constant expressions to be provided via interpolation syntax, but this pattern is now deprecated. To silence this warning, remove the "${ sequence from the start and the }" sequence from the end of this expression, leaving just the inner expression. Template interpolation syntax is still used to construct strings from expressions when the template includes multiple interpolation sequences or a mixture of literal strings and interpolations. This deprecation applies only to templates that consist entirely of a single interpolation sequence. ------------------------------------------------------------------------ Note: You didn't specify an "-out" parameter to save this plan, so Terraform can't guarantee that exactly these actions will be performed if "terraform apply" is subsequently run. [zaki@manager-dev practice]$
なんか警告がわらわら出てる。
ドキュメントの通りに記述はしてるんだけど、警告メッセージを見る限り、変数参照は${ ... }
の書式は不要で、そのまま書けば良いっぽい。
resource "aws_subnet" "prac_public" { vpc_id = aws_vpc.practice.id cidr_block = "172.26.10.0/24" availability_zone = "ap-northeast-1a" tags = { Name = "public-subnet-aws-study" } }
というわけで、こんな感じ。
plan
を実行してもwarningは出ない。
念のためapply
して確認。
[zaki@manager-dev practice]$ terraform apply An execution plan has been generated and is shown below. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_subnet.prac_public will be created + resource "aws_subnet" "prac_public" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "ap-northeast-1a" + availability_zone_id = (known after apply) + cidr_block = "172.26.10.0/24" + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + map_public_ip_on_launch = false + owner_id = (known after apply) + tags = { + "Name" = "public-subnet-aws-study" } + vpc_id = (known after apply) } # aws_vpc.practice will be created + resource "aws_vpc" "practice" { + arn = (known after apply) + assign_generated_ipv6_cidr_block = false + cidr_block = "172.26.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_classiclink = (known after apply) + enable_classiclink_dns_support = (known after apply) + enable_dns_hostnames = (known after apply) + enable_dns_support = true + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "vpc-aws-study-example" } } Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_vpc.practice: Creating... aws_vpc.practice: Creation complete after 3s [id=vpc-08b35b5c9c25f0101] aws_subnet.prac_public: Creating... aws_subnet.prac_public: Creation complete after 2s [id=subnet-09dc730a1cc4d10f6] Apply complete! Resources: 2 added, 0 changed, 0 destroyed. [zaki@manager-dev practice]$
問題無い。
(作成が確認できたので、また削除しておく) <- Ansibleと同じように冪等性があるので消さなくてもよかった。
同じ要領で、3つのサブネットの定義を記述する。
resource "aws_subnet" "prac_public" { vpc_id = aws_vpc.practice.id cidr_block = "172.26.10.0/24" availability_zone = "ap-northeast-1a" tags = { Name = "public-subnet-aws-study" } } resource "aws_subnet" "prac_priv1" { vpc_id = aws_vpc.practice.id cidr_block = "172.26.20.0/24" availability_zone = "ap-northeast-1a" tags = { Name = "private1-subnet-aws-study" } } resource "aws_subnet" "prac_priv2" { vpc_id = aws_vpc.practice.id cidr_block = "172.26.30.0/24" availability_zone = "ap-northeast-1c" tags = { Name = "private2-subnet-aws-study" } }
インターネットゲートウェイ
AWS: aws_internet_gateway - Terraform by HashiCorp
どんどんいくよー。(ファイル名:igw.tf
)
resource "aws_internet_gateway" "gw" { vpc_id = aws_vpc.practice.id tags = { Name = "igw-aws-study" } }
あれ?アタッチの設定がないね。
正解がほんとわかんないんだけど、ここまでの状態で試しにapply
してみると、勝手にアタッチされていた。
あああ、、もしかしてvpc_id
で指定してるから大丈夫ってことかな?
