All Products
Search
Document Center

Object Storage Service:Use Terraform to manage OSS

Last Updated:Mar 11, 2024

This topic describes how to install, configure, and use Terraform to manage Object Storage Service (OSS).

Note

In this topic, management operations are performed as a RAM user. For more information, see Terraform Registry.

Install and configure Terraform

Perform the following steps to install and configure Terraform:

  1. Download the Terraform installation package that suits your operating system from the Terraform official website.

    In this example, Terraform for Linux is used.

  2. Decompress the package to /usr/local/bin.

    If the extracted executable file is in a different directory, you must add the path to the PATH variable globally.

  3. Run the following command to check whether Terraform is installed:

    terraform

    Sample success response:

    Usage: terraform [-version] [-help] <command> [args]
  4. Create a RAM user and grant permissions to the user.

    Important

    The AccessKey pair of an Alibaba Cloud account has permissions on all API operations. Using these credentials to perform operations in OSS is a high-risk operation. We recommend that you use the AccessKey pair of the RAM user to configure Terraform.

    1. Log on to the RAM console.

    2. Create a RAM user named Terraform.Then, create an AccessKey pair for the RAM user.

      For more information, see Create a RAM user.

    3. Attach the custom policy to the RAM user.

      You can attach appropriate policies to the Terraform RAM user. For more information, see Grant permissions to a RAM user.

  5. Run the following command to create a working directory for the Terraform project:

    Important

    You must create a working directory for each Terraform project.

    mkdir terraform-test
  6. Run the following commend to enter the terraform-test working directory.

    cd terraform-test

    Terraform reads all the *.tf and *.tfvars files in the directory when Terraform is running. You can write configurations to different files based on your business requirements. The following table describes the common configuration files.

    File

    Description

    provider.tf

    Used to configure providers.

    terraform.tfvars

    Used to configure the variables required to configure providers.

    variable.tf

    Used to configure common variables.

    resource.tf

    Used to specify resources.

    data.tf

    Used to specify package files.

    output.tf

    Used to configure the output.

    In this example, the provider configuration file named provider.tf is used.

  7. Run the following command to create the provider.tf configuration file for authentication.

    vim provider.tf

    The following sample code provides an example configuration file:

    provider "alicloud" {
        region           = "cn-beijing"
        access_key  = "LTA**********NO2"
        secret_key   = "MOk8x0*********************wwff"
    }
  8. Run the following command to initialize the terraform-test working directory.

    Important

    After you create a working directory and configuration file for a Terraform project, you need to initialize the working directory.

    terraform init

    Sample success response:

    Initializing provider plugins...
    - Checking for available provider plugins on https://releases.hashicorp.com...
    - Downloading plugin for provider "alicloud" (1.25.0)...
    
    
    
    
    The following providers do not have any version constraints in configuration,
    so the latest version was installed.
    
    
    To prevent automatic upgrades to new major versions that may contain breaking
    changes, it is recommended to add version = "..." constraints to the
    corresponding provider blocks in configuration, with the constraint strings
    suggested below.
    
    
    * provider.alicloud: version = "~> 1.25"
    
    
    Terraform has been successfully initialized!
    
    
    You may now begin working with Terraform. Try running "terraform plan" to see
    any changes that are required for your infrastructure. All Terraform commands
    should now work.
    
    
    If you ever set or change modules or backend configuration for Terraform,
    rerun this command to reinitialize your working directory. If you forget, other
    commands will detect it and remind you to do so if necessary.            

Use Terraform to manage OSS

After you install Terraform, you can run commands to manage OSS resources. This section provides examples of common commands of Terraform.

terraform plan

Run the terraform plan command to preview the operations that are performed if you run the configuration file. This command allows you to preview the operations that are performed if the configuration file is executed.

The following steps provide an example on how to run the terraform plan command to view the operations to create a bucket.

  1. Run the following command to create a configuration file named test.tf:

    vim test.tf

    The following sample code provides an example configuration file:

    resource "alicloud_oss_bucket" "bucket-acl"{
      bucket = "demo-2023"
      acl = "private"
    }
  2. Run the following command to preview the operations that are performed if you execute the preceding configuration file:

    terraform plan

    Sample success response:

    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but will not be
    persisted to local or remote state storage.
    
    
    ------------------------------------------------------------------------
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    
      + alicloud_oss_bucket.bucket-acl
          id:                <computed>
          acl:               "private"
          bucket:            "demo-2023"
          creation_date:     <computed>
          extranet_endpoint: <computed>
          intranet_endpoint: <computed>
          location:          <computed>
          logging_isenable:  "true"
          owner:             <computed>
          referer_config.#:  <computed>
          storage_class:     <computed>
    
    
    Plan: 1 to add, 0 to change, 0 to destroy.
    
    ------------------------------------------------------------------------
    
    Note: You didn't specify an "-out" parameter to save this plan, so Terraform
    can't guarantee that exactly these actions will be performed if
    "terraform apply" is subsequently run.

terraform apply

Run the terraform apply command to run the configuration file in the working directory.

