[AKIBA.AWS]Terraformでサクッと作るAWSネットワーク / Create AWS network with Terraform quickly

Transcript

1. 5FSSBGPSNͰαΫοͱ࡞Δ"84ωοτϫʔΫ 
   "84ࣄۀ෦ɹࠤഢߤ

2. ࣗݾ঺հ
    ࠤഢ
   ߤ
   ɾΫϥεϝιου
   "84ࣄۀ෦
   ɾ೥݄ೖࣾ
   ɾΦϖϨʔλʔˠࣾ಺4&ˠ/&ˠ"84
   ɾ"84
   -BNCEB
   $PEFγϦʔζ͕޷͖
   ɾ5FSSBGPSN

   
   "OTJCMF͕޷͖
   ɾΞΠίϯݘ͚ͩͲຊ౰͸ೣ೿

3. 
    5FSSBGPSNͷ࿩Λ͠·͢

4. ࿩͢͜ͱ
    w5FSSBGPSNͱ͸
   w5FSSBGPSNϞδϡʔϧ
   w5FSSBGPSNͰαΫοͱ"84ωοτϫʔΫߏங σϞ
   wνʔϜͰ࢖͏5FSSBGPSN
   5JQT
   w5FSSBGPSNͰͷӡ༻
   

   w·ͱΊ

5. 
    5FSSBGPSNͱ͸

6. 
    ͬ͘͟Γݴ͏ͱΠϯϑϥߏ੒؅ཧπʔϧ

7. 
    5FSSBGPSNͱ͸ w7BHSBOU
   1BDLFS
   7BVMUͳͲͰ༗໊ͳ)BTIJ$PSQۘ੡ͷπʔϧ
   wΠϯϑϥΛίʔυͰ؅ཧ͢Δ͜ͱ͕Ͱ͖Δ
   wόʔδϣϯ؅ཧγεςϜ (JUͱ͔ Ͱ؅ཧͰ͖Δ
   

   w͞·͟·ͳΫϥ΢υϓϩόΠμΛαϙʔτ
   wΦϑΟγϟϧ
   "84
   "[VSF
   ($1
   4PGU-BZFS
   %JHJUBM0DFBO
   wΧελϜϓϥάΠϯ
   ͘͞ΒͷΫϥ΢υ
   wͦͷଞʹ΋͞·͟·ͳαʔϏε΍ιϑτ΢ΣΞΛαϙʔτ

8. 
    ͳʹΑΓ΋ϝϦοτͩͱࢥͬͯΔ͜ͱ

9. 
    υϥΠϥϯ͕Մೳ

10. 
     ɾϦιʔεͷ࡞੒ɺ࡟আɺมߋલʹυϥΠϥϯΛ࣮ߦͰ͖Δ
    ɾυϥΠϥϯͰͲͷϦιʔεʹͲͷΑ͏ͳมߋ͕͋Δͷ͔֬ೝͰ͖Δ υϥΠϥϯػೳ

11. 
     ίʔυαϯϓϧ

12. 71$
     resource "aws_vpc" "main-vpc" { cidr_block = "10.0.0.0/16"

    enable_dns_support = true enable_dns_hostnames = true tags { Name = "main-vpc" Environment = "prod" } }

13. αϒωοτ
     resource "aws_subnet" "frontend-1a" { vpc_id = "${aws_vpc.main.id}"

    cidr_block = "10.0.1.0/24" availability_zone = "ap-northeast-1a" map_public_ip_on_launch = true tags { Name = "frontend-1a-subnet" Environment = "prod" } }

14. 
     ͳΜͱͳ͘ศརͦ͏ͳͷ఻ΘΓ·ͨ͠Ͱ͠ΐ͏͔ʂ

15. 
     5FSSBGPSNϞδϡʔϧ

16. 5FSSBGPSNϞδϡʔϧ
     ɾ5FSSBGPSNίʔυΛϞδϡʔϧԽͰ͖Δ
    ɾݺͼग़͠ݩ͔ΒύϥϝʔλʔΛ౉ͯ͠؆୯ʹϦιʔεΛ࡞੒Ͱ͖Δ
    ɾϩʔΧϧϑΝΠϧɺ(JU)VCͳͲͷϞδϡʔϧΛࢦఆͰ͖Δ module "vpc" source =

    "modules/vpc" name = "my-vpc" cidr = "10.0.0.0/16" azs = ["ap-northeast-1a", "ap-northeast-1c"] private_subnets = ["10.0.1.0/24", "10.0.2.0/24"] public_subnets = ["10.0.101.0/24", "10.0.102.0/24"] tags = { Environment = "prod" } }

