├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── enhancement.md └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── bootstrap.sh ├── cases ├── aws_ami │ ├── README.rst │ ├── main.tf │ └── run_ami_with_tags_filter │ │ ├── README.rst │ │ └── main.tf ├── aws_ami_from_instance │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_ami_launch_permission │ ├── README.rst │ └── main.tf ├── aws_customer_gateway │ ├── README.rst │ └── main.tf ├── aws_default_network_acl │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_default_route_table │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_default_security_group │ ├── README.rst │ ├── main.tf │ └── vpc.tf ├── aws_default_vpc │ ├── README.rst │ └── main.tf ├── aws_default_vpc_dhcp_options │ ├── README.rst │ └── main.tf ├── aws_ebs_snapshot │ ├── README.rst │ └── main.tf ├── aws_ebs_volume │ ├── README.rst │ └── main.tf ├── aws_eip │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_eip_association │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_instance │ ├── README.rst │ ├── main.tf │ ├── run_instance_default_subnet │ │ ├── README.rst │ │ └── main.tf │ ├── run_instance_in_switch │ │ ├── README.rst │ │ └── main.tf │ ├── run_instance_with_cdrom │ │ ├── README.rst │ │ ├── main.tf │ │ ├── subnet.tf │ │ └── vpc.tf │ ├── run_instance_with_data_source_ami │ │ ├── README.rst │ │ ├── main.tf │ │ ├── security_group.tf │ │ ├── subnet.tf │ │ └── vpc.tf │ ├── run_instance_with_ebs_override │ │ ├── README.rst │ │ ├── main.tf │ │ ├── subnet.tf │ │ └── vpc.tf │ ├── run_instance_with_existing_network_interface │ │ ├── README.rst │ │ ├── main.tf │ │ ├── subnet.tf │ │ └── vpc.tf │ ├── run_instance_with_launch_template │ │ ├── README.rst │ │ └── main.tf │ ├── run_instances_remove_cdrom │ │ ├── README.rst │ │ ├── main.tf │ │ ├── subnet.tf │ │ └── vpc.tf │ ├── security_group.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_key_pair │ ├── README.rst │ └── main.tf ├── aws_launch_template │ ├── README.rst │ └── main.tf ├── aws_network_acl │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_network_acl_rule │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_network_interface │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_placement_group │ ├── README.rst │ └── main.tf ├── aws_route │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_route_table │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_route_table_association │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_s3_bucket │ ├── README.rst │ └── main.tf ├── aws_security_group │ ├── README.rst │ ├── main.tf │ ├── security_group.tf │ └── vpc.tf ├── aws_security_group_rule │ ├── README.rst │ ├── main.tf │ ├── security_group.tf │ └── vpc.tf ├── aws_snapshot_create_volume_permission │ ├── README.rst │ └── main.tf ├── aws_subnet │ ├── README.rst │ ├── main.tf │ └── vpc.tf ├── aws_volume_attachment │ ├── README.rst │ ├── main.tf │ ├── subnet.tf │ └── vpc.tf ├── aws_vpc │ ├── README.rst │ └── main.tf ├── aws_vpc_dhcp_options │ ├── README.rst │ └── main.tf ├── aws_vpc_dhcp_options_association │ ├── README.rst │ ├── main.tf │ └── vpc.tf └── index.rst ├── common ├── acl.tf ├── ami.tf ├── ami_with_cdrom.tf ├── security_group.tf ├── snapshot.tf ├── subnet.tf └── vpc.tf ├── configure.ac ├── main.tf ├── quick_start ├── .gitignore ├── README.md ├── main.tf ├── outputs.tf ├── providers.tf ├── terraform.tfvars.example └── variables.tf ├── terraform.tfvars.example └── tests ├── Makefile.in ├── atlocal.in ├── aws_ami.at ├── aws_ami_from_instance.at ├── aws_ami_launch_permission.at ├── aws_customer_gateway.at ├── aws_default_network_acl.at ├── aws_default_route_table.at ├── aws_default_security_group.at ├── aws_default_vpc.at ├── aws_default_vpc_dhcp_options.at ├── aws_ebs_snapshot.at ├── aws_ebs_volume.at ├── aws_eip.at ├── aws_eip_association.at ├── aws_instance.at ├── aws_key_pair.at ├── aws_launch_template.at ├── aws_network_acl.at ├── aws_network_acl_rule.at ├── aws_network_interface.at ├── aws_placement_group.at ├── aws_route.at ├── aws_route_table.at ├── aws_route_table_association.at ├── aws_s3_bucket.at ├── aws_security_group.at ├── aws_security_group_rule.at ├── aws_snapshot_create_volume_permission.at ├── aws_subnet.at ├── aws_volume_attachment.at ├── aws_vpc.at ├── aws_vpc_dhcp_options.at ├── aws_vpc_dhcp_options_association.at ├── gen-tests.sh ├── gen-testsuite.sh ├── local.at ├── template └── testsuite.at /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug Report 3 | about: Report a bug encountered while using terraform-examples 4 | labels: bug 5 | 6 | --- 7 | 8 | **What happened**: 9 | 10 | **What you expected to happen**: 11 | 12 | **How to reproduce it (as minimally and precisely as possible)**: 13 | 14 | **Anything else we need to know?**: 15 | 16 | **Environment**: 17 | - Terraform (e.g `terraform -version`) 18 | - OS (e.g: `cat /etc/os-release`): 19 | - Kernel (e.g. `uname -a`): 20 | - Others: 21 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/enhancement.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Enhancement Request 3 | about: Suggest an enhancement to the terraform-examples project 4 | labels: enhancement 5 | 6 | --- 7 | 8 | **What would you like to be added**: 9 | 10 | **Why is this needed**: 11 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | **What this PR does / why we need it**: 2 | 3 | **Which issue(s) this PR fixes**: 4 | 5 | **Special notes for your reviewer**: 6 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # terraform 2 | **/terraform.tfvars 3 | **/crash.log 4 | **/.terraform 5 | **/*tfstate* 6 | **/.terraform.lock.hcl 7 | 8 | # editor 9 | /.vscode/* 10 | 11 | # autotools 12 | tests/testsuite 13 | tests/testsuite.log 14 | tests/testsuite.dir 15 | tests/atlocal 16 | tests/Makefile 17 | tests/package.m4 18 | tests/atconfig 19 | autom4te.cache 20 | config.log 21 | ar-lib 22 | mdate-sh 23 | py-compile 24 | autoscan.log 25 | autoscan-*.log 26 | aclocal.m4 27 | compile 28 | config.guess 29 | config.h.in 30 | config.log 31 | config.status 32 | config.sub 33 | configure 34 | configure.scan 35 | depcomp 36 | install-sh 37 | missing 38 | stamp-h1 39 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | WORKDIR := $(abspath .) 2 | CASES_PATHS := $(sort $(dir $(wildcard $(WORKDIR)/cases/*/ $(WORKDIR)/cases/*/*/))) 3 | CASES_NAMES := $(foreach PATH, $(CASES_PATHS), $(lastword $(subst /, ,$(PATH)))) 4 | 5 | TERRAFORM := $(shell which terraform) 6 | TRASH_FILES := terraform.tfstate terraform.tfstate.backup crash.log 7 | AUTOTEST_ARTIFACTS := atlocal atconfig Makefile package.m4 testsuite testsuite.log testsuite.dir 8 | AUTOCONF_ARTIFACTS := config.log configure config.status install-sh missing autom4te.cache 9 | 10 | .PHONY: clean init show-cases clean-all 11 | .SILENT: clean init show-cases clean-all 12 | 13 | define TITLE 14 | ____ ____ _____ __ _ 15 | / ___|___ \ |_ _|__ _ __ _ __ __ _ / _| ___ _ __ _ __ ___ _____ ____ _ _ __ ___ _ __ | | ___ ___ 16 | | | __) | | |/ _ \ '__| '__/ _` | |_ / _ \| '__| '_ ` _ \ / _ \ \/ / _` | '_ ` _ \| '_ \| |/ _ \/ __| 17 | | |___ / __/ | | __/ | | | | (_| | _| (_) | | | | | | | | | __/> < (_| | | | | | | |_) | | __/\__ \ 18 | \____|_____| |_|\___|_| |_| \__,_|_| \___/|_| |_| |_| |_| \___/_/\_\__,_|_| |_| |_| .__/|_|\___||___/ 19 | 20 | endef 21 | 22 | export TITLE 23 | 24 | init: show-perfect-title ; @$(TERRAFORM) init 25 | 26 | show-perfect-title: ; @echo "$$TITLE" 27 | 28 | show-cases: 29 | find ./cases/ -mindepth 2 -name README.rst | \ 30 | awk -F'/' '{print $$(NF-1)}' 31 | 32 | clean-tests: 33 | $(foreach to_del,\ 34 | $(AUTOTEST_ARTIFACTS),\ 35 | rm -rf $(WORKDIR)/tests/$(to_del) ;) 36 | 37 | 38 | 39 | clean-cases: COMMON_RESOURCES_NAMES := $(shell ls $(WORKDIR)/common) 40 | clean-cases: LINKS := $(shell find -L $(WORKDIR)/cases -xtype l -print0 | xargs -0 -i% basename %) 41 | clean-cases: 42 | $(foreach to_del,\ 43 | $(TRASH_FILES) $(LINKS),\ 44 | $(if $(filter $(to_del), $(COMMON_RESOURCES_NAMES)),,\ 45 | find $(WORKDIR)/cases -name $(to_del) -delete ; \ 46 | )\ 47 | ) 48 | 49 | clean: clean-cases clean-tests 50 | $(foreach to_del,\ 51 | $(AUTOCONF_ARTIFACTS),\ 52 | rm -rf $(WORKDIR)/$(to_del) ;) 53 | 54 | clean-all: clean 55 | rm -rf $(WORKDIR)/.terraform/ $(WORKDIR)/.terraform.lock.hcl 56 | 57 | define TERRAFORM_IMPORT_CASE_CMD 58 | 59 | .PHONY: import-$(lastword $(subst /, ,$(1))) 60 | import-$(lastword $(subst /, ,$(1))): 61 | mv $(1)terraform.tfstate $(1)terraform.tfstate.main ;\ 62 | $(TERRAFORM) import \ 63 | -no-color \ 64 | -state $(1)terraform.tfstate \ 65 | -config $(1) \ 66 | $(shell jq -r '.resources[] | "\(.type).\(.name) \(.instances[].attributes.id)"' $(1)terraform.tfstate 2>/dev/null) || exit 1 ;\ 67 | rm $(1)terraform.tfstate ;\ 68 | mv $(1)terraform.tfstate.main $(1)terraform.tfstate ; 69 | endef 70 | 71 | define TERRAFORM_CASE_CMD 72 | 73 | .PHONY: $(1)-$(lastword $(subst /, ,$(2))) 74 | $(1)-$(lastword $(subst /, ,$(2))): 75 | ln -sf $(WORKDIR)/.terraform $(2) ;\ 76 | ln -sf $(WORKDIR)/main.tf $(2)provider.tf ;\ 77 | ln -sf $(WORKDIR)/terraform.tfvars $(2) ;\ 78 | ln -sf $(WORKDIR)/.terraform.lock.hcl $(2) ;\ 79 | TF_LOG=$(TF_LOG) $(TERRAFORM) -chdir=$(2) $(1) $(3) -no-color -state $(2)terraform.tfstate; 80 | endef 81 | 82 | $(foreach path,$(CASES_PATHS),$(eval $(call TERRAFORM_CASE_CMD,plan,$(path)))) 83 | $(foreach path,$(CASES_PATHS),$(eval $(call TERRAFORM_CASE_CMD,apply,$(path),-auto-approve))) 84 | $(foreach path,$(CASES_PATHS),$(eval $(call TERRAFORM_CASE_CMD,destroy,$(path),-auto-approve))) 85 | 86 | 87 | $(foreach path,$(CASES_PATHS),$(eval $(call TERRAFORM_IMPORT_CASE_CMD,$(path)))) 88 | 89 | check: ; $(MAKE) -C tests $@-local 90 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Terraform examples for K2 Cloud

2 |

reference test suite with supported resources

3 |

· Documentation ·

