Zum Inhalt

Terrain

generieren

Umfassende Terraform-Befehle und Workflows für Infrastruktur als Code (IaC), einschließlich Ressourcenmanagement, staatliche Operationen und Multi-Cloud-Einsätze.

Installation und Inbetriebnahme

Command Description
terraform version Show Terraform version
terraform -help Show help information
terraform -help plan Show help for specific command

Kern-Workflow

Grundgeschäfte

Command Description
terraform init Initialize working directory
terraform plan Create execution plan
terraform apply Apply changes
terraform destroy Destroy infrastructure
terraform validate Validate configuration
terraform fmt Format configuration files

Zukunftsplanung

Command Description
terraform plan -out=tfplan Save plan to file
terraform apply tfplan Apply saved plan
terraform plan -target=resource.name Plan specific resource
terraform plan -var="key=value" Plan with variables
terraform plan -var-file="vars.tfvars" Plan with variable file

Staatliche Verwaltung

Staatliche Operationen

Command Description
terraform state list List resources in state
terraform state show resource.name Show resource details
terraform state mv old_name new_name Move resource in state
terraform state rm resource.name Remove resource from state
terraform state pull Download remote state
terraform state push Upload state to remote

State Backup und Recovery

Command Description
terraform state backup Create state backup
terraform force-unlock LOCK_ID Force unlock state
terraform refresh Update state with real resources

Arbeitsräume

Command Description
terraform workspace list List workspaces
terraform workspace new dev Create new workspace
terraform workspace select dev Switch to workspace
terraform workspace delete dev Delete workspace
terraform workspace show Show current workspace

Import und Output

Einnahmen

Command Description
terraform import resource.name id Import existing resource
terraform import aws_instance.example i-1234567890abcdef0 Import AWS instance

Ausgänge

Command Description
terraform output Show all outputs
terraform output instance_ip Show specific output
terraform output -json Show outputs in JSON

Konfigurationsbeispiele

Grundlegende AWS EC2

provider "aws" \\\\{
  region = "us-west-2"
\\\\}

resource "aws_instance" "example" \\\\{
  ami           = "ami-0c55b159cbfafe1d0"
  instance_type = "t2.micro"

  tags = \\\\{
    Name = "example-instance"
  \\\\}
\\\\}

output "instance_ip" \\\\{
  value = aws_instance.example.public_ip
\\\\}
```_

### Variablen
```hcl
variable "instance_type" \\\\{
  description = "EC2 instance type"
  type        = string
  default     = "t2.micro"
\\\\}

variable "environment" \\\\{
  description = "Environment name"
  type        = string
\\\\}
```_

### Datenquellen
```hcl
data "aws_ami" "ubuntu" \\\\{
  most_recent = true
  owners      = ["099720109477"] # Canonical

  filter \\\\{
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  \\\\}
\\\\}
```_

### Module
```hcl
module "vpc" \\\\{
  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["us-west-2a", "us-west-2b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true
\\\\}
```_

## Remote State Configuration

### S3 Backend
```hcl
terraform \\\\{
  backend "s3" \\\\{
    bucket = "my-terraform-state"
    key    = "state/terraform.tfstate"
    region = "us-west-2"
  \\\\}
\\\\}
```_

### Azure Backend
```hcl
terraform \\\\{
  backend "azurerm" \\\\{
    resource_group_name  = "tfstate"
    storage_account_name = "tfstate"
    container_name       = "tfstate"
    key                  = "prod.terraform.tfstate"
  \\\\}
\\\\}
```_

### Google Cloud Backend
```hcl
terraform \\\\{
  backend "gcs" \\\\{
    bucket = "tf-state-bucket"
    prefix = "terraform/state"
  \\\\}
\\\\}
```_

## Konfiguration des Anbieters

### AWS Provider
```hcl
provider "aws" \\\\{
  region  = "us-west-2"
  profile = "default"

  default_tags \\\\{
    tags = \\\\{
      Environment = "production"
      Project     = "my-project"
    \\\\}
  \\\\}
\\\\}
```_

### Azure Provider
```hcl
provider "azurerm" \\\\{
  features \\\\{\\\\}

