Managing Access Keys for IAM Users - AWS Identity and Access Management
สร้าง key pair ขึ้นมาเก็บไว้ก่อน
$ ssh-keygen
จะได้ key
$ ls ~/.ssh/
...
id_rsa id_rsa.pub ...
- main.tf //จะเป็น file หลักที่จะมีการ สร้าง instance หรือ จัดการ resource ต่างๆ
- variables.tf // ที่ๆ เราประกาศตัวแปร ไว้ใช้ ใน main.tf
provider "aws" {
profile = "$ {var.profile}"
access_key = "$ {var.access_key}"
secret_key = "$ {var.secret_key}"
region = "$ {var.region}"
}
resource "aws_key_pair" "example" {
key_name = "$ {var.key_name}"
public_key = "$ {file(var.pub_key)}"
}
resource "aws_instance" "<name_instance>" {
....
....
....
}
resource "aws_instance" "example" {
ami = "$ {var.images}"
instance_type = "$ {var.type}"
key_name = "$ {aws_key_pair.example.key_name}"
...
}
resource "aws_instance" "example" {
...
...
...
provisioner "local-exec" {
command = "echo $ {aws_instance.example.public_ip} > ip_address.txt"
}
...
...
...
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = "ubuntu"
private_key = "$ {file(var.pvt_key)}"
host = "$ {aws_instance.example.public_ip}"
timeout = "2m"
}
inline = [
"sudo apt-get update",
"sudo apt-get install nginx -y"
]
}
provider "aws" {
profile = "$ {var.profile}"
access_key = "$ {var.access_key}"
secret_key = "$ {var.secret_key}"
region = "$ {var.region}"
}
resource "aws_key_pair" "example" {
key_name = "$ {var.key_name}"
public_key = "$ {file(var.pub_key)}"
}
resource "aws_instance" "example" {
ami = "$ {var.images}"
instance_type = "$ {var.type}"
key_name = "$ {aws_key_pair.example.key_name}"
provisioner "local-exec" {
command = "echo $ {aws_instance.example.public_ip} > ip_address.txt"
}
provisioner "remote-exec" {
connection {
type = "ssh"
user = "ubuntu"
private_key = "$ {file(var.pvt_key)}"
host = "$ {aws_instance.example.public_ip}"
timeout = "2m"
}
inline = [
"sudo apt-get update",
"sudo apt-get install nginx -y"
]
}
}
variable "profile" {}
variable "access_key" {}
variable "secret_key" {}
variable "pub_key" {}
variable "pvt_key" {}
variable "region" {}
variable "images" {}
variable "type" {}
variable "key_name" {}
$ terraform init
$ terraform plan \
-var "profile=xxx"
-var "access_key=xxx"
-var "secret_key=xxx"
-var "pub_key=xxx"
-var "pvt_key=xxx"
-var "region=xxx"
-var "images=xxx"
-var "type=xxx"
-var "key_name=xxx"
# example
$ terraform plan \
-var "profile=xxx"
-var "access_key=<accesskey จาก aws iam>"
-var "secret_key=<secretkey จาก aws iam>"
-var "pub_key=~/.ssh/key.pub"
-var "pvt_key=~/.ssh/key"
-var "region=ap-northeast-1"
-var "images=ami-07f4cb4629342979c"
-var "type=t2.nano"
-var "key_name=thnovice"
เมื่อ เสร็จ จะได้ ไฟล์มาอีกตัวนึง ชื่อว่า terraform.tfplan เพื่อเป็นการ บันทึก โครงสร้างที่เราทำไว้
$ terraform apply \
-var "profile=xxx"
-var "access_key=xxx"
-var "secret_key=xxx"
-var "pub_key=xxx"
-var "pvt_key=xxx"
-var "region=xxx"
-var "images=xxx"
-var "type=xxx"
-var "key_name=xxx"
--auto-approve
#example apply
$ terraform apply \
-var "profile=xxx"
-var "access_key=<accesskey จาก aws iam>"
-var "secret_key=<secretkey จาก aws iam>"
-var "pub_key=~/.ssh/key.pub"
-var "pvt_key=~/.ssh/key"
-var "region=ap-northeast-1"
-var "images=ami-07f4cb4629342979c"
-var "type=t2.nano"
-var "key_name=thnovice"
$ terraform destoy
or
$ terraform destoy --auto-approve
จะเป็นการ destroy จาก plan ที่สร้างไว้