Terraform is pre-installed in Alibaba Cloud Shell, providing a browser-based environment to provision your cloud infrastructure using Infrastructure as Code (IaC). This guide walks you through the process of creating an Elastic Compute Service (ECS) instance using Terraform in Cloud Shell.
You can run the sample code in this tutorial with a single click. Run code in OpenAPI Explorer.
Prerequisites
For security, use a Resource Access Management (RAM) user with the principle of least privilege. Create a custom policy with the following JSON and attach it to your RAM user. This policy grants only the permissions necessary for this tutorial. For more information, see Grant permissions to a RAM user.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudshell:StartSession",
"cloudshell:StopSession",
"cloudshell:GetSession",
"cloudshell:ListSessions",
"ecs:CreateInstance",
"ecs:RunInstances",
"ecs:StartInstance",
"ecs:StopInstance",
"ecs:RebootInstance",
"ecs:TerminateInstance",
"ecs:ModifyInstanceAttribute",
"ecs:DescribeInstances",
"ecs:AllocatePublicIpAddress",
"ecs:AssignPrivateIpAddresses",
"ecs:UnassignPrivateIpAddresses",
"ecs:ModifyInstanceVpcAttribute",
"ecs:ResetInstance",
"ecs:AttachKeyPair",
"ecs:DetachKeyPair",
"ecs:CreateSecurityGroup",
"ecs:DeleteSecurityGroup",
"ecs:AuthorizeSecurityGroup",
"ecs:RevokeSecurityGroup",
"ecs:CreateVpc",
"ecs:DeleteVpc",
"ecs:CreateVSwitch",
"ecs:DeleteVSwitch",
"ecs:CreateDisk",
"ecs:DeleteDisk",
"ecs:AttachDisk",
"ecs:DetachDisk",
"ecs:CreateSnapshot",
"ecs:DeleteSnapshot",
"ecs:CreateImage",
"ecs:DeleteImage"
],
"Resource": "*"
}
]
}Resources used
alicloud_vpc: Creates a virtual private cloud (VPC) to provide an isolated network environment.
alicloud_vswitch: Creates a vSwitch (subnet) within a VPC to connect cloud resources.
alicloud_security_group: Creates a security group to act as a virtual firewall for your ECS instances.
alicloud_instance: Provisions an ECS instance to provide computing capacity.
alicloud_security_group_rule: Defines a rule to control inbound or outbound traffic for a security group.
Procedure
Start Cloud Shell
You can start Cloud Shell in two ways:
From the Alibaba Cloud Management Console: Click the Cloud Shell icon in the top navigation bar.
As a standalone application: Navigate directly to https://shell.aliyun.com.
When you start Cloud Shell, it automatically configures the CLI with credentials based on your logged-on identity. Do not modify or delete the default credential configuration file.
The first time you start Cloud Shell, a virtual machine (VM) instance is provisioned for you, which may take a few moments. Subsequent sessions will start faster.
You can open up to five concurrent windows. All sessions share the same underlying VM instance.
Create cloud resources
Create a Terraform configuration file in Cloud Shell.
Run the following commands to create a project directory and a configuration file named
main.tf:mkdir terraform-project cd terraform-project touch main.tfUse a text editor like
vimto add the following code to themain.tffile. This configuration defines the necessary resources: a VPC, a vSwitch, a security group, and an ECS instance.provider "alicloud" { region = var.region_id } variable "region_id" { default = "cn-shanghai" } variable "available_disk_category" { default = "cloud_efficiency" } variable "available_resource_creation" { default = "VSwitch" } variable "vpc_name" { default = "tf_test_fofo" } variable "vpc_cidr_block" { default = "172.16.0.0/12" } variable "vswitch_cidr_block" { default = "172.16.0.0/21" } variable "security_group_name" { default = "default" } variable "instance_type" { default = "ecs.n4.large" } variable "image_id" { default = "ubuntu_18_04_64_20G_alibase_20190624.vhd" } variable "instance_name" { default = "test_fofo" } variable "internet_max_bandwidth_out" { default = 10 } variable "port_range" { default = "1/65535" } variable "priority" { default = 1 } variable "cidr_ip" { default = "0.0.0.0/0" } data "alicloud_zones" "default" { available_disk_category = var.available_disk_category available_resource_creation = var.available_resource_creation } resource "alicloud_vpc" "vpc" { vpc_name = var.vpc_name cidr_block = var.vpc_cidr_block } resource "alicloud_vswitch" "vsw" { vpc_id = alicloud_vpc.vpc.id cidr_block = var.vswitch_cidr_block zone_id = data.alicloud_zones.default.zones[0].id } resource "alicloud_security_group" "default" { name = var.security_group_name vpc_id = alicloud_vpc.vpc.id } resource "alicloud_instance" "instance" { availability_zone = data.alicloud_zones.default.zones[0].id security_groups = [alicloud_security_group.default.id] instance_type = var.instance_type system_disk_category = var.available_disk_category image_id = var.image_id instance_name = var.instance_name vswitch_id = alicloud_vswitch.vsw.id internet_max_bandwidth_out = var.internet_max_bandwidth_out } resource "alicloud_security_group_rule" "allow_all_tcp" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = var.port_range priority = var.priority security_group_id = alicloud_security_group.default.id cidr_ip = var.cidr_ip }Initialize your Terraform working directory.
terraform initExpected output:
Run
terraform applyto create the ECS instance. When prompted, enteryesand press Enter.terraform applyExpected output:
Verify the deployment
You can verify that the resources were created in two ways:
From the command line
Run the terraform show command to inspect the current state and see the attributes of the resources you created, such as the instance ID and public IP.
terraform show
From the ECS console
Navigate to the ECS console and verify that the instance was created and is running.
Clean up resources
To avoid incurring future charges, release the resources you created. When prompted, confirm by typing yes.
terraform destroyFor more information about the terraform destroy command, see the Common commands.
Complete sample code
You can run the sample code with a single click. Run code in OpenAPI Explorer.
Sample code
Switch Terraform versions
Cloud Shell uses tfenv to manage multiple installed versions of Terraform. You can switch from the default version if your project requires a different one. The default Terraform version in Cloud Shell is 0.12.31.
List the Terraform versions available in Cloud Shell.
tfenv listSwitch to a different version for the current session.
tfenv use <terraform_version>