このページについて
Mac に terraform の開発環境を構築し、s3 の bucket を作るまでが書いてあります
terraform: v0.12.0-beta1 を使っていきます
手順
terraform のインストール
terraformにもバージョン管理のマネージャーがあるようなのでそれを使います
$ brew install tfenv
プロジェクト作成
$ mkdir -p path/to/your-project && cd path/to/your-project
$ echo v0.12.0-beta1 > .terraform-version
$ tfenv install
環境変数設定
direnv を使います
これを使えば、プロジェクトごとに環境変数を設定することができます
$ brew install direnv
install 後、bash_profileに追記します
eval "$(direnv hook bash)"
# vim じゃない人は不要
export EDITOR=vim
$ source ~/.bash_profile
$ direnv edit .
editorが開かれるので追記
.envrc
export AWS_ACCESS_KEY_ID=xxx
export AWS_SECRET_ACCESS_KEY=xxx
export AWS_DEFAULT_REGION=ap-northeast-1
こんなメッセージがでるかと思います
$ direnv edit .
direnv: loading .envrc
direnv: export +AWS_ACCESS_KEY_ID +AWS_DEFAULT_REGION +AWS_SECRET_ACCESS_KEY
# 確認
$ echo $AWS_DEFAULT_REGION
ap-northeast-1
s3へbucket作成
main.tf
resource "aws_s3_bucket" "b" {
bucket = "happy-my-tf-test-bucket"
acl = "private"
tags = {
Name = "My bucket"
Environment = "Dev"
}
}
$ terraform init
# やりたいことの確認
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.b will be created
+ resource "aws_s3_bucket" "b" {
+ acceleration_status = (known after apply)
+ acl = "private"
+ arn = (known after apply)
+ bucket = "my-tf-test-bucket"
+ bucket_domain_name = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "Environment" = "Dev"
+ "Name" = "My bucket"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ versioning {
+ enabled = (known after apply)
+ mfa_delete = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
# 実行(yesをタイプする)
$ terraform apply
yes
---
Error: Error creating S3 bucket: AccessDenied: Access Denied
status code: 403, ---
僕のIAMではREADのみしか許可してなかったので、権限の修正が必要でした。。
適切なのを与えてあげてください。。
あと、bucket名は全世界でユニーク
なので、適当に被らない名前をつけましょう
注意
.envrcは外に漏れないよう、.gitignore に追加しましょう