17. 
     5FSSBGPSN
    .PEVMF
    3FHJTUSZ

18. 5FSSBGPSN
    .PEVMF
    3FHJTUSZ
     ɾ)BTIJ$PSQఏڙͷ5FSSBGPSNϞδϡʔϧϨδετϥ
    ɾ͞·͟·ͳϞδϡʔϧ͕ެ։͞Ε͍ͯΔ
    ɾ5FSSBGPSNίʔυ͔Βެ։͞Ε͍ͯΔϞδϡʔϧΛ࢖༻Ͱ͖Δ
    ɾϞδϡʔϧͷόʔδϣϯ؅ཧ΋αϙʔτ

19. 
     5FSSBGPSNͰαΫοͱ"84ωοτϫʔΫߏங

20. 
     ͔͜͜ΒσϞ

21. 
     νʔϜͰ࢖͏5FSSBGPSN
    5JQT

22. 
     ϦϞʔτόοΫΤϯυ

23. ϦϞʔτόοΫΤϯυ
     5FSSBGPSNͷঢ়ଶϑΝΠϧ UGTUBUF
    w؅ཧର৅Ϧιʔεͷ৘ใΛอ࣋͢Δঢ়ଶϑΝΠϧΛੜ੒
    w*%ɺ"3/ɺύϥϝʔλʔɺλά৘ใͳͲ
    ՝୊
    wෳ਺ਓͰ5FSSBGPSNΛ࢖͏৔߹ɺঢ়ଶϑΝΠϧͷڞ༗͕ඞਢ
    

    w"3/΍3%4ͷϚελϢʔβʔύεϫʔυ΋อଘ͞ΕΔͷͰ(JU ϦϙδτϦͳͲͰ͸؅ཧͨ͘͠ͳ͍

24. 
     ͦ͜ͰϦϞʔτόοΫΤϯυػೳ

25. ϦϞʔτόοΫΤϯυ
     ղܾࡦ
    wϦϞʔτόοΫΤϯυ͸ঢ়ଶϑΝΠϧΛڞ༗͢ΔͨΊͷػೳ
    w5FSSBGPSNίʔυʹঢ়ଶϑΝΠϧͷอଘઌΛઃఆ͢Δ͜ͱ ͕Ͱ͖Δ
    w"84࢖ͬͯΔͳΒϦϞʔτόοΫΤϯυ͸4͕͓͢͢Ί
    w4͸όʔδϣχϯάػೳ΍ϥΠϑαΠΫϧػೳ͕༏ल

26. ϦϞʔτόοΫΤϯυઃఆྫ
     terraform { backend "s3" { bucket =

    "terraform-tfstate-bucket" key = "myproject/tfstate" region = "ap-northeast-1" acl = "bucket-owner-full-control" } }

27. 
     εςʔτϩοΫ

28. εςʔτϩοΫ
     ՝୊
    wϦϞʔτόοΫΤϯυΛઃఆ͍ͯ͠Δ৔߹ɺಉ࣌ʹ
    QMBO
    ΍
    BQQMZ
    Λ࣮ߦ͢Δͱঢ়ଶϑΝΠϧ͕յΕͯ͠·͏Մೳੑ͕͋Δ
    ղܾࡦ
    wεςʔτϩοΫػೳΛ࢖ͬͯ
    QMBO
    ΍
    BQQMZ
    Λಉ࣮࣌ߦͰ͖ ͳ͍Α͏ʹ͢Δ
    wϦϞʔτόοΫΤϯυ͕4ͷ৔߹͸%ZOBNP%#Λ࢖ͬͯΔ

29. εςʔτϩοΫઃఆྫ
     terraform { backend "s3" { bucket =

    "terraform-tfstate-bucket" key = "myproject/tfstate" region = "ap-northeast-1" acl = "bucket-owner-full-control" dynamodb_table = "tf-statelock" } }

30. 
     5FSSBGPSNόʔδϣϯͷݻఆ

31. 5SFSSBGPSNόʔδϣϯͷݻఆ
     ՝୊
    wνʔϜϝϯόʔͷ5FSSBGPSNόʔδϣϯ͕ҟͳΔͱόάͳͲͰϋϚͬͨΓ͢Δ
    w5FSSBGPSNϓϩόΠμϓϥάΠϯͷόʔδϣϯ΋ଘࡏ͢ΔͷͰ஫ҙ
    ղܾࡦ
    w5FSSBGPSNίʔυ಺Ͱ5FSSBGPSNόʔδϣϯɺ5FSSBGPSNϓϩόΠμϓϥάΠ ϯͷόʔδϣϯΛݻఆ͢Δ
    wUGFOWΛ࢖ͬͯ5FSSBGPSNόʔδϣϯΛ੾Γସ͑Δ
    

