This topic describes how to create an address book by using Terraform.
You can run the sample code in this topic with a few clicks. For more information, visit Terraform Explorer.
Before you begin
An Alibaba Cloud account has all permissions on resources within the account. If an Alibaba Cloud account is leaked, the resources are exposed to major risks. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and Create an AccessKey pair.
The following sample code provides a policy that grants the required permissions on Cloud Firewall to a RAM user. For more information, see Grant permissions to RAM users.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "yundun-cloudfirewall:*", "yundun-ndr:*" ], "Resource": "*" } ] }Prepare the Terraform environment. You can use one of the following methods to use Terraform:
Use Terraform in Terraform Explorer: Alibaba Cloud provides Terraform Explorer, an online runtime environment for Terraform. You can use Terraform after you log on to Terraform Explorer without the need to install Terraform. For more information, see Use Terraform in Terraform Explorer. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at no additional cost.
Use Terraform in Cloud Shell: Terraform is preinstalled in Cloud Shell and identity credentials are configured. You can directly run Terraform commands in Cloud Shell. For more information, see Use Terraform in Cloud Shell. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at low cost.
Install and configure Terraform on your on-premises machine: This method is suitable for scenarios in which network conditions are poor or a custom development environment is used. For more information, see Install and configure Terraform in the local PC.
ImportantYou must install Terraform 0.12.28 or later. You can run the
terraform --versioncommand to query the Terraform version.
Resource
alicloud_cloud_firewall_address_book: creates an address book in Cloud Firewall.
Procedure
This section describes how to create an address book.
Create a working directory and a configuration file named
main.tfin the directory. main.tf is the main file of Terraform and defines the resources that you want to deploy.resource "alicloud_cloud_firewall_address_book" "example" { # The description. description = "Created_by_terraform" # The name of the address book. group_name = "IPListExample" # The type of the address book. Valid values: ip, ipv6, domain, port, and tag. group_type = "ip" # The addresses. address_list = ["192.0.X.X/32", "192.0.X.X/32"] }Run the following command to initialize
Terraform:terraform initIf the following information is returned, Terraform is initialized:
Initializing provider plugins... - Finding latest version of hashicorp/alicloud... - Installing hashicorp/alicloud v1.231.0... - Installed hashicorp/alicloud v1.231.0 (signed by HashiCorp) Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.Create an execution plan and preview the changes.
terraform planRun the following command to create a VPC firewall.
terraform applyDuring the execution, enter
yesas prompted and press the Enter key. Wait until the command is successfully executed. If the following information appears, the operation is successful:Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_cloud_firewall_address_book.example: Creating... alicloud_cloud_firewall_address_book.example: Creation complete after 1s [id=d41518ef-0437-44e9-9dd6-86d62f3d0***] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.Verify the result.
Run the terraform show command
You can run the following command to view the details of the created address book:
terraform show# alicloud_cloud_firewall_address_book.example: resource "alicloud_cloud_firewall_address_book" "example" { address_list = [ "192.0.X.X/32", "192.0.X.X/32", ] auto_add_tag_ecs = 0 description = "Created_by_terraform" group_name = "IPListExample" group_type = "ip" id = "d41518ef-0437-44e9-9dd6-86d62f3d****" }Log on to the Cloud Firewall console
Log on to the Cloud Firewall console. Go to the Prevention Configuration > Address Books page. On the Address Books page, search for the address book by using the name of the address book and view the details of the address book.
Resource release
If you no longer require the preceding resources that are created or managed by using Terraform, run the following command to release the resources. For more information about the terraform destroy command, see Common commands.
terraform destroyComplete sample code
You can run the sample code in this topic with a few clicks. For more information, visit Terraform Explorer.