4 | 5 | --- 6 | 7 | ### Build status 8 | 9 | - PR build status: ![pr status](https://buildbot.superdevops.xyz/badges/pr-checker.svg) 10 | - Nightly build status: ![night status](https://buildbot.superdevops.xyz/badges/runtests.svg) 11 | 12 | --- 13 | 14 | ## Supported resources 15 | 16 | ### ec2 resources 17 | 18 | - [aws_ami](cases/aws_ami/README.rst), more examples: 19 | - [run ami with tags filter](cases/aws_ami/run_ami_with_tags_filter/README.rst) 20 | - [aws_ami_from_instance](cases/aws_ami_from_instance/README.rst) 21 | - [aws_ami_lauch_permission](cases/aws_ami_launch_permission/README.rst) 22 | - [aws_ebs_snapshot](cases/aws_ebs_snapshot/README.rst) 23 | - [aws_snapshot_create_volume_permission](cases/aws_snapshot_create_volume_permission/README.rst) 24 | - [aws_ebs_volume](cases/aws_ebs_volume/README.rst) 25 | - [aws_eip](cases/aws_eip/README.rst) 26 | - [aws_eip_association](cases/aws_eip_association/README.rst) 27 | - [aws_instance](cases/aws_instance/README.rst), more examples: 28 | - [run instance with cdrom](cases/aws_instance/run_instance_with_cdrom/README.rst) 29 | - [run instance with data source ami](cases/aws_instance/run_instance_with_data_source_ami/README.rst) 30 | - [run instance with ebs override](cases/aws_instance/run_instance_with_ebs_override/README.rst) 31 | - [run instance remove cdrom](cases/aws_instance/run_instances_remove_cdrom/README.rst) 32 | - [run instance in switch](cases/aws_instance/run_instance_in_switch/README.rst) 33 | - [run instance with existing network interface](cases/aws_instance/run_instance_with_existing_network_interface/README.rst) 34 | - [run instance with launch template](cases/aws_instance/run_instance_with_launch_template/README.rst) 35 | - [run instance default subnet](cases/aws_instance/run_instance_default_subnet/README.rst) 36 | - [aws_key_pair](cases/aws_key_pair/README.rst) 37 | - [aws_launch_template](cases/aws_launch_template/README.rst) 38 | - [aws_placement_group](cases/aws_placement_group/README.rst) 39 | - [aws_volume_attachment](cases/aws_volume_attachment/README.rst) 40 | 41 | ### vpc resources 42 | 43 | - [aws_vpc](cases/aws_vpc/README.rst) 44 | - [aws_default_vpc](cases/aws_default_vpc/README.rst) 45 | - [aws_default_vpc_dhcp_options](cases/aws_default_vpc/README.rst) 46 | - [aws_vpc_dhcp_options](cases/aws_vpc_dhcp_options/README.rst) 47 | - [aws_vpc_dhcp_options_association](cases/aws_vpc_dhcp_options_association/README.rst) 48 | - [aws_customer_gateway](cases/aws_customer_gateway/README.rst) 49 | - [aws_network_acl](cases/aws_network_acl/README.rst) 50 | - [aws_default_network_acl](cases/aws_default_network_acl/README.rst) 51 | - [aws_network_acl_rule](cases/aws_network_acl_rule/README.rst) 52 | - [aws_route](cases/aws_route/README.rst) 53 | - [aws_route_table](cases/aws_route_table/README.rst) 54 | - [aws_default_route_table](cases/aws_default_route_table/README.rst) 55 | - [aws_route_table_association](cases/aws_route_table_association/README.rst) 56 | - [aws_subnet](cases/aws_subnet/README.rst) 57 | - [aws_default_security_group](cases/aws_default_security_group/README.rst) 58 | - [aws_security_group](cases/aws_security_group/README.rst) 59 | - [aws_default_security_group](cases/aws_default_security_group/README.rst) 60 | - [aws_security_group_rule](cases/aws_security_group_rule/README.rst) 61 | - [aws_network_interface](cases/aws_network_interface/README.rst) 62 | 63 | ### S3 resources 64 | 65 | - [aws_s3_bucket](cases/aws_s3_bucket/README.rst) 66 | 67 | ## Installation 68 | 69 | - Install [autoconf](https://www.gnu.org/software/autoconf/#downloading) 70 | 71 | - Install [automake, libtool(MacOS)](https://superuser.com/questions/383580/how-to-install-autoconf-automake-and-related-tools-on-mac-os-x-from-source) 72 | 73 | - Create `terraform.tfvars` file: 74 | 75 | ```sh 76 | $ cp terraform.tfvars.example terraform.tfvars 77 | ``` 78 | 79 | - Generate and run configure script: 80 | 81 | ```sh 82 | $ autoreconf -i && ./configure 83 | ``` 84 | 85 | - Run `make` to init `aws provider` 86 | 87 | - Update `terraform.tfvars` file with desirable values 88 | 89 | ## How to run specific examples 90 | 91 | - Run `make show-cases` to list all available examples 92 | 93 | - Run terraform `plan`, `apply` and `destroy` command for specified case: 94 | 95 | ```sh 96 | $ make plan- 97 | $ make apply- 98 | $ make destroy- 99 | ``` 100 | 101 | - Use `make clean` to remove `terraform.tfstate*` and `crash.log` files 102 | 103 | - Use `make clean-all` to remove `aws provider` 104 | 105 | ## Tests 106 | 107 | - Run `make check` to run all tests via autotest test framework 108 | 109 | ## Contributors 110 | 111 | Thanks goes to these wonderful people: 112 | 113 | 114 | 115 | 116 | 117 | 118 | 126 |

Mikhail Ushanov
119 |
Pavel Kulyov
120 |
ancient07
121 |
aeko-empt
122 |
Sharpeye90
123 |
Girag
124 |
Nikita Kretov
125 |
127 | -------------------------------------------------------------------------------- /bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | autoreconf -i && ./configure 4 | -------------------------------------------------------------------------------- /cases/aws_ami/README.rst: -------------------------------------------------------------------------------- 1 | aws_ami 2 | ======= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_ami`` resource. 7 | 8 | .. toctree:: 9 | :caption: additional examples 10 | 11 | run_ami_with_tags_filter/README 12 | 13 | Differences 14 | ----------- 15 | 16 | Unsupported attributes 17 | ~~~~~~~~~~~~~~~~~~~~~~ 18 | 19 | * ``ena_support`` 20 | * ``architecture`` 21 | 22 | Notes 23 | ~~~~~ 24 | 25 | For ``ephemeral_block_device`` block ``cdrom`` and ``floppy`` values are supported for ``device_name`` and ``virtual_name`` attributes. 26 | 27 | Special notes 28 | ------------- 29 | 30 | This resource supports ``tags`` attribute: 31 | 32 | Example tag 33 | ~~~~~~~~~~~ 34 | .. code-block:: 35 | 36 | resource "aws_ami" "test_ami_from_snapshot" { 37 | ... 38 | 39 | tags = { 40 | Name = "value" 41 | } 42 | ... 43 | } 44 | 45 | Example 46 | ------- 47 | .. literalinclude:: main.tf 48 | -------------------------------------------------------------------------------- /cases/aws_ami/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "test_volume" { 2 | availability_zone = var.az 3 | size = 32 4 | } 5 | 6 | resource "aws_ebs_snapshot" "test_snapshot" { 7 | volume_id = aws_ebs_volume.test_volume.id 8 | } 9 | 10 | resource "aws_ami" "test_ami_from_snapshot" { 11 | # NOTE: 'ena_support' attribute is not supported. 12 | # 'architecture' attribute is not supported. 13 | name = "test_ami" 14 | 15 | description = "test_description" 16 | 17 | # NOTE: 'virtualization_type' attribute must be overridden 18 | # with 'hvm' value 19 | virtualization_type = "hvm" 20 | 21 | root_device_name = "disk1" 22 | 23 | ephemeral_block_device { 24 | # NOTE: 'cdrom' and 'floppy' values is supported for 25 | # 'device_name' and 'virtual_name' attributes 26 | device_name = "cdrom1" 27 | 28 | virtual_name = "cdrom1" 29 | } 30 | 31 | ebs_block_device { 32 | # NOTE: for list of supported attributes check 33 | # 'aws_ebs_volume' case. 34 | # 'kms_key_id' attribute is not supported 35 | # 36 | # The 'volume_type' must be defined from the supported types ['st2', 'gp2', 'io2'] 37 | volume_type = "st2" 38 | device_name = "disk1" 39 | snapshot_id = aws_ebs_snapshot.test_snapshot.id 40 | } 41 | 42 | timeouts { 43 | create = "10m" 44 | update = "10m" 45 | delete = "10m" 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /cases/aws_ami/run_ami_with_tags_filter/README.rst: -------------------------------------------------------------------------------- 1 | run_ami_with_tag_filters 2 | ======================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_ami`` resource started from Data Source ``aws_ebs_volume`` and ``aws_ebs_snapshot`` with tags filter. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_ami/run_ami_with_tags_filter/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "test_volume" { 2 | availability_zone = var.az 3 | size = 32 4 | tags = { 5 | VolTag = "vol-tag" # key = VolTag, Values = vol-tag 6 | } 7 | } 8 | 9 | data "aws_ebs_volume" "data-volume" { 10 | most_recent = true # If search has a few result, the newer will be choose 11 | 12 | depends_on = [ 13 | aws_ebs_volume.test_volume 14 | ] 15 | 16 | filter { 17 | name = "tag:VolTag" 18 | values = ["vol-tag"] 19 | } 20 | } 21 | 22 | resource "aws_ebs_snapshot" "test_snapshot" { 23 | volume_id = data.aws_ebs_volume.data-volume.id 24 | tags = { 25 | SnapTag = "snap-tag" # key = SnapTag, Values = snap-tag 26 | } 27 | } 28 | 29 | data "aws_ebs_snapshot" "data-snap" { 30 | most_recent = true 31 | owners = ["self"] 32 | 33 | depends_on = [ 34 | aws_ebs_snapshot.test_snapshot 35 | ] 36 | 37 | filter { 38 | name = "tag:SnapTag" 39 | values = ["snap-tag"] 40 | } 41 | } 42 | 43 | resource "aws_ami" "test_ami_from_snapshot" { 44 | # NOTE: 'ena_support' attribute is not supported. 45 | # 'architecture' attribute is not supported. 46 | name = "test_ami" 47 | 48 | description = "test_ami_description" 49 | 50 | # NOTE: 'virtualization_type' attribute must be overridden 51 | # with 'hvm' value 52 | virtualization_type = "hvm" 53 | 54 | root_device_name = "disk1" 55 | 56 | ebs_block_device { 57 | # NOTE: for list of supported attributes check 58 | # 'aws_ebs_volume' case. 59 | # 'kms_key_id' attribute is not supported 60 | device_name = "disk1" 61 | 62 | snapshot_id = data.aws_ebs_snapshot.data-snap.id 63 | } 64 | 65 | timeouts { 66 | create = "10m" 67 | update = "10m" 68 | delete = "10m" 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /cases/aws_ami_from_instance/README.rst: -------------------------------------------------------------------------------- 1 | aws_ami_from_instance 2 | ===================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_ami_from_instance`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``snapshot_without_reboot`` 15 | 16 | Notes 17 | ~~~~~ 18 | 19 | Current resource cant be created properly. Add custom code to switch instance to ``stopped`` state. 20 | 21 | Special notes 22 | ------------- 23 | 24 | This resource supports ``tags`` attribute: 25 | 26 | Example tag 27 | ~~~~~~~~~~~ 28 | .. code-block:: 29 | 30 | resource "aws_ami" "test_ami_from_snapshot" { 31 | ... 32 | 33 | tags = { 34 | Name = "value" 35 | } 36 | ... 