Serverless App Engine (SAE) is a serverless Platform as a Service (PaaS) for application management. You can deploy your applications to SAE without the need to manage or maintain clusters and servers. This way, you can focus on application design and development. You can deploy applications to SAE bu using the console, API operations, plug-ins, and CI/CD tools. You can also use Terraform to deploy SAE applications. This topic describes how to create and delete an SAE applications by using Terraform.
Prerequisites
An Alibaba Cloud account has full permissions on all resources that belong to this account. If the credentials of an Alibaba Cloud account are leaked, security risks may arise. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and Create an AccessKey pair.
The following policy is attached to the RAM user that you use to run commands in Terraform. The policy includes the minimum permissions required to run commands in Terraform. For more information, see Grant permissions to a RAM user.
This custom policy allows users to manage applications and services in SAE, including describing, creating, updating, deleting, deploying, starting, and stopping applications, along with creating, updating, deleting, binding, and unbinding services.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "sae:DescribeApplications", "sae:DescribeApplication", "sae:DescribeInstances", "sae:DescribeInstance", "sae:DescribeServices", "sae:DescribeService" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "sae:CreateApplication", "sae:UpdateApplication", "sae:DeleteApplication", "sae:DeployApplication", "sae:StartApplication", "sae:StopApplication" ], "Resource": "acs:sae:*:*:application/*" }, { "Effect": "Allow", "Action": [ "sae:CreateService", "sae:UpdateService", "sae:DeleteService", "sae:BindService", "sae:UnbindService" ], "Resource": "acs:sae:*:*:service/*" } ] }The runtime environment for Terraform is prepared by using one of the following methods:
Terraform is available as a managed service in ROS. You can deploy Terraform templates in the ROS console. For more information, see Create a Terraform stack.
Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the Terraform Explorer environment to use Terraform without the need to install Terraform. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at no additional cost.
Cloud Shell: Alibaba Cloud Cloud Shell is a free O&M product that comes pre-installed with Terraform and configured with authentication credentials. Therefore, you can run Terraform commands in Cloud Shell. This method is suitable for scenarios in which you want to access and use Terraform in a fast and convenient manner at low costs.
Install and configure Terraform: This method is suitable for scenarios where network connections are unstable or a custom development environment is required.
Resources
alicloud_sae_application is designed to manage and create applications on SAE.
alicloud_vpc allows you to configure your network, including subnet planning, route tables, and network security.
alicloud_vswitch is a subnet within a VPC and used to divide the VPC into multiple subnets, each of which can have its own IP address range and route table. With VSwitch, you can deploy different applications and services in different subnets.
alicloud_security_group is a security group service used to manage network access control within a VPC.
Create an application
You can use an image or a code package to deploy an application to SAE. The code package can be a JAR, WAR, or PHP package as a .zip file. When you create an application, you can use one of the following methods to configure the virtual private cloud (VPC) based on your requirements:
Automatic configuration: SAE automatically configures the namespace, VPC, vSwitch, and security group for the application that you want to create. The default namespace is configured.
Custom configuration: You need to manually configure the namespace, VPC, vSwitch, and security group for the application that you want to create.
Automatic configuration
This section describes how to use an image to deploy an application and implement automatic application configuration. The China (Beijing) region is used in this example.
- Create a project folder named terraform for storing Terraform resources.
- Run the following command to go to the project directory:
cd terraform Create a configuration file named main.tf. Sample code.
