Go to Qiita Advent Calendar 2024 Top
LoginSignup
12
10

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

@satoshi_iwashita(Satoshi Iwashita)

terraform で既存のVPCを操作したメモ

Last updated at Posted at 2015-04-27

terraform の全能感いいですね。
terraform 0.4.2 で既存の VPC に対して下記のことを行ったのでメモとして。

なお、インストールは brew install terraform で実施しました。

$  terraform
usage: terraform [--version] [--help] <command> [<args>]

Available commands are:
    apply      Builds or changes infrastructure
    destroy    Destroy Terraform-managed infrastructure
    get        Download and install modules for the configuration
    graph      Create a visual graph of Terraform resources
    init       Initializes Terraform configuration from a module
    output     Read an output from a state file
    plan       Generate and show an execution plan
    push       Upload this Terraform module to Atlas to run
    refresh    Update local state file against real resources
    remote     Configure remote state storage
    show       Inspect Terraform state or plan
    taint      Manually mark a resource for recreation
    version    Prints the Terraform version

$  terraform --version
Terraform v0.4.2

$  ls -l /usr/local/bin/terraform*
lrwxr-xr-x  1 hoge huga 39 Apr 27 14:21 /usr/local/bin/terraform -> ../Cellar/terraform/0.4.2/bin/terraform
lrwxr-xr-x  1 hoge huga 54 Apr 27 14:21 /usr/local/bin/terraform-provider-atlas -> ../Cellar/terraform/0.4.2/bin/terraform-provider-atlas
lrwxr-xr-x  1 hoge huga 52 Apr 27 14:21 /usr/local/bin/terraform-provider-aws -> ../Cellar/terraform/0.4.2/bin/terraform-provider-aws
lrwxr-xr-x  1 hoge huga 59 Apr 27 14:21 /usr/local/bin/terraform-provider-cloudflare -> ../Cellar/terraform/0.4.2/bin/terraform-provider-cloudflare
lrwxr-xr-x  1 hoge huga 59 Apr 27 14:21 /usr/local/bin/terraform-provider-cloudstack -> ../Cellar/terraform/0.4.2/bin/terraform-provider-cloudstack
lrwxr-xr-x  1 hoge huga 55 Apr 27 14:21 /usr/local/bin/terraform-provider-consul -> ../Cellar/terraform/0.4.2/bin/terraform-provider-consul
lrwxr-xr-x  1 hoge huga 61 Apr 27 14:21 /usr/local/bin/terraform-provider-digitalocean -> ../Cellar/terraform/0.4.2/bin/terraform-provider-digitalocean
lrwxr-xr-x  1 hoge huga 52 Apr 27 14:21 /usr/local/bin/terraform-provider-dme -> ../Cellar/terraform/0.4.2/bin/terraform-provider-dme
lrwxr-xr-x  1 hoge huga 57 Apr 27 14:21 /usr/local/bin/terraform-provider-dnsimple -> ../Cellar/terraform/0.4.2/bin/terraform-provider-dnsimple
lrwxr-xr-x  1 hoge huga 55 Apr 27 14:21 /usr/local/bin/terraform-provider-docker -> ../Cellar/terraform/0.4.2/bin/terraform-provider-docker
lrwxr-xr-x  1 hoge huga 55 Apr 27 14:21 /usr/local/bin/terraform-provider-google -> ../Cellar/terraform/0.4.2/bin/terraform-provider-google
lrwxr-xr-x  1 hoge huga 55 Apr 27 14:21 /usr/local/bin/terraform-provider-heroku -> ../Cellar/terraform/0.4.2/bin/terraform-provider-heroku
lrwxr-xr-x  1 hoge huga 56 Apr 27 14:21 /usr/local/bin/terraform-provider-mailgun -> ../Cellar/terraform/0.4.2/bin/terraform-provider-mailgun
lrwxr-xr-x  1 hoge huga 53 Apr 27 14:21 /usr/local/bin/terraform-provider-null -> ../Cellar/terraform/0.4.2/bin/terraform-provider-null
lrwxr-xr-x  1 hoge huga 58 Apr 27 14:21 /usr/local/bin/terraform-provider-openstack -> ../Cellar/terraform/0.4.2/bin/terraform-provider-openstack
lrwxr-xr-x  1 hoge huga 58 Apr 27 14:21 /usr/local/bin/terraform-provider-terraform -> ../Cellar/terraform/0.4.2/bin/terraform-provider-terraform
lrwxr-xr-x  1 hoge huga 56 Apr 27 14:21 /usr/local/bin/terraform-provisioner-file -> ../Cellar/terraform/0.4.2/bin/terraform-provisioner-file
lrwxr-xr-x  1 hoge huga 62 Apr 27 14:21 /usr/local/bin/terraform-provisioner-local-exec -> ../Cellar/terraform/0.4.2/bin/terraform-provisioner-local-exec
lrwxr-xr-x  1 hoge huga 63 Apr 27 14:21 /usr/local/bin/terraform-provisioner-remote-exec -> ../Cellar/terraform/0.4.2/bin/terraform-provisioner-remote-exec