ルートテーブルの作成
AWS: aws_route_table - Terraform by HashiCorp
ちょっとややこしい。(ファイル名:route_table.tf
)
「サブネットの関連付け」がArgumentを見る限り存在しない。
よくよく探すと、aws_route_table_assosicatoinがあり、これと連携して設定する模様。
AWS: aws_route_table_association - Terraform by HashiCorp
というわけで、パブリックネットワーク用のルートテーブルはこんな感じ。
resource "aws_route_table" "public_route" { vpc_id = aws_vpc.practice.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.gw.id } tags = { Name = "public-route-table-aws-study" } } resource "aws_route_table_association" "public_subnet" { subnet_id = aws_subnet.prac_public.id route_table_id = aws_route_table.public_route.id }
ちなみに、「デフォルトで作成されるルートテーブルにNameタグだけ付ける」という操作はちょっとわからなかった。
DNSホスト名の有効化
ホスト名付与のためのVPCに設定追加が必要だった。
enable_dns_hostnames = true
を追加。
resource "aws_vpc" "practice" { cidr_block = "172.26.0.0/16" enable_dns_hostnames = true tags = { Name = "vpc-aws-study-example" } }
セキュリティグループ
AWS: aws_security_group - Terraform by HashiCorp
まずはICMPを許可する設定
resource "aws_security_group" "allow_ssh_icmp" { name = "ssh-icmp" description = "ssh-icmp" vpc_id = aws_vpc.practice.id ingress { from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "ssh-icmp-security-group" } }
あれ、2つ目のルール(SSHを許可したい)はどうすれば…
ドキュメントのタイトル一覧が連続してなかったので見落としそうだったけど、aws_security_group_ruleというものがあった。
AWS: aws_security_group_rule - Terraform by HashiCorp
SSHであればこれで。
resource "aws_security_group_rule" "ssh" { type = "ingress" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] security_group_id = aws_security_group.allow_ssh_icmp.id }
というか、ルールは全部外に出せるってことだな。
全体でこんな感じ。
resource "aws_security_group" "allow_ssh_icmp" { name = "ssh-icmp" description = "ssh-icmp" vpc_id = aws_vpc.practice.id tags = { Name = "ssh-icmp-security-group" } } resource "aws_security_group_rule" "ssh" { type = "ingress" from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] security_group_id = aws_security_group.allow_ssh_icmp.id } resource "aws_security_group_rule" "icmp" { type = "ingress" from_port = -1 to_port = -1 protocol = "icmp" cidr_blocks = ["0.0.0.0/0"] security_group_id = aws_security_group.allow_ssh_icmp.id } resource "aws_security_group_rule" "egress" { type = "egress" from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] security_group_id = aws_security_group.allow_ssh_icmp.id }
ネットワーク関連はこれでOK
EC2インスタンスの作成
いよいよVM作る。
そしてaws_ec2_***
が異様にたくさんあってどうすればイインダー状態。
ここで中断したかったけど、調べたらaws_instanceを使えば良さげ。
AWS: aws_instance - Terraform by HashiCorp
aws_instanceの指定は見ればわかるんだけど、amiの方が何書いてあるか読めない。。
ので、検索してヒットした、クラスメソッドさんの定義から記述を拝借。
それからネットワーク設定…public ipの設定はassociate_public_ip_address
で、VPCの指定は無く、あとはサブネットの指定くらいしか見当たらなかった。
あとはキーペア設定かな。
AWS: aws_key_pair - Terraform by HashiCorp
sshの鍵は、あらかじめ手元で作成しておき、公開鍵の内容を記載。
ということで、こんな感じでどうでしょうか。
data "aws_ssm_parameter" "amzn2_ami" { name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2" } resource "aws_key_pair" "my_key" { key_name = "deployer-key" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDyK6HCvGQr84FgD+CDa7cCtt+D03bMb2O/surNv5pkSbPJ4T4d+E79tqjqjhxunse5lPnTCKeA22YzCQpjvnfXNci8OeFfHI6Amni8/Y3ANgjJ9W/5MYYXVTrDhohST62zURsZWTSpevK3LAHxzylyzKpKPTUuP204ff7s1G2PEg61w4DEOn19L7MaO0E0aKG6vr5SkvpKCZ9eGW+dhKK6bXW5scmmbmRUquIfO5SvdcCVAS/fbRtuXstIjSJYomhM8eExMVNwl97qC86Fq8jKQbnx1XK/+I/M62sMlJ3/DV0lZGYxAdeBGIP8U2lyH4lfQ2kNGCWaqxnDzKSEqcU8n+lJcmwNXLTj93/gyuqdm5gbAKaTcmftQ30R9LqosrdguNoFy0uN0Mhvo7jqE6a6p5ZRJYi7svAQFslE8OqHKr/ZevoPPFjmWKw8+hgDtJhtxHZO8Rvce0IJI1YILd2hJMDrJQBL0BRaFipGvGd594+DmtdSx2U58KfmaZ0rArLexWa8LjgooRaOdE+54z97wFqgMFgRJz7CgMJAm5dyux4nDFZFpXLWkW4YSyjylCEiEMQtPmi6H+7W4zDx/nrVXFlGxfexNE42ANertD60JzZprnKS9Y6nxqqjow3RqLmqbK8TdtN64/ls+Jsss3FhQDOXNK5WgFKCG1iCuYXCdw==" } resource "aws_instance" "bastion" { ami = data.aws_ssm_parameter.amzn2_ami.value instance_type = "t3.nano" key_name = aws_key_pair.my_key.id subnet_id = aws_subnet.prac_public.id security_groups = [aws_security_group.allow_ssh_icmp.id] associate_public_ip_address = true tags = { Name = "HelloWorld" } }
いくぜ!
