aws-terraform
テンプレート
main.tf
terraform {
# https://github.com/hashicorp/terraform/releases
required_version = ">= 1.2.8"
required_providers {
aws = {
# https://github.com/hashicorp/terraform-provider-aws/releases
source = "hashicorp/aws"
version = "~> 4.29"
}
}
backend "s3" {}
}
locals {
common_tags = {
ProjectName = "CHANGEME"
Environment = "development"
}
}
provider "aws" {
default_tags {
tags = local.common_tags
}
}
provider "aws" {
region = "us-east-1"
alias = "us_east_1"
default_tags {
tags = local.common_tags
}
}
data "aws_caller_identity" "current" {}
data "aws_region" "current" {}
script/create-tf-backend-bucket.sh
#!/bin/bash
set -xeou pipefail
read TF_BACKEND_BUCKET_NAME
aws s3 mb "s3://$TF_BACKEND_BUCKET_NAME" &&\
aws s3api put-bucket-versioning \
--bucket "$TF_BACKEND_BUCKET_NAME" \
--versioning-configuration Status=Enabled &&\
aws s3api put-public-access-block \
--bucket "$TF_BACKEND_BUCKET_NAME" \
--public-access-block-configuration "BlockPublicAcls=true,IgnorePublicAcls=true,BlockPublicPolicy=true,RestrictPublicBuckets=true"
terraform init \
-backend-config="bucket=$TF_BACKEND_BUCKET_NAME" \
-backend-config="key=terraform.tfstate"
terraform plan
reference
- AWS provider
- null_resource provider
- Functions
- meta arguments
- local-exec provisioner
tutorial
- https://learn.hashicorp.com/tutorials/terraform/aws-build?in=terraform/aws-get-started
- https://github.com/bregman-arie/devops-exercises/blob/master/exercises/terraform/README.md
best practice
- Terraform を使用するためのベスト プラクティス | Google Cloud
- ベストな Terraform ディレクトリ構成を考察してみた
- 12 Terraform Best Practices to Improve your TF workflow
- Terraform Best Practices
- https://github.com/shuaibiyy/awesome-terraform
- https://github.com/ozbillwang/terraform-best-practices
- https://github.com/nsriram/lambda-the-terraform-way
- https://spacelift.io/blog/terraform-aws-lambda
lint
GitHub Actions
- Terraform開発時のDeveloper Experienceを爆上げする
- https://github.com/marketplace/actions/hashicorp-setup-terraform
- https://github.com/runatlantis/atlantis
import
- https://github.com/GoogleCloudPlatform/terraformer/blob/master/docs/aws.md
- https://github.com/cycloidio/terracognita
- IaC化されていないリソースをdriftctlで検知する
security
- https://github.com/aquasecurity/tfsec
- https://github.com/tenable/terrascan
- Terraform で秘密情報を扱う
- セキュアなTerraformの使い方 ~ 機密情報をコードに含めず環境構築するにはどうしたらいいの?