tobibako45 commented 4 years ago

概要

こんなのをterraformでやりたい。 RailsアプリをAWS EC2にデプロイする方法(つまづきそうなポイント) - Qiita

参考を元に、Nginxのインストールまでやってみる。リソースの中に、Provisioner(プロビジョニング) でremote-execでコマンドを実行してNginxをインストールするっぽい。たぶんこんな感じでRubyとかもインストールする？

参考

ver0.12の変更点祝 terraform v0.12.0 リリース！ upgrade やっていき！ - Qiita

AWS EC2でhello world - Qiita

AWSでTerraformに入門 | Developers.IO

【Terraform】remote-execを使ったリモートサーバーのプロビジョニング | Developers.IO

Terraform でいろいろ作った後にそれを EC2 インスタンスに渡す方法 - Qiita

AWSのEC2とRDSをTerraformで構築する　Terraform３分クッキング - Qiita

【Terraform 再入門】EC2 + RDS によるミニマム構成な AWS 環境をコマンドライン一発で構築してみよう – PSYENCE:MEDIA

TerraformでRDSを構築する作業のメモ - Qiita

tobibako45 commented 4 years ago

awsコンソールのEC2「キーペア」でterraform-testというkeyを作成。 .ssh/に置く。

とりあえずこれで terraform plan

provider "aws" {
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
  region     = var.region
}

resource "aws_vpc" "myVPC" {
  cidr_block           = "10.1.0.0/16"
  instance_tenancy     = "default"
  enable_dns_support   = "true"
  enable_dns_hostnames = "false"
  tags = {
    Name = "myVPC"
  }
}

resource "aws_internet_gateway" "myGW" {
  vpc_id = aws_vpc.myVPC.id
}

resource "aws_subnet" "public-a" {
  vpc_id            = aws_vpc.myVPC.id
  cidr_block        = "10.1.1.0/24"
  availability_zone = "ap-northeast-1a"
}

resource "aws_route_table" "public-route" {
  vpc_id = aws_vpc.myVPC.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.myGW.id
  }
}

resource "aws_route_table_association" "puclic-a" {
  subnet_id      = aws_subnet.public-a.id
  route_table_id = aws_route_table.public-route.id
}

resource "aws_security_group" "mySG" {
  name        = "my-sg"
  description = "Allow SSH inbound traffic"
  vpc_id      = aws_vpc.myVPC.id
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_instance" "my-test" {
  ami           = var.images.ap-northeast-1
  instance_type = "t2.micro"
  key_name      = "terraform-test"
  vpc_security_group_ids = [
    aws_security_group.mySG.id,
    # aws_security_group.web-server.id
  ]
  subnet_id                   = aws_subnet.public-a.id
  associate_public_ip_address = "true"
  tags = {
    Name = "my-test"
  }
}

output "public_ip_of_my-test" {
  value = aws_instance.my-test.public_ip
}

tobibako45 commented 4 years ago

なんか出た。。。

Error: Invalid output name

  on main.tf line 81, in output "public ip of my-test":
  81: output "public ip of my-test" {

A name must start with a letter or underscore and may contain only letters,
digits, underscores, and dashes.

tobibako45 commented 4 years ago

output の名前が悪いみたい。アンスコでつないでやり直し。

output "public_ip_of_my-test" {
  value = aws_instance.my-test.public_ip
}

tobibako45 commented 4 years ago

通ったらまたエラー。。。

Error: Unsupported block type

  on main.tf line 12, in resource "aws_vpc" "myVPC":
  12:   tags {

Blocks of type "tags" are not expected here. Did you mean to define argument
"tags"? If so, use the equals sign to assign it a value.

これ、versionの変更っぽい。

ver0.12の変更点

祝 terraform v0.12.0 リリース！ upgrade やっていき！ - Qiita

  tags {
    Name = "my-test"
  }

から

  tags = {
    Name = "my-test"
  }

に変更

tobibako45 commented 4 years ago

terraform plan

実行されるプランの内容が出力される

$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.my-test will be created
  + resource "aws_instance" "my-test" {
      + ami                          = "ami-cbf90ecb"
      + arn                          = (known after apply)
      + associate_public_ip_address  = true
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + get_password_data            = false
      + host_id                      = (known after apply)
      + id                           = (known after apply)
      + instance_state               = (known after apply)
      + instance_type                = "t2.micro"
      + ipv6_address_count           = (known after apply)
      + ipv6_addresses               = (known after apply)
      + key_name                     = "terraform-test"
      + network_interface_id         = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      + primary_network_interface_id = (known after apply)
      + private_dns                  = (known after apply)
      + private_ip                   = (known after apply)
      + public_dns                   = (known after apply)
      + public_ip                    = (known after apply)
      + security_groups              = (known after apply)
      + source_dest_check            = true
      + subnet_id                    = (known after apply)
      + tags                         = {
          + "Name" = "my-test"
        }
      + tenancy                      = (known after apply)
      + volume_tags                  = (known after apply)
      + vpc_security_group_ids       = (known after apply)