provider "alicloud" { region = var.region } variable "region" { default = "cn-beijing" } variable "name" { default = "serverless-example" } resource "random_integer" "default" { max = 99999 min = 10000 } data "alicloud_regions" "default" { current = true } data "alicloud_zones" "default" { available_resource_creation = "VSwitch" } resource "alicloud_vpc" "default" { vpc_name = var.name cidr_block = "10.4.0.0/16" } resource "alicloud_vswitch" "default" { vswitch_name = var.name cidr_block = "10.4.0.0/24" vpc_id = alicloud_vpc.default.id zone_id = data.alicloud_zones.default.zones.0.id } resource "alicloud_security_group" "default" { vpc_id = alicloud_vpc.default.id } resource "alicloud_sae_namespace" "default" { namespace_id = "${data.alicloud_regions.default.regions.0.id}:example${random_integer.default.result}" namespace_name = var.name namespace_description = var.name enable_micro_registration = false } resource "alicloud_sae_application" "default" { app_description = var.name app_name = "${var.name}-${random_integer.default.result}" namespace_id = alicloud_sae_namespace.default.id image_url = "registry-vpc.${data.alicloud_regions.default.regions.0.id}.aliyuncs.com/sae-demo-image/consumer:1.0" package_type = "Image" security_group_id = alicloud_security_group.default.id vpc_id = alicloud_vpc.default.id vswitch_id = alicloud_vswitch.default.id timezone = "Asia/Beijing" replicas = "1" cpu = "500" memory = "2048" }You can log on to the Container Registry console and obtain the image address on the Details page of the repository. The format is as follows:
registry.<regionId>.aliyuncs.com/<namespace name><image repository name>:<image version>- Run the following command to initialize the configurations:
terraform init
Expected output:
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.Perform the following steps to create an SAE application.
Run the following command to execute the configuration file. Enter
yesas prompted and press Enter. Wait for the command to be run. If the following command output is returned, the authorization is complete.
terraform applyExpected output:
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.Verify
Run the terraform show command
Run the following command to query the details of the resources that are created by Terraform:
terraform show
Serverless App Engine SAE console screenshot
Log on to the SAE console and view the list of created applications.
You can run the following sample code in this topic with a few clicks. For more information, see Terraform Explorer.
Custom configuration: use an image to deploy an application
This section describes how to use an image to deploy an application and manually configure the application. The China (Shenzhen) region is used in this example.
- Create a project folder named terraform for storing Terraform resources.
- Run the following command to go to the project directory:
cd terraform Create a configuration file named main.tf. Sample code:
provider "alicloud" { region = var.region_id } # Specify the ID of the region. variable "region_id" { type = string default = "cn-shenzhen" } # Specify the name of the application. variable "app_name" { description = "The name of the application" type = string default = "manual-jar-tf" } # Sepcify the description of the application. variable "app_description" { default = "description created by Terraform" description = "The description of the application" type = string } # Specify the deployment method of the application. variable "package_type" { default = "FatJar" description = "The package type of the application" type = string } # Specify the CPU specifications of the instance. variable "cpu" { default = "500" description = "The cpu of the application, in unit of millicore" type = string } # Specify the memory size of the instance. variable "memory" { default = "1024" description = "The memory of the application, in unit of MB" type = string } # Specify the path of the JAR package. variable "jar_url" { description = "The JAR url of the application, such as `oss://my-bucket/my-app.jar`" type = string default = "https://edas-sz.oss-cn-shenzhen.aliyuncs.com/prod/demo/SPRING_CLOUD_CONSUMER.jar" } # Specify the number of application instances. variable "replicas" { default = "1" description = "The replicas of the application" type = string } # Specify the name of the namespace. variable "namespace_name" { description = "Namespace Name" type = string default = "tfjardemo" } # Specify the ID of the namespace. variable "namespace_id" { description = "Namespace ID" type = string default = "cn-shenzhen:tfjardemo" # Reference the existing namespace ID } # Specify the description of the namespace. variable "namespace_description" { description = "Namespace Description" default = "a namespace" } # Specify the VPC and security group. variable "name" { default = "tf" description = "The name of the security group rule" type = string } variable "description" { default = "The description of the security group rule" description = "The description of the security group rule" type = string } # Sepcify the port range of the security group rule. variable "port_range" { default = "1/65535" description = "The port range of the security group rule" type = string } # Specify the Classless Inter-Domain Routing (CIDR) block. variable "cidr_ip" { description = "cidr blocks used to create a new security group rule" type = string default = "0.0.0.0/0" } # Specify the zone in the region. variable "zone_id" { description = "Availability Zone ID" type = string default = "cn-shenzhen-e" # Select a zone with sufficient resources } # Configure log collection to Simple Log Service. variable "slsConfig" { default = "[{\"logDir\":\"\",\"logType\":\"stdout\"},{\"logDir\":\"/home/admin/logs/*.log\"}]" description = "The config of sls log collect" type = string } resource "alicloud_vpc" "vpc" { vpc_name = "tf-vpc" cidr_block = "172.16.0.0/16" } resource "alicloud_vswitch" "vswitch" { vpc_id = alicloud_vpc.vpc.id cidr_block = "172.16.1.0/24" zone_id = var.zone_id vswitch_name = "tf-vswitch" description = "tf-vswitch description" } resource "alicloud_sae_namespace" "default" { namespace_id = var.namespace_id namespace_name = var.namespace_name namespace_description = var.namespace_description } output "namespace_id" { value = var.namespace_id description = "Namespace ID" } resource "alicloud_security_group" "sg" { name = var.name description = var.description vpc_id = alicloud_vpc.vpc.id } resource "alicloud_security_group_rule" "sg_rule" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = var.port_range priority = 1 security_group_id = alicloud_security_group.sg.id cidr_ip = var.cidr_ip } resource "alicloud_sae_application" "manual" { app_name = var.app_name app_description = var.app_description deploy = true package_url = var.jar_url namespace_id = alicloud_sae_namespace.default.id vswitch_id = alicloud_vswitch.vswitch.id vpc_id = alicloud_vpc.vpc.id security_group_id = alicloud_security_group.sg.id package_type = var.package_type jdk = "Open JDK 8" timezone = "Asia/Beijing" replicas = var.replicas cpu = var.cpu memory = var.memory micro_registration = "0" lifecycle { ignore_changes = [ micro_registration ] } } output "app_id" { description = "The id of the application" value = alicloud_sae_application.manual.id } output "app_name" { description = "The name of the application" value = var.app_name }- Run the following command to initialize the configurations:
terraform init Expected output:
Perform the following steps to create an application using an image. Enter
yesas prompted and press Enter. Wait for the command to be run. If the following command output is returned, the authorization is complete.
terraform applyExpected output:
If the output is returned as expected, the application that is deployed by using the image is created.
Verify
Run the terraform show command
Run the following command to query the details of the resources that are created by Terraform:
terraform show
Serverless App Engine SAE console
Log on to the SAE console and view the list of created applications.
Custom configuration: use a JAR package to deploy an application
This section describes how to use a JAR package to deploy an application and manually configure the application. The China (Shenzhen) region is used in this example.
- Create a project folder named terraform for storing Terraform resources.
- Run the following command to go to the project directory:
cd terraform Create a configuration file named main.tf. Sample code.
