Use Terraform to deploy ECS - Elastic Compute Service - Alibaba Cloud Documentation Center

Terraform is an open source, infrastructure as code (IaC) tool that developers can use to define and manage infrastructure configurations by using a declarative language. Terraform provides a simple method to create, modify, or delete Elastic Compute Service (ECS) resources. Terraform helps reduce the complexity and errors of manual operations to improve the manageability and maintainability of infrastructure. This topic describes how to install and configure Terraform and use Terraform to create an ECS instance.

For more information, see What is Terraform?

Supported resources

Note

Resource: a new resource, such as an ECS instance, a virtual machine (VM), or a security group, that is used to define an infrastructure component.
Data source: the source from which you can query and obtain information about existing infrastructure components. You can specify the information in Terraform configurations to reference or configure resources.

Resources
alicloud_auto_provisioning_group: provides an auto provisioning group resource.
alicloud_disk: provides a block storage resource.
alicloud_disk_attachment: provides a resource to attach a disk to or detach a disk from an ECS instance.
alicloud_ecs_activation: provides an activation code resource.
alicloud_ecs_auto_snapshot_policy: provides an automatic snapshot policy resource.
alicloud_ecs_auto_snapshot_policy_attachment: provides a resource to associate an automatic snapshot policy with a disk.
alicloud_ecs_capacity_reservation: provides a capacity reservation resource.
alicloud_ecs_command: provides a Cloud Assistant command resource.
alicloud_ecs_dedicated_host: provides a dedicated host resource.
alicloud_ecs_dedicated_host_cluster: provides a dedicated host cluster resource.
alicloud_ecs_deployment_set: provides a deployment set resource.
alicloud_ecs_disk: provides a block storage resource.
alicloud_ecs_disk_attachment: provides a resource to attach a disk to or detach a disk from an ECS instance.
alicloud_ecs_elasticity_assurance: provides an elasticity assurance resource.
alicloud_ecs_hpc_cluster: provides a High Performance Computing (HPC) cluster resource.
alicloud_ecs_image_component: provides an image component resource.
alicloud_ecs_image_pipeline: provides an image template resource.
alicloud_ecs_instance_set: provides an ECS instance set resource.
alicloud_ecs_invocation: provides a resource to run a Cloud Assistant command on an ECS instance.
alicloud_ecs_key_pair: provides an SSH key pair resource.
alicloud_ecs_key_pair_attachment: provides a resource to bind an SSH key pair to an ECS instance.
alicloud_ecs_launch_template: provides a launch template resource.
alicloud_ecs_network_interface: provides an elastic network interface (ENI) resource.
alicloud_ecs_network_interface_attachment: provides a resource to bind an ENI to an ECS instance.
alicloud_ecs_network_interface_permission: provides a resource to grant the permissions on an ENI.
alicloud_ecs_prefix_list: provides a prefix list resource.
alicloud_ecs_session_manager_status: provides a Session Manager resource.
alicloud_ecs_snapshot: provides a snapshot resource.
alicloud_ecs_snapshot_group: provides a snapshot-consistent group resource.
alicloud_ecs_storage_capacity_unit: provides a storage capacity unit (SCU) resource.
alicloud_image: provides an image resource.
alicloud_image_copy: provides a resource to copy an image.
alicloud_image_export: provides a resource to export a custom image.
alicloud_image_import: provides a resource to import an image file.
alicloud_image_share_permission: provides a resource to grant the image sharing permission.
alicloud_instance: provides an ECS instance resource.
alicloud_key_pair: provides an SSH key pair resource.
alicloud_key_pair_attachment: provides a resource to bind an SSH key pair to an ECS instance.
alicloud_launch_template: provides a launch template resource.
alicloud_network_interface: provides an ENI resource.
alicloud_network_interface_attachment: provides a resource to bind an ENI to an ECS instance.
alicloud_ram_role_attachment: provides a resource to attach a Resource Access Management (RAM) role to an ECS instance.
alicloud_reserved_instance: provides a reserved instance resource.
alicloud_security_group: provides a security group resource.
alicloud_security_group_rule: provides a security group rule resource.
alicloud_snapshot: provides a snapshot resource.
alicloud_snapshot_policy: provides a snapshot policy resource.
Data sources
alicloud_disks: queries block storage devices.
alicloud_ecs_activations: queries activation codes.
alicloud_ecs_auto_snapshot_policies: queries automatic snapshot policies.
alicloud_ecs_capacity_reservations: queries capacity reservations.
alicloud_ecs_commands: queries Cloud Assistant commands.
alicloud_ecs_dedicated_host_clusters: queries dedicated host clusters.
alicloud_ecs_dedicated_hosts: queries dedicated hosts.
alicloud_ecs_deployment_sets: queries deployment sets.
alicloud_ecs_disks: queries block storage devices.
alicloud_ecs_elasticity_assurances: queries elasticity assurances.
alicloud_ecs_hpc_clusters: queries HPC clusters.
alicloud_ecs_image_components: queries image components.
alicloud_ecs_image_pipelines: queries image templates.
alicloud_ecs_invocations: queries Cloud Assistant command executions.
alicloud_ecs_key_pairs: queries SSH key pairs.
alicloud_ecs_launch_templates: queries launch templates.
alicloud_ecs_network_interface_permissions: queries the permissions to bind ENIs to ECS instances.
alicloud_ecs_network_interfaces: queries ENIs.
alicloud_ecs_prefix_lists: queries prefix lists.
alicloud_ecs_snapshot_groups: queries snapshot-consistent groups.
alicloud_ecs_snapshots: queries snapshots.
alicloud_ecs_storage_capacity_units: queries SCUs.
alicloud_images: queries images.
alicloud_instance_type_families: queries ECS instance families.
alicloud_instance_types: queries ECS instance types.
alicloud_instances: queries ECS instances.
alicloud_key_pairs: queries SSH key pairs.
alicloud_network_interfaces: queries ENIs.
alicloud_regions: queries Alibaba Cloud regions.
alicloud_security_group_rules: queries security group rules.
alicloud_security_groups: queries security groups.
alicloud_snapshots: queries snapshots.
alicloud_zones: queries Alibaba Cloud zones.

