Terraform

Copier toutes les commandes Générer PDF

Commandes et flux de travail complets Terraform pour Infrastructure as Code (IaC), y compris la gestion des ressources, les opérations de l'État et les déploiements multicloud.

Installation et configuration

Command	Description
`terraform version`	Show Terraform version
`terraform -help`	Show help information
`terraform -help plan`	Show help for specific command

Flux de travail de base

Opérations de base

Command	Description
`terraform init`	Initialize working directory
`terraform plan`	Create execution plan
`terraform apply`	Apply changes
`terraform destroy`	Destroy infrastructure
`terraform validate`	Validate configuration
`terraform fmt`	Format configuration files

Planification avancée

Command	Description
`terraform plan -out=tfplan`	Save plan to file
`terraform apply tfplan`	Apply saved plan
`terraform plan -target=resource.name`	Plan specific resource
`terraform plan -var="key=value"`	Plan with variables
`terraform plan -var-file="vars.tfvars"`	Plan with variable file

Administration de l ' État

Opérations de l'État

Command	Description
`terraform state list`	List resources in state
`terraform state show resource.name`	Show resource details
`terraform state mv old_name new_name`	Move resource in state
`terraform state rm resource.name`	Remove resource from state
`terraform state pull`	Download remote state
`terraform state push`	Upload state to remote

Soutien et rétablissement de l'État

Command	Description
`terraform state backup`	Create state backup
`terraform force-unlock LOCK_ID`	Force unlock state
`terraform refresh`	Update state with real resources

Espaces de travail

Command	Description
`terraform workspace list`	List workspaces
`terraform workspace new dev`	Create new workspace
`terraform workspace select dev`	Switch to workspace
`terraform workspace delete dev`	Delete workspace
`terraform workspace show`	Show current workspace

Importation et production

Importation de ressources

Command	Description
`terraform import resource.name id`	Import existing resource
`terraform import aws_instance.example i-1234567890abcdef0`	Import AWS instance

Produits

Command	Description
`terraform output`	Show all outputs
`terraform output instance_ip`	Show specific output
`terraform output -json`	Show outputs in JSON

Exemples de configuration

Instance AWS EC2 de base

provider "aws" \\\\{
  region = "us-west-2"
\\\\}

resource "aws_instance" "example" \\\\{
  ami           = "ami-0c55b159cbfafe1d0"
  instance_type = "t2.micro"

  tags = \\\\{
    Name = "example-instance"
  \\\\}
\\\\}

output "instance_ip" \\\\{
  value = aws_instance.example.public_ip
\\\\}

Variables

variable "instance_type" \\\\{
  description = "EC2 instance type"
  type        = string
  default     = "t2.micro"
\\\\}

variable "environment" \\\\{
  description = "Environment name"
  type        = string
\\\\}
```_

### Sources des données
```hcl
data "aws_ami" "ubuntu" \\\\{
  most_recent = true
  owners      = ["099720109477"] # Canonical

  filter \\\\{
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  \\\\}
\\\\}
```_

### Modules
```hcl
module "vpc" \\\\{
  source = "terraform-aws-modules/vpc/aws"

  name = "my-vpc"
  cidr = "10.0.0.0/16"

  azs             = ["us-west-2a", "us-west-2b"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24"]

  enable_nat_gateway = true
  enable_vpn_gateway = true
\\\\}

Configuration d'état distant

Moteur S3

terraform \\\\{
  backend "s3" \\\\{
    bucket = "my-terraform-state"
    key    = "state/terraform.tfstate"
    region = "us-west-2"
  \\\\}
\\\\}

Moteur Azure

terraform \\\\{
  backend "azurerm" \\\\{
    resource_group_name  = "tfstate"
    storage_account_name = "tfstate"
    container_name       = "tfstate"
    key                  = "prod.terraform.tfstate"
  \\\\}
\\\\}

Moteur Google Cloud

terraform \\\\{
  backend "gcs" \\\\{
    bucket = "tf-state-bucket"
    prefix = "terraform/state"
  \\\\}
\\\\}