The following steps provide an example on how to run the terraform apply command to create a bucket.

  1. Run the following command to create a configuration file named test.tf:

    vim test.tf

    The following sample code provides an example configuration file:

    resource "alicloud_oss_bucket" "bucket-acl"{
      bucket = "demo-2023"
      acl = "private"
    }
  2. Run the following command to execute the configuration file:

    terraform apply

    Sample success response:

    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      + create
    
    Terraform will perform the following actions:
    
      + alicloud_oss_bucket.bucket-acl
          id:                <computed>
          acl:               "private"
          bucket:            "demo-2023"
          creation_date:     <computed>
          extranet_endpoint: <computed>
          intranet_endpoint: <computed>
          location:          <computed>
          logging_isenable:  "true"
          owner:             <computed>
          referer_config.#:  <computed>
          storage_class:     <computed>
    
    
    Plan: 1 to add, 0 to change, 0 to destroy.
    
    Do you want to perform these actions?
      Terraform will perform the actions described above.
      Only 'yes' will be accepted to approve.
    
      Enter a value: yes
    
    alicloud_oss_bucket.bucket-acl: Creating...
      acl:               "" => "private"
      bucket:            "" => "demo-2023"
      creation_date:     "" => "<computed>"
      extranet_endpoint: "" => "<computed>"
      intranet_endpoint: "" => "<computed>"
      location:          "" => "<computed>"
      logging_isenable:  "" => "true"
      owner:             "" => "<computed>"
      referer_config.#:  "" => "<computed>"
      storage_class:     "" => "<computed>"
    alicloud_oss_bucket.bucket-acl: Creation complete after 1s (ID: demo-2023)
    
    Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
    Note

    After you perform the preceding steps, if the demo-2023 bucket does not exist, a bucket that has the name is created. If an empty same-name bucket that is created by Terraform exists, the existing bucket is deleted and a bucket that has the same name is created.

terraform destroy

Run the terraform destroy command to delete the empty bucket that is created by Terraform.

The following steps provide an example on how to run the terraform destroy command to delete the empty bucket that is created by Terraform.

  1. Run the following command to create a configuration file named test.tf:

    vim test.tf

    The following sample code provides an example configuration file:

    resource "alicloud_oss_bucket" "bucket-acl"{
      bucket = "demo-2023"
      acl = "private"
    }
  2. Run the following command to execute the configuration file:

    terraform destory

    Sample success response:

    Terraform used the selected providers to generate the following execution plan.
    Resource actions are indicated with the following symbols:
      - destroy
    
    Terraform will perform the following actions:
    
      # alicloud_oss_bucket.bucket-acl will be destroyed
      - resource "alicloud_oss_bucket" "bucket-acl" {
          - acl               = "private" -> null
          - bucket            = "demo-2023" -> null
          - creation_date     = "2023-01-04" -> null
          - extranet_endpoint = "oss-cn-hangzhou.aliyuncs.com" -> null
          - force_destroy     = false -> null
          - id                = "demo-2023" -> null
          - intranet_endpoint = "oss-cn-hangzhou-internal.aliyuncs.com" -> null
          - location          = "oss-cn-hangzhou" -> null
          - owner             = "1379***" -> null
          - redundancy_type   = "LRS" -> null
          - storage_class     = "Standard" -> null
          - tags              = {} -> null
        }
    
    Plan: 0 to add, 0 to change, 1 to destroy.
    
    Do you really want to destroy all resources?
      Terraform will destroy all your managed infrastructure, as shown above.
      There is no undo. Only 'yes' will be accepted to confirm.
    
      Enter a value: yes
    
    alicloud_oss_bucket.bucket-acl: Destroying... [id=demo-2023]
    alicloud_oss_bucket.bucket-acl: Destruction complete after 2s
    
    Destroy complete! Resources: 1 destroyed.

terraform import

If a bucket is not created by Terraform, you can import a bucket by using the terraform import command.

The following example describes how to run the terraform import command to import a bucket.

  1. Run the following command to create a configuration file:

    vim main.tf

    The following sample code provides an example configuration file:

    resource "alicloud_oss_bucket" "bucket" { 
     bucket = "aliyundoc-demo" 
     acl = "private"
    }
  2. Run the following command to execute the configuration file:

    terraform import alicloud_oss_bucket.bucket aliyundoc-demo

    Sample success response:

    alicloud_oss_bucket.bucket: Importing from ID "aliyundoc-demo"...
    alicloud_oss_bucket.bucket: Import prepared!
      Prepared alicloud_oss_bucket for import
    alicloud_oss_bucket.bucket: Refreshing state... [id=aliyundoc-demo]
    
    Import successful!
    
    The resources that were imported are shown above. These resources are now in
    your Terraform state and will henceforth be managed by Terraform.

References