Install Terraform and configure permissions for Terraform

Install and configure Terraform on premises

To use Terraform on premises, you must install and preconfigure Terraform. For more information, see Install and configure Terraform in the local PC.

For higher flexibility and security of rights management, we recommend that you create and authorize a RAM user.
1. Log on to the RAM console.
2. Create a RAM user named Terraform, and create an AccessKey pair for the user. For more information, see Create a RAM user.
3. Authorize the RAM user. For more information, see Grant permissions to a RAM user.
Add environment variables to store identity information for authentication.
Go to the AccessKey Pair page to create and view your AccessKey pair.
The environment variables ensure that identity information can be obtained and authenticated when you run a Terraform template. This eliminates the risk of call failure.

Use Cloud Shell without the need to install Terraform and configure permissions for Terraform

If you do not want to install Terraform, use Cloud Shell.

Cloud Shell in Alibaba Cloud is a free O&M service that comes with Terraform and is configured with authentication credentials. You can run Terraform commands in Cloud Shell. For more information, see Use Terraform in Cloud Shell.

Important

When you use Terraform in Cloud Shell, the destruction feature of Cloud Shell causes data loss. We recommend that you perform simple and quick Terraform operations in Cloud Shell, such as debugging operations. For more information, see Limits.

Use Terraform to create and manage ECS resources

This section describes how to create an ECS instance by using Terraform.

