aws-terraform
init
curl -o main.tf https://www.lambdasawa.dev/data/aws-terraform-template.tf
read TF_BACKEND_BUCKET_NAME
aws s3 mb "s3://$TF_BACKEND_BUCKET_NAME" &&\
aws s3api put-bucket-versioning \
--bucket "$TF_BACKEND_BUCKET_NAME" \
--versioning-configuration Status=Enabled &&\
aws s3api put-public-access-block \
--bucket "$TF_BACKEND_BUCKET_NAME" \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
terraform init \
-backend-config="bucket=$TF_BACKEND_BUCKET_NAME" \
-backend-config="key=terraform.tfstate"
terraform plan
reference
- AWS provider
- null_resource provider
- Functions
- meta arguments
- local-exec provisioner
tutorial
- https://learn.hashicorp.com/tutorials/terraform/aws-build?in=terraform/aws-get-started
- https://github.com/bregman-arie/devops-exercises/blob/master/exercises/terraform/README.md
best practice
- Terraform を使用するためのベスト プラクティス | Google Cloud
- ベストな Terraform ディレクトリ構成を考察してみた
- 12 Terraform Best Practices to Improve your TF workflow
- Terraform Best Practices
- https://github.com/shuaibiyy/awesome-terraform
- https://github.com/ozbillwang/terraform-best-practices
- https://github.com/nsriram/lambda-the-terraform-way
- https://spacelift.io/blog/terraform-aws-lambda
lint
GitHub Actions
- Terraform開発時のDeveloper Experienceを爆上げする
- https://github.com/marketplace/actions/hashicorp-setup-terraform
- https://github.com/runatlantis/atlantis
import
- https://github.com/GoogleCloudPlatform/terraformer/blob/master/docs/aws.md
- https://github.com/cycloidio/terracognita
- IaC化されていないリソースをdriftctlで検知する
security
- https://github.com/aquasecurity/tfsec
- https://github.com/tenable/terrascan
- Terraform で秘密情報を扱う
- セキュアなTerraformの使い方 ~ 機密情報をコードに含めず環境構築するにはどうしたらいいの?