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = (known after apply)
          + http_put_response_hop_limit = (known after apply)
          + http_tokens                 = (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }
    }

  # aws_internet_gateway.myGW will be created
  + resource "aws_internet_gateway" "myGW" {
      + id       = (known after apply)
      + owner_id = (known after apply)
      + vpc_id   = (known after apply)
    }

  # aws_route_table.public-route will be created
  + resource "aws_route_table" "public-route" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + cidr_block                = "0.0.0.0/0"
              + egress_only_gateway_id    = ""
              + gateway_id                = (known after apply)
              + instance_id               = ""
              + ipv6_cidr_block           = ""
              + nat_gateway_id            = ""
              + network_interface_id      = ""
              + transit_gateway_id        = ""
              + vpc_peering_connection_id = ""
            },
        ]
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.puclic-a will be created
  + resource "aws_route_table_association" "puclic-a" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_security_group.mySG will be created
  + resource "aws_security_group" "mySG" {
      + arn                    = (known after apply)
      + description            = "Allow SSH inbound traffic"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "my-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # aws_subnet.public-a will be created
  + resource "aws_subnet" "public-a" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.1.1.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + vpc_id                          = (known after apply)
    }

  # aws_vpc.myVPC will be created
  + resource "aws_vpc" "myVPC" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "10.1.0.0/16"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = false
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Name" = "myVPC"
        }
    }

Plan: 7 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

tobibako45 commented 4 years ago

terraform apply

実行する

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.my-test will be created
  + resource "aws_instance" "my-test" {
      + ami                          = "ami-xxxxxxxxxxx"
      + arn                          = (known after apply)
      + associate_public_ip_address  = true
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + get_password_data            = false
      + host_id                      = (known after apply)
      + id                           = (known after apply)
      + instance_state               = (known after apply)
      + instance_type                = "t2.micro"
      + ipv6_address_count           = (known after apply)
      + ipv6_addresses               = (known after apply)
      + key_name                     = "terraform-test"
      + network_interface_id         = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      + primary_network_interface_id = (known after apply)
      + private_dns                  = (known after apply)
      + private_ip                   = (known after apply)
      + public_dns                   = (known after apply)
      + public_ip                    = (known after apply)
      + security_groups              = (known after apply)
      + source_dest_check            = true
      + subnet_id                    = (known after apply)
      + tags                         = {
          + "Name" = "my-test"
        }
      + tenancy                      = (known after apply)
      + volume_tags                  = (known after apply)
      + vpc_security_group_ids       = (known after apply)

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = (known after apply)
          + http_put_response_hop_limit = (known after apply)
          + http_tokens                 = (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }
    }

  # aws_internet_gateway.myGW will be created
  + resource "aws_internet_gateway" "myGW" {
      + id       = (known after apply)
      + owner_id = (known after apply)
      + vpc_id   = (known after apply)
    }

  # aws_route_table.public-route will be created
  + resource "aws_route_table" "public-route" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + cidr_block                = "0.0.0.0/0"
              + egress_only_gateway_id    = ""
              + gateway_id                = (known after apply)
              + instance_id               = ""
              + ipv6_cidr_block           = ""
              + nat_gateway_id            = ""
              + network_interface_id      = ""
              + transit_gateway_id        = ""
              + vpc_peering_connection_id = ""
            },
        ]
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.puclic-a will be created
  + resource "aws_route_table_association" "puclic-a" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_security_group.mySG will be created
  + resource "aws_security_group" "mySG" {
      + arn                    = (known after apply)
      + description            = "Allow SSH inbound traffic"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "my-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # aws_subnet.public-a will be created
  + resource "aws_subnet" "public-a" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.1.1.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + vpc_id                          = (known after apply)
    }

