In this, we will see how to run terraform vpc scripts with terraform commands
Terraform is an infrastructure as code (IaC) tool that allows you to build, change, and version infrastructure safely and efficiently.
Download terraform in your local computer Click here
- Set up the Environmet Variable PATH after downloading terraform
- Check the terraform version
$ terraform -v
$ git clone https://github.com/chaincodechd/fabric-terraform.git
$ cd fabric-terraform/aws/vpc-stack
Default values for all required variables are given, if you want to change the input values, Change the values in test.tfvars files
The terraform init command is used to initialize a working directory containing Terraform configuration files
$ terraform init
The terraform plan command evaluates a Terraform configuration to determine the desired state of all the resources it declares, then compares that desired state to the real infrastructure objects being managed with the current working directory and workspace.
$ terraform plan -var-file=test.tfvars
The terraform apply command executes the actions proposed in a Terraform plan. It will create all the resources proposed in Terraform plan.
$ terraform apply -var-file=test.tfvars
after executing above command, a prompt will appear type yes or if you don't want to type yes every time execute below
$ terraform apply -var-file=test.tfvars -auto-approve
The terraform destroy command terminates resources managed by your Terraform project. This command is the inverse of terraform apply in that it terminates all the resources specified in your Terraform state.
$ terraform destroy -var-file=test.tfvars
after executing above command, a prompt will appear type yes or if you don't want to type yes every time execute below
$ terraform destroy -var-file=test.tfvars -auto-approve
-
If force_destroy value is false then after running terraform destroy it throws error for s3 bucket (Error: bucket not empty) in that case you either you need to make force_destroy to true or manually delete the versions of object.
-
failed to upload state: KMS.NotFoundException: Alias │ arn:aws:kms:us-east-1:133869124648:alias/terraform-bucket-key is not found. Ignore the above error as kms key alias has been referred in backend.tf configuration
Name | Description | Type | Default | Required |
---|---|---|---|---|
name | Name to be used on all resources as prefix. | string |
ccl |
yes |
aws_profile | Name of aws credential profile | string |
cclterraform |
yes |
region | The region where to deploy this code | string |
us-east-1 |
yes |
s3_bucket_name | Name of S3 bucket to store terraform state file | string |
terraform-state-files9 |
yes |
Object_key_path | S3 object key path for terraform state file | string |
vpcstate/terraform.tfstate |
yes |
enable_versioning | Should be true to enable versioning in S3 bucket | bool |
true |
yes |
s3_acl | S3 bucket acl | string |
private |
yes |
force_destroy | Should be true to delete all versions in S3 bucket and bucket too which has been created for terraform state file | bool |
false |
yes |
block_public_access | enable block public access to s3 bucket | bool |
true |
yes |
user_arn | user arn to access to kms keys. | string |
arn:aws:iam::133869124648:user/sudhir |
yes |
cidr | The CIDR block for the VPC. Default value is a valid CIDR, but not acceptable by AWS and should be overridden. | string |
10.0.0.0/16 |
yes |
azs | Name to be used on all resources as prefix. | list(string) |
["us-east-1a", "us-east-1b", "us-east-1c"] |
yes |
public_subnets | Name to be used on all resources as prefix. | list(string) |
["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24"] |
yes |
private_subnets | Name to be used on all resources as prefix. | list(string) |
["10.0.0.0/24", "10.0.1.0/24", "10.0.2.0/24"] |
yes |
enable_dns_hostnames | Should be true to enable DNS hostnames in the VPC | bool |
true |
yes |
enable_dns_support | Should be true to enable DNS support in the VPC | bool |
true |
yes |
enable_nat_gateway | Should be true if you want to provision NAT Gateways for each of your private networks | bool |
true |
yes |
single_nat_gateway | Should be true if you want to provision a single shared NAT Gateway across all of your private networks | bool |
true |
yes |
public_inbound_acl_rules | Public subnets inbound network ACLs | list(map(string)) |
cidr_block = "0.0.0.0/0" |
no |
public_outbound_acl_rules | Public subnets outbound network ACLs | list(map(string)) |
cidr_block = "0.0.0.0/0" |
no |
private_inbound_acl_rules | Private subnets inbound network ACLs | list(map(string)) |
cidr_block = "0.0.0.0/0" |
no |
private_outbound_acl_rules | Private subnets outbound network ACLs | list(map(string)) |
cidr_block = "0.0.0.0/0" |
no |
tags | Name to be used on all resources as prefix. | map(string) |
{"env" = "dev"} |
yes |