Use Terraform to create an Elastic Compute Service (ECS) cluster in Enterprise Distributed Application Service (EDAS), deploy a Java application, and bind a Classic Load Balancer (CLB) instance -- all defined as infrastructure-as-code.
Run the complete example from this tutorial directly in Terraform Explorer.
What you will build
By the end of this tutorial, your Terraform configuration provisions the following resources in sequence:
Networking and compute -- A Virtual Private Cloud (VPC), vSwitch, security group, and ECS instance.
EDAS cluster -- An ECS cluster with the ECS instance attached.
Application -- An EDAS application and deploy group.
Deployment -- The application scaled out and deployed with a demo JAR package.
Load balancing -- A CLB instance bound to the application.
Prerequisites
Before you begin, make sure that you have:
Activated the following services:
A RAM user with the minimum required permissions to avoid exposing the AccessKey pair of your Alibaba Cloud account. See Create a RAM user and Grant permissions to a RAM user
A Terraform runtime environment, set up through one of the following methods:
Terraform Explorer -- Browser-based, no installation required. Best for quick testing
Cloud Shell -- Terraform preinstalled with credentials preconfigured. Best for low-cost experimentation
Local installation -- Best for custom environments or restricted networks
Required IAM policy
Attach the following policy to your RAM user. It grants the minimum permissions for each service used in this tutorial.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"edas:CreateCluster",
"edas:ReadCluster",
"edas:DeleteCluster",
"edas:ListResourceGroup",
"edas:ListServiceGroups",
"edas:ListSwimmingLaneGroup",
"edas:ReadApplication",
"edas:ListSlb",
"edas:DeleteApplication"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ecs:CreateSecurityGroup",
"ecs:ModifySecurityGroupPolicy",
"ecs:DescribeSecurityGroups",
"ecs:ListTagResources",
"ecs:DeleteSecurityGroup",
"ecs:DescribeSecurityGroupAttribute",
"ecs:RunInstances",
"ecs:DescribeInstances",
"ecs:DescribeUserData",
"ecs:DescribeInstanceRamRole",
"ecs:DescribeInstanceAttribute",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeInstanceMaintenanceAttributes",
"ecs:DescribeDisks",
"ecs:DeleteInstance"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"edas:ManageCluster",
"edas:SynchronizeResource",
"edas:CreateApplication",
"edas:ManageApplication",
"edas:QueryMigrateEcuList",
"edas:ReadApplication"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"slb:CreateLoadBalancer",
"slb:DescribeLoadBalancerAttribute",
"slb:ListTagResources",
"slb:DeleteLoadBalancer"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:CreateVpc",
"vpc:DeleteVpc",
"vpc:CreateVSwitch",
"vpc:DeleteVSwitch"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"vpc:DescribeVpcAttribute",
"vpc:DescribeRouteTableList",
"vpc:DescribeVSwitchAttributes"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "kms:CreateKey",
"Resource": "*"
}
]
}The resources provisioned in this tutorial incur charges. Release or unsubscribe from any resources you no longer need.
Resources used
alicloud_vpc: provides a virtual private cloud (VPC).
alicloud_security_group: provides a security group.
alicloud_vswitch: provides a vSwitch.
alicloud_instance: provides an ECS instance.
alicloud_edas_cluster: provides an ECS cluster.
alicloud_edas_instance_cluster_attachment: adds an ECS instance to a cluster.
alicloud_edas_application: creates an ECS application in EDAS.
alicloud_edas_deploy_group: creates an application group.
alicloud_edas_application_scale: scales out an application.
alicloud_edas_application_deployment: deploys an application.
alicloud_slb_load_balancer: provides a CLB instance.
alicloud_edas_slb_attachment: binds an application to a CLB instance.
Terraform resources
This tutorial uses the following Terraform resources. Each link points to the Terraform Registry documentation.