Configuration du fournisseur

Fournisseur AWS

provider "aws" \\\\{
  region  = "us-west-2"
  profile = "default"

  default_tags \\\\{
    tags = \\\\{
      Environment = "production"
      Project     = "my-project"
    \\\\}
  \\\\}
\\\\}

Fournisseur Azure

provider "azurerm" \\\\{
  features \\\\{\\\\}

  subscription_id = "00000000-0000-0000-0000-000000000000"
  tenant_id       = "00000000-0000-0000-0000-000000000000"
\\\\}

Fournisseur Google Cloud

provider "google" \\\\{
  project = "my-project-id"
  region  = "us-central1"
  zone    = "us-central1-c"
\\\\}

Caractéristiques avancées

Ressources conditionnelles

resource "aws_instance" "example" \\\\{
  count = var.create_instance ? 1 : 0

  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type
\\\\}

Pour chaque

resource "aws_instance" "example" \\\\{
  for_each = toset(var.instance_names)

  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type

  tags = \\\\{
    Name = each.key
  \\\\}
\\\\}

Blocs dynamiques

resource "aws_security_group" "example" \\\\{
  name = "example"

  dynamic "ingress" \\\\{
    for_each = var.ingress_rules
    content \\\\{
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    \\\\}
  \\\\}
\\\\}

Essai et validation

Validation de Terraform

Command	Description
`terraform validate`	Validate syntax
`terraform validate -json`	Validate with JSON output

Analyse du plan Terraform

Command	Description
`terraform plan -detailed-exitcode`	Plan with detailed exit codes
`terraform show`	Show current state
`terraform show -json`	Show state in JSON

Outils tiers

Command	Description
`tflint`	Terraform linter
`terraform-docs`	Generate documentation
`checkov -f main.tf`	Security scanning
`tfsec .`	Security analysis

Débogue et dépannage

Exploitation forestière

Command	Description
`TF_LOG=DEBUG terraform plan`	Enable debug logging
`TF_LOG=TRACE terraform apply`	Enable trace logging
`TF_LOG_PATH=terraform.log terraform plan`	Log to file

Questions communes

Command	Description
`terraform refresh`	Sync state with reality
`terraform taint resource.name`	Mark resource for recreation
`terraform untaint resource.name`	Remove taint from resource

Meilleures pratiques

Organisation du fichier

project/
├── main.tf              # Main configuration
├── variables.tf         # Variable definitions
├── outputs.tf          # Output definitions
├── versions.tf         # Provider versions
├── terraform.tfvars   # Variable values
└── modules/
    └── vpc/
        ├── main.tf
        ├── variables.tf
        └── outputs.tf

Contraintes de version

terraform \\\\{
  required_version = ">= 1.0"

  required_providers \\\\{
    aws = \\\\{
      source  = "hashicorp/aws"
      version = "~> 5.0"
    \\\\}
  \\\\}
\\\\}

Désignation des ressources

resource "aws_instance" "web_server" \\\\{
  # Use descriptive names
  ami           = data.aws_ami.ubuntu.id
  instance_type = var.instance_type

  tags = \\\\{
    Name        = "$\\\\{var.project_name\\\\}-web-$\\\\{var.environment\\\\}"
    Environment = var.environment
    Project     = var.project_name
  \\\\}
\\\\}

Pratiques exemplaires en matière de sécurité

Sécurité de l'État : Utiliser l'état distant avec chiffrement
** Gestion des actifs** : Utiliser des magasins secrets externes
Contrôle de l'accès: Mettre en œuvre des politiques appropriées de MAI
Examen des codes: Examiner tous les changements d'infrastructure
Scanning: Utiliser des outils de numérisation de sécurité

Optimisation des performances

Parallélisme : utiliser -parallelism drapeau pour les grands déploiements
Targissement : utiliser -target pour des ressources spécifiques
Doublure de l'État: Diviser les grands états en plus petits.
Module Design: Modules de conception réutilisables