Enterprise Distributed Application Service:Use Terraform to create an ECS cluster and deploy an application

Prerequisites

• The following services are activated:

  • Enterprise Distributed Application Service (EDAS): For information about how to activate this service, see Activate EDAS.

  • CLB: For more information, see CLB billing.

  • ECS: For more information, see Billing overview.

• A Resource Access Management (RAM) user that has the minimum required permissions is used to perform the operations in this topic. This minimizes the risk of leaking the AccessKey pair of your Alibaba Cloud account. For information about how to attach the policy that contains the minimum required permissions to the RAM user, see Create a RAM user and Grant permissions to a RAM user. In this example, the following policy is used:

  {
    "Version": "1",
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "edas:CreateCluster",
          "edas:ReadCluster",
          "edas:DeleteCluster",
          "edas:ListResourceGroup",
          "edas:ListServiceGroups",
          "edas:ListSwimmingLaneGroup",
          "edas:ReadApplication",
          "edas:ListSlb",
          "edas:DeleteApplication"
        ],
        "Resource": "*"
      },
      {
        "Effect": "Allow",
        "Action": [
          "ecs:CreateSecurityGroup",
          "ecs:ModifySecurityGroupPolicy",
          "ecs:DescribeSecurityGroups",
          "ecs:ListTagResources",
          "ecs:DeleteSecurityGroup",
          "ecs:DescribeSecurityGroupAttribute",
          "ecs:RunInstances",
          "ecs:DescribeInstances",
          "ecs:DescribeUserData",
          "ecs:DescribeInstanceRamRole",
          "ecs:DescribeInstanceAttribute",
          "ecs:DescribeNetworkInterfaces",
          "ecs:DescribeInstanceMaintenanceAttributes",
          "ecs:DescribeDisks",
          "ecs:DeleteInstance"
        ],
        "Resource": "*"
      },
      {
        "Effect": "Allow",
        "Action": [
          "edas:ManageCluster",
          "edas:SynchronizeResource",
          "edas:CreateApplication",
          "edas:ManageApplication",
          "edas:QueryMigrateEcuList",
          "edas:ReadApplication"
        ],
        "Resource": "*"
      },
      {
        "Effect": "Allow",
        "Action": [
          "slb:CreateLoadBalancer",
          "slb:DescribeLoadBalancerAttribute",
          "slb:ListTagResources",
          "slb:DeleteLoadBalancer"
        ],
        "Resource": "*"
      },
      {
        "Effect": "Allow",
        "Action": [
          "vpc:CreateVpc",
          "vpc:DeleteVpc",
          "vpc:CreateVSwitch",
          "vpc:DeleteVSwitch"
        ],
        "Resource": "*"
      },
      {
        "Effect": "Allow",
        "Action": [
          "vpc:DescribeVpcAttribute",
          "vpc:DescribeRouteTableList",
          "vpc:DescribeVSwitchAttributes"
        ],
        "Resource": "*"
      },
      {
        "Effect": "Allow",
        "Action": "kms:CreateKey",
        "Resource": "*"
      }
    ]
  }

• The runtime environment for Terraform is prepared using one of the following methods:

  • Use Terraform in Terraform Explorer: Alibaba Cloud provides Terraform Explorer, an online runtime environment for Terraform. You can use Terraform after you log on to Terraform Explorer, without the need to install Terraform. For more information, see Use Terraform in Terraform Explorer. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at no additional costs.

  • Use Terraform in Cloud Shell: Terraform is preinstalled in Cloud Shell, and identity credentials are configured. You can run Terraform commands in Cloud Shell. For more information, see Use Terraform in Cloud Shell. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at low costs.

  • Install and configure Terraform on your on-premises machine: This method is suitable for scenarios in which network conditions are poor or a custom development environment is used. For more information, see Install and configure Terraform.

Resources used

• alicloud_vpc: provides a virtual private cloud (VPC).

• alicloud_security_group: provides a security group.

• alicloud_vswitch: provides a vSwitch.

• alicloud_instance: provides an ECS instance.

• alicloud_edas_cluster: provides an ECS cluster.

