All Products
Search
Document Center

Terraform sample code

Last Updated: May 21, 2021

This topic describes how to complete Resource Access Management (RAM) and network configurations by using Terraform.

RAM configurations

You can use Terraform to complete the following configurations:

  • Configure a password policy for RAM users.

  • Create custom policies for system administrators.

  • Configure RAM user groups. This simplifies RAM user authorization.

Procedure

  1. Clone the Terraform code repository.

    git clone https://code.aliyun.com/labs/tutorial-landing-zone-one-terraform.git

    If you have cloned the repository, run the cd ~/tutorial-landing-zone-one-terraform; git pul command.

  2. Go to the directory that stores the Terraform template for RAM configurations.

    cd ~/tutorial-landing-zone-one-terraform/ram

  3. Run the init command to load Alibaba Cloud Providers.

    terraform init

  4. Run the apply command to complete the RAM configurations.

    terraform apply

You can view the complete Terraform template in the ram/main.tf file. The template contains the following configurations:

  • Custom policies are created for system administrators.

  • A password policy is configured for RAM users.

  • The CloudAdminGroup group is created, and the AdministratorAccess permission is granted to the group. Users in the group have full access to Alibaba Cloud resources.

  • The SystemAdminGroup group is created, and custom permissions are granted to the group. If your team has multiple roles, such as database administrators and network administrators, you can create user groups for each of the roles and grant the required permissions to the groups. Then, add the RAM users of each role to the groups.

  • The BillingAdminGroup group is created, and the AliyunBSSFullAccess and AliyunFinanceConsoleFullAccess permissions are granted to the group. You can add members of the finance team to the group. This way, the members of the finance team can process bills and invoices on Alibaba Cloud.

  • The CommonUserGroup group is created with no permissions granted.

Network configurations

You can configure your network by using Terraform. For example, you can use Terraform to create a virtual private cloud (VPC) and a security group.

Procedure

  1. Go to the directory that stores the network template for RAM configurations.

    cd ~/tutorial-landing-zone-one-terraform/vpc

  2. Run the init command to load Alibaba Cloud Providers.

    terraform init

  3. Run the apply command to complete the network configurations.

    terraform apply

You can view the complete Terraform template in the vpc/main.tf file. The template contains the following configurations:

  • A VPC named default_vpc is created.

  • A vSwitch named default_vSwitch is created in the VPC.

  • A security group named default_sg is created.