簡単でいい感じです。

なお、ソースからインストールして、/usr/local/bin/terraform ディレクトリを作成し、パスを通してみたところ、 provider aws not found なエラーが出たので /usr/local/bin じゃないとダメなのかもしれません。

やったこと

  • サブネット作成
    • 10.0.0.0/24
    • 10.0.1.0/24
  • ルートテーブル作成
    • nat インスタンスへのデフォルトルート
    • Office へのスタティックルート
  • Network ACL作成
    • 内向き全許可
    • 外向きで 25 ポートだけ拒否

変数

変数は variables.tf とします。
VPC と Office に拠点間 VPN されていることと、VPC 内に nat インスタンスがいる場合などを想定しています。

variables.tf
variable "my-env" {
    default = {
        access_key = "**************"
        secret_key = "************************"
        region = "ap-northeast-1"
        vpc_id = "vpc-******"
        az_b = "ap-northeast-1a"
        az_c = "ap-northeast-1b"
        nat_id = "i-*******"
        office_gw = "vgw-******"z
    }
}

サブネット

subnets.tf
resource "aws_subnet" "test-1" {
    vpc_id = "${var.my-env.vpc_id}"
    cidr_block = "10.0.0.0/24"
    availability_zone = "ap-northeast-1a"
    tags {
        Name = "test-1"
    }
}

resource "aws_subnet" "test-2" {
    vpc_id = "${var.my-env.vpc_id}"
    cidr_block = "10.0.1.0/24"
    availability_zone = "ap-northeast-1b"
    tags {
        Name = "test-2"
    }
}

Route Table

route_table.rb
resource "aws_route_table" "test-rtb" {
    vpc_id = "${var.vpc_id}"
    route {
            cidr_block = "0.0.0.0/0"
            instance_id = "${var.nat_id}"
    }
    route {
            cidr_block = "192.168.1.0/24"
            gateway_id = "${var.office_gw}"
    }
}

resource "aws_route_table_association" "test-1" {
    subnet_id = "${aws_subnet.test-1.id}"
    route_table_id = "${aws_route_table.test-rtb.id}"
}

resource "aws_route_table_association" "test-2" {
    subnet_id = "${aws_subnet.test-2.id}"
    route_table_id = "${aws_route_table.test-rtb.id}"
}

Network ACL

nacl.tf
resource "aws_network_acl" "test-1_acl" {
    vpc_id ="${var.vpc_id}"
    subnet_id = "${aws_subnet.test-1.id}"
    ingress = {
        rule_no = 100
        protocol = "all"
        action = "allow"
        from_port = 0
        to_port = 65535
        cidr_block = "0.0.0.0/0"
    }
    egress {
       rule_no = 50
        protocol = "tcp"
        action = "deny"
        from_port = 25
        to_port = 25
        cidr_block = "0.0.0.0/0"

    egress {
       rule_no = 100
        protocol = "all"
        action = "allow"
        from_port = 0
        to_port = 65535
        cidr_block = "0.0.0.0/0"
    }
}

resource "aws_network_acl" "test-2_acl" {
    vpc_id ="${var.vpc_id}"
    subnet_id = "${aws_subnet.test-2.id}"
    ingress = {
        rule_no = 100
        protocol = "all"
        action = "allow"
        from_port = 0
        to_port = 65535
        cidr_block = "0.0.0.0/0"
    }
    egress {
       rule_no = 50
        protocol = "tcp"
        action = "deny"
        from_port = 25
        to_port = 25
        cidr_block = "0.0.0.0/0"
    }
    egress {
       rule_no = 100
        protocol = "all"
        action = "allow"
        from_port = 0
        to_port = 65535
        cidr_block = "0.0.0.0/0"
    }
}

実行

ファイルは以下の通りになっています。

$ tree
.
├── aws.tf
├── nacl.tf
├── route_tables.tf
├── subnets.tf
└── variables.tf

0 directories, 5 files

適用前に plan で確認し、

$ terraform plan

apply で適用します。

$ terraform apply

これでできてしまいます。すごい。
terraform destroy で簡単に壊せるし、テスト環境を作るときなどに流用しつつ運用できれば楽できそうです。

↓ 参考にさせていただきました
http://ghost.ponpokopon.me/provider-digitalocean-not-found/

12
10
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
12
10

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?