37 | } 38 | 39 | Example 40 | ------- 41 | .. literalinclude:: main.tf 42 | -------------------------------------------------------------------------------- /cases/aws_ami_from_instance/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "test_instance" { 2 | # NOTE: add custom code to switch instance 3 | # to 'stopped' state 4 | ami = var.ami 5 | 6 | instance_type = var.instance_type 7 | subnet_id = aws_subnet.test_subnet.id 8 | } 9 | 10 | resource "aws_ami_from_instance" "test_ami" { 11 | # NOTE: 'snapshot_without_reboot' attribute is not supported. 12 | name = "test_ami" 13 | 14 | source_instance_id = aws_instance.test_instance.id 15 | 16 | timeouts { 17 | create = "10m" 18 | update = "10m" 19 | delete = "10m" 20 | } 21 | } 22 | -------------------------------------------------------------------------------- /cases/aws_ami_from_instance/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_ami_from_instance/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_ami_launch_permission/README.rst: -------------------------------------------------------------------------------- 1 | aws_ami_launch_permission 2 | ========================= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_ami_launch_permissions`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Notes 12 | ~~~~~ 13 | 14 | Specify ``account_id`` attribute value as ``project_name`` and ``customer_name`` pair. 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_ami_launch_permission/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "test_volume" { 2 | availability_zone = var.az 3 | size = 32 4 | } 5 | 6 | resource "aws_ebs_snapshot" "test_snapshot" { 7 | volume_id = aws_ebs_volume.test_volume.id 8 | } 9 | 10 | resource "aws_ami" "test_ami" { 11 | name = "test_ami" 12 | 13 | # NOTE: 'virtualization_type' attribute must be overridden 14 | # with 'hvm' value 15 | virtualization_type = "hvm" 16 | 17 | root_device_name = "disk1" 18 | 19 | ebs_block_device { 20 | # NOTE: 21 | # The 'volume_type' must be defined from the supported types ['st2', 'gp2', 'io2'] 22 | volume_type = "st2" 23 | device_name = "disk1" 24 | snapshot_id = aws_ebs_snapshot.test_snapshot.id 25 | } 26 | 27 | timeouts { 28 | create = "10m" 29 | update = "10m" 30 | delete = "10m" 31 | } 32 | } 33 | 34 | resource "aws_ami_launch_permission" "test_ami_launch" { 35 | image_id = aws_ami.test_ami.id 36 | 37 | # NOTE: specify 'account_id' as 'customer_name' 38 | account_id = var.account_id 39 | } 40 | -------------------------------------------------------------------------------- /cases/aws_customer_gateway/README.rst: -------------------------------------------------------------------------------- 1 | aws_customer_gateway 2 | ==================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_customer_gateway`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Notes 12 | ~~~~~ 13 | 14 | Current resource cant be destroyed properly. 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_customer_gateway/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_customer_gateway" "test_customer_gateway" { 2 | bgp_asn = 65000 3 | ip_address = "172.0.0.1" 4 | type = "ipsec.1" 5 | } 6 | -------------------------------------------------------------------------------- /cases/aws_default_network_acl/README.rst: -------------------------------------------------------------------------------- 1 | aws_default_network_acl 2 | ======================= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_default_network_acl`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``ipv6_cidr_block`` 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_default_network_acl/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_default_network_acl" "default_network_acl" { 2 | # NOTE: 'ipv6_cidr_block' attribute is not supported 3 | default_network_acl_id = aws_vpc.test_vpc.default_network_acl_id 4 | 5 | subnet_ids = [aws_subnet.test_subnet.id] 6 | 7 | ingress { 8 | protocol = -1 9 | rule_no = 100 10 | action = "allow" 11 | cidr_block = "0.0.0.0/0" 12 | from_port = 0 13 | to_port = 0 14 | } 15 | 16 | egress { 17 | protocol = -1 18 | rule_no = 100 19 | action = "allow" 20 | cidr_block = "0.0.0.0/0" 21 | from_port = 0 22 | to_port = 0 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /cases/aws_default_network_acl/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_default_network_acl/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_default_route_table/README.rst: -------------------------------------------------------------------------------- 1 | aws_default_route_table 2 | ======================= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_default_route_table`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``propagating_vgws`` 15 | 16 | Notes 17 | ~~~~~ 18 | 19 | Current resource cant be destroyed properly. For more information visit :doc:`aws_route_table <../aws_route/README>`. 20 | 21 | Example 22 | ------- 23 | .. literalinclude:: main.tf 24 | -------------------------------------------------------------------------------- /cases/aws_default_route_table/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_default_route_table" "default_route_table" { 2 | # NOTE: 'propagating_vgws' attribute is not supported. 3 | # Current resource cant be destroyed properly. 4 | # For more information check 'aws_route_table' case. 5 | default_route_table_id = aws_vpc.test_vpc.default_route_table_id 6 | } 7 | -------------------------------------------------------------------------------- /cases/aws_default_route_table/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_default_route_table/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_default_security_group/README.rst: -------------------------------------------------------------------------------- 1 | aws_default_security_group 2 | ========================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_default_security_group`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Notes 12 | ~~~~~ 13 | 14 | For more information visit :doc:`aws_security_group <../aws_security_group/README>`. 15 | 16 | 17 | Example 18 | ------- 19 | .. literalinclude:: main.tf 20 | -------------------------------------------------------------------------------- /cases/aws_default_security_group/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_default_security_group" "default_security_group" { 2 | # NOTE: for more information check 'aws_security_group' case 3 | vpc_id = aws_vpc.test_vpc.id 4 | 5 | ingress { 6 | from_port = 0 7 | to_port = 65535 8 | protocol = "udp" 9 | cidr_blocks = ["0.0.0.0/0"] 10 | } 11 | 12 | egress { 13 | protocol = -1 14 | self = true 15 | from_port = 0 16 | to_port = 0 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /cases/aws_default_security_group/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_default_vpc/README.rst: -------------------------------------------------------------------------------- 1 | aws_default_vpc 2 | =============== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_default_vpc`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | * ``enable_classiclink`` 14 | * ``enable_dns_hostnames`` 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_default_vpc/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_default_vpc" "default_vpc" { 2 | # NOTE: 'enable_classiclink' and 'enable_dns_hostnames' 3 | # attributes are not supported 4 | enable_dns_support = false 5 | enable_classiclink = false 6 | tags = { 7 | Name = "Default VPC" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /cases/aws_default_vpc_dhcp_options/README.rst: -------------------------------------------------------------------------------- 1 | aws_default_vpc_dhcp_options 2 | ============================ 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_default_vpc_dhcp_options`` resource. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_default_vpc_dhcp_options/main.tf: -------------------------------------------------------------------------------- 1 | # NOTE: currently unsupported 2 | resource "aws_default_vpc_dhcp_options" "default_vpc_dhcp_options" { 3 | netbios_name_servers = ["127.0.0.1"] 4 | netbios_node_type = 2 5 | } 6 | -------------------------------------------------------------------------------- /cases/aws_ebs_snapshot/README.rst: -------------------------------------------------------------------------------- 1 | aws_ebs_snapshot 2 | ================ 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_ebs_snapshot`` resource. 7 | 8 | Special notes 9 | ------------- 10 | 11 | This resource supports ``tags`` attribute: 12 | 13 | Example tag 14 | ~~~~~~~~~~~ 15 | .. code-block:: 16 | 17 | resource "aws_ebs_snapshot" "test_snapshot" { 18 | ... 19 | 20 | tags = { 21 | Name = "value" 22 | } 23 | ... 24 | } 25 | 26 | Example 27 | ------- 28 | .. literalinclude:: main.tf 29 | -------------------------------------------------------------------------------- /cases/aws_ebs_snapshot/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ebs_volume" "test_volume" { 2 | availability_zone = var.az 3 | size = 32 4 | } 5 | 6 | resource "aws_ebs_snapshot" "test_snapshot" { 7 | description = "test description" 8 | volume_id = aws_ebs_volume.test_volume.id 9 | } 10 | -------------------------------------------------------------------------------- /cases/aws_ebs_volume/README.rst: -------------------------------------------------------------------------------- 1 | aws_ebs_volume 2 | ============== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_ebs_volume`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``encrypted`` 15 | * ``kms_key_id`` 16 | 17 | Notes 18 | ~~~~~ 19 | 20 | ``gp2``, ``io2`` and ``st2`` are valid values for ``type`` attribute. The volume size of ``st2`` type volumes varies from 32 GiB to 4 TiB and must be multiple of 8 GiB. The volume size for ``gp2`` and ``io2`` volumes type varies from 8 GiB to 4 TiB. The volume size must be multiple of 8 GiB. The ``io2`` volumes support the ``iops`` option, it's necessary to define it for ``io2`` volume type in the range from ``100`` to ``50000``. For more information visit documentation `page `_. 21 | 22 | Special notes 23 | ------------- 24 | 25 | This resource supports ``tags`` attribute: 26 | 27 | Example tag 28 | ~~~~~~~~~~~ 29 | .. code-block:: 30 | 31 | resource "aws_ebs_volume" "test_volume_iops" { 32 | ... 