Terrain
Umfassende Terraform-Befehle und Workflows für Infrastruktur als Code (IaC), einschließlich Ressourcenmanagement, staatliche Operationen und Multi-Cloud-Einsätze.
Installation und Inbetriebnahme
| | Command | Description | |
| --- | --- |
| | terraform version | Show Terraform version | |
| | terraform -help | Show help information | |
| | terraform -help plan | Show help for specific command | |
Kern-Workflow
Grundgeschäfte
| | Command | Description | |
| --- | --- |
| | terraform init | Initialize working directory | |
| | terraform plan | Create execution plan | |
| | terraform apply | Apply changes | |
| | terraform destroy | Destroy infrastructure | |
| | terraform validate | Validate configuration | |
| | terraform fmt | Format configuration files | |
Zukunftsplanung
| | Command | Description | |
| --- | --- |
| | terraform plan -out=tfplan | Save plan to file | |
| | terraform apply tfplan | Apply saved plan | |
| | terraform plan -target=resource.name | Plan specific resource | |
| | terraform plan -var="key=value" | Plan with variables | |
| | terraform plan -var-file="vars.tfvars" | Plan with variable file | |
Staatliche Verwaltung
Staatliche Operationen
| | Command | Description | |
| --- | --- |
| | terraform state list | List resources in state | |
| | terraform state show resource.name | Show resource details | |
| | terraform state mv old_name new_name | Move resource in state | |
| | terraform state rm resource.name | Remove resource from state | |
| | terraform state pull | Download remote state | |
| | terraform state push | Upload state to remote | |
State Backup und Recovery
| | Command | Description | |
| --- | --- |
| | terraform state backup | Create state backup | |
| | terraform force-unlock LOCK_ID | Force unlock state | |
| | terraform refresh | Update state with real resources | |
Arbeitsräume
| | Command | Description | |
| --- | --- |
| | terraform workspace list | List workspaces | |
| | terraform workspace new dev | Create new workspace | |
| | terraform workspace select dev | Switch to workspace | |
| | terraform workspace delete dev | Delete workspace | |
| | terraform workspace show | Show current workspace | |
Import und Output
Einnahmen
| | Command | Description | |
| --- | --- |
| | terraform import resource.name id | Import existing resource | |
| | terraform import aws_instance.example i-1234567890abcdef0 | Import AWS instance | |
Ausgänge
| | Command | Description | |
| --- | --- |
| | terraform output | Show all outputs | |
| | terraform output instance_ip | Show specific output | |
| | terraform output -json | Show outputs in JSON | |
Konfigurationsbeispiele
Grundlegende AWS EC2
provider "aws" \\\\{
region = "us-west-2"
\\\\}
resource "aws_instance" "example" \\\\{
ami = "ami-0c55b159cbfafe1d0"
instance_type = "t2.micro"
tags = \\\\{
Name = "example-instance"
\\\\}
\\\\}
output "instance_ip" \\\\{
value = aws_instance.example.public_ip
\\\\}
```_
### Variablen
```hcl
variable "instance_type" \\\\{
description = "EC2 instance type"
type = string
default = "t2.micro"
\\\\}
variable "environment" \\\\{
description = "Environment name"
type = string
\\\\}
```_
### Datenquellen
```hcl
data "aws_ami" "ubuntu" \\\\{
most_recent = true
owners = ["099720109477"] # Canonical
filter \\\\{
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
\\\\}
\\\\}
```_
### Module
```hcl
module "vpc" \\\\{
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-west-2a", "us-west-2b"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
\\\\}
```_
## Remote State Configuration
### S3 Backend
```hcl
terraform \\\\{
backend "s3" \\\\{
bucket = "my-terraform-state"
key = "state/terraform.tfstate"
region = "us-west-2"
\\\\}
\\\\}
```_
### Azure Backend
```hcl
terraform \\\\{
backend "azurerm" \\\\{
resource_group_name = "tfstate"
storage_account_name = "tfstate"
container_name = "tfstate"