Resource | Purpose |
Creates a VPC | |
Creates a security group | |
Creates a vSwitch | |
Provisions an ECS instance | |
Creates an ECS cluster in EDAS | |
Attaches an ECS instance to a cluster | |
Creates an EDAS application | |
Creates a deploy group | |
Scales out the application to an ECS instance | |
Deploys the application package | |
Creates a CLB instance | |
Binds the CLB instance to the application |
Step 1: Create an ECS instance
Provision the foundational networking and compute infrastructure: a VPC, security group, vSwitch, and an ECS instance.
Create a working directory and add a file named
main.tfwith the following configuration:Key configuration details:
Parameter
Value
Description
regioncn-shanghaiThe region where all resources are created
instance_typeecs.e-c1m1.largeThe ECS instance specification
vpc_cidr_block172.16.0.0/16The IP address range for the VPC
vsw_cidr_block172.16.0.0/24The IP address range for the vSwitch
system_disk_categorycloud_essdThe disk type for the system disk
variable "region" { default = "cn-shanghai" } variable "instance_type" { type = string default = "ecs.e-c1m1.large" } variable "vpc_cidr_block" { default = "172.16.0.0/16" } variable "vsw_cidr_block" { default = "172.16.0.0/24" } # Demo Spring Cloud Consumer JAR from the official EDAS download page. variable "war_url" { type = string default = "http://edas-sz.oss-cn-shenzhen.aliyuncs.com/prod/demo/SPRING_CLOUD_CONSUMER.jar" } provider "alicloud" { region = var.region } # Look up an availability zone that supports the specified instance type # and disk category. data "alicloud_zones" "default" { available_instance_type = var.instance_type available_resource_creation = "VSwitch" available_disk_category = "cloud_essd" } # Generate a random suffix for globally unique resource names. resource "random_integer" "default" { min = 10000 max = 99999 } # Create a VPC. resource "alicloud_vpc" "vpc" { vpc_name = "vpc-test_${random_integer.default.result}" cidr_block = var.vpc_cidr_block } # Create a security group inside the VPC. resource "alicloud_security_group" "group" { name = "test_${random_integer.default.result}" vpc_id = alicloud_vpc.vpc.id } # Create a vSwitch in the first available zone. resource "alicloud_vswitch" "vswitch" { vpc_id = alicloud_vpc.vpc.id cidr_block = var.vsw_cidr_block zone_id = data.alicloud_zones.default.zones[0].id vswitch_name = "vswitch-test-${random_integer.default.result}" } # Create an ECS instance. # The password below is for demonstration only. For production, use # Terraform variables with sensitive = true or a secrets manager. resource "alicloud_instance" "instance" { availability_zone = data.alicloud_zones.default.zones[0].id security_groups = alicloud_security_group.group.*.id instance_type = var.instance_type system_disk_category = "cloud_essd" system_disk_name = "test_foo_system_disk_${random_integer.default.result}" system_disk_description = "test_foo_system_disk_description" image_id = "aliyun_2_1903_x64_20G_alibase_20240628.vhd" instance_name = "test_ecs_${random_integer.default.result}" vswitch_id = alicloud_vswitch.vswitch.id internet_max_bandwidth_out = 10 password = "Terraform@Example" } # Wait for the ECS instance to finish initializing # (typically under 60 seconds). resource "time_sleep" "example" { depends_on = [alicloud_instance.instance] create_duration = "60s" }Initialize the Terraform working directory: Expected output:
terraform initTerraform has been successfully initialized!Validate the configuration to catch syntax errors or unsupported arguments: Expected output:
terraform validateSuccess! The configuration is valid.Preview the execution plan to verify what Terraform will create:
terraform planApply the configuration. When prompted, type
yesand press Enter: Expected output on success:terraform applyApply complete! Resources: 6 added, 0 changed, 0 destroyed.Verify the result. Run
terraform showto inspect the created resources: Alternatively, open the ECS console. In the left-side navigation pane, choose Instances & Images > Instances. Select China (Shanghai) in the top navigation bar to view the instance.terraform show
Step 2: Create an ECS cluster and attach the instance
Create an EDAS ECS cluster and attach the ECS instance from Step 1.