provider "alicloud" { region = var.region_id } # Specify the ID of the region. variable "region_id" { type = string default = "cn-shenzhen" } # Specify the name of the application. variable "app_name" { description = "The name of the application" type = string default = "manual-jar-tf" } # Specify the description of the application. variable "app_description" { default = "description created by Terraform" description = "The description of the application" type = string } # Specify the deployment method of the application. variable "package_type" { default = "FatJar" description = "The package type of the application" type = string } # Specify the CPU specifications of the instance. variable "cpu" { default = "500" description = "The cpu of the application, in unit of millicore" type = string } # Specify the memory size of the instance. variable "memory" { default = "1024" description = "The memory of the application, in unit of MB" type = string } # Specify the path of the JAR package. variable "jar_url" { description = "The JAR url of the application, such as `oss://my-bucket/my-app.jar`" type = string default = "https://edas-sz.oss-cn-shenzhen.aliyuncs.com/prod/demo/SPRING_CLOUD_CONSUMER.jar" } # Specify the number of application instances. variable "replicas" { default = "1" description = "The replicas of the application" type = string } # Specify the name of the namespace. variable "namespace_name" { description = "Namespace Name" type = string default = "tfjardemo" } # Specify the ID of the namespace. variable "namespace_id" { description = "Namespace ID" type = string default = "cn-shenzhen:tfjardemo" # Reference the existing namespace ID } # Specify the description of the namespace. variable "namespace_description" { description = "Namespace Description" default = "a namespace" } # Specify the VPC and security group. variable "name" { default = "tf" description = "The name of the security group rule" type = string } variable "description" { default = "The description of the security group rule" description = "The description of the security group rule" type = string } # Specify the port range of the security group rule. variable "port_range" { default = "1/65535" description = "The port range of the security group rule" type = string } # Specify the CIDR block. variable "cidr_ip" { description = "cidr blocks used to create a new security group rule" type = string default = "0.0.0.0/0" } # Specify the zone in the region. variable "zone_id" { description = "Availability Zone ID" type = string default = "cn-shenzhen-e" # Select a zone with sufficient resources. } # Configure log collection to Simple Log Service. variable "slsConfig" { default = "[{\"logDir\":\"\",\"logType\":\"stdout\"},{\"logDir\":\"/home/admin/logs/*.log\"}]" description = "The config of sls log collect" type = string } resource "alicloud_vpc" "vpc" { vpc_name = "tf-vpc" cidr_block = "172.16.0.0/16" } resource "alicloud_vswitch" "vswitch" { vpc_id = alicloud_vpc.vpc.id cidr_block = "172.16.1.0/24" zone_id = var.zone_id vswitch_name = "tf-vswitch" description = "tf-vswitch description" } resource "alicloud_sae_namespace" "default" { namespace_id = var.namespace_id namespace_name = var.namespace_name namespace_description = var.namespace_description } output "namespace_id" { value = var.namespace_id description = "Namespace ID" } resource "alicloud_security_group" "sg" { name = var.name description = var.description vpc_id = alicloud_vpc.vpc.id } resource "alicloud_security_group_rule" "sg_rule" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = var.port_range priority = 1 security_group_id = alicloud_security_group.sg.id cidr_ip = var.cidr_ip } resource "alicloud_sae_application" "manual" { app_name = var.app_name app_description = var.app_description deploy = true package_url = var.jar_url namespace_id = alicloud_sae_namespace.default.id vswitch_id = alicloud_vswitch.vswitch.id vpc_id = alicloud_vpc.vpc.id security_group_id = alicloud_security_group.sg.id package_type = var.package_type jdk = "Open JDK 8" timezone = "Asia/Beijing" replicas = var.replicas cpu = var.cpu memory = var.memory micro_registration = "0" lifecycle { ignore_changes = [ micro_registration ] } } output "app_id" { description = "The id of the application" value = alicloud_sae_application.manual.id } output "app_name" { description = "The name of the application" value = var.app_name }Run the following command to initialize the configurations.
terraform initExpected output:
Perform the following steps to create an application by using a JAR package.
Run the following command to deploy the application.Enter
yesas prompted and press Enter. Wait for the command to be run. If the following command output is returned, the authorization is complete.terraform applyExpected output:
If the output is returned as expected, the application that is deployed by using the JAR package is created.
Verify:
Run the terraform show command
Run the following command to query the details of the resources that are created by Terraform:
terraform show
SAE console
Log on to the SAE console and view the created namespace.
Delete an application
This section describes how to delete an application. The auto-app-1 application is used in this example. This application was automatically created in the China (Shanghai) region.
Run the following command in the project directory to execute the configuration file:
terraform destroyExpected output:
References
For more information about Terraform, see What is Terraform?.
Manage applications by using Terraform
Manage applications in the console: Application hosting overview
Manage applications by calling API operations: List of operations by function