[zaki@manager-dev practice]$ terraform apply -auto-approve data.aws_ssm_parameter.amzn2_ami: Refreshing state... aws_key_pair.my_key: Creating... aws_vpc.practice: Creating... aws_key_pair.my_key: Creation complete after 0s [id=deployer-key] aws_vpc.practice: Creation complete after 3s [id=vpc-0a330c046eeb054fb] aws_subnet.prac_priv2: Creating... aws_security_group.allow_ssh_icmp: Creating... aws_subnet.prac_priv1: Creating... aws_internet_gateway.gw: Creating... aws_subnet.prac_public: Creating... aws_subnet.prac_priv2: Creation complete after 1s [id=subnet-0349dd67e95b1b6d0] aws_subnet.prac_priv1: Creation complete after 1s [id=subnet-02bb47986e9f6dd16] aws_internet_gateway.gw: Creation complete after 1s [id=igw-05223b63e6857ff0d] aws_route_table.public_route: Creating... aws_subnet.prac_public: Creation complete after 1s [id=subnet-0132b08244144b392]aws_security_group.allow_ssh_icmp: Creation complete after 1s [id=sg-0e292dba4ea77dbb4] aws_security_group_rule.egress: Creating... aws_security_group_rule.icmp: Creating... aws_instance.bastion: Creating... aws_security_group_rule.ssh: Creating... aws_route_table.public_route: Creation complete after 1s [id=rtb-0426487311aa569cb] aws_route_table_association.public_subnet: Creating... aws_route_table_association.public_subnet: Creation complete after 0s [id=rtbassoc-044b755dfe11365dc] aws_security_group_rule.egress: Creation complete after 1s [id=sgrule-130298719]aws_security_group_rule.icmp: Creation complete after 2s [id=sgrule-3390099364] aws_security_group_rule.ssh: Creation complete after 2s [id=sgrule-1620952985] aws_instance.bastion: Still creating... [10s elapsed] aws_instance.bastion: Creation complete after 13s [id=i-0335ed46a3ddee70a] Apply complete! Resources: 13 added, 0 changed, 0 destroyed.
何度かうまくいかずに試行錯誤した残骸が残ってるけど、EC2が作成された。
[zaki@manager-dev practice]$ ssh ec2-user@ec2-********.ap-northeast-1.compute.amazonaws.com The authenticity of host 'ec2-********.ap-northeast-1.compute.amazonaws.com (13.114.50.30)' can't be established. ECDSA key fingerprint is SHA256:UrN5GhWTr7UU5wsx87UQFolSmv4rWXEjduwnrb4Olr0. ECDSA key fingerprint is MD5:d6:97:06:aa:3f:66:9b:b5:bc:d9:70:2b:fe:ac:49:e9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'ec2-********.ap-northeast-1.compute.amazonaws.com,13.114.50.30' (ECDSA) to the list of known hosts. __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ 4 package(s) needed for security, out of 10 available Run "sudo yum update" to apply all updates. [ec2-user@ip-172-26-10-12 ~]$ [ec2-user@ip-172-26-10-12 ~]$ uname -a Linux ip-172-26-10-12.ap-northeast-1.compute.internal 4.14.177-139.254.amzn2.x86_64 #1 SMP Thu May 7 18:48:23 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
sshアクセスも確認。
2021.05.22追記:
VPC内のEC2のセキュリティグループの指定は、security_group_id
でなくvpc_security_group_ids
を使って指定しないと、再実行時にEC2が強制再作成されてしまうので注意。
apply
で確認を行わないオプションは-auto-approve
destroy
で確認を行わないオプションは-force
Terraformのリファレンス、リソースに設定するパラメタ(Attribute)の型(リストなのかどうか)がわからん。
Terraformの記述のMarkdown用ハイライトってないのかな。。