Copier toutes les commandes
Générer PDF
Commandes et flux de travail complets Terraform pour Infrastructure as Code (IaC), y compris la gestion des ressources, les opérations de l'État et les déploiements multicloud.
Installation et configuration
| Command |
Description |
terraform version |
Show Terraform version |
terraform -help |
Show help information |
terraform -help plan |
Show help for specific command |
Flux de travail de base
Opérations de base
| Command |
Description |
terraform init |
Initialize working directory |
terraform plan |
Create execution plan |
terraform apply |
Apply changes |
terraform destroy |
Destroy infrastructure |
terraform validate |
Validate configuration |
terraform fmt |
Format configuration files |
Planification avancée
| Command |
Description |
terraform plan -out=tfplan |
Save plan to file |
terraform apply tfplan |
Apply saved plan |
terraform plan -target=resource.name |
Plan specific resource |
terraform plan -var="key=value" |
Plan with variables |
terraform plan -var-file="vars.tfvars" |
Plan with variable file |
Administration de l ' État
Opérations de l'État
| Command |
Description |
terraform state list |
List resources in state |
terraform state show resource.name |
Show resource details |
terraform state mv old_name new_name |
Move resource in state |
terraform state rm resource.name |
Remove resource from state |
terraform state pull |
Download remote state |
terraform state push |
Upload state to remote |
Soutien et rétablissement de l'État
| Command |
Description |
terraform state backup |
Create state backup |
terraform force-unlock LOCK_ID |
Force unlock state |
terraform refresh |
Update state with real resources |
Espaces de travail
| Command |
Description |
terraform workspace list |
List workspaces |
terraform workspace new dev |
Create new workspace |
terraform workspace select dev |
Switch to workspace |
terraform workspace delete dev |
Delete workspace |
terraform workspace show |
Show current workspace |
Importation et production
Importation de ressources
| Command |
Description |
terraform import resource.name id |
Import existing resource |
terraform import aws_instance.example i-1234567890abcdef0 |
Import AWS instance |
Produits
| Command |
Description |
terraform output |
Show all outputs |
terraform output instance_ip |
Show specific output |
terraform output -json |
Show outputs in JSON |
Exemples de configuration
Instance AWS EC2 de base
provider "aws" \\\\{
region = "us-west-2"
\\\\}
resource "aws_instance" "example" \\\\{
ami = "ami-0c55b159cbfafe1d0"
instance_type = "t2.micro"
tags = \\\\{
Name = "example-instance"
\\\\}
\\\\}
output "instance_ip" \\\\{
value = aws_instance.example.public_ip
\\\\}
Variables
variable "instance_type" \\\\{
description = "EC2 instance type"
type = string
default = "t2.micro"
\\\\}
variable "environment" \\\\{
description = "Environment name"
type = string
\\\\}
```_
### Sources des données
```hcl
data "aws_ami" "ubuntu" \\\\{
most_recent = true
owners = ["099720109477"] # Canonical
filter \\\\{
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
\\\\}
\\\\}
```_
### Modules
```hcl
module "vpc" \\\\{
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-west-2a", "us-west-2b"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24"]
enable_nat_gateway = true
enable_vpn_gateway = true
\\\\}
Configuration d'état distant
Moteur S3
terraform \\\\{
backend "s3" \\\\{
bucket = "my-terraform-state"
key = "state/terraform.tfstate"
region = "us-west-2"
\\\\}
\\\\}
Moteur Azure
terraform \\\\{
backend "azurerm" \\\\{
resource_group_name = "tfstate"
storage_account_name = "tfstate"
container_name = "tfstate"
key = "prod.terraform.tfstate"
\\\\}
\\\\}
Moteur Google Cloud
terraform \\\\{
backend "gcs" \\\\{
bucket = "tf-state-bucket"
prefix = "terraform/state"
\\\\}
\\\\}
Configuration du fournisseur
Fournisseur AWS
provider "aws" \\\\{
region = "us-west-2"
profile = "default"
default_tags \\\\{
tags = \\\\{
Environment = "production"
Project = "my-project"
\\\\}
\\\\}
\\\\}
Fournisseur Azure
provider "azurerm" \\\\{
features \\\\{\\\\}
subscription_id = "00000000-0000-0000-0000-000000000000"
tenant_id = "00000000-0000-0000-0000-000000000000"
\\\\}
Fournisseur Google Cloud
provider "google" \\\\{
project = "my-project-id"
region = "us-central1"
zone = "us-central1-c"
\\\\}
Caractéristiques avancées
Ressources conditionnelles
resource "aws_instance" "example" \\\\{
count = var.create_instance ? 1 : 0
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
\\\\}
Pour chaque
resource "aws_instance" "example" \\\\{
for_each = toset(var.instance_names)
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = \\\\{
Name = each.key
\\\\}
\\\\}
Blocs dynamiques
resource "aws_security_group" "example" \\\\{
name = "example"
dynamic "ingress" \\\\{
for_each = var.ingress_rules
content \\\\{
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
\\\\}
\\\\}
\\\\}
Essai et validation
| Command |
Description |
terraform validate |
Validate syntax |
terraform validate -json |
Validate with JSON output |
| Command |
Description |
terraform plan -detailed-exitcode |
Plan with detailed exit codes |
terraform show |
Show current state |
terraform show -json |
Show state in JSON |
Outils tiers
| Command |
Description |
tflint |
Terraform linter |
terraform-docs |
Generate documentation |
checkov -f main.tf |
Security scanning |
tfsec . |
Security analysis |
Débogue et dépannage
Exploitation forestière
| Command |
Description |
TF_LOG=DEBUG terraform plan |
Enable debug logging |
TF_LOG=TRACE terraform apply |
Enable trace logging |
TF_LOG_PATH=terraform.log terraform plan |
Log to file |
Questions communes
| Command |
Description |
terraform refresh |
Sync state with reality |
terraform taint resource.name |
Mark resource for recreation |
terraform untaint resource.name |
Remove taint from resource |
Meilleures pratiques
Organisation du fichier
project/
├── main.tf # Main configuration
├── variables.tf # Variable definitions
├── outputs.tf # Output definitions
├── versions.tf # Provider versions
├── terraform.tfvars # Variable values
└── modules/
└── vpc/
├── main.tf
├── variables.tf
└── outputs.tf
Contraintes de version
terraform \\\\{
required_version = ">= 1.0"
required_providers \\\\{
aws = \\\\{
source = "hashicorp/aws"
version = "~> 5.0"
\\\\}
\\\\}
\\\\}
Désignation des ressources
resource "aws_instance" "web_server" \\\\{
# Use descriptive names
ami = data.aws_ami.ubuntu.id
instance_type = var.instance_type
tags = \\\\{
Name = "$\\\\{var.project_name\\\\}-web-$\\\\{var.environment\\\\}"
Environment = var.environment
Project = var.project_name
\\\\}
\\\\}
Pratiques exemplaires en matière de sécurité
- Sécurité de l'État : Utiliser l'état distant avec chiffrement
- ** Gestion des actifs** : Utiliser des magasins secrets externes
- Contrôle de l'accès: Mettre en œuvre des politiques appropriées de MAI
- Examen des codes: Examiner tous les changements d'infrastructure
- Scanning: Utiliser des outils de numérisation de sécurité
- Parallélisme : utiliser
-parallelism drapeau pour les grands déploiements
- Targissement : utiliser
-target pour des ressources spécifiques
- Doublure de l'État: Diviser les grands états en plus petits.
- Module Design: Modules de conception réutilisables