Append the following code to
main.tf:Resource argument reference:
Argument
Value
Description
cluster_type"2"Specifies an ECS cluster. Use
"1"for a Swarm clusternetwork_mode"2"Specifies VPC networking. Use
"1"for classic networklogical_region_idvar.regionThe region where the cluster is created
# Create an ECS cluster in EDAS. # cluster_type = "2": ECS cluster (as opposed to "1" for Swarm). # network_mode = "2": VPC network (as opposed to "1" for classic network). resource "alicloud_edas_cluster" "cluster" { cluster_name = "tf-edas-${random_integer.default.result}" cluster_type = "2" network_mode = "2" logical_region_id = var.region vpc_id = alicloud_vpc.vpc.id } # Attach the ECS instance to the cluster. # depends_on ensures the instance is fully initialized before attachment. resource "alicloud_edas_instance_cluster_attachment" "default" { depends_on = [time_sleep.example] cluster_id = alicloud_edas_cluster.cluster.id instance_ids = [alicloud_instance.instance.id] }Preview and apply the changes: When prompted, type
yesand press Enter. Expected output on success:terraform plan terraform applyApply complete! Resources: 2 added, 0 changed, 0 destroyed.Verify the result. Run
terraform showto inspect the cluster details: Alternatively, open the EDAS console. In the left-side navigation pane, choose Resource Management > ECS Clusters. Select China (Shanghai) in the top navigation bar. Click the cluster ID to view the cluster details, including the attached ECS instance.terraform show
Step 3: Create an application and a deploy group
Create an EDAS application and a deploy group within the cluster.
Append the following code to
main.tf:# Create a JAR-type application in the ECS cluster. resource "alicloud_edas_application" "app" { application_name = "tf-test-app-${random_integer.default.result}" cluster_id = alicloud_edas_cluster.cluster.id package_type = "JAR" } # Create a deploy group for the application. # Deploy groups let you manage subsets of instances independently # (for example, for canary releases). resource "alicloud_edas_deploy_group" "this" { app_id = alicloud_edas_application.app.id group_name = "tf-test-group-${random_integer.default.result}" }Preview and apply the changes: When prompted, type
yesand press Enter. Expected output on success:terraform plan terraform applyApply complete! Resources: 2 added, 0 changed, 0 destroyed.Verify the result. Run
terraform showto inspect the application and deploy group: Alternatively, open the EDAS console. In the left-side navigation pane, choose Application Management > Applications. Select China (Shanghai) in the top navigation bar. Click the application name, then click the Instance Information tab to view the deploy group.terraform show
Step 4: Scale out and deploy the application
Assign the ECS instance to the deploy group (scale-out), then deploy the demo JAR package.
Append the following code to
main.tf: Whytime_sleep? EDAS needs time to install the agent on the ECS instance and start the application. Thetime_sleepresource adds a delay so that dependent resources -- such as the CLB binding in Step 5 -- do not run before the application is ready.# Extract the deploy group ID from the composite resource ID. locals { parts = split(":", alicloud_edas_deploy_group.this.id) group_id = local.parts[2] } # Scale out: assign the ECS instance to the deploy group. resource "alicloud_edas_application_scale" "default" { app_id = alicloud_edas_application.app.id deploy_group = local.group_id ecu_info = [alicloud_edas_instance_cluster_attachment.default.ecu_map[alicloud_instance.instance.id]] } # Deploy the demo JAR to the application. # depends_on ensures scale-out and cluster attachment finish first. resource "alicloud_edas_application_deployment" "default" { depends_on = [alicloud_edas_application_scale.default, alicloud_edas_instance_cluster_attachment.default] app_id = alicloud_edas_application.app.id group_id = local.group_id war_url = var.war_url } # Wait for the application to start (typically under 60 seconds). resource "time_sleep" "example2" { depends_on = [alicloud_edas_application_deployment.default] create_duration = "60s" }Preview and apply the changes: When prompted, type
yesand press Enter. Expected output on success:terraform plan terraform applyApply complete! Resources: 3 added, 0 changed, 0 destroyed.Verify the result. Run
terraform showto inspect the deployment: Alternatively, open the EDAS console. In the left-side navigation pane, choose Application Management > Applications. Select China (Shanghai) in the top navigation bar. Click the application name, then click the Instance Information tab to check the deployment status.terraform show
Step 5: Create a CLB instance and bind it to the application
Create an internal CLB instance and bind it to the application to route traffic through the load balancer.
