使用Terraform创建S3存储桶
关于这个页面
在 Mac 上构建 terraform 的开发环境,并创建 s3 存储桶的步骤都被记录在这里。
我们将使用terraform: v0.12.0-beta1进行操作。
操作步骤
安装Terraform。
听说Terraform也有一个版本管理的管理器,所以我会使用它。
$ brew install tfenv
创建项目
$ mkdir -p path/to/your-project && cd path/to/your-project
$ echo v0.12.0-beta1 > .terraform-version
$ tfenv install
设置环境变量
我使用direnv
使用它,您可以为每个项目设置环境变量
$ brew install direnv
安装后,在bash_profile文件中添加。
eval "$(direnv hook bash)"
# vim じゃない人は不要
export EDITOR=vim
$ source ~/.bash_profile
$ direnv edit .
由于编辑器被打开,需要进行追加。
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_DEFAULT_REGION=ap-northeast-1
我觉得你会收到这样的消息
$ direnv edit .
direnv: loading .envrc
direnv: export +AWS_ACCESS_KEY_ID +AWS_DEFAULT_REGION +AWS_SECRET_ACCESS_KEY
# 確認
$ echo $AWS_DEFAULT_REGION
ap-northeast-1
创建一个名为s3的存储桶。
resource "aws_s3_bucket" "b" {
bucket = "happy-my-tf-test-bucket"
acl = "private"
tags = {
Name = "My bucket"
Environment = "Dev"
}
}
$ terraform init
# やりたいことの確認
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.b will be created
+ resource "aws_s3_bucket" "b" {
+ acceleration_status = (known after apply)
+ acl = "private"
+ arn = (known after apply)
+ bucket = "my-tf-test-bucket"
+ bucket_domain_name = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "Environment" = "Dev"
+ "Name" = "My bucket"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ versioning {
+ enabled = (known after apply)
+ mfa_delete = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
# 実行(yesをタイプする)
$ terraform apply
yes
---
Error: Error creating S3 bucket: AccessDenied: Access Denied
status code: 403, ---
因為在我的IAM中只允許READ權限,所以需要進行權限修正。
請給予我適當的權限。
另外,由于存储桶名称在全球范围内必须唯一,因此请给它取一个不会与其他重复的名字。
请注意
为了防止.envrc泄露到外部,请将其添加到.gitignore中。
参照
-
- Pragmatic Terraform On AWS
- terraform 公式doc(s3関連)