33 | 34 | tags = { 35 | Name = "value" 36 | } 37 | ... 38 | } 39 | 40 | The ``io2`` volumes support the ``iops`` option, it's necessary to define it for ``io2`` volume type. 41 | 42 | .. code-block:: 43 | 44 | resource "aws_ebs_volume" "test_volume_iops" { 45 | ... 46 | 47 | iops = 500 48 | ... 49 | } 50 | 51 | Example 52 | ------- 53 | .. literalinclude:: main.tf 54 | -------------------------------------------------------------------------------- /cases/aws_ebs_volume/main.tf: -------------------------------------------------------------------------------- 1 | variable "types" { 2 | default = ["st2", "gp2", "io2"] 3 | } 4 | 5 | resource "aws_ebs_volume" "test_volume_iops" { 6 | # NOTE: 'encrypted', 'kms_key_id' attributes are not supported. 7 | # 'gp2' and 'st2' are valid values for 'type' attribute. 8 | # Disks with 'st2' volume type must have size attribute 9 | # value more then '32G'. 10 | count = length(var.types) 11 | 12 | availability_zone = var.az 13 | 14 | iops = var.types[count.index] == "io2" ? "300" : null 15 | size = 32 16 | type = var.types[count.index] 17 | } 18 | -------------------------------------------------------------------------------- /cases/aws_eip/README.rst: -------------------------------------------------------------------------------- 1 | aws_eip 2 | ======= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_eip`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``associate_with_private_ip`` 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_eip/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "test1" { 2 | ami = var.ami 3 | instance_type = var.instance_type 4 | subnet_id = aws_subnet.test_subnet.id 5 | } 6 | 7 | resource "aws_eip" "test1" { 8 | instance = aws_instance.test1.id 9 | 10 | vpc = true 11 | } 12 | 13 | resource "aws_network_interface" "test1" { 14 | subnet_id = aws_subnet.test_subnet.id 15 | } 16 | 17 | resource "aws_eip" "test2" { 18 | vpc = true 19 | network_interface = aws_network_interface.test1.id 20 | } 21 | -------------------------------------------------------------------------------- /cases/aws_eip/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_eip/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_eip_association/README.rst: -------------------------------------------------------------------------------- 1 | aws_eip_association 2 | =================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_eip_association`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``public_ip`` 15 | * ``allow_reassociation`` 16 | * ``private_ip`` 17 | 18 | Example 19 | ------- 20 | .. literalinclude:: main.tf 21 | -------------------------------------------------------------------------------- /cases/aws_eip_association/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "test" { 2 | ami = var.ami 3 | instance_type = var.instance_type 4 | subnet_id = aws_subnet.test_subnet.id 5 | } 6 | 7 | resource "aws_eip" "test1" { 8 | vpc = true 9 | } 10 | 11 | resource "aws_eip_association" "test1" { 12 | # NOTE: 'private_ip' attributes is not supported. 13 | instance_id = aws_instance.test.id 14 | 15 | allocation_id = aws_eip.test1.id 16 | } 17 | 18 | resource "aws_network_interface" "test" { 19 | subnet_id = aws_subnet.test_subnet.id 20 | } 21 | 22 | resource "aws_eip" "test2" { 23 | vpc = true 24 | } 25 | 26 | resource "aws_eip_association" "test2" { 27 | network_interface_id = aws_network_interface.test.id 28 | 29 | allocation_id = aws_eip.test2.id 30 | } 31 | -------------------------------------------------------------------------------- /cases/aws_eip_association/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_eip_association/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_instance/README.rst: -------------------------------------------------------------------------------- 1 | aws_instance 2 | ============ 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource. 7 | 8 | .. toctree:: 9 | :caption: additional examples 10 | 11 | run_instance_with_cdrom/README 12 | run_instance_with_ebs_override/README 13 | run_instance_with_data_source_ami/README 14 | run_instance_with_existing_network_interface/README 15 | run_instance_default_subnet/README 16 | run_instance_in_switch/README 17 | run_instances_remove_cdrom/README 18 | 19 | Differences 20 | ----------- 21 | 22 | Unsupported attributes 23 | ~~~~~~~~~~~~~~~~~~~~~~ 24 | 25 | * ``tenancy`` 26 | * ``host_id`` 27 | * ``cpu_core_count`` 28 | * ``cpu_threat_per_code`` 29 | * ``ebs_optimized`` 30 | * ``get_password_data`` 31 | * ``monitoring`` 32 | * ``iam_instance_profile`` 33 | * ``ipv6_address_count`` 34 | * ``ipv6_addresses`` 35 | * ``volume_tags`` 36 | * ``credit_specification`` 37 | 38 | Special notes 39 | ------------- 40 | 41 | This resource supports ``tags`` attribute: 42 | 43 | Example tag 44 | ~~~~~~~~~~~ 45 | .. code-block:: 46 | 47 | resource "aws_instance" "test" { 48 | ... 49 | 50 | tags = { 51 | Name = "value" 52 | } 53 | ... 54 | } 55 | 56 | Example 57 | ------- 58 | .. literalinclude:: main.tf 59 | -------------------------------------------------------------------------------- /cases/aws_instance/main.tf: -------------------------------------------------------------------------------- 1 | resource "tls_private_key" "ssh" { 2 | algorithm = "RSA" 3 | } 4 | 5 | resource "aws_security_group" "additional_security_group" { 6 | name = "additional_security_group" 7 | description = "additional_security_group" 8 | vpc_id = aws_vpc.test_vpc.id 9 | } 10 | 11 | resource "aws_key_pair" "test_key_pair" { 12 | key_name = "terraform_key" 13 | public_key = tls_private_key.ssh.public_key_openssh 14 | } 15 | 16 | resource "aws_placement_group" "test_placement_group" { 17 | name = "test_placement_group" 18 | strategy = "spread" 19 | } 20 | 21 | resource "aws_instance" "test_instance" { 22 | # NOTE: 'tenancy', 'host_id', 'cpu_core_count', 'cpu_threat_per_code', 23 | # 'ebs_optimized', 'get_password_data', 'monitoring', 'iam_instance_profile', 24 | # 'ipv6_address_count', 'ipv6_addresses', 'credit_specification' 25 | # attributes are not supported. 26 | ami = var.ami 27 | 28 | availability_zone = var.az 29 | placement_group = aws_placement_group.test_placement_group.id 30 | associate_public_ip_address = true 31 | disable_api_termination = false 32 | instance_initiated_shutdown_behavior = "terminate" 33 | instance_type = var.instance_type 34 | key_name = aws_key_pair.test_key_pair.key_name 35 | monitoring = true 36 | vpc_security_group_ids = [aws_security_group.test_security_group.id, aws_security_group.additional_security_group.id] 37 | subnet_id = aws_subnet.test_subnet.id 38 | private_ip = cidrhost(aws_subnet.test_subnet.cidr_block, 10) 39 | source_dest_check = true 40 | user_data = "echo hello" 41 | } 42 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_default_subnet/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_default_subnet 2 | =========================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource with default subnet. 7 | 8 | Example 9 | ------- 10 | `main.tf `_ 11 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_default_subnet/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "test_instance_default_subnet" { 2 | ami = var.ami 3 | instance_type = var.instance_type 4 | } 5 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_in_switch/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_in_switch 2 | ====================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ```aws_instance`` resource creation with network interfaces in virtual switch. 7 | 8 | Special notes 9 | ------------- 10 | 11 | ``false`` is only valid option for ``source_dest_check`` attribute in ``aws_network_interface`` resource if ``subnet_id`` attribute value pointing to switch id (for example ``sw-83E94661``). 12 | 13 | Example 14 | ------- 15 | .. literalinclude:: main.tf 16 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_in_switch/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_network_interface" "test_interface" { 2 | # NOTE: in this case `false` is only valid option 3 | # for `source_dest_check` attribute 4 | subnet_id = var.switch_id 5 | 6 | source_dest_check = false 7 | } 8 | 9 | resource "aws_instance" "test_instance" { 10 | ami = var.ami 11 | instance_type = var.instance_type 12 | network_interface { 13 | network_interface_id = aws_network_interface.test_interface.id 14 | device_index = 0 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_cdrom/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_with_cdrom 2 | ======================= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource started from ami with ``cdrom`` block device. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_cdrom/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ami" "test_ami_with_cdrom" { 2 | name = "first_ami" 3 | root_device_name = "cdrom1" 4 | 5 | # NOTE: 'virtualization_type' attribute must be overridden 6 | # with 'hvm' value 7 | virtualization_type = "hvm" 8 | 9 | # NOTE: empty 'cdrom' and 'floppy' slots 10 | # must be created as 'ephemeral' block devices 11 | ephemeral_block_device { 12 | device_name = "cdrom1" 13 | virtual_name = "cdrom1" 14 | } 15 | 16 | ebs_block_device { 17 | device_name = "disk1" 18 | volume_type = "io2" 19 | volume_size = 32 20 | iops = 100 21 | } 22 | 23 | timeouts { 24 | create = "10m" 25 | update = "10m" 26 | delete = "10m" 27 | } 28 | } 29 | 30 | resource "aws_instance" "test_instance_with_cdrom" { 31 | ami = aws_ami.test_ami_with_cdrom.id 32 | instance_type = var.instance_type 33 | subnet_id = aws_subnet.test_subnet.id 34 | } 35 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_cdrom/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_cdrom/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_data_source_ami/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_with_data_source_ami 2 | ================================= 3 | 4 | Summary 5 | ------- 6 | This example introduce ``aws_instance`` resource started from data source ``aws_ami``. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_data_source_ami/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "test_data_ami" { 2 | most_recent = true 3 | owners = [var.template_owner] # This option is required, for example you can use ["self"] for your images. 