key = "prod.terraform.tfstate"
\\\\}
\\\\}
```_
### Google Cloud Backend
```hcl
terraform \\\\{
backend "gcs" \\\\{
bucket = "tf-state-bucket"
prefix = "terraform/state"
\\\\}
\\\\}
```_
## Konfiguration des Anbieters
### AWS Provider
```hcl
provider "aws" \\\\{
region = "us-west-2"
profile = "default"
default_tags \\\\{
tags = \\\\{
Environment = "production"
Project = "my-project"
\\\\}
\\\\}
\\\\}
```_
### Azure Provider
```hcl
provider "azurerm" \\\\{
features \\\\{\\\\}
subscription_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000000"
\\\\}
```_
### Google Cloud Provider
```hcl
provider "google" \\\\{
project = "my-project-id"
region = "us-central1"
zone = "us-central1-c"
\\\\}
```_
## Erweiterte Funktionen
### Bedingte Ressourcen
```hcl
resource "aws_instance" "example" \\\\{
count = var.create_instance ? 1 : 0
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
\\\\}
```_
### Für jeden
```hcl
resource "aws_instance" "example" \\\\{
for_each = toset(var.instance_names)
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = \\\\{
Name = each.key
\\\\}
\\\\}
```_
### Dynamische Blöcke
```hcl
resource "aws_security_group" "example" \\\\{
name = "example"
dynamic "ingress" \\\\{
for_each = var.ingress_rules
content \\\\{
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
\\\\}
\\\\}
\\\\}
```_
## Prüfung und Validierung
### Terraform Gültig
| | Command | Description | |
| --- | --- |
| | `terraform validate` | Validate syntax | |
| | `terraform validate -json` | Validate with JSON output | |
### Terraform Plan Analyse
| | Command | Description | |
| --- | --- |
| | `terraform plan -detailed-exitcode` | Plan with detailed exit codes | |
| | `terraform show` | Show current state | |
| | `terraform show -json` | Show state in JSON | |
### Tools von Drittanbietern
| | Command | Description | |
| --- | --- |
| | `tflint` | Terraform linter | |
| | `terraform-docs` | Generate documentation | |
| | `checkov -f main.tf` | Security scanning | |
| | `tfsec .` | Security analysis | |
## Debugging und Fehlerbehebung
### Protokoll
| | Command | Description | |
| --- | --- |
| | `TF_LOG=DEBUG terraform plan` | Enable debug logging | |
| | `TF_LOG=TRACE terraform apply` | Enable trace logging | |
| | `TF_LOG_PATH=terraform.log terraform plan` | Log to file | |
### Gemeinsame Themen
| | Command | Description | |
| --- | --- |
| | `terraform refresh` | Sync state with reality | |
| | `terraform taint resource.name` | Mark resource for recreation | |
| | `terraform untaint resource.name` | Remove taint from resource | |
## Best Practices
### Datei-Organisation
project/ ├── main.tf # Main configuration ├── variables.tf # Variable definitions ├── outputs.tf # Output definitions ├── versions.tf # Provider versions ├── terraform.tfvars # Variable values └── modules/ └── vpc/ ├── main.tf ├── variables.tf └── outputs.tf ```_
Ausführungsbeschränkungen
```hcl terraform \\{ required_version = ">= 1.0"
required_providers \\{ aws = \\{ source = "hashicorp/aws" version = "~> 5.0" \\} \\} \\} ```_
Resource Naming
```hcl resource "aws_instance" "web_server" \\{ # Use descriptive names ami = data.aws_ami.ubuntu.id instance_type = var.instance_type
tags = \\{ Name = "$\\{var.project_name\\}-web-$\\{var.environment\\}" Environment = var.environment Project = var.project_name \\} \\} ```_
Sicherheit Best Practices
- State Security: Verwenden Sie Remote-Zustand mit Verschlüsselung
- *Secrets Management: Verwenden Sie externe geheime Speicher
- Access Control*: Umsetzung richtiger IAM-Politiken
- Code Review: Alle Infrastrukturänderungen überprüfen
- Scanning: Verwenden Sie Sicherheits-Scan-Tools
Leistungsoptimierung
- *Parallelismus: Verwenden
-parallelism_ Flagge für große Bereitstellungen - Targeting: Verwendung
-target_ für spezifische Ressourcen - State Splitting: Große Staaten in kleinere teilen
- Module Design: Design wiederverwendbare Module