Append the following code to
main.tf:Resource argument reference:
Argument
Value
Description
load_balancer_specslb.s2.smallThe CLB instance specification
address_typeintranetCreates an internal load balancer accessible only within the VPC
# Create an internal CLB instance in the same vSwitch. resource "alicloud_slb_load_balancer" "default" { load_balancer_name = "tf-test-slb-${random_integer.default.result}" vswitch_id = alicloud_vswitch.vswitch.id load_balancer_spec = "slb.s2.small" address_type = "intranet" } # Bind the CLB instance to the EDAS application. # depends_on ensures the application is fully deployed and started. resource "alicloud_edas_slb_attachment" "this" { depends_on = [time_sleep.example2] app_id = alicloud_edas_application.app.id slb_id = alicloud_slb_load_balancer.default.id slb_ip = alicloud_slb_load_balancer.default.address type = alicloud_slb_load_balancer.default.address_type }Preview and apply the changes: When prompted, type
yesand press Enter. Expected output on success:terraform plan terraform applyApply complete! Resources: 2 added, 0 changed, 0 destroyed.Verify the result. Run
terraform showto inspect the CLB instance: Alternatively, open the EDAS console. In the left-side navigation pane, choose Application Management > Applications. Select China (Shanghai) in the top navigation bar. Click the application name, then click the Basic Information tab to check the bound CLB instance.terraform show
Clean up resources
When you no longer need these resources, delete them to stop incurring charges:
terraform destroyWhen prompted, type yes and press Enter.
For more information about terraform destroy, see Common commands.
Complete example
Run this example directly in Terraform Explorer.
The following main.tf file contains all the resources from Steps 1 through 5 in a single configuration.
variable "region" {
default = "cn-shanghai"
}
variable "instance_type" {
type = string
default = "ecs.e-c1m1.large"
}
variable "vpc_cidr_block" {
default = "172.16.0.0/16"
}
variable "vsw_cidr_block" {
default = "172.16.0.0/24"
}
# Demo Spring Cloud Consumer JAR from the official EDAS download page.
variable "war_url" {
type = string
default = "http://edas-sz.oss-cn-shenzhen.aliyuncs.com/prod/demo/SPRING_CLOUD_CONSUMER.jar"
}
provider "alicloud" {
region = var.region
}
# Extract the deploy group ID from the composite resource ID.
locals {
parts = split(":", alicloud_edas_deploy_group.this.id)
group_id = local.parts[2]
}
data "alicloud_zones" "default" {
available_instance_type = var.instance_type
available_resource_creation = "VSwitch"
available_disk_category = "cloud_essd"
}
# Generate a random suffix for globally unique resource names.
resource "random_integer" "default" {
min = 10000
max = 99999
}
# Create a VPC.
resource "alicloud_vpc" "vpc" {
vpc_name = "vpc-test_${random_integer.default.result}"
cidr_block = var.vpc_cidr_block
}
# Create a security group inside the VPC.
resource "alicloud_security_group" "group" {
name = "test_${random_integer.default.result}"
vpc_id = alicloud_vpc.vpc.id
}
# Create a vSwitch in the first available zone.
resource "alicloud_vswitch" "vswitch" {
vpc_id = alicloud_vpc.vpc.id
cidr_block = var.vsw_cidr_block
zone_id = data.alicloud_zones.default.zones[0].id
vswitch_name = "vswitch-test-${random_integer.default.result}"