4 | 5 | # You can use different filters, for example "name", "description", "image_id", "tag". 6 | filter { 7 | name = "name" 8 | values = [var.template_name] 9 | } 10 | } 11 | 12 | resource "aws_instance" "test_instance" { 13 | # NOTE: 'tenancy', 'host_id', 'cpu_core_count', 'cpu_threat_per_code', 14 | # 'ebs_optimized', 'get_password_data', 'monitoring', 'iam_instance_profile', 15 | # 'ipv6_address_count', 'ipv6_addresses', 'credit_specification' 16 | # attributes are not supported. 17 | 18 | ami = data.aws_ami.test_data_ami.id 19 | availability_zone = var.az 20 | instance_type = var.instance_type 21 | vpc_security_group_ids = [ aws_security_group.test_security_group.id ] 22 | subnet_id = aws_subnet.test_subnet.id 23 | private_ip = cidrhost(aws_subnet.test_subnet.cidr_block, 10) 24 | } 25 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_data_source_ami/security_group.tf: -------------------------------------------------------------------------------- 1 | ../../../common/security_group.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_data_source_ami/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_data_source_ami/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_ebs_override/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_with_ebs_override 2 | ============================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource with overridden ebs volumes. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_ebs_override/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "test_instance_with_override" { 2 | ami = var.ami 3 | instance_type = var.instance_type 4 | subnet_id = aws_subnet.test_subnet.id 5 | 6 | # NOTE: 'root_block_device' section is required for 7 | # proper detection of the instance root device 8 | root_block_device { 9 | volume_size = 32 10 | delete_on_termination = false 11 | } 12 | 13 | # NOTE: Any additional block devices must be 14 | # defined in 'ebs_block_device' section 15 | ebs_block_device { 16 | device_name = "disk2" 17 | volume_size = 32 18 | } 19 | 20 | ebs_block_device { 21 | device_name = "disk3" 22 | volume_size = 32 23 | volume_type = "io2" 24 | iops = 100 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_ebs_override/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_ebs_override/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_existing_network_interface/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_with_existing_network_interface 2 | ============================================ 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource with existing network interface. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_existing_network_interface/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_network_interface" "test_interface" { 2 | subnet_id = aws_subnet.test_subnet.id 3 | } 4 | 5 | resource "aws_instance" "test_instance_with_existing_network_interface" { 6 | ami = var.ami 7 | instance_type = var.instance_type 8 | network_interface { 9 | network_interface_id = aws_network_interface.test_interface.id 10 | device_index = 0 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_existing_network_interface/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_existing_network_interface/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_launch_template/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_with_launch_template 2 | ================================= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource with launch template. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``id`` 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instance_with_launch_template/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_template" "test_launch_template" { 2 | name = "test_launch_template" 3 | image_id = var.ami 4 | instance_type = var.instance_type 5 | } 6 | 7 | resource "aws_instance" "test_instance_with_launch_template" { 8 | launch_template { 9 | name = aws_launch_template.test_launch_template.name 10 | version = "$Latest" 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instances_remove_cdrom/README.rst: -------------------------------------------------------------------------------- 1 | run_instance_remove_cdrom 2 | ========================= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_instance`` resource without ``cdrom`` block device. 7 | 8 | Differences 9 | ----------- 10 | 11 | Notes 12 | ~~~~~ 13 | ``root_block_device`` section is required for proper detection of the instance root device. Any additional block devices must be defined in ``ebs_block_device`` section. 14 | 15 | Example 16 | ------- 17 | .. literalinclude:: main.tf 18 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instances_remove_cdrom/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_ami" "test_ami" { 2 | name = "first_ami" 3 | root_device_name = "cdrom1" 4 | 5 | # NOTE: 'virtualization_type' attribute must be overridden 6 | # with 'hvm' value 7 | virtualization_type = "hvm" 8 | 9 | # NOTE: empty 'cdrom' and 'floppy' slots 10 | # must be created as 'ephemeral' block devices 11 | ephemeral_block_device { 12 | device_name = "cdrom1" 13 | virtual_name = "cdrom1" 14 | } 15 | 16 | ebs_block_device { 17 | device_name = "disk1" 18 | volume_type = "io2" 19 | volume_size = 32 20 | iops = 300 21 | } 22 | 23 | timeouts { 24 | create = "10m" 25 | update = "10m" 26 | delete = "10m" 27 | } 28 | } 29 | 30 | resource "aws_instance" "test_instance" { 31 | ami = aws_ami.test_ami.id 32 | instance_type = var.instance_type 33 | subnet_id = aws_subnet.test_subnet.id 34 | 35 | # NOTE: 'root_block_device' section is required for 36 | # proper detection of the instance root device 37 | root_block_device { 38 | volume_type = "io2" 39 | iops = 100 40 | } 41 | 42 | ebs_block_device { 43 | device_name = "disk1" 44 | volume_size = 32 45 | delete_on_termination = false 46 | } 47 | 48 | # NOTE: Any additional block devices must be 49 | # defined in 'ebs_block_device' section 50 | ephemeral_block_device { 51 | device_name = "cdrom1" 52 | virtual_name = "cdrom1" 53 | no_device = true 54 | } 55 | } 56 | 57 | -------------------------------------------------------------------------------- /cases/aws_instance/run_instances_remove_cdrom/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_instance/run_instances_remove_cdrom/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_instance/security_group.tf: -------------------------------------------------------------------------------- 1 | ../../common/security_group.tf -------------------------------------------------------------------------------- /cases/aws_instance/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_instance/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_key_pair/README.rst: -------------------------------------------------------------------------------- 1 | aws_key_pair 2 | ============ 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_key_pair`` resource. 7 | 8 | Special notes 9 | ------------- 10 | 11 | This resource supports ``tags`` attribute: 12 | 13 | Example tag 14 | ~~~~~~~~~~~ 15 | .. code-block:: 16 | 17 | resource "aws_key_pair" "test_key_pair" { 18 | ... 19 | 20 | tags = { 21 | Name = "value" 22 | } 23 | ... 24 | } 25 | 26 | Example 27 | ------- 28 | .. literalinclude:: main.tf 29 | -------------------------------------------------------------------------------- /cases/aws_key_pair/main.tf: -------------------------------------------------------------------------------- 1 | resource "tls_private_key" "ssh" { 2 | algorithm = "RSA" 3 | } 4 | 5 | resource "aws_key_pair" "test_key_pair_with_name_prefix" { 6 | key_name_prefix = "terraform" 7 | public_key = tls_private_key.ssh.public_key_openssh 8 | tags = { 9 | Name = "key-pair-tag-prefix" 10 | } 11 | } 12 | 13 | resource "aws_key_pair" "test_key_pair" { 14 | key_name = "test_key_pair" 15 | public_key = tls_private_key.ssh.public_key_openssh 16 | tags = { 17 | Name = "key-pair-tag" 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /cases/aws_launch_template/README.rst: -------------------------------------------------------------------------------- 1 | aws_launch_template 2 | =================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_launch_template`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``capacity_reservation_specification`` 15 | * ``cpu_options`` 16 | * ``credit_specification`` 17 | * ``default_version`` 18 | * ``ebs_optimized`` 19 | * ``elastic_gpu_specifications`` 20 | * ``elastic_inference_accelerator`` 21 | * ``enclave_options`` 22 | * ``hibernation_options`` 23 | * ``iam_instance_profile`` 24 | * ``instance_market_options`` 25 | * ``kernel_id`` 26 | * ``license_specification`` 27 | * ``metadata_options`` 28 | * ``private_dns_name_options`` 29 | * ``ram_disk_id`` 30 | * ``security_group_names`` 31 | * ``update_default_version`` 32 | * ``vpc_security_group_ids`` 33 | 34 | Example 35 | ------- 36 | .. literalinclude:: main.tf 37 | -------------------------------------------------------------------------------- /cases/aws_launch_template/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_launch_template" "launch_template" { 2 | name = "test_launch_template" 3 | image_id = var.ami 4 | instance_type = var.instance_type 5 | } 6 | -------------------------------------------------------------------------------- /cases/aws_network_acl/README.rst: -------------------------------------------------------------------------------- 1 | aws_network_acl 2 | =============== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_network_acl`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``ipv6_cidr_block`` 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_network_acl/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_network_acl" "test_network_acl" { 2 | # NOTE: 'ipv6_cidr_block' and 'subnet_id' attributes are not supported. 