• alicloud_edas_instance_cluster_attachment: adds an ECS instance to a cluster.

• alicloud_edas_application: creates an ECS application in EDAS.

• alicloud_edas_deploy_group: creates an application group.

• alicloud_edas_application_scale: scales out an application.

• alicloud_edas_application_deployment: deploys an application.

• alicloud_slb_load_balancer: provides a CLB instance.

• alicloud_edas_slb_attachment: binds an application to a CLB instance.

Step 1: Create an ECS instance

1. Create a working directory and a configuration file named main.tf in the directory. The following code is used to create an ECS instance, and the VPC, security group, and vSwitch that are required to create the ECS instance. Copy the following code to the main.tf configuration file:

   variable "region" {
     default = "cn-shanghai"
   }
   
   variable "instance_type" {
     type    = string
     default = "ecs.e-c1m1.large"
   }
   
   variable "vpc_cidr_block" {
     default = "172.16.0.0/16"
   }
   
   variable "vsw_cidr_block" {
     default = "172.16.0.0/24"
   }
   
   # Download the demo package from the official download page.
   variable "war_url" {
     type    = string
     default = "http://edas-sz.oss-cn-shenzhen.aliyuncs.com/prod/demo/SPRING_CLOUD_CONSUMER.jar"
   }
   
   provider "alicloud" {
     region = var.region
   }
   
   data "alicloud_zones" "default" {
     available_instance_type     = var.instance_type
     available_resource_creation = "VSwitch"
     available_disk_category     = "cloud_essd"
   }
   
   # Specify a random number.
   resource "random_integer" "default" {
     min = 10000
     max = 99999
   }
   
   # Create a VPC.
   resource "alicloud_vpc" "vpc" {
     vpc_name   = "vpc-test_${random_integer.default.result}"
     cidr_block = var.vpc_cidr_block
   }
   
   # Create a security group.
   resource "alicloud_security_group" "group" {
     name   = "test_${random_integer.default.result}"
     vpc_id = alicloud_vpc.vpc.id
   }
   
   # Create a vSwitch.
   resource "alicloud_vswitch" "vswitch" {
     vpc_id       = alicloud_vpc.vpc.id
     cidr_block   = var.vsw_cidr_block
     zone_id      = data.alicloud_zones.default.zones[0].id
     vswitch_name = "vswitch-test-${random_integer.default.result}"
   }
   
   # Create an ECS instance.
   resource "alicloud_instance" "instance" {
     availability_zone          = data.alicloud_zones.default.zones[0].id
     security_groups            = alicloud_security_group.group.*.id
     instance_type              = var.instance_type
     system_disk_category       = "cloud_essd"
     system_disk_name           = "test_foo_system_disk_${random_integer.default.result}"
     system_disk_description    = "test_foo_system_disk_description"
     image_id                   = "aliyun_2_1903_x64_20G_alibase_20240628.vhd"
     instance_name              = "test_ecs_${random_integer.default.result}"
     vswitch_id                 = alicloud_vswitch.vswitch.id
     internet_max_bandwidth_out = 10
     password                   = "Terraform@Example"
   }
   
   # After the ECS instance is created, wait for it to be initialized. The wait time is usually no more than 60 seconds.
   resource "time_sleep" "example" {
     depends_on      = [alicloud_instance.instance]
     create_duration = "60s"
   }

2. Run the following command to initialize the Terraform runtime environment:

   terraform init

   If the following information is returned, Terraform is initialized.

   Terraform has been successfully initialized!
   
   You may now begin working with Terraform. Try running "terraform plan" to see
   any changes that are required for your infrastructure. All Terraform commands
   should now work.
   
   If you ever set or change modules or backend configuration for Terraform,
   rerun this command to reinitialize your working directory. If you forget, other
   commands will detect it and remind you to do so if necessary.

3. Run the following command to execute the code:

   terraform apply

   During execution, enter yes as prompted and press the Enter key. Wait for the command to complete. If the following information appears, the code has been executed successfully.

   You can apply this plan to save these new output values to the Terraform state, without changing any real infrastructure.
   