    wUGFOWͰσΟϨΫτϦ͝ͱʹ5FSSBGPSNόʔδϣϯΛݻఆ͢Δ UFSSBGPSN WFSTJPO
    ࡞੒

32. 5SFSSBGPSNόʔδϣϯͷݻఆ
     terraform { required_version = "= 0.11.7" backend

    "s3" { bucket = "terraform-tfstate-bucket" key = "myproject/tfstate" region = "ap-northeast-1" acl = "bucket-owner-full-control" dynamodb_table = "tf-statelock" } }

33. 5SFSSBGPSNϓϩόΠμϓϥάΠϯόʔδϣϯͷݻఆ
     provider aws { version = "= 1.22.0"

    region = "ap-northeast-1" }

34. 
     5FSSBGPSNͰͷӡ༻

35. 
     ۓٸ࣌Ҏ֎͸جຊతʹ5FSSBGPSNͰมߋૢ࡞

36. 
     ۓٸ࣌Ҏ֎͸جຊతʹ5FSSBGPSNͰมߋૢ࡞
    wঢ়ଶϑΝΠϧͱ࣮ࡍͷϦιʔεͰࠩҟ͕ͰΔͱ
    QMBO
    ΍
    BQQMZ
    Ͱҙਤ ͠ͳ͍ࠩ෼͕ͰΔ
    wো֐࣌ɺۓٸ࣌Ҏ֎͸5FSSBGPSNͰมߋૢ࡞͢Δ͜ͱ৺͕͚Δ
    wखಈͰطଘϦιʔεΛมߋͨ͠৔߹͸ɺࠩҟ͕Ͱͳ͍Α͏ʹ5FSSBGPSN ίʔυΛमਖ਼͠ɺUFSSBGPSN
    SFGSFTIͰঢ়ଶϑΝΠϧΛߋ৽
    wखಈͰ৽نϦιʔεΛ࡞੒ͨ͠৔߹͸ɺ5FSSBGPSNίʔυΛमਖ਼ͨ͠ ্ͰɺUFSSBGPSN
    JNQPSUͰ࡞੒ͨ͠ϦιʔεΛঢ়ଶϑΝΠϧʹΠϯϙʔ

    τ

37. 
     5FSSBGPSNͷόʔδϣϯΞοϓ

38. 
     5FSSBGPSNͷόʔδϣϯΞοϓ
    w݁ߏͳස౓Ͱ৽͍͠όʔδϣϯ͕ϦϦʔε͞ΕͯΔ
    wӡ༻ͯ͘͠ͳ͔Ͱ৽͍͠ػೳɺط஌ͷόάमਖ਼ͳͲͰόʔδϣ ϯΞοϓͨ͘͠ͳΔ͸ͣ
    w(JU)VCͷ$)"/(&-0(ͱެࣜͷΞοϓάϨʔυΨΠυ͸ ಡΜͰ͓͖·͠ΐ͏

39. 
     5FSSBGPSNϓϩόΠμϓϥάΠϯͷόʔδϣϯΞοϓ

40. 
     5FSSBGPSNϓϩόΠμϓϥάΠϯͷόʔδϣϯΞοϓ
    w"84ɺ($1ɺ"[VSFͳͲͷϓϥάΠϯ΋݁ߏͳස౓Ͱ৽͠ ͍όʔδϣϯ͕ϦϦʔε͞ΕΔ
    wΫϥ΢υϓϩόΠμͷ৽αʔϏεɺ৽ػೳΛ࢖͓͏ͱ͢Δͱ όʔδϣϯΞοϓͨ͘͠ͳͬͯ͘Δ
    wͪ͜Β΋(JU)VCͷ$)"/(&-0(͸ಡΈɺόʔδϣϯΞο ϓޙʹQMBOͰࠩ෼͕ͳ͍͜ͱ͸֬ೝ͠·͠ΐ͏

41. 
     ·ͱΊ

42. ·ͱΊ
     w5FSSBGPSN͸ΠϯϑϥΛίʔυͰ؅ཧͰ͖Δ
    wυϥΠϥϯΛ࣮ߦͰ͖Δ
    wϞδϡʔϧΛ࢖ָ͕ͬͯͰ͖Δ
    wνʔϜͰӡ༻ɾ؅ཧ͢ΔͨΊͷ৭ʑͳػೳ͕͋Δ
    w5FSSBGPSN࠷ߴ