Terraform is an open source tool that is used to automate resource orchestration. You can use Resource Orchestration Service (ROS) to host Terraform. The development methods and suggestions that are described in this topic are intended for users who are familiar with Terraform and Terraform hosting methods and want to develop Terraform code and use the code in ROS.

Development methods

We recommend that you use a development method with which you are familiar to write and test Terraform code. You can use one of the following development methods:

Development suggestions

  • We recommend that you do not declare an Alibaba Cloud provider (alicloud) in the .tf file.

    ROS has the default provider alicloud that uses the temporary AccessKey pair or Security Token Service (STS) credential of the current Alibaba Cloud account and the region in which the stack resides. The default provider provides the following benefits:

    • Simplifies development, improves security, and reduces the risk of AccessKey pair leaks.
    • Ensures that resources and stacks are in the same region. This way, you can manage and integrate resources and stacks in a centralized manner.
    • Supports various features when resources and stacks are in the same region. The features include price inquiry, system tags, user tag propagation to stacks, resource group propagation of stacks, and risk detection.
  • We recommend that you save your local code to the file whose name is suffixed with .debug.tf.

    When you use ROS to host Terraform, ROS ignores the file whose name is suffixed with .debug.tf and does not orchestrate the file. However, when you test code on your computer, ROS orchestrates the file. For example, you compile a file named provider.debug.tf to configure the alicloud provider. When you develop code on your computer, the configurations in the file take effect, and resources are created in the China (Hong Kong) region. However, when you create a stack in the ROS console, ROS ignores the file and creates resources in the region in which the stack resides. The following sample code shows the content of the provider.debug.tf file:

    variable "region" {
      type = string
      default = "cn-hongkong"
    }
    provider "alicloud" {
      region ="${var.region}"
    }
  • We recommend that you specify the version of a provider.

    Terraform hosting supports a provider of a set of versions after the release of Aliyun::Terraform-v1.0. You can specify a provider version to prevent issues caused by updates of provider versions and ensure stability. Sample code:

    terraform {
      required_providers {
        alicloud = {
          source  = "aliyun/alicloud"
          version = "1.140.0"
        }
      }
    }

    For more information about provider versions, see the Provider version column of the ROS features and resources supported by Terraform topic.

  • We recommend that you use ROS parameters instead of .tfvars files to pass variable values.

    ROS parameters provide the following benefits:

    • ROS parameters help reduce the number of times that a template is modified. In most cases, you need to only change the parameter values.
    • Each ROS parameter corresponds to a variable. You can view the mappings between the ROS parameters and the variables in the ROS console. If .tfvars files are used, the variable values may be overwritten and the actual values become inconsistent with the values that are displayed in the console.

    For more information, see Overview.

  • We recommend that you use pseudo parameters to obatin the information about a stack.

    For more information, see Overview. For example, you can define the ALIYUN__Region variable in the .tf file and use var.ALIYUN__Region to obtain the region in which the stack resides. Sample code:

    variable "ALIYUN__Region" {
      type = string
      default = "cn-hongkong"
    }
  • We recommend that you refine the definitions of variables.

    ROS automatically converts Terraform variables to ROS parameters. You can refine the definitions of the variables to ensure the accuracy of the conversion result. For more information, see Overview.

    • If you do not specify the type parameter for a variable, ROS may identify the variable as a character string and pass the string to Terraform. When Terraform orchestrates the variable, a variable type error may occur.
    • If a parameter contains sensitive information, you must set the sensitive parameter to true for the parameter.
      variable "password" {
        type = string
        sensitive = true
      }
  • We recommend that you use Metadata to control the display of parameters in the console.
    • Group parameters: For more information, see Metadata and Use Metadata to group parameters.
    • Hide parameters: You can use Metadata.ALIYUN::ROS::Interface.Hidden to specify the list of parameters that you want to hide.
      {
        "ROSTemplateFormatVersion": "2015-09-01",
        "Description": "Creates a simple oss bucket",
        "Parameters": {
          "BucketName": {
            "Type": "String",
            "Label": "Bucket Name",
            "Description": {
              "en": "Bucket name",
               
            },
            "Default": "bucketName1"
          }
        },
        "Metadata": {
          "ALIYUN::ROS::Interface": {
            "Hidden": [
              "BucketName"
            ]
          }
        },
        "Workspace": ...
      }
    • Query the constraints of parameters: You can use the ResourcesForParameterConstraints of ALIYUN::ROS::Interface in the .metadata file to configure the constraints of parameters. For more information, see Query constraints of parameters.
  • We recommend that you control the input mode of parameters or variables in the console.
    • You can use AssociationProperty and AssociationPropertyMetadata to automatically verify the validity of values and provide valid values for ROS parameters. For more information, see AssociationProperty and AssociationPropertyMetadata and Select parameter configurations in the ROS console.
    • In Terraform variables, you can use the description parameter to control AssociationProperty and AssociationPropertyMetadata. For more information, see Structure of Terraform templates. Sample code:
      variable "vpc_id" {
        type = string
        description = <<EOT
        {
          "AssociationProperty": "ALIYUN::ECS::VPC::VPCId",
          "Description": {
            "en": "Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud",
             
          },
          "Label": {
            "en": "Existing VPC ID",
             
          }
        }
        EOT
      }