  # aws_vpc.myVPC will be created
  + resource "aws_vpc" "myVPC" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "10.1.0.0/16"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = false
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Name" = "myVPC"
        }
    }

Plan: 7 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_vpc.myVPC: Creating...
aws_vpc.myVPC: Creation complete after 4s [id=vpc-02652ea10a08315ce]
aws_internet_gateway.myGW: Creating...
aws_subnet.public-a: Creating...
aws_security_group.mySG: Creating...
aws_subnet.public-a: Creation complete after 1s [id=subnet-xxxxxxxxxxx]
aws_internet_gateway.myGW: Creation complete after 1s [id=igw-xxxxxxxxxxx]
aws_route_table.public-route: Creating...
aws_route_table.public-route: Creation complete after 1s [id=rtb-xxxxxxxxxxx]
aws_route_table_association.puclic-a: Creating...
aws_route_table_association.puclic-a: Creation complete after 0s [id=rtbassoc-xxxxxxxxxxx]
aws_security_group.mySG: Creation complete after 3s [id=sg-xxxxxxxxxxx]
aws_instance.my-test: Creating...
aws_instance.my-test: Still creating... [10s elapsed]
aws_instance.my-test: Still creating... [20s elapsed]
aws_instance.my-test: Creation complete after 23s [id=i-xxxxxxxxxxx]

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.

Outputs:

public_ip_of_my-test = xxxxxxxxxxx

tobibako45 commented 4 years ago

おおおおーできたっぽい！！！

sshで入れるか試す

EC2をTerraformで操作、ssh - Qiita

権限を設定

$ chmod 600 ~/.ssh/terraform-test.pem

そしてアクセス。

$ ssh -i ~/.ssh/terraform-test.pem ec2-user@xxxxxxxxxxx

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2015.03-release-notes/
36 package(s) needed for security, out of 116 available
Run "sudo yum update" to apply all updates.
Amazon Linux version 2018.03 is available.
[ec2-user@ip-10-1-1-42 ~]$

できたっぽい！

tobibako45 commented 4 years ago

Nginxをinstall

既に仮想マシンが作成済みの場合は`terraform destroy`で削除しておく。

設定を追加

  provisioner "remote-exec" {
    connection {
      type = "ssh"
      host = aws_instance.my-test.public_ip
      user = "ec2-user"
      # key_file = var.ssh_key_file
      private_key = file(var.ssh_key_file)
    }
    inline = [
      "sudo yum -y install nginx",
      "sudo service nginx start",
      "sudo chkconfig nginx on"
    ]
  }

これを追記。 hostとprivate_keyを設定しないとダメ

provider "aws" {
  access_key = var.aws_access_key
  secret_key = var.aws_secret_key
  region     = var.region
}

resource "aws_vpc" "myVPC" {
  cidr_block           = "10.1.0.0/16"
  instance_tenancy     = "default"
  enable_dns_support   = "true"
  enable_dns_hostnames = "false"
  tags = {
    Name = "myVPC"
  }
}

resource "aws_internet_gateway" "myGW" {
  vpc_id = aws_vpc.myVPC.id
}

resource "aws_subnet" "public-a" {
  vpc_id            = aws_vpc.myVPC.id
  cidr_block        = "10.1.1.0/24"
  availability_zone = "ap-northeast-1a"
}

resource "aws_route_table" "public-route" {
  vpc_id = aws_vpc.myVPC.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.myGW.id
  }
}

resource "aws_route_table_association" "puclic-a" {
  subnet_id      = aws_subnet.public-a.id
  route_table_id = aws_route_table.public-route.id
}

resource "aws_security_group" "mySG" {
  name        = "my-sg"
  description = "Allow SSH inbound traffic"
  vpc_id      = aws_vpc.myVPC.id
  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "web-server" {
  name        = "web-server"
  description = "Allow HTTP inbound traffic"
  vpc_id      = aws_vpc.myVPC.id
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_instance" "my-test" {
  ami           = var.images.ap-northeast-1
  instance_type = "t2.micro"
  key_name      = "terraform-test"
  vpc_security_group_ids = [
    aws_security_group.mySG.id,
    aws_security_group.web-server.id
  ]
  subnet_id                   = aws_subnet.public-a.id
  associate_public_ip_address = "true"
  tags = {
    Name = "my-test"
  }