}
# Create an ECS instance.
# The password below is for demonstration only. For production, use
# Terraform variables with sensitive = true or a secrets manager.
resource "alicloud_instance" "instance" {
availability_zone = data.alicloud_zones.default.zones[0].id
security_groups = alicloud_security_group.group.*.id
instance_type = var.instance_type
system_disk_category = "cloud_essd"
system_disk_name = "test_foo_system_disk_${random_integer.default.result}"
system_disk_description = "test_foo_system_disk_description"
image_id = "aliyun_2_1903_x64_20G_alibase_20240628.vhd"
instance_name = "test_ecs_${random_integer.default.result}"
vswitch_id = alicloud_vswitch.vswitch.id
internet_max_bandwidth_out = 10
password = "Terraform@Example"
}
# Wait for the ECS instance to finish initializing (typically under 60 seconds).
resource "time_sleep" "example" {
depends_on = [alicloud_instance.instance]
create_duration = "60s"
}
# Create an ECS cluster in EDAS.
# cluster_type = "2": ECS cluster (as opposed to "1" for Swarm).
# network_mode = "2": VPC network (as opposed to "1" for classic network).
resource "alicloud_edas_cluster" "cluster" {
cluster_name = "tf-edas-${random_integer.default.result}"
cluster_type = "2"
network_mode = "2"
logical_region_id = var.region
vpc_id = alicloud_vpc.vpc.id
}
# Attach the ECS instance to the cluster.
resource "alicloud_edas_instance_cluster_attachment" "default" {
depends_on = [time_sleep.example]
cluster_id = alicloud_edas_cluster.cluster.id
instance_ids = [alicloud_instance.instance.id]
}
# Create a JAR-type application in the ECS cluster.
resource "alicloud_edas_application" "app" {
application_name = "tf-test-app-${random_integer.default.result}"
cluster_id = alicloud_edas_cluster.cluster.id
package_type = "JAR"
}
# Create a deploy group for the application.
resource "alicloud_edas_deploy_group" "this" {
app_id = alicloud_edas_application.app.id
group_name = "tf-test-group-${random_integer.default.result}"
}
# Scale out: assign the ECS instance to the deploy group.
resource "alicloud_edas_application_scale" "default" {
app_id = alicloud_edas_application.app.id
deploy_group = local.group_id
ecu_info = [alicloud_edas_instance_cluster_attachment.default.ecu_map[alicloud_instance.instance.id]]
}
# Deploy the demo JAR to the application.
resource "alicloud_edas_application_deployment" "default" {
depends_on = [alicloud_edas_application_scale.default, alicloud_edas_instance_cluster_attachment.default]
app_id = alicloud_edas_application.app.id
group_id = local.group_id
war_url = var.war_url
}
# Wait for the application to start (typically under 60 seconds).
resource "time_sleep" "example2" {
depends_on = [alicloud_edas_application_deployment.default]
create_duration = "60s"
}
# Create an internal CLB instance in the same vSwitch.
resource "alicloud_slb_load_balancer" "default" {
load_balancer_name = "tf-test-slb-${random_integer.default.result}"
vswitch_id = alicloud_vswitch.vswitch.id
load_balancer_spec = "slb.s2.small"
address_type = "intranet"
}
# Bind the CLB instance to the EDAS application.
resource "alicloud_edas_slb_attachment" "this" {
depends_on = [time_sleep.example2]
app_id = alicloud_edas_application.app.id
slb_id = alicloud_slb_load_balancer.default.id
slb_ip = alicloud_slb_load_balancer.default.address
type = alicloud_slb_load_balancer.default.address_type
}For more complete examples, see the EDAS directory on GitHub.