Create a virtual private cloud (VPC) and a vSwitch.
1. Create the terraform.tf file, enter the following content, and then save the file to the current working directory:
  resource "alicloud_vpc" "vpc" { vpc_name = "tf_test_foo" cidr_block = "172.16.0.0/12" } resource "alicloud_vswitch" "vsw" { vpc_id = alicloud_vpc.vpc.id cidr_block = "172.16.0.0/21" zone_id = "cn-beijing-f" }
2. Run the terraform init command to initialize Terraform and download the required plug-ins.
3. Run the terraform apply command to create a VPC and a vSwitch.
4. Run the terraform show command to view the created VPC and vSwitch.
  You can also log on to the VPC console to view the attributes of the VPC and vSwitch.
Create a security group in the VPC created in the previous step, and add an inbound security group rule that allows the 192.168.0.0/16 CIDR block to access ECS instances in the security group.
1. Add the following code to the terraform.tf file:
  resource "alicloud_security_group" "default" { name = "default" vpc_id = alicloud_vpc.vpc.id } resource "alicloud_security_group_rule" "allow_tcp" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = "1/65535" priority = 1 security_group_id = alicloud_security_group.default.id cidr_ip = "192.168.0.0/16" }
2. Run the terraform apply command to create the security group and add the security group rule.
3. Run the terraform show command to view the security group and security group rule.
  You can also log on to the ECS console to view the security group and security group rule.
Create an ECS instance.
1. Add the following code to the terraform.tf file:
  resource "alicloud_instance" "instance" { # cn-beijing availability_zone = "cn-beijing-f" security_groups = alicloud_security_group.default.*.id # series III instance_type = "ecs.e-c1m1.large" system_disk_category = "cloud_essd" image_id = "aliyun_2_1903_x64_20G_alibase_20240628.vhd" instance_name = "test_foo" vswitch_id = alicloud_vswitch.vsw.id internet_max_bandwidth_out = 10 password = "Terraform@Example" } output "public_ip" { value = alicloud_instance.instance.public_ip }
  Note
  In the preceding code, the internet_max_bandwidth_out parameter is set to 10. In this case, the system assigns a public IP address to the ECS instance and returns the assigned public IP address to the output element. You can use the public IP address to access the ECS instance.
  For information about the descriptions of the parameters, see Parameter descriptions.
2. Run the terraform apply command to create the ECS instance.
3. Run the terraform show command to view the created ECS instance and obtain the public IP address of the instance.
4. Run the ssh root@<Public IP address of the ECS instance> command and enter the configured password to connect to the ECS instance.

Sample code

Note

You can debug and run the code in OpenAPI Explorer. Log on to OpenAPI Explorer.

resource "alicloud_vpc" "vpc" {
  vpc_name   = "tf_test_foo"
  cidr_block = "172.16.0.0/12"
}

resource "alicloud_vswitch" "vsw" {
  vpc_id     = alicloud_vpc.vpc.id
  cidr_block = "172.16.0.0/21"
  zone_id    = "cn-beijing-f"
}

resource "alicloud_security_group" "default" {
  name   = "default"
  vpc_id = alicloud_vpc.vpc.id
}

resource "alicloud_security_group_rule" "allow_tcp" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = "1/65535"
  priority          = 1
  security_group_id = alicloud_security_group.default.id
  cidr_ip           = "192.168.0.0/16"
}
resource "alicloud_instance" "instance" {
  # cn-beijing
  availability_zone = "cn-beijing-f"
  security_groups   = alicloud_security_group.default.*.id
  # series III
  instance_type              = "ecs.e-c1m1.large"
  system_disk_category       = "cloud_essd"
  image_id                   = "aliyun_2_1903_x64_20G_alibase_20240628.vhd"
  instance_name              = "test_foo"
  vswitch_id                 = alicloud_vswitch.vsw.id
  internet_max_bandwidth_out = 10
  password                   = "Terraform@Example"
}

output "public_ip" {
    value = alicloud_instance.instance.public_ip
}

References

For information about Terraform use cases, see Use Cases.

For information about common Terraform commands, see Common commands.

For information about how to create ECS instances, see Provisioning methods of ECS instances.

Terraform is available as a managed service in Resource Orchestration Service (ROS). You can create Terraform templates to define Alibaba Cloud, Amazon Web Services (AWS), or Microsoft Azure resources, specify resource parameters, and configure dependency relationships for resources. For more information, see Create a Terraform template.