λ沢.dev

テンプレート

main.tf

terraform {
  # https://github.com/hashicorp/terraform/releases
  required_version = ">= 1.2.8"

  required_providers {
    aws = {
      # https://github.com/hashicorp/terraform-provider-aws/releases
      source  = "hashicorp/aws"
      version = "~> 4.29"
    }
  }

  backend "s3" {}
}

locals {
  common_tags = {
    ProjectName = "CHANGEME"
    Environment = "development"
  }
}

provider "aws" {
  default_tags {
    tags = local.common_tags
  }
}

provider "aws" {
  region = "us-east-1"
  alias  = "us_east_1"

  default_tags {
    tags = local.common_tags
  }
}

data "aws_caller_identity" "current" {}

data "aws_region" "current" {}

script/create-tf-backend-bucket.sh

#!/bin/bash

set -xeou pipefail

read TF_BACKEND_BUCKET_NAME
aws s3 mb "s3://$TF_BACKEND_BUCKET_NAME" &&\
  aws s3api put-bucket-versioning \
    --bucket "$TF_BACKEND_BUCKET_NAME" \
    --versioning-configuration Status=Enabled &&\
  aws s3api put-public-access-block \
    --bucket "$TF_BACKEND_BUCKET_NAME" \
    --public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"

terraform init \
  -backend-config="bucket=$TF_BACKEND_BUCKET_NAME" \
  -backend-config="key=terraform.tfstate"
terraform plan

reference

AWS provider
- backend
- IAM Role
- Lambda
- S3
- DynamoDB
- OpenSearch
- EFS
- CloudFront
- WAF
- API Gateway
- Caller info (account id, user id, ...)
- Region info
null_resource provider
Functions
meta arguments
- providers
- depends_on
- count
- for_each
- lifecycle
local-exec provisioner

aws-terraform

テンプレート

reference

tutorial

best practice

lint

GitHub Actions

import

security

test