3 | vpc_id = aws_vpc.test_vpc.id 4 | 5 | ingress { 6 | protocol = -1 7 | rule_no = 100 8 | action = "allow" 9 | cidr_block = "0.0.0.0/0" 10 | from_port = 0 11 | to_port = 0 12 | } 13 | 14 | egress { 15 | protocol = "tcp" 16 | rule_no = 100 17 | action = "allow" 18 | from_port = 80 19 | to_port = 80 20 | cidr_block = "2.2.2.2/32" 21 | } 22 | 23 | egress { 24 | to_port = 0 25 | from_port = 0 26 | protocol = "icmp" 27 | 28 | rule_no = 200 29 | action = "deny" 30 | icmp_type = 1 31 | icmp_code = 255 32 | cidr_block = "1.2.3.4/32" 33 | } 34 | 35 | subnet_ids = [aws_subnet.test_subnet.id] 36 | } 37 | -------------------------------------------------------------------------------- /cases/aws_network_acl/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_network_acl/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_network_acl_rule/README.rst: -------------------------------------------------------------------------------- 1 | aws_network_acl_rule 2 | ==================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_network_acl_rule`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``ipv6_cidr_block`` 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_network_acl_rule/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_network_acl" "test_network_acl" { 2 | vpc_id = aws_vpc.test_vpc.id 3 | subnet_ids = [aws_subnet.test_subnet.id] 4 | } 5 | 6 | resource "aws_network_acl_rule" "test_rule" { 7 | # NOTE: 'ipv6_cidr_block' attribute is not supported 8 | network_acl_id = aws_network_acl.test_network_acl.id 9 | rule_number = 200 10 | egress = false 11 | protocol = "tcp" 12 | rule_action = "allow" 13 | from_port = 22 14 | to_port = 22 15 | cidr_block = aws_subnet.test_subnet.cidr_block 16 | } 17 | 18 | resource "aws_network_acl_rule" "test_rule_icmp" { 19 | # NOTE: 'ipv6_cidr_block' attribute is not supported 20 | network_acl_id = aws_network_acl.test_network_acl.id 21 | rule_number = 150 22 | egress = true 23 | protocol = "icmp" 24 | rule_action = "deny" 25 | icmp_type = "2" 26 | icmp_code = "123" 27 | from_port = 0 28 | to_port = 0 29 | cidr_block = aws_subnet.test_subnet.cidr_block 30 | } 31 | -------------------------------------------------------------------------------- /cases/aws_network_acl_rule/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_network_acl_rule/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_network_interface/README.rst: -------------------------------------------------------------------------------- 1 | aws_network_interface 2 | ===================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_network_interface`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``private_ips`` 15 | * ``private_ips_count`` 16 | * ``security_groups`` 17 | * ``attachment`` 18 | 19 | Notes 20 | ~~~~~ 21 | 22 | In fact, you can create ``aws_network_interface`` with ``security_groups`` but, due to bug #, 23 | this interface can not be deleted. 24 | 25 | Example 26 | ------- 27 | .. literalinclude:: main.tf 28 | -------------------------------------------------------------------------------- /cases/aws_network_interface/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_network_interface" "test" { 2 | # NOTE: 'security_groups', 'attachment', 3 | # 'private_ips', 'private_ips_count' 4 | # attributes are not supported. 5 | 6 | subnet_id = aws_subnet.test_subnet.id 7 | description = "test description" 8 | source_dest_check = true 9 | } 10 | -------------------------------------------------------------------------------- /cases/aws_network_interface/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_network_interface/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_placement_group/README.rst: -------------------------------------------------------------------------------- 1 | aws_placement_group 2 | =================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_placement_group`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Notes 12 | ~~~~~ 13 | 14 | The only supported value for ``strategy`` attribute is ``spread``. 15 | 16 | Example 17 | ------- 18 | .. literalinclude:: main.tf 19 | -------------------------------------------------------------------------------- /cases/aws_placement_group/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_placement_group" "test_placement_group" { 2 | name = "test_placement_group" 3 | 4 | # NOTE: the only supported value for 'strategy' attribute is 'spread' 5 | strategy = "spread" 6 | } 7 | -------------------------------------------------------------------------------- /cases/aws_route/README.rst: -------------------------------------------------------------------------------- 1 | aws_route 2 | ========= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_route`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``destination_ipv6_cidr_block`` 15 | * ``egress_only_gateway_id`` 16 | * ``nat_gateway_id`` 17 | * ``transit_gateway_id`` 18 | * ``vpc_peering_connection_id`` 19 | 20 | Notes 21 | ~~~~~ 22 | 23 | For ``gateway_id`` attribute you can supply ``vpn_id``. 24 | 25 | Example 26 | ------- 27 | .. literalinclude:: main.tf 28 | -------------------------------------------------------------------------------- /cases/aws_route/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_instance" "test_instance" { 2 | ami = var.ami 3 | instance_type = var.instance_type 4 | subnet_id = aws_subnet.test_subnet.id 5 | } 6 | 7 | resource "aws_route_table" "route_table" { 8 | vpc_id = aws_vpc.test_vpc.id 9 | } 10 | 11 | resource "aws_network_interface" "test" { 12 | subnet_id = aws_subnet.test_subnet.id 13 | } 14 | 15 | resource "aws_route" "test2" { 16 | # NOTE: 'destination_ipv6_cidr_block', 'egress_only_gateway_id', 17 | # 'nat_gateway_id', 'transit_gateway_id', 18 | # 'vpc_peering_connection_id' attributes are not supported. 19 | # For 'gateway_id' attribute you can supply vpn_id'. 20 | destination_cidr_block = "10.0.9.9/32" 21 | route_table_id = aws_route_table.route_table.id 22 | network_interface_id = aws_network_interface.test.id 23 | } 24 | 25 | resource "aws_route" "test3" { 26 | destination_cidr_block = "10.0.9.10/32" 27 | route_table_id = aws_route_table.route_table.id 28 | instance_id = aws_instance.test_instance.id 29 | } 30 | -------------------------------------------------------------------------------- /cases/aws_route/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_route/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_route_table/README.rst: -------------------------------------------------------------------------------- 1 | aws_route_table 2 | =============== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_route_table`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``propagating_vgws`` 15 | 16 | NOTES 17 | ~~~~~ 18 | 19 | 'ipv6_cidr_block', 'egress_only_gateway_id', 'gateway_id', 20 | 'nat_gateway_id', 'transit_gateway_id', 'vpc_peering_connection_id' 21 | attributes are not supported for inline route object. 22 | 23 | Example 24 | ------- 25 | .. literalinclude:: main.tf 26 | -------------------------------------------------------------------------------- /cases/aws_route_table/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "route_table" { 2 | # NOTE: `propagating_vgws` attribute is not supported. 3 | vpc_id = aws_vpc.test_vpc.id 4 | 5 | route { 6 | # NOTE: 'ipv6_cidr_block', 'egress_only_gateway_id', 'gateway_id', 7 | # 'nat_gateway_id', 'transit_gateway_id', 'vpc_peering_connection_id' 8 | # attributes are not supported for inline route object. 9 | cidr_block = "10.0.2.0/24" 10 | network_interface_id = aws_network_interface.test.id 11 | } 12 | 13 | route { 14 | cidr_block = "10.0.3.0/24" 15 | instance_id = aws_instance.test.id 16 | } 17 | 18 | } 19 | 20 | resource "aws_instance" "test" { 21 | ami = var.ami 22 | instance_type = var.instance_type 23 | subnet_id = aws_subnet.test_subnet.id 24 | } 25 | 26 | resource "aws_network_interface" "test" { 27 | subnet_id = aws_subnet.test_subnet.id 28 | } 29 | -------------------------------------------------------------------------------- /cases/aws_route_table/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_route_table/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_route_table_association/README.rst: -------------------------------------------------------------------------------- 1 | aws_route_table_association 2 | =========================== 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_route_table_association`` resource. 7 | 8 | Example 9 | ------- 10 | .. literalinclude:: main.tf 11 | -------------------------------------------------------------------------------- /cases/aws_route_table_association/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_route_table" "route_table" { 2 | vpc_id = aws_vpc.test_vpc.id 3 | } 4 | 5 | resource "aws_route_table_association" "route_table_association" { 6 | subnet_id = aws_subnet.test_subnet.id 7 | route_table_id = aws_route_table.route_table.id 8 | } 9 | -------------------------------------------------------------------------------- /cases/aws_route_table_association/subnet.tf: -------------------------------------------------------------------------------- 1 | ../../common/subnet.tf -------------------------------------------------------------------------------- /cases/aws_route_table_association/vpc.tf: -------------------------------------------------------------------------------- 1 | ../../common/vpc.tf -------------------------------------------------------------------------------- /cases/aws_s3_bucket/README.rst: -------------------------------------------------------------------------------- 1 | aws_s3_bucket 2 | ============= 3 | 4 | Summary 5 | ------- 6 | This example introduces ``aws_s3_bucket`` resource. 7 | 8 | Differences 9 | ----------- 10 | 11 | Unsupported attributes 12 | ~~~~~~~~~~~~~~~~~~~~~~ 13 | 14 | * ``noncurrent_version_transition`` 15 | * ``replication`` 16 | * ``logging`` 17 | * ``acceleration_status`` 18 | * ``region`` 19 | * ``request_payer`` 20 | * ``replication_configuration`` 21 | * ``object_lock`` 22 | * ``server_side_encryption_configuration`` 23 | * ``attributes are not supported`` 24 | 25 | Notes 26 | ~~~~~ 27 | 28 | Supported values for ``acl`` attribute are: 29 | 30 | * ``private`` 31 | * ``public-read`` 32 | * ``public-read-write`` 33 | * ``authenticated-read`` 34 | 35 | Example 36 | ------- 37 | .. literalinclude:: main.tf 38 | 39 | -------------------------------------------------------------------------------- /cases/aws_s3_bucket/main.tf: -------------------------------------------------------------------------------- 1 | variable "acls" { 2 | default = ["private", "public-read","public-read-write", "authenticated-read"] 3 | } 4 | 5 | resource "aws_s3_bucket" "acl_example" { 6 | # NOTE: 'noncurrent_version_transition', 'replication', 'logging', 7 | # 'acceleration_status', 'region', 'request_payer', 8 | # 'replication_configuration', 'object_lock', 9 | # 'server_side_encryption_configuration' attributes are not supported. 