Terraform is an open source tool that allows you to preview, configure, and manage cloud infrastructures and resources in a secure and efficient manner. This topic provides an overview of Terraform and explores its use cases in Key Management Service (KMS).
Introduction to Terraform
Terraform is a tool that supports the automated orchestration of IT infrastructure. Terraform allows you to use code to manage and maintain IT resources. For more information, see What is Terraform?
Terraform provides an easy-to-use CLI that allows you to deploy configuration files on the workloads of Alibaba Cloud services or third-party cloud services and manage the versions of the configuration files. Terraform allows you to define the infrastructure resources that are required to build cloud topologies in configuration files. The resources include virtual machines (VMs), storage accounts, and network interfaces.
Terraform can be integrated with the Alibaba Cloud provider to support new infrastructures. You can use a template to configure the Alibaba Cloud provider to define, preview, and deploy cloud infrastructure on Alibaba Cloud.
Terraform allows you to create, modify, and delete the resources of multiple Alibaba Cloud services, such as Elastic Compute Services (ECS), Virtual Private Cloud (VPC), ApsaraDB RDS, and Server Load Balancer (SLB).
Use Terraform to manage KMS resources
KMS allows you to manage the following resources by using Terraform.
Resource | Description | Provider version |
Create and manage aliases. | 1.77.0 and later | |
Create and manage application access points (AAPs). For more information, see Create an AAP. | 1.210.0 and later | |
Create and manage client keys. For more information, see Create an AAP. | 1.210.0 and later | |
Purchase and enable instances of the software key management type. For more information, see Purchase and enable a KMS instance of the software key management type. Important You can use Terraform to purchase and enable only instances of the software key management type. You cannot use Terraform to purchase and enable instance of the hardware key management type. | 1.210.0 and later | |
Create and manage keys. For more information, see Create a key. | 1.85.0 and later | |
Create and manage key versions. | 1.85.0 and later | |
Create and manage network access rules. For more information, see Create an AAP. | 1.210.0 and later | |
Create and manage permission policies. For more information, see Create an AAP. | 1.210.0 and later | |
Create and manage secrets. For more information, see Create a secret. | 1.76.0 and later |
Use Terraform
Install Terraform 0.14.0 or later.
Method 1: Use Terraform in Cloud Shell.
Configure the information about your Alibaba Cloud account.
NoteTo improve the flexibility and security of permission management, we recommend that you create a Resource Access Management (RAM) user named Terraform, create an AccessKey pair for the RAM user, and then grant the AliyunKMSFullAccess permission to the RAM user. For more information, see Create a RAM user and Grant permissions to a RAM user.
You can select an Alibaba Cloud authentication method to provide the authentication information required by Terraform.
(Recommended) Method 1: Configure environment variables to store authentication information.
The method that is used to configure environment variables varies based on the operating system. For more information, see Configure environment variables in Linux, macOS, and Windows.
export ALICLOUD_ACCESS_KEY="******" export ALICLOUD_SECRET_KEY="******" export ALICLOUD_REGION="******"Method 2: Specify authentication information in the
providercode block of the configuration file.provider "alicloud" { access_key = "******" secret_key = "******" region = "******" }
Check whether the provider version needs to be upgraded.
Query the provider version.
terraform -versionUpgrade the provider version.
terraform init -upgrade
After Terraform is installed, you can run the terraform --version command to check the version of Terraform. If the version of Terraform is earlier than 0.14.0, install a required version to overwrite Terraform.