All Products
Search
Document Center

Elastic Compute Service:Use Terraform to deploy ECS

Last Updated:Nov 01, 2024

Terraform is an open source, infrastructure as code (IaC) tool that developers can use to define and manage infrastructure configurations by using a declarative language. Terraform provides a simple method to create, modify, or delete Elastic Compute Service (ECS) resources. Terraform helps reduce the complexity and errors of manual operations to improve the manageability and maintainability of infrastructure. This topic describes how to install and configure Terraform and use Terraform to create an ECS instance.

For more information, see What is Terraform?

Supported resources

Note
  • Resource: a new resource, such as an ECS instance, a virtual machine (VM), or a security group, that is used to define an infrastructure component.

  • Data source: the source from which you can query and obtain information about existing infrastructure components. You can specify the information in Terraform configurations to reference or configure resources.

Install Terraform and configure permissions for Terraform

Install and configure Terraform on premises

To use Terraform on premises, you must install and preconfigure Terraform. For more information, see Install and configure Terraform in the local PC.

  • For higher flexibility and security of rights management, we recommend that you create and authorize a RAM user.
    1. Log on to the RAM console.
    2. Create a RAM user named Terraform, and create an AccessKey pair for the user. For more information, see Create a RAM user.
    3. Authorize the RAM user. For more information, see Grant permissions to a RAM user.
  • Add environment variables to store identity information for authentication.

    Go to the AccessKey Pair page to create and view your AccessKey pair.

    The environment variables ensure that identity information can be obtained and authenticated when you run a Terraform template. This eliminates the risk of call failure.

Use Cloud Shell without the need to install Terraform and configure permissions for Terraform

If you do not want to install Terraform, use Cloud Shell.

Cloud Shell in Alibaba Cloud is a free O&M service that comes with Terraform and is configured with authentication credentials. You can run Terraform commands in Cloud Shell. For more information, see Use Terraform in Cloud Shell.

Important

When you use Terraform in Cloud Shell, the destruction feature of Cloud Shell causes data loss. We recommend that you perform simple and quick Terraform operations in Cloud Shell, such as debugging operations. For more information, see Limits.

Use Terraform to create and manage ECS resources

This section describes how to create an ECS instance by using Terraform.

  1. Create a virtual private cloud (VPC) and a vSwitch.

    1. Create the terraform.tf file, enter the following content, and then save the file to the current working directory:

      resource "alicloud_vpc" "vpc" {
        vpc_name   = "tf_test_foo"
        cidr_block = "172.16.0.0/12"
      }
      
      resource "alicloud_vswitch" "vsw" {
        vpc_id     = alicloud_vpc.vpc.id
        cidr_block = "172.16.0.0/21"
        zone_id    = "cn-beijing-f"
      }
    2. Run the terraform init command to initialize Terraform and download the required plug-ins.

    3. Run the terraform apply command to create a VPC and a vSwitch.

    4. Run the terraform show command to view the created VPC and vSwitch.

      You can also log on to the VPC console to view the attributes of the VPC and vSwitch.

  2. Create a security group in the VPC created in the previous step, and add an inbound security group rule that allows the 192.168.0.0/16 CIDR block to access ECS instances in the security group.

    1. Add the following code to the terraform.tf file:

      resource "alicloud_security_group" "default" {
        name   = "default"
        vpc_id = alicloud_vpc.vpc.id
      }
      
      resource "alicloud_security_group_rule" "allow_tcp" {
        type              = "ingress"
        ip_protocol       = "tcp"
        nic_type          = "intranet"
        policy            = "accept"
        port_range        = "1/65535"
        priority          = 1
        security_group_id = alicloud_security_group.default.id
        cidr_ip           = "192.168.0.0/16"
      }
    2. Run the terraform apply command to create the security group and add the security group rule.

    3. Run the terraform show command to view the security group and security group rule.

      You can also log on to the ECS console to view the security group and security group rule.

  3. Create an ECS instance.

    1. Add the following code to the terraform.tf file:

      resource "alicloud_instance" "instance" {
        # cn-beijing
        availability_zone = "cn-beijing-f"
        security_groups   = alicloud_security_group.default.*.id
        # series III
        instance_type              = "ecs.e-c1m1.large"
        system_disk_category       = "cloud_essd"
        image_id                   = "aliyun_2_1903_x64_20G_alibase_20240628.vhd"
        instance_name              = "test_foo"
        vswitch_id                 = alicloud_vswitch.vsw.id
        internet_max_bandwidth_out = 10
        password                   = "Terraform@Example"
      }
      
      output "public_ip" {
          value = alicloud_instance.instance.public_ip
      }
      Note
      • In the preceding code, the internet_max_bandwidth_out parameter is set to 10. In this case, the system assigns a public IP address to the ECS instance and returns the assigned public IP address to the output element. You can use the public IP address to access the ECS instance.

      • For information about the descriptions of the parameters, see Parameter descriptions.

    2. Run the terraform apply command to create the ECS instance.

    3. Run the terraform show command to view the created ECS instance and obtain the public IP address of the instance.

    4. Run the ssh root@<Public IP address of the ECS instance> command and enter the configured password to connect to the ECS instance.

Sample code

Note

You can debug and run the code in OpenAPI Explorer. Log on to OpenAPI Explorer.

resource "alicloud_vpc" "vpc" {
  vpc_name   = "tf_test_foo"
  cidr_block = "172.16.0.0/12"
}

resource "alicloud_vswitch" "vsw" {
  vpc_id     = alicloud_vpc.vpc.id
  cidr_block = "172.16.0.0/21"
  zone_id    = "cn-beijing-f"
}

resource "alicloud_security_group" "default" {
  name   = "default"
  vpc_id = alicloud_vpc.vpc.id
}

resource "alicloud_security_group_rule" "allow_tcp" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = "1/65535"
  priority          = 1
  security_group_id = alicloud_security_group.default.id
  cidr_ip           = "192.168.0.0/16"
}
resource "alicloud_instance" "instance" {
  # cn-beijing
  availability_zone = "cn-beijing-f"
  security_groups   = alicloud_security_group.default.*.id
  # series III
  instance_type              = "ecs.e-c1m1.large"
  system_disk_category       = "cloud_essd"
  image_id                   = "aliyun_2_1903_x64_20G_alibase_20240628.vhd"
  instance_name              = "test_foo"
  vswitch_id                 = alicloud_vswitch.vsw.id
  internet_max_bandwidth_out = 10
  password                   = "Terraform@Example"
}

output "public_ip" {
    value = alicloud_instance.instance.public_ip
}

References

For information about Terraform use cases, see Use Cases.

For information about common Terraform commands, see Common commands.

For information about how to create ECS instances, see Provisioning methods of ECS instances.

Terraform is available as a managed service in Resource Orchestration Service (ROS). You can create Terraform templates in the ROS console. For more information, see Create a Terraform stack.