Terraform is an open source tool for automated resource orchestration. Terraform is available as a managed service in Resource Orchestration Service (ROS). The development methods and suggestions described in this topic are intended for users who are familiar with the related concepts of Terraform that is managed in ROS and want to develop Terraform code and use the code in ROS.
Development methods
We recommend that you use a familiar development method to write and test Terraform code. You can use one of the following development methods:
Use an on-premises environment.
Use the Terraform online debugging tool. You can use this method only for Alibaba Cloud resources.
Create a Terraform stack in the ROS console, and continue to create the stack or update the stack based on your business requirements. For more information, see Create a Terraform stack, Continue to create a stack, and Update a stack.
Development suggestions
Do not declare the Alibaba Cloud provider (alicloud) in the .tf file.
ROS provides the default provider alicloud that uses the temporary AccessKey pair or Security Token Service (STS) credential and the stack region of the current Alibaba Cloud account. The default provider of ROS provides the following benefits:
Facilitates development, improves security, and reduces risks of AccessKey pair leaks.
Ensures that resources and stacks belong to the same account and region for centralized management and integration.
Enhances features such as price inquiry, system tags, propagation of custom stack tags, propagation of stack resource groups, and risk detection when resources and stacks belong to the same account and region.
NoteIf stacks and stack groups belong to different accounts and regions, price inquiry, system tags, propagation of custom stack tags, and risk detection are supported in specific scenarios.
If stacks and stack groups belong to different regions, propagation of stack resource groups is supported in specific scenarios.
Save on-premises code to the files whose names end with .debug.tf.
When Terraform code is managed in ROS, ROS ignores the files whose names end with .debug.tf and Terraform does not orchestrate the files. When Terraform code is tested in an on-premises environment, Terraform orchestrates the files. For example, you create a file named provider.debug.tf to configure the alicloud provider. When you use the file to develop code in an on-premises environment, the configurations in the file take effect and resources are created in the China (Hong Kong) region. However, when you use the file to create a stack in ROS, the file is ignored and resources are created in the region of the stack. The following sample code shows the content of the provider.debug.tf file:
variable "region" { type = string default = "cn-hongkong" } provider "alicloud" { region ="${var.region}" }
Specify the provider version.
Terraform managed in ROS supports different versions of providers after the release of Aliyun::Terraform-v1.0. You can specify a provider version to prevent issues caused by the updates of provider versions and ensure business stability. Sample code:
terraform { required_providers { alicloud = { source = "aliyun/alicloud" version = "1.140.0" } } }
For more information about provider versions, see the "Provider version" column in Supported Terraform and provider versions.
Use Aliyun::Terraform-v1.0 or later.
Aliyun::Terraform-v0.12 and Aliyun::Terraform-v0.15 are used only to maintain compatibility. The corresponding provider versions and features are no longer updated.
Use ROS parameters other than .tfvars files to pass variable values.
ROS parameters provide the following benefits:
Reduces the number of times that a template is modified. In most cases, you need to only change the parameter values.
Has a one-to-one mapping with a variable. You can view the mappings between ROS parameters and variables in the ROS console. If .tfvars files are used, the variable values may be overwritten and the actual values may be different from the values that are displayed in the console.
For more information, see (Optional) Parameters.
Use pseudo parameters to obtain stack information.
For more information, see (Optional) Parameters. For example, you can define the ALIYUN__Region variable in the .tf file and use var.ALIYUN__Region to obtain the region of your stack. Sample code:
variable "ALIYUN__Region" { type = string default = "cn-hongkong" }
Refine variable definitions.
ROS automatically converts Terraform variables into ROS parameters. You can refine the definitions of the variables to ensure the accuracy of the conversion result. For more information, see (Optional) Parameters.
If you do not specify the type parameter for a variable, ROS may identify the variable as a character string and pass the string to Terraform. When Terraform orchestrates the variable, a variable type error may occur.
If a parameter contains sensitive information, you must set "sensitive" of the corresponding variable of the parameter to true.
variable "password" { type = string sensitive = true }
Use Metadata to control the display of parameters and variables in the console.
Group parameters: For more information, see Metadata and Use Metadata to group parameters.
Hide parameters: You can use Metadata.ALIYUN::ROS::Interface.Hidden to specify the parameters that you want to hide.
ROSTemplateFormatVersion: '2015-09-01' Description: Creates a simple oss bucket Parameters: BucketName: Type: String Label: Bucket Name Description: en: Bucket name Default: bucketName1 Metadata: ALIYUN::ROS::Interface: Hidden: - BucketName Workspace: ...
Query the constraints of parameters: You can use ResourcesForParameterConstraints of ALIYUN::ROS::Interface in the .metadata file to configure constraints for parameters. For more information, see Manually configure parameter constraint query for a Terraform template.
Control the input mode of parameters and variables in the console.
ROS parameter: You can use AssociationProperty and AssociationPropertyMetadata to automatically check the validity of values and specify valid values for ROS parameters. For more information, see AssociationProperty and AssociationPropertyMetadata and Select parameter configurations based on optional values in the ROS console.
Terraform variable: You can use the description parameter to control AssociationProperty and AssociationPropertyMetadata for Terraform variables. For more information, see (Optional) Parameters. Sample code:
variable "vpc_id" { type = string description = <<EOT { "AssociationProperty": "ALIYUN::ECS::VPC::VPCId", "Description": { "en": "Please search the ID starts with (vpc-xxx)from console-Virtual Private Cloud", }, "Label": { "en": "Existing VPC ID", } } EOT }