   Do you want to perform these actions?
     Terraform will perform the actions described above.
     Only 'yes' will be accepted to approve.
   
     Enter a value: yes
   
   
   Apply complete!  Resources: 6 added, 0 changed, 0 destroyed.

4. Verify the result.

   Run the terraform show command

   Run the following command in the working directory to query the details of the ECS instance that is created using Terraform:

   terraform show

   

   Log on to the ECS console

   Log on to the ECS console. In the navigation pane on the left, choose Instances & Images > Instances. In the top navigation bar, select the region in which the ECS instance is created. In this example, select China (Shanghai) to view the created ECS instance.

   

Step 2: Create an ECS cluster and add the ECS instance to the cluster

1. Add the following code to the main.tf file.

   # Create an ECS cluster.
   resource "alicloud_edas_cluster" "cluster" {
     cluster_name      = "tf-edas-${random_integer.default.result}"
     cluster_type      = "2"
     network_mode      = "2"
     logical_region_id = var.region
     vpc_id            = alicloud_vpc.vpc.id
   }
   
   # Add the ECS instance to the ECS cluster.
   resource "alicloud_edas_instance_cluster_attachment" "default" {
     depends_on   = [time_sleep.example]
     cluster_id   = alicloud_edas_cluster.cluster.id
     instance_ids = [alicloud_instance.instance.id]
   }

2. Create an execution plan and preview the changes.

   terraform plan

3. Run the following command to execute the code:

   terraform apply

   During execution, enter yes as prompted and press the Enter key. Wait for the command to complete. If the following information appears, the code has been executed successfully.

   Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.

4. Verify the result.

   Run the terraform show command

   Run the following command in the working directory to query the details of the ECS cluster that is created using Terraform:

   terraform show

   

   Log on to the EDAS console

   1. Log on to the EDAS console. In the navigation pane on the left, choose Resource Management > ECS Clusters. In the top navigation bar, select the region in which the ECS cluster is created. In this example, select China (Shanghai) to view the created ECS cluster.

      

   2. Click the ID of the ECS cluster to view the cluster details.

      

Step 3: Create an application and an application group

1. Add the following code to the main.tf file.

   # Create an application.
   resource "alicloud_edas_application" "app" {
     application_name = "tf-test-app-${random_integer.default.result}"
     cluster_id       = alicloud_edas_cluster.cluster.id
     package_type     = "JAR"
   }
   
   # Create an application group.
   resource "alicloud_edas_deploy_group" "this" {
     app_id     = alicloud_edas_application.app.id
     group_name = "tf-test-group-${random_integer.default.result}"
   }

2. Create an execution plan and preview the changes.

   terraform plan

3. Run the following command to execute the code:

   terraform apply

   During execution, enter yes as prompted and press the Enter key. Wait for the command to complete. If the following information appears, the code has been executed successfully.

   Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.

4. Verify the result.

   Run the terraform show command

   Run the following command in the working directory to query the details of the application and application group that are created using Terraform:

   terraform show

   

   Log on to the EDAS console

   1. Log on to the EDAS console. In the navigation pane on the left, choose Application Management > Applications. In the top navigation bar, select the region in which the application is created. In this example, select China (Shanghai) to view the created application.

      

   2. Click the application name. On the page that appears, click the Instance Information tab to view the application group to which the application belongs.

      

Step 4: Scale out and deploy the application

1. Add the following code to the main.tf file.

   # Obtain the application group ID.
   locals {
     parts    = split(":", alicloud_edas_deploy_group.this.id)
     group_id = local.parts[2]
   }
   
   # Scale out the application.
   resource "alicloud_edas_application_scale" "default" {
     app_id       = alicloud_edas_application.app.id
     deploy_group = local.group_id
     ecu_info     = [alicloud_edas_instance_cluster_attachment.default.ecu_map[alicloud_instance.instance.id]]
   }
   
   # Deploy the application.
   resource "alicloud_edas_application_deployment" "default" {
     depends_on = [alicloud_edas_application_scale.default, alicloud_edas_instance_cluster_attachment.default]
     app_id     = alicloud_edas_application.app.id
     group_id   = local.group_id
     war_url    = var.war_url
   }
   
   # After the application is deployed, wait for it to be started. The wait time is usually no more than 60 seconds.
   resource "time_sleep" "example2" {
     depends_on      = [alicloud_edas_application_deployment.default]
     create_duration = "60s"
   }

2. Create an execution plan and preview the changes.

   terraform plan

3. Run the following command to execute the code:

   terraform apply

   During execution, enter yes as prompted and press the Enter key. Wait for the command to complete. If the following information appears, the code has been executed successfully.

