TFC
- Terraform Cloud(TFC)
- workflow 구성 환경 제공
- VCS 연동 기능, 변수 구성
- RBAC, 원격 실행환경
실습
저장소 포크 : https://github.com/terraform101/terraform-aws-tfc-workflow
GitHub - terraform101/terraform-aws-tfc-workflow: [Chapter 8] CICD - TFC Workflow
[Chapter 8] CICD - TFC Workflow. Contribute to terraform101/terraform-aws-tfc-workflow development by creating an account on GitHub.
github.com
저장소 포크 후 cloud 백엔드의 org값 변경
terraform init
terraform plan
l
add variable
- Prefix : Type(Terraform variable), Key(prefix), value(사용자 닉네임)
- Access Key ID : Type(Environment variable), Key(AWS_ACCESS_KEY_ID), value(자신의 값)
- Secret Access Key : Type(Environment variable), Key(AWS_SECRET_ACCESS_KEY), value(자신의 값), Sensitive 선택
terraform plan : 에러 없네
ahn@GeunChangui-noteubug terraform-aws-tfc-workflow % terraform plan
Running plan in Terraform Cloud. Output will stream here. Pressing Ctrl-C
will stop streaming the logs, but will not stop the plan running remotely.
Preparing the remote plan...
To view this run in a browser, visit:
https://app.terraform.io/app/ahn/terraform-aws-tfc-workflow/runs/run-GD9j8pPk2hreWsiT
Waiting for the plan to start...
Terraform v1.5.6
on linux_amd64
Initializing plugins and modules...
data.aws_ami.ubuntu: Refreshing...
data.aws_ami.ubuntu: Refresh complete after 1s [id=ami-0a7f78325e47a7c27]
Terraform used the selected providers to generate the following execution plan. Resource actions
are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_eip.hashicat will be created
+ resource "aws_eip" "hashicat" {
+ allocation_id = (known after apply)
+ association_id = (known after apply)
+ carrier_ip = (known after apply)
+ customer_owned_ip = (known after apply)
+ domain = (known after apply)
+ id = (known after apply)
+ instance = (known after apply)
+ network_border_group = (known after apply)
+ network_interface = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ public_ipv4_pool = (known after apply)
+ tags_all = {
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
}
+ vpc = true
}
# aws_eip_association.hashicat will be created
+ resource "aws_eip_association" "hashicat" {
+ allocation_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ network_interface_id = (known after apply)
+ private_ip_address = (known after apply)
+ public_ip = (known after apply)
}
# aws_instance.hashicat will be created
+ resource "aws_instance" "hashicat" {
+ ami = "ami-0a7f78325e47a7c27"
+ arn = (known after apply)
+ associate_public_ip_address = true
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ disable_api_stop = (known after apply)
+ disable_api_termination = (known after apply)
+ ebs_optimized = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ host_resource_group_arn = (known after apply)
+ iam_instance_profile = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t3.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "감동맨-ssh-key.pem"
+ monitoring = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ placement_partition_number = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Name" = "감동맨-hashicat-instance"
}
+ tags_all = {
+ "Name" = "감동맨-hashicat-instance"
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
}
+ tenancy = (known after apply)
+ user_data = (known after apply)
+ user_data_base64 = (known after apply)
+ user_data_replace_on_change = false
+ vpc_security_group_ids = (known after apply)
}
# aws_internet_gateway.hashicat will be created
+ resource "aws_internet_gateway" "hashicat" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "감동맨-internet-gateway"
}
+ tags_all = {
+ "Name" = "감동맨-internet-gateway"
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
}
+ vpc_id = (known after apply)
}
# aws_key_pair.hashicat will be created
+ resource "aws_key_pair" "hashicat" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "감동맨-ssh-key.pem"
+ key_name_prefix = (known after apply)
+ key_pair_id = (known after apply)
+ key_type = (known after apply)
+ public_key = (known after apply)
+ tags_all = {
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
}
}
# aws_route_table.hashicat will be created
+ resource "aws_route_table" "hashicat" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ carrier_gateway_id = ""
+ cidr_block = "0.0.0.0/0"
+ core_network_arn = ""
+ destination_prefix_list_id = ""
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags_all = {
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
}
+ vpc_id = (known after apply)
}
# aws_route_table_association.hashicat will be created
+ resource "aws_route_table_association" "hashicat" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_security_group.hashicat will be created
+ resource "aws_security_group" "hashicat" {
+ arn = (known after apply)
+ description = "Managed by Terraform"
+ egress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 0
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "-1"
+ security_groups = []
+ self = false
+ to_port = 0
},
]
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 443
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 443
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = ""
+ from_port = 80
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 80
},
]
+ name = "감동맨-security-group"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags = {
+ "Name" = "감동맨-security-group"
}
+ tags_all = {
+ "Name" = "감동맨-security-group"
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
}
+ vpc_id = (known after apply)
}
# aws_subnet.hashicat will be created
+ resource "aws_subnet" "hashicat" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.10.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "name" = "감동맨-subnet"
}
+ tags_all = {
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
+ "name" = "감동맨-subnet"
}
+ vpc_id = (known after apply)
}
# aws_vpc.hashicat will be created
+ resource "aws_vpc" "hashicat" {
+ arn = (known after apply)
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "environment" = "Production"
+ "name" = "감동맨-vpc-ap-northeast-2"
}
+ tags_all = {
+ "Owner" = "jerry & tom"
+ "Project" = "Coffee-Mug-Cake"
+ "environment" = "Production"
+ "name" = "감동맨-vpc-ap-northeast-2"
}
}
# null_resource.configure-cat-app will be created
+ resource "null_resource" "configure-cat-app" {
+ id = (known after apply)
}
# tls_private_key.hashicat will be created
+ resource "tls_private_key" "hashicat" {
+ algorithm = "RSA"
+ ecdsa_curve = "P224"
+ id = (known after apply)
+ private_key_openssh = (sensitive value)
+ private_key_pem = (sensitive value)
+ private_key_pem_pkcs8 = (sensitive value)
+ public_key_fingerprint_md5 = (known after apply)
+ public_key_fingerprint_sha256 = (known after apply)
+ public_key_openssh = (known after apply)
+ public_key_pem = (known after apply)
+ rsa_bits = 2048
}
Plan: 12 to add, 0 to change, 0 to destroy.
Changes to Outputs:
+ catapp_ip = (known after apply)
+ catapp_url = (known after apply)
ahn@GeunChangui-noteubug terraform-aws-tfc-workflow %
실제 terraform apply (하고 yes 입력은 하지 않고) overview 확인
- 실제로 저 run 부분이 ci/cd도구처럼 실행시 planning시 돌다가 현재 planned상태
See detail을 보면 전체 스트림으로 출력된 계획을 확인 가능
내가 직접 확인하고 커멘트를 달고 컨펌하면
CLI쪽에서 승인 처리가 됨을 확인할 수 있다
리소스 삭제
terraform destory -auto-approve
감동맨
rkaehdaos의 블로그