  provisioner "remote-exec" {
    connection {
      type = "ssh"
      host = aws_instance.my-test.public_ip
      user = "ec2-user"
      # key_file = var.ssh_key_file
      private_key = file(var.ssh_key_file)
    }
    inline = [
      "sudo yum -y install nginx",
      "sudo service nginx start",
      "sudo chkconfig nginx on"
    ]
  }
}

output "public_ip_of_my-test" {
  value = aws_instance.my-test.public_ip
}

tobibako45 commented 4 years ago

またapply

$ terraform apply

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_instance.my-test will be created
  + resource "aws_instance" "my-test" {
      + ami                          = "ami-xxxxxxxxxxx"
      + arn                          = (known after apply)
      + associate_public_ip_address  = true
      + availability_zone            = (known after apply)
      + cpu_core_count               = (known after apply)
      + cpu_threads_per_core         = (known after apply)
      + get_password_data            = false
      + host_id                      = (known after apply)
      + id                           = (known after apply)
      + instance_state               = (known after apply)
      + instance_type                = "t2.micro"
      + ipv6_address_count           = (known after apply)
      + ipv6_addresses               = (known after apply)
      + key_name                     = "terraform-test"
      + network_interface_id         = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      + primary_network_interface_id = (known after apply)
      + private_dns                  = (known after apply)
      + private_ip                   = (known after apply)
      + public_dns                   = (known after apply)
      + public_ip                    = (known after apply)
      + security_groups              = (known after apply)
      + source_dest_check            = true
      + subnet_id                    = (known after apply)
      + tags                         = {
          + "Name" = "my-test"
        }
      + tenancy                      = (known after apply)
      + volume_tags                  = (known after apply)
      + vpc_security_group_ids       = (known after apply)

      + ebs_block_device {
          + delete_on_termination = (known after apply)
          + device_name           = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      + metadata_options {
          + http_endpoint               = (known after apply)
          + http_put_response_hop_limit = (known after apply)
          + http_tokens                 = (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      + root_block_device {
          + delete_on_termination = (known after apply)
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = (known after apply)
          + volume_type           = (known after apply)
        }
    }

  # aws_internet_gateway.myGW will be created
  + resource "aws_internet_gateway" "myGW" {
      + id       = (known after apply)
      + owner_id = (known after apply)
      + vpc_id   = (known after apply)
    }

  # aws_route_table.public-route will be created
  + resource "aws_route_table" "public-route" {
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + cidr_block                = "0.0.0.0/0"
              + egress_only_gateway_id    = ""
              + gateway_id                = (known after apply)
              + instance_id               = ""
              + ipv6_cidr_block           = ""
              + nat_gateway_id            = ""
              + network_interface_id      = ""
              + transit_gateway_id        = ""
              + vpc_peering_connection_id = ""
            },
        ]
      + vpc_id           = (known after apply)
    }

  # aws_route_table_association.puclic-a will be created
  + resource "aws_route_table_association" "puclic-a" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # aws_security_group.mySG will be created
  + resource "aws_security_group" "mySG" {
      + arn                    = (known after apply)
      + description            = "Allow SSH inbound traffic"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
        ]
      + name                   = "my-sg"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # aws_security_group.web-server will be created
  + resource "aws_security_group" "web-server" {
      + arn                    = (known after apply)
      + description            = "Allow HTTP inbound traffic"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
        ]
      + name                   = "web-server"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + vpc_id                 = (known after apply)
    }

  # aws_subnet.public-a will be created
  + resource "aws_subnet" "public-a" {
      + arn                             = (known after apply)
      + assign_ipv6_address_on_creation = false
      + availability_zone               = "ap-northeast-1a"
      + availability_zone_id            = (known after apply)
      + cidr_block                      = "10.1.1.0/24"
      + id                              = (known after apply)
      + ipv6_cidr_block                 = (known after apply)
      + ipv6_cidr_block_association_id  = (known after apply)
      + map_public_ip_on_launch         = false
      + owner_id                        = (known after apply)
      + vpc_id                          = (known after apply)
    }

  # aws_vpc.myVPC will be created
  + resource "aws_vpc" "myVPC" {
      + arn                              = (known after apply)
      + assign_generated_ipv6_cidr_block = false
      + cidr_block                       = "10.1.0.0/16"
      + default_network_acl_id           = (known after apply)
      + default_route_table_id           = (known after apply)
      + default_security_group_id        = (known after apply)
      + dhcp_options_id                  = (known after apply)
      + enable_classiclink               = (known after apply)
      + enable_classiclink_dns_support   = (known after apply)
      + enable_dns_hostnames             = false
      + enable_dns_support               = true
      + id                               = (known after apply)
      + instance_tenancy                 = "default"
      + ipv6_association_id              = (known after apply)
      + ipv6_cidr_block                  = (known after apply)
      + main_route_table_id              = (known after apply)
      + owner_id                         = (known after apply)
      + tags                             = {
          + "Name" = "myVPC"
        }
    }