   Apply complete!  Resources: 3 added, 0 changed, 0 destroyed.

4. Verify the result.

   Run the terraform show command

   Run the following command in the working directory to query the details of the application that is created using Terraform:

   terraform show

   

   Log on to the EDAS console

   Log on to the EDAS console. In the navigation pane on the left, choose Application Management > Applications. In the top navigation bar, select the region in which the application is created. In this example, select China (Shanghai) to view the created application. Click the application name. On the page that appears, click the Instance Information tab to view the deployment information about the application.

   

Step 5: Create a CLB instance and bind it to the application

1. Add the following code to the main.tf file.

   # Create a CLB instance.
   resource "alicloud_slb_load_balancer" "default" {
     load_balancer_name = "tf-test-slb-${random_integer.default.result}"
     vswitch_id         = alicloud_vswitch.vswitch.id
     load_balancer_spec = "slb.s2.small"
     address_type       = "intranet"
   }
   
   # Bind the CLB instance to the application.
   resource "alicloud_edas_slb_attachment" "this" {
     depends_on = [time_sleep.example2]
     app_id     = alicloud_edas_application.app.id
     slb_id     = alicloud_slb_load_balancer.default.id
     slb_ip     = alicloud_slb_load_balancer.default.address
     type       = alicloud_slb_load_balancer.default.address_type
   }

2. Create an execution plan and preview the changes.

   terraform plan

3. Run the following command to execute the code:

   terraform apply

   During execution, enter yes as prompted and press the Enter key. Wait for the command to complete. If the following information appears, the code has been executed successfully.

   Apply complete!  Resources: 2 added, 0 changed, 0 destroyed.

4. Verify the result.

   Run the terraform show command

   Run the following command in the working directory to query the details of the CLB instance that is created using Terraform:

   terraform show

   

   Log on to the EDAS console

   Log on to the EDAS console. In the left navigation pane, choose Application Management > Applications. In the top navigation bar, select the region in which the application is created. In this example, select China (Shanghai) to view the created application. Click the application name. On the page that appears, click the Basic Information tab to view the basic information about the application.

   

Cleanup

When you no longer need the resources created or managed by Terraform above, run the following command to release the resources. For more information about terraform destroy, see Common commands.

terraform destroy

Example

variable "region" {
  default = "cn-shanghai"
}

variable "instance_type" {
  type    = string
  default = "ecs.e-c1m1.large"
}

variable "vpc_cidr_block" {
  default = "172.16.0.0/16"
}

variable "vsw_cidr_block" {
  default = "172.16.0.0/24"
}

# Download the demo package from the official download page.
variable "war_url" {
  type    = string
  default = "http://edas-sz.oss-cn-shenzhen.aliyuncs.com/prod/demo/SPRING_CLOUD_CONSUMER.jar"
}

provider "alicloud" {
  region = var.region
}

# Obtain the application group ID.
locals {
  parts    = split(":", alicloud_edas_deploy_group.this.id)
  group_id = local.parts[2]
}

data "alicloud_zones" "default" {
  available_instance_type     = var.instance_type
  available_resource_creation = "VSwitch"
  available_disk_category     = "cloud_essd"
}

# Specify a random number.
resource "random_integer" "default" {
  min = 10000
  max = 99999
}

# Create a VPC.
resource "alicloud_vpc" "vpc" {
  vpc_name   = "vpc-test_${random_integer.default.result}"
  cidr_block = var.vpc_cidr_block
}