10 | # Supported values for 'acl' attribute are 'private', 11 | # 'public-read','public-read-write','authenticated-read'. 12 | count = 4 13 | provider = aws.noregion 14 | bucket_prefix = "acl_example" 15 | acl = var.acls[count.index] 16 | force_destroy = true 17 | } 18 | 19 | resource "aws_s3_bucket" "policy_example" { 20 | # NOTE: 'aws_s3_bucket_resource' with specific policy. 21 | # More info about supported polices: 22 | # https://docs.k2.cloud/en/api/s3/features.html#bucket-policy 23 | provider = aws.noregion 24 | bucket = "policy_example" 25 | acl = "private" 26 | 27 | policy = < 2 {print $1}') 26 | if test x$make_maj_version = "x" ; then 27 | AC_MSG_ERROR("${dependencies}Only 3.x.x versions of make are upported.") 28 | fi 29 | 30 | AC_CHECK_PROG(TERRAFORM,terraform,terraform) 31 | if test x$TERRAFORM = "x" ; then 32 | AC_MSG_ERROR("${dependencies}terraform is required to run examples.") 33 | fi 34 | terraform_version=$(terraform -version | awk '{print $2}' | head -n 1 | cut -c2-) 35 | terraform_version_determination=$(echo $terraform_version | awk -F. '$2 > 0 && $1 > 0 || $1 == 0 && $2 > 13 {print $2}') 36 | if test x$terraform_version_determination = "x" ; then 37 | AC_MSG_ERROR("Only 0.14.x and newer terraform versions are supported. Current version is ${terraform_version}") 38 | fi 39 | 40 | AC_CHECK_PROG(FIND,find,find) 41 | if test x$FIND = "x" ; then 42 | AC_MSG_ERROR("{dependencies}find is required to run examples.") 43 | fi 44 | find_version=$(find --version | head -n 1 | awk '{print $4}') 45 | xargs_version=$(xargs --version | head -n 1 | awk '{print $4}') 46 | 47 | AC_CHECK_PROG(JQ,jq,jq) 48 | if test x$JQ = "x" ; then 49 | AC_MSG_ERROR("${dependencies}jq is required to run examples.") 50 | fi 51 | jq_version=$(jq --version | awk -F- '{print $2}') 52 | 53 | 54 | AC_MSG_RESULT([ 55 | ------------------------------------------------------------------------ 56 | $PACKAGE_NAME $PACKAGE_VERSION: Automatic configuration OK. 57 | 58 | General configuration: 59 | 60 | Make version: .................. ${make_version} 61 | Terraform version: ............. ${terraform_version} 62 | JQ version: ................... ${jq_version} 63 | Find version: .................. ${find_version} 64 | Xargs version: ................. ${xargs_version} 65 | 66 | ------------------------------------------------------------------------ 67 | ]) 68 | 69 | AC_CHECK_FILE(terraform.tfvars,[],AC_MSG_ERROR("terraform.tfvars file is required")) 70 | 71 | AC_CONFIG_TESTDIR([tests]) 72 | AC_CONFIG_FILES([tests/Makefile tests/atlocal]) 73 | 74 | echo "Type \"make\" to init terraform provider"; 75 | echo "Type \"make check\" to run all examples"; 76 | 77 | AC_OUTPUT 78 | -------------------------------------------------------------------------------- /main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hc-registry.website.k2.cloud/c2devel/rockitcloud" 5 | version = "24.1.0" 6 | } 7 | tls = { 8 | source = "hc-registry.website.k2.cloud/hashicorp/tls" 9 | version = "~> 3.1.0" 10 | } 11 | } 12 | } 13 | 14 | variable "switch_id" { 15 | } 16 | 17 | variable "ec2_url" { 18 | } 19 | 20 | variable "s3_url" { 21 | } 22 | 23 | variable "access_key" { 24 | } 25 | 26 | variable "secret_key" { 27 | } 28 | 29 | variable "ami" { 30 | } 31 | 32 | variable "public_ipv4_pool" { 33 | } 34 | 35 | variable "region" { 36 | default = "ru-msk" 37 | } 38 | 39 | variable "az" { 40 | } 41 | 42 | variable "instance_type" { 43 | default = "m1.micro" 44 | } 45 | 46 | variable "account_id" { 47 | } 48 | 49 | variable "template_owner" { 50 | } 51 | 52 | variable "template_name" { 53 | } 54 | 55 | variable "insecure" { 56 | default = false 57 | } 58 | 59 | provider "tls" { 60 | } 61 | 62 | provider "aws" { 63 | endpoints { 64 | # NOTE: specify custom EC2 endpoint URL 65 | # due to different region name 66 | ec2 = var.ec2_url 67 | } 68 | 69 | # NOTE: STS API is not implemented, skip validation 70 | skip_credentials_validation = true 71 | 72 | # NOTE: IAM API is not implemented, skip validation 73 | skip_requesting_account_id = true 74 | 75 | # NOTE: Region has different name, skip validation 76 | skip_region_validation = true 77 | 78 | insecure = var.insecure 79 | access_key = var.access_key 80 | secret_key = var.secret_key 81 | region = var.region 82 | } 83 | 84 | provider "aws" { 85 | alias = "noregion" 86 | endpoints { 87 | # NOTE: specify custom EC2 endpoint URL 88 | # due to different region name 89 | s3 = var.s3_url 90 | } 91 | 92 | # NOTE: STS API is not implemented, skip validation 93 | skip_credentials_validation = true 94 | 95 | # NOTE: IAM API is not implemented, skip validation 96 | skip_requesting_account_id = true 97 | 98 | # NOTE: Region has different name, skip validation 99 | skip_region_validation = true 100 | 101 | insecure = var.insecure 102 | access_key = var.access_key 103 | secret_key = var.secret_key 104 | region = "us-east-1" 105 | } 106 | 107 | -------------------------------------------------------------------------------- /quick_start/.gitignore: -------------------------------------------------------------------------------- 1 | **/.terraform* 2 | *.tfstate 3 | *.tfstate.backup 4 | *.tfvars 5 | -------------------------------------------------------------------------------- /quick_start/README.md: -------------------------------------------------------------------------------- 1 | # Использование Terraform вместе с К2 Облаком 2 | 3 | ## Общая информация 4 | 5 | Terraform – современный инструмент для автоматизированного управления облачной инфраструктурой при помощи простого выразительного языка, похожего на обычный английский. 6 | Код на этом языке пишется в декларативной манере: вы описываете, что хотите получить в результате — вам не надо задумываться, каким образом его достичь. 7 | 8 | Однажды написав такой код, вы можете переиспользовать его многократно — для этого достаточно лишь набрать пару коротких команд в терминале. 9 | И каждый раз вы получите предсказуемый результат — в облаке будет создано требуемое количество виртуальных машин из указанных шаблонов, выделено необходимое количество внешних IP-адресов, сконфигурированы группы безопасности и выполнены все описанные в коде действия. 10 | Выполнение этих же действий в веб-интерфейсе займёт больше времени, особенно если вам необходимо их повторять. 11 | К тому же, при ручных манипуляциях многократно возрастает риск допустить ошибку и получить не совсем то, что хотелось, а затем долго искать, где и в какой момент была сделана ошибка. 12 | 13 | Такой подход к развёртыванию инфраструктуры получил название «инфраструктура как код» (Infrastructure as a Code, IaaC). 14 | Он позволяет: 15 | 16 | - использовать системы управления версиями; 17 | - размещать комментарии в коде, чтобы документировать производимые им действия; 18 | - тестировать код до его применения в реальной инфраструктуре для выявления возможных негативных последствий; 19 | - передавать код другим разработчикам для оценки его качества, чтобы в итоге получить лучшее решение. 20 | 21 | ## Установка и настройка 22 | 23 | > :information_source:   Инструкция написана и протестирована с использованием Terraform v1.0.8 для провайдеров rockitcloud v24.1.0 и AWS v3.63.0. Приведённая ниже информация актуальна для указанных версий. Чтобы гарантировать стабильность и совместимость, мы зафиксировали версию провайдера в коде конфигурации. 24 | 25 | Terraform распространяется в виде исполняемого файла и доступен для различных ОС (Linux/Windows/macOS и не только). Скачать нужную версию можно [на официальной странице загрузки](https://www.terraform.io/downloads.html). Если официальная страница будет недоступна, скачайте дистрибутив [здесь](https://hc-releases.website.k2.cloud/terraform/current/). После загрузки и распаковки архива рекомендуем перенести извлечённый файл в любую папку, заданную в текущей переменной окружения `PATH`(или добавить целевую папку в эту переменную). 26 | Для ОС семейства Linux это может быть `/usr/local/bin/`, для Windows – `C:\Windows\system32` (для доступа к системным папкам требуются права администратора в ОС). Таким образом, вам не придётся каждый раз указывать полный путь к файлу. 27 | 28 | ## Написание конфигурации Terraform 29 | 30 | Готовый код, который описан далее, размещён в нашем официальном репозитории [terraform-examples](https://github.com/c2devel/terraform-examples>) на GitHub в папке `quick_start`. Вы можете скачать его и сразу начать использовать с минимальными правками. Однако для лучшего понимания кода рекомендуем последовательно выполнить все шаги и все операции этого руководства. 31 | 32 | > :warning:   При работе с Terraform команды следует выполнять, только если вы хорошо представляете, что и для чего делаете. Terraform предупреждает о потенциально деструктивных операциях и требует дополнительного подтверждения в этих случаях. Внимательно относитесь к этим предупреждениям, потому что иначе вы можете нечаянно лишиться части или даже всей инфраструктуры вашего проекта вместе с данными. А если резервных копий нет, то данные окажутся безвозвратно потеряны. 33 | 34 | В качестве примера рассмотрим описание конфигурации Terraform для автоматического создания инфраструктуры в составе: 35 | 36 | - 1 VPC (для изоляции инфраструктуры проекта на сетевом уровне); 37 | - 1 подсеть с префиксом 24; 38 | - 2 виртуальные машины – в проекте-примере на одной из них будет размещено веб-приложение, а на другой сервер баз данных; 39 | - 1 Elastic IP – адрес будет назначен виртуальной машине с веб-приложением, чтобы к ней (и приложению) был возможен доступ из интернет; 40 | - 2 группы безопасности – одна группа разрешает входящий трафик от интерфейсов, которым она назначена, чтобы ВМ взаимодействовали только между собой внутри созданной подсети. Другая открывает доступ извне через TCP-порты 22, 80 и 443. Для каждой из групп разрешён весь исходящий трафик; 41 | - 1 бакет для хранения файлов проекта. 