Plan: 8 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_vpc.myVPC: Creating...
aws_vpc.myVPC: Creation complete after 4s [id=vpc-xxxxxxxxxxx]
aws_internet_gateway.myGW: Creating...
aws_subnet.public-a: Creating...
aws_security_group.mySG: Creating...
aws_security_group.web-server: Creating...
aws_subnet.public-a: Creation complete after 1s [id=subnet-xxxxxxxxxxx]
aws_internet_gateway.myGW: Creation complete after 1s [id=igw-xxxxxxxxxxx]
aws_route_table.public-route: Creating...
aws_route_table.public-route: Creation complete after 1s [id=rtb-xxxxxxxxxxx]
aws_route_table_association.puclic-a: Creating...
aws_route_table_association.puclic-a: Creation complete after 1s [id=rtbassoc-xxxxxxxxxxx]
aws_security_group.web-server: Creation complete after 3s [id=sg-xxxxxxxxxxx]
aws_security_group.mySG: Creation complete after 3s [id=sg-xxxxxxxxxxx]
aws_instance.my-test: Creating...
aws_instance.my-test: Still creating... [10s elapsed]
aws_instance.my-test: Still creating... [20s elapsed]
aws_instance.my-test: Still creating... [30s elapsed]
aws_instance.my-test: Provisioning with 'remote-exec'...
aws_instance.my-test (remote-exec): Connecting to remote host via SSH...
aws_instance.my-test (remote-exec):   Host: xxxxxxxxxxx
aws_instance.my-test (remote-exec):   User: ec2-user
aws_instance.my-test (remote-exec):   Password: false
aws_instance.my-test (remote-exec):   Private key: true
aws_instance.my-test (remote-exec):   Certificate: false
aws_instance.my-test (remote-exec):   SSH Agent: true
aws_instance.my-test (remote-exec):   Checking Host Key: false
aws_instance.my-test (remote-exec): Connecting to remote host via SSH...
aws_instance.my-test (remote-exec):   Host: xxxxxxxxxxx
aws_instance.my-test (remote-exec):   User: ec2-user
aws_instance.my-test (remote-exec):   Password: false
aws_instance.my-test (remote-exec):   Private key: true
aws_instance.my-test (remote-exec):   Certificate: false
aws_instance.my-test (remote-exec):   SSH Agent: true
aws_instance.my-test (remote-exec):   Checking Host Key: false
aws_instance.my-test: Still creating... [40s elapsed]
aws_instance.my-test (remote-exec): Connecting to remote host via SSH...
aws_instance.my-test (remote-exec):   Host: xxxxxxxxxxx
aws_instance.my-test (remote-exec):   User: ec2-user
aws_instance.my-test (remote-exec):   Password: false
aws_instance.my-test (remote-exec):   Private key: true
aws_instance.my-test (remote-exec):   Certificate: false
aws_instance.my-test (remote-exec):   SSH Agent: true
aws_instance.my-test (remote-exec):   Checking Host Key: false
aws_instance.my-test (remote-exec): Connecting to remote host via SSH...
aws_instance.my-test (remote-exec):   Host: xxxxxxxxxxx
aws_instance.my-test (remote-exec):   User: ec2-user
aws_instance.my-test (remote-exec):   Password: false
aws_instance.my-test (remote-exec):   Private key: true
aws_instance.my-test (remote-exec):   Certificate: false
aws_instance.my-test (remote-exec):   SSH Agent: true
aws_instance.my-test (remote-exec):   Checking Host Key: false
aws_instance.my-test: Still creating... [50s elapsed]
aws_instance.my-test (remote-exec): Connecting to remote host via SSH...
