Serverless App Engine (SAE) namespaces are used to logically isolate your applications. For example, you can use namespaces to isolate your applications in the test environment, development environment, staging environment, and online environment. This topic describes how to use Terraform to create, update, and delete an SAE namespaces.
You can run the following sample code in this topic with a few clicks. For more information, see Terraform Explorer.
Prerequisites
An Alibaba Cloud account has full permissions on all resources that belong to this account. If the credentials of an Alibaba Cloud account are leaked, security risks may arise. We recommend that you use a Resource Access Management (RAM) user and create an AccessKey pair for the RAM user. For more information, see Create a RAM user and Create an AccessKey pair.
The following policy is attached to the RAM user that you use to run commands in Terraform. The policy includes the minimum permissions required to run commands in Terraform. For more information, see Grant permissions to a RAM user.
This policy allows users to manage SAE namespaces, including creating, deleting, updating, viewing, and listing namespaces.
{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "sae:CreateNamespace", "sae:DeleteNamespace", "sae:UpdateNamespace", "sae:GetNamespace", "sae:ListNamespaces" ], "Resource": "*" } ] }The runtime environment for Terraform is prepared by using one of the following methods:
Terraform is available as a managed service in ROS. You can deploy Terraform templates in the ROS console. For more information, see Create a Terraform stack.
Use Terraform in Terraform Explorer: Alibaba Cloud provides an online runtime environment for Terraform. You can log on to the Terraform Explorer environment to use Terraform without the need to install Terraform. This method is suitable for scenarios in which you want to use and debug Terraform in a fast and convenient manner at no additional cost.
Cloud Shell: Alibaba Cloud Cloud Shell is a free O&M product that comes pre-installed with Terraform and configured with authentication credentials. Therefore, you can run Terraform commands in Cloud Shell. This method is suitable for scenarios in which you want to access and use Terraform in a fast and convenient manner at low costs.
Install and configure Terraform: This method is suitable for scenarios where network connections are unstable or a custom development environment is required.
Resources
alicloud_sae_namespace is used to create and manage an SAE namespace.
Create a namespace
In this example, a namespace is created in the China (Hangzhou) region. The name of the namespace is admin and the ID of the namespace is cn-hangzhou:admin.
- Create a project folder named terraform for storing Terraform resources.
- Run the following command to go to the project directory:
cd terraform Run the following command to create a configuration file named main.tf.
provider "alicloud" { region = var.region_id } # Sepcify the region. The default value is cn-hangzhou variable "region_id" { type = string default = "cn-hangzhou" } # Specify the description of the namespace. The default value is "a namespace sample" variable "namespace_description" { description = "Namespace Description" default = "a namespace sample" } # Specify the name of the namespace. The default value is "admin" variable "namespace_name" { description = "Namespace Name" type = string default = "admin" } # Specify the ID of the namespace. The default value is "cn-hangzhou:admin" variable "namespace_id" { description = "Namespace ID" type = string default = "cn-hangzhou:admin" } resource "alicloud_sae_namespace" "default" { namespace_description = var.namespace_description namespace_id = var.namespace_id namespace_name = var.namespace_name } output "namespace_id" { value = alicloud_sae_namespace.default.namespace_id description = "The ID of the created namespace." }Run the following command to initialize the runtime environment for Terraform:
terraform initExpected output:
Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "alicloud" (hashicorp/alicloud) 1.233.0... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.alicloud: version = "~> 1.233" Warning: registry.terraform.io: For users on Terraform 0.13 or greater, this provider has moved to aliyun/alicloud. Please update your source in required_providers. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.Run the following commands in sequence to create an SAE namespace.
Run the following command to execute the configuration file. Enter
yesas prompted and press Enter. Wait it for the command to be run. If the following command output is returned, the authorization is complete.terraform applyExpected output:
Apply complete! Resources: 1 added, 0 changed, 1 destroyed. Outputs: namespace_id = cn-hangzhou:admin
The SAE namespace is created.
Verify
Run the terraform show command
Run the following command to query the details of the resources that are created by Terraform:
terraform show
SAE console
Log on to the SAE console to view the created namespace.
Update a namespace
In this example, the name of a namespace that resides in the China (Hangzhou) region is changed from admin to prod.
Open the main.tf file and change the default value of the namespace_name variable from "admin" to "prod".
provider "alicloud" {
region = var.region_id
}
# Specify the region. The default value is cn-hangzhou
variable "region_id" {
type = string
default = "cn-hangzhou"
}
# Specify the description of the namespace. The default value is "a namespace sample"
variable "namespace_description" {
description = "Namespace Description"
default = "a namespace sample"
}
# Modify the namespace name to "prod"
variable "namespace_name" {
description = "Namespace Name"
type = string
default = "prod"
}
# Specify the ID of the namespace. The default value is "cn-hangzhou:dev"
variable "namespace_id" {
description = "Namespace ID"
type = string
default = "cn-hangzhou:admin"
}
resource "alicloud_sae_namespace" "default" {
namespace_description = var.namespace_description
namespace_id = var.namespace_id
namespace_name = var.namespace_name
}
output "namespace_id" {
value = alicloud_sae_namespace.default.namespace_id
description = "The ID of the created namespace."
}Run the following command to initialize the runtime environment for Terraform.
terraform initIf the following code is returned, Terraform is initialized:
Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.Run the following command to apply the changes. Enter yes as prompted and press Enter. Wait until the following command is complete:
terraform applyExpected output:
alicloud_sae_namespace.default: Modifying... [id=cn-hangzhou:admin]
alicloud_sae_namespace.default: Modifications complete after 1s [id=cn-hangzhou:admin]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
Outputs:
namespace_id = "cn-hangzhou:admin"The namespace name is changed to prod.
Run the terraform show command
Run the following command to query the details of the resources that are created by Terraform:
terraform show
SAE console
Log on to the SAE console to view the namespace.
Delete a namespace
In this example, a namespace that resides in the China (Hangzhou) region is deleted. The name of the namespace is prod and the ID of the namespace is cn-hangzhou:admin.
Run the following command in the project directory to execute the configuration file. For more information about
terraform destroy, see Common commands.terraform destroyExpected output:
alicloud_sae_namespace.default: Refreshing state... [id=cn-hangzhou:admin] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # alicloud_sae_namespace.default will be destroyed - resource "alicloud_sae_namespace" "default" { - enable_micro_registration = true -> null - id = "cn-hangzhou:admin" -> null - namespace_description = "a namespace sample" -> null - namespace_id = "cn-hangzhou:admin" -> null - namespace_name = "prod" -> null - namespace_short_id = "admin" -> null } Plan: 0 to add, 0 to change, 1 to destroy. Changes to Outputs: - namespace_id = "cn-hangzhou:admin" -> null Do you really want to destroy all resources? Terraform will destroy all your managed infrastructure, as shown above. There is no undo. Only 'yes' will be accepted to confirm. Enter a value: yes alicloud_sae_namespace.default: Destroying... [id=cn-hangzhou:admin] alicloud_sae_namespace.default: Destruction complete after 1s Destroy complete! Resources: 1 destroyed.The namespace is deleted.
Complete sample code
References
For more information about Terraform, see What is Terraform?
Terraform is available as a managed service in ROS. You can deploy Terraform templates in the ROS console. For more information, see Create a Terraform stack.