42 | 43 | ### Описание провайдеров – providers.tf 44 | 45 | Terraform работает с разными облачными платформами и сервисами при помощи специальных плагинов, которые принято называть провайдерами. 46 | Для работы с К2 Облаком можно использовать провайдер от C2Devel (*c2devel/rockitcloud*) или провайдер AWS (*hashicorp/aws*), так как API облака совместимо с AWS. 47 | 48 | Создадим файл `providers.tf`, в котором опишем необходимых провайдеров и их настройки: 49 | 50 | ```bash 51 | # Фиксируем версию провайдера, чтобы гарантировать совместимость 52 | # и стабильную работу написанной конфигурации 53 | terraform { 54 | required_providers { 55 | aws = { 56 | # Используем локальное зеркало К2 Облака 57 | # как источник загрузки провайдера c2devel/rockitcloud 58 | source = "hc-registry.website.k2.cloud/c2devel/rockitcloud" 59 | version = "24.1.0" 60 | } 61 | } 62 | } 63 | 64 | # Подключаем и настраиваем провайдера для работы 65 | # со всеми сервисами К2 Облака, кроме объектного хранилища 66 | provider "aws" { 67 | endpoints { 68 | ec2 = "https://ec2.k2.cloud" 69 | } 70 | 71 | skip_credentials_validation = true 72 | skip_requesting_account_id = true 73 | skip_region_validation = true 74 | 75 | insecure = false 76 | access_key = var.access_key 77 | secret_key = var.secret_key 78 | region = "ru-msk" 79 | } 80 | 81 | # Подключаем и настраиваем провайдера 82 | # для работы с объектным хранилищем облака 83 | provider "aws" { 84 | alias = "noregion" 85 | endpoints { 86 | s3 = "https://s3.k2.cloud" 87 | } 88 | 89 | skip_credentials_validation = true 90 | skip_requesting_account_id = true 91 | skip_region_validation = true 92 | 93 | insecure = false 94 | access_key = var.access_key 95 | secret_key = var.secret_key 96 | region = "us-east-1" 97 | } 98 | ``` 99 | 100 | Первый блок `provider` относится к работе со всеми сервисами К2 Облака за исключением объектного хранилища – за работу с ним отвечает второй блок. 101 | Если планируется работа только с К2 Облаком, эту часть кода можно переиспользовать без изменений. 102 | 103 | Отметим, что `access_key` и `secret_key` не содержат самих данных, а указывают на значения переменных. 104 | Это сделано специально, чтобы готовую конфигурацию можно было передавать другим людям, не опасаясь раскрыть значения ключей. 105 | Кроме того, такой подход позволяет быстро задать все ключи в одном месте и избежать множества правок в самом коде при их изменении. 106 | 107 | ### Описание переменных – variables.tf 108 | 109 | Информация обо всех используемых переменных хранится в файле `variables.tf`, где для каждой переменной можно указать её описание и значение по умолчанию. 110 | 111 | ```bash 112 | variable "secret_key" { 113 | description = "Enter the secret key" 114 | } 115 | 116 | variable "access_key" { 117 | description = "Enter the access key" 118 | } 119 | 120 | variable "public_key" { 121 | description = "Enter the public SSH key" 122 | } 123 | 124 | variable "pubkey_name" { 125 | description = "Enter the name of the public SSH key" 126 | } 127 | 128 | variable "bucket_name" { 129 | description = "Enter the bucket name" 130 | } 131 | 132 | variable "az" { 133 | description = "Enter availability zone (ru-msk-comp1p by default)" 134 | default = "ru-msk-comp1p" 135 | } 136 | 137 | variable "eips_count" { 138 | description = "Enter the number of Elastic IP addresses to create (1 by default)" 139 | default = 1 140 | } 141 | 142 | variable "vms_count" { 143 | description = "Enter the number of virtual machines to create (2 by default)" 144 | default = 2 145 | } 146 | 147 | variable "hostnames" { 148 | description = "Enter hostnames of VMs" 149 | } 150 | 151 | variable "allow_tcp_ports" { 152 | description = "Enter TCP ports to allow connections to (22, 80, 443 by default)" 153 | default = [22, 80, 443] 154 | } 155 | 156 | variable "vm_template" { 157 | description = "Enter the template ID to create a VM from (cmi-AC76609F [CentOS 8.2] by default)" 158 | default = "cmi-AC76609F" 159 | } 160 | 161 | variable "vm_instance_type" { 162 | description = "Enter the instance type for a VM (m5.2small by default)" 163 | default = "m5.2small" 164 | } 165 | 166 | variable "vm_volume_type" { 167 | description = "Enter the volume type for VM disks (gp2 by default)" 168 | default = "gp2" 169 | } 170 | 171 | variable "vm_volume_size" { 172 | # Размер по умолчанию и шаг наращивания указаны для типа дисков gp2 173 | # Для других типов дисков они могут быть иными – подробнее см. в документации на диски 174 | description = "Enter the volume size for VM disks (32 by default, in GiB, must be multiple of 32)" 175 | default = 32 176 | } 177 | ``` 178 | 179 | В файле `variables.tf` содержится только список всех переменных для конфигурации (и значения по умолчанию для некоторых из них). Сами значения, используемые в работе, задаются в файле `terraform.tfvars`. 180 | 181 | ### Используемые значения переменных – terraform.tfvars 182 | 183 | Те значения, которые будут применяться в каждом конкретном случае, указываются в файле `terraform.tfvars`. 184 | Его содержимое имеет приоритет над значениями по умолчанию, это позволяет легко переопределить стандартное поведение конфигурации. 185 | 186 | ```bash 187 | secret_key = "ENTER_YOUR_SECRET_KEY_HERE" 188 | access_key = "ENTER_YOUR_ACCESS_KEY_HERE" 189 | public_key = "ENTER_YOUR_PUBLIC_KEY_HERE" 190 | pubkey_name = "My-project-SSH-key" 191 | bucket_name = "My-project-bucket" 192 | az = "ru-msk-comp1p" 193 | eips_count = 1 194 | vms_count = 2 195 | hostnames = ["webapp", "db"] 196 | allow_tcp_ports = [22, 80, 443] 197 | vm_template = "cmi-AC76609F" 198 | vm_instance_type = "m5.2small" 199 | vm_volume_type = "gp2" 200 | vm_volume_size = 32 201 | ``` 202 | 203 | Шаблон со всеми переменными и их значениями находится в файле `terraform.tfvars.example`. 204 | Чтобы ускорить задание переменных, его содержимое можно скопировать в файл `terraform.tfvars`, а затем поменять значения на необходимые: 205 | 206 | ```bash 207 | cp terraform.tfvars.example terraform.tfvars 208 | ``` 209 | 210 | > :warning:   Помните, что в файле `terraform.tfvars` могут хранится чувствительные данные, которые не должны попасть к посторонним, например, значения ваших ключей. Если вы используете систему Git для хранения и версионирования конфигураций Terraform, убедитесь, что файл не попадёт в репозиторий в результате коммита – этого можно избежать, включив соответствующее исключение в `.gitignore`. Кроме того, если вы передаёте другими людям свою конфигурацию Terraform, убедитесь, что при этом не передаёте `terraform.tfvars`. Утечка ключей может привести к тому, что посторонние лица получат доступ к управлению вашей инфраструктурой. 211 | 212 | Получить свои значения `secret_key` и `access_key` можно [в консоли управления Облаком](https://console.k2.cloud). Для этого нажмите на логин пользователя в правом верхнем углу, выберите "Профиль" и нажмите "Получить настройки доступа к API". 213 | 214 | В К2 Облаке поддерживаются 2084-разрядные ключи RSA. SSH-ключ можно сгенерировать, например, при помощи команды: 215 | 216 | ```bash 217 | ssh-keygen -b 2048 -t rsa 218 | ``` 219 | 220 | В качестве значения `public_key` укажите его публичную часть. 221 | 222 | Имя ключа `pubkey_name` может содержать только латинские буквы и цифры. 223 | Имя бакета `bucket_name` может дополнительно содержать [точки, дефисы и подчеркивания](https://docs.k2.cloud/ru/services/object_storage/operations.html#s3bucketnaming). 224 | 225 | Когда все переменные описаны и их значения заданы, можно приступать к написанию основной конфигурации. 226 | 227 | ### Основная конфигурация – main.tf 228 | 229 | В файле основной конфигурации `main.tf` пишется код, в соответствии с которым в дальнейшем будут выполняться все основные действия над инфраструктурой в автоматическом режиме. 230 | 231 | Конфигурация состоит из блоков кода, каждый из которых, как правило, отвечает за работу с объектом определённого типа, например, за работу с виртуальными машинами или группами безопасности. 232 | Такие блоки в терминологии Terraform называются ресурсами. 233 | Далее по очереди рассматриваются все блоки ресурсов, которые необходимы для описания указанной выше конфигурации. 234 | В каждом блоке есть комментарии с пояснениями производимых изменений. 235 | 236 | Сначала создадим VPC для изоляции ресурсов проекта на сетевом уровне: 237 | 238 | ```bash 239 | resource "aws_vpc" "vpc" { 240 | # Задаём IP-адрес сети VPC в нотации CIDR (IP/Prefix) 241 | cidr_block = "172.16.8.0/24" 242 | # Активируем поддержку разрешения доменных имён с помощью DNS-серверов К2 Облака 243 | enable_dns_support = true 244 | 245 | # Присваиваем создаваемому ресурсу тег Name 246 | tags = { 247 | Name = "My project" 248 | } 249 | } 250 | ``` 251 | 252 | Затем определим подсеть в ранее созданном VPC (CIDR-блок подсети должен принадлежать адресному пространству, выделенному VPC): 253 | 254 | ```bash 255 | resource "aws_subnet" "subnet" { 256 | # Задаём зону доступности, в которой будет создана подсеть 257 | # Её значение берём из переменной az 258 | availability_zone = var.az 259 | # Используем для подсети тот же CIDR-блок IP-адресов, что и для VPC 260 | cidr_block = aws_vpc.vpc.cidr_block 261 | # Указываем VPC, где будет создана подсеть 262 | vpc_id = aws_vpc.vpc.id 263 | # Подсеть создаём только после создания VPC 264 | depends_on = [aws_vpc.vpc] 265 | 266 | # В тег Name для подсети включаем значение переменной az и тег Name для VPC 267 | tags = { 268 | Name = "Subnet in ${var.az} for ${lookup(aws_vpc.vpc.tags, "Name")}" 269 | } 270 | } 271 | ``` 272 | 273 | Далее добавляем публичный SSH-ключ, который позже будет использоваться для доступа к виртуальной машине: 274 | 275 | ```bash 276 | resource "aws_key_pair" "pubkey" { 277 | # Указываем имя SSH-ключа (значение берётся из переменной pubkey_name) 278 | key_name = var.pubkey_name 279 | # и содержимое публичного ключа 280 | public_key = var.public