# Create a security group.
resource "alicloud_security_group" "group" {
  name   = "test_${random_integer.default.result}"
  vpc_id = alicloud_vpc.vpc.id
}

# Create a vSwitch.
resource "alicloud_vswitch" "vswitch" {
  vpc_id       = alicloud_vpc.vpc.id
  cidr_block   = var.vsw_cidr_block
  zone_id      = data.alicloud_zones.default.zones[0].id
  vswitch_name = "vswitch-test-${random_integer.default.result}"
}

# Create an ECS instance.
resource "alicloud_instance" "instance" {
  availability_zone          = data.alicloud_zones.default.zones[0].id
  security_groups            = alicloud_security_group.group.*.id
  instance_type              = var.instance_type
  system_disk_category       = "cloud_essd"
  system_disk_name           = "test_foo_system_disk_${random_integer.default.result}"
  system_disk_description    = "test_foo_system_disk_description"
  image_id                   = "aliyun_2_1903_x64_20G_alibase_20240628.vhd"
  instance_name              = "test_ecs_${random_integer.default.result}"
  vswitch_id                 = alicloud_vswitch.vswitch.id
  internet_max_bandwidth_out = 10
  password                   = "Terraform@Example"
}

# After the ECS instance is created, wait for it to be initialized. The wait time is usually no more than 60 seconds.
resource "time_sleep" "example" {
  depends_on      = [alicloud_instance.instance]
  create_duration = "60s"
}

# Create an ECS cluster.
resource "alicloud_edas_cluster" "cluster" {
  cluster_name      = "tf-edas-${random_integer.default.result}"
  cluster_type      = "2"
  network_mode      = "2"
  logical_region_id = var.region
  vpc_id            = alicloud_vpc.vpc.id
}

# Add the ECS instance to the ECS cluster.
resource "alicloud_edas_instance_cluster_attachment" "default" {
  depends_on   = [time_sleep.example]
  cluster_id   = alicloud_edas_cluster.cluster.id
  instance_ids = [alicloud_instance.instance.id]
}

# Create an application.
resource "alicloud_edas_application" "app" {
  application_name = "tf-test-app-${random_integer.default.result}"
  cluster_id       = alicloud_edas_cluster.cluster.id
  package_type     = "JAR"
}

# Create an application group.
resource "alicloud_edas_deploy_group" "this" {
  app_id     = alicloud_edas_application.app.id
  group_name = "tf-test-group-${random_integer.default.result}"
}

# Scale out the application.
resource "alicloud_edas_application_scale" "default" {
  app_id       = alicloud_edas_application.app.id
  deploy_group = local.group_id
  ecu_info     = [alicloud_edas_instance_cluster_attachment.default.ecu_map[alicloud_instance.instance.id]]
}

# Deploy the application.
resource "alicloud_edas_application_deployment" "default" {
  depends_on = [alicloud_edas_application_scale.default, alicloud_edas_instance_cluster_attachment.default]
  app_id     = alicloud_edas_application.app.id
  group_id   = local.group_id
  war_url    = var.war_url
}

# After the application is deployed, wait for it to be started. The wait time is usually no more than 60 seconds.
resource "time_sleep" "example2" {
  depends_on      = [alicloud_edas_application_deployment.default]
  create_duration = "60s"
}

# Create a CLB instance.
resource "alicloud_slb_load_balancer" "default" {
  load_balancer_name = "tf-test-slb-${random_integer.default.result}"
  vswitch_id         = alicloud_vswitch.vswitch.id
  load_balancer_spec = "slb.s2.small"
  address_type       = "intranet"
}

# Bind the CLB instance to the application.
resource "alicloud_edas_slb_attachment" "this" {
  depends_on = [time_sleep.example2]
  app_id     = alicloud_edas_application.app.id
  slb_id     = alicloud_slb_load_balancer.default.id
  slb_ip     = alicloud_slb_load_balancer.default.address
  type       = alicloud_slb_load_balancer.default.address_type
}

If you want to view more complete examples, visit the directory of the corresponding service in GitHub.

References

• For more information about Terraform, see What is Terraform?

• For more information about CLB, see What is CLB?.