aws_instance.my-test (remote-exec):   Host: xxxxxxxxxxx
aws_instance.my-test (remote-exec):   User: ec2-user
aws_instance.my-test (remote-exec):   Password: false
aws_instance.my-test (remote-exec):   Private key: true
aws_instance.my-test (remote-exec):   Certificate: false
aws_instance.my-test (remote-exec):   SSH Agent: true
aws_instance.my-test (remote-exec):   Checking Host Key: false
aws_instance.my-test: Still creating... [1m0s elapsed]
aws_instance.my-test (remote-exec): Connecting to remote host via SSH...
aws_instance.my-test (remote-exec):   Host: xxxxxxxxxxx
aws_instance.my-test (remote-exec):   User: ec2-user
aws_instance.my-test (remote-exec):   Password: false
aws_instance.my-test (remote-exec):   Private key: true
aws_instance.my-test (remote-exec):   Certificate: false
aws_instance.my-test (remote-exec):   SSH Agent: true
aws_instance.my-test (remote-exec):   Checking Host Key: false
aws_instance.my-test (remote-exec): Connected!
aws_instance.my-test (remote-exec): Loaded plugins: priorities, update-motd,
aws_instance.my-test (remote-exec):               : upgrade-helper
aws_instance.my-test (remote-exec): Existing lock /var/run/yum.pid: another copy is running as pid 2428.
aws_instance.my-test (remote-exec): Another app is currently holding the yum lock; waiting for it to exit...
aws_instance.my-test (remote-exec):   The other application is: yum
aws_instance.my-test (remote-exec):     Memory : 107 M RSS (362 MB VSZ)
aws_instance.my-test (remote-exec):     Started: Tue Apr 28 21:34:38 2020 - 00:04 ago
aws_instance.my-test (remote-exec):     State  : Running, pid: 2428
aws_instance.my-test: Still creating... [1m10s elapsed]
aws_instance.my-test (remote-exec): Existing lock /var/run/yum.pid: another copy is running as pid 2629.
aws_instance.my-test (remote-exec): Another app is currently holding the yum lock; waiting for it to exit...
aws_instance.my-test (remote-exec):   The other application is: yum
aws_instance.my-test (remote-exec):     Memory :  74 M RSS (328 MB VSZ)
aws_instance.my-test (remote-exec):     Started: Tue Apr 28 21:34:43 2020 - 00:01 ago
aws_instance.my-test (remote-exec):     State  : Running, pid: 2629
aws_instance.my-test (remote-exec): Resolving Dependencies
aws_instance.my-test (remote-exec): --> Running transaction check
aws_instance.my-test (remote-exec): ---> Package nginx.x86_64 1:1.16.1-1.37.amzn1 will be installed
aws_instance.my-test (remote-exec): --> Processing Dependency: libprofiler.so.0()(64bit) for package: 1:nginx-1.16.1-1.37.amzn1.x86_64
aws_instance.my-test (remote-exec): --> Running transaction check
aws_instance.my-test (remote-exec): ---> Package gperftools-libs.x86_64 0:2.0-11.5.amzn1 will be installed
aws_instance.my-test (remote-exec): --> Processing Dependency: libunwind.so.8()(64bit) for package: gperftools-libs-2.0-11.5.amzn1.x86_64
aws_instance.my-test (remote-exec): --> Running transaction check
aws_instance.my-test (remote-exec): ---> Package libunwind.x86_64 0:1.1-10.8.amzn1 will be installed
aws_instance.my-test (remote-exec): --> Finished Dependency Resolution

aws_instance.my-test (remote-exec): Dependencies Resolved

aws_instance.my-test (remote-exec): ========================================
aws_instance.my-test (remote-exec):  Package   Arch   Version
aws_instance.my-test (remote-exec):                      Repository    Size
aws_instance.my-test (remote-exec): ========================================
aws_instance.my-test (remote-exec): Installing:
aws_instance.my-test (remote-exec):  nginx     x86_64 1:1.16.1-1.37.amzn1
aws_instance.my-test (remote-exec):                      amzn-updates 598 k
aws_instance.my-test (remote-exec): Installing for dependencies:
aws_instance.my-test (remote-exec):  gperftools-libs
aws_instance.my-test (remote-exec):            x86_64 2.0-11.5.amzn1
aws_instance.my-test (remote-exec):                      amzn-main    570 k
aws_instance.my-test (remote-exec):  libunwind x86_64 1.1-10.8.amzn1
aws_instance.my-test (remote-exec):                      amzn-main     72 k

aws_instance.my-test (remote-exec): Transaction Summary
aws_instance.my-test (remote-exec): ========================================
aws_instance.my-test (remote-exec): Install  1 Package (+2 Dependent packages)

aws_instance.my-test (remote-exec): Total download size: 1.2 M
aws_instance.my-test (remote-exec): Installed size: 3.0 M
aws_instance.my-test (remote-exec): Downloading packages:
aws_instance.my-test (remote-exec): (1/3): gperftools- | 570 kB   00:00
aws_instance.my-test (remote-exec): (2/3): nginx-1.16. | 598 kB   00:00
aws_instance.my-test (remote-exec): (3/3): libunwind-1 |  72 kB   00:00
aws_instance.my-test (remote-exec): ----------------------------------------
aws_instance.my-test (remote-exec): Total      4.0 MB/s | 1.2 MB  00:00
aws_instance.my-test (remote-exec): Running transaction check
aws_instance.my-test (remote-exec): Running transaction test
aws_instance.my-test (remote-exec): Transaction test succeeded
aws_instance.my-test (remote-exec): Running transaction
aws_instance.my-test (remote-exec):   Installing : libunwin [         ] 1/3
aws_instance.my-test (remote-exec):   Installing : libunwin [#####    ] 1/3
aws_instance.my-test (remote-exec):   Installing : libunwin [#######  ] 1/3
aws_instance.my-test (remote-exec):   Installing : libunwin [######## ] 1/3
aws_instance.my-test (remote-exec):   Installing : libunwind-1.1-10.8   1/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [         ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [#        ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [##       ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [###      ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [####     ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [#####    ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [######   ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [#######  ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftoo [######## ] 2/3
aws_instance.my-test (remote-exec):   Installing : gperftools-libs-2.   2/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [         ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [#        ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [##       ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [###      ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [####     ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [#####    ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [######   ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [#######  ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx- [######## ] 3/3
aws_instance.my-test (remote-exec):   Installing : 1:nginx-1.16.1-1.3   3/3
aws_instance.my-test (remote-exec):   Verifying  : libunwind-1.1-10.8   1/3
aws_instance.my-test (remote-exec):   Verifying  : gperftools-libs-2.   2/3
aws_instance.my-test (remote-exec):   Verifying  : 1:nginx-1.16.1-1.3   3/3

aws_instance.my-test (remote-exec): Installed:
aws_instance.my-test (remote-exec):   nginx.x86_64 1:1.16.1-1.37.amzn1

aws_instance.my-test (remote-exec): Dependency Installed:
aws_instance.my-test (remote-exec):   gperftools-libs.x86_64 0:2.0-11.5.amzn1
aws_instance.my-test (remote-exec):   libunwind.x86_64 0:1.1-10.8.amzn1

aws_instance.my-test (remote-exec): Complete!
aws_instance.my-test (remote-exec): Starting nginx:        [  OK  ]
aws_instance.my-test: Creation complete after 1m15s [id=i-xxxxxxxxxxx]

Apply complete! Resources: 8 added, 0 changed, 0 destroyed.

Outputs:

public_ip_of_my-test = xxxxxxxxxxx

tobibako45 commented 4 years ago

sshでログイン

ssh -i ~/.ssh/terraform-test.pem ec2-user@xxxxxxxxxxx
Last login: Tue Apr 28 21:44:54 2020 from kd222008252144.ppp-oct.au-hikari.ne.jp

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2015.03-release-notes/
36 package(s) needed for security, out of 116 available
Run "sudo yum update" to apply all updates.
Amazon Linux version 2018.03 is available.
[ec2-user@ip-10-1-1-21 ~]$ nginx -v
nginx version: nginx/1.16.1
[ec2-user@ip-10-1-1-21 ~]$

installされてる！

tobibako45 commented 4 years ago

次はRuby入れて、postgreSQLいれよ。

tobibako45 / terraform-practice-ec2

TerraformでEC2 + Nginxまでやってみる #5

概要

参考

ver0.12の変更点

terraform plan

terraform apply

sshで入れるか試す

権限を設定

そしてアクセス。

Nginxをinstall

既に仮想マシンが作成済みの場合は`terraform destroy`で削除しておく。

またapply

sshでログイン

tobibako45 / terraform-practice-ec2

TerraformでEC2 + Nginxまでやってみる #5

概要

参考

ver0.12の変更点

terraform plan

terraform apply

sshで入れるか試す

権限を設定

そしてアクセス。

Nginxをinstall

既に仮想マシンが作成済みの場合はterraform destroyで削除しておく。

またapply

sshでログイン

既に仮想マシンが作成済みの場合は`terraform destroy`で削除しておく。