  subscription_id = "00000000-0000-0000-0000-000000000000"
  tenant_id       = "00000000-0000-0000-0000-000000000000"
\\\\}
```_

### Google Cloud Provider
```hcl
provider "google" \\\\{
  project = "my-project-id"
  region  = "us-central1"
  zone    = "us-central1-c"
\\\\}
```_

## Erweiterte Funktionen

### Bedingte Ressourcen
```hcl
resource "aws_instance" "example" \\\\{
  count = var.create_instance ? 1 : 0

  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type
\\\\}
```_

### Für jeden
```hcl
resource "aws_instance" "example" \\\\{
  for_each = toset(var.instance_names)

  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type

  tags = \\\\{
    Name = each.key
  \\\\}
\\\\}
```_

### Dynamische Blöcke
```hcl
resource "aws_security_group" "example" \\\\{
  name = "example"

  dynamic "ingress" \\\\{
    for_each = var.ingress_rules
    content \\\\{
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    \\\\}
  \\\\}
\\\\}
```_

## Prüfung und Validierung

### Terraform Gültig
|Command|Description|
|---------|-------------|
|`terraform validate`|Validate syntax|
|`terraform validate -json`|Validate with JSON output|

### Terraform Plan Analyse
|Command|Description|
|---------|-------------|
|`terraform plan -detailed-exitcode`|Plan with detailed exit codes|
|`terraform show`|Show current state|
|`terraform show -json`|Show state in JSON|

### Tools von Drittanbietern
|Command|Description|
|---------|-------------|
|`tflint`|Terraform linter|
|`terraform-docs`|Generate documentation|
|`checkov -f main.tf`|Security scanning|
|`tfsec .`|Security analysis|

## Debugging und Fehlerbehebung

### Protokoll
|Command|Description|
|---------|-------------|
|`TF_LOG=DEBUG terraform plan`|Enable debug logging|
|`TF_LOG=TRACE terraform apply`|Enable trace logging|
|`TF_LOG_PATH=terraform.log terraform plan`|Log to file|

### Gemeinsame Themen
|Command|Description|
|---------|-------------|
|`terraform refresh`|Sync state with reality|
|`terraform taint resource.name`|Mark resource for recreation|
|`terraform untaint resource.name`|Remove taint from resource|

## Best Practices

### Datei-Organisation
project/ ├── main.tf # Main configuration ├── variables.tf # Variable definitions ├── outputs.tf # Output definitions ├── versions.tf # Provider versions ├── terraform.tfvars # Variable values └── modules/ └── vpc/ ├── main.tf ├── variables.tf └── outputs.tf ```_

Ausführungsbeschränkungen

```hcl terraform \\{ required_version = ">= 1.0"

required_providers \\{ aws = \\{ source = "hashicorp/aws" version = "~> 5.0" \\} \\} \\} ```_

Resource Naming

```hcl resource "aws_instance" "web_server" \\{ # Use descriptive names ami = data.aws_ami.ubuntu.id instance_type = var.instance_type

tags = \\{ Name = "\(\\\\{var.project_name\\\\}-web-\)\\{var.environment\\}" Environment = var.environment Project = var.project_name \\} \\} ```_

Sicherheit Best Practices

  1. State Security: Verwenden Sie Remote-Zustand mit Verschlüsselung
  2. **Secrets Management*: Verwenden Sie externe geheime Speicher
  3. Access Control*: Umsetzung richtiger IAM-Politiken
  4. Code Review: Alle Infrastrukturänderungen überprüfen
  5. Scanning: Verwenden Sie Sicherheits-Scan-Tools

Leistungsoptimierung

  1. **Parallelismus*: Verwenden -parallelism_ Flagge für große Bereitstellungen
  2. Targeting: Verwendung -target_ für spezifische Ressourcen
  3. State Splitting: Große Staaten in kleinere teilen
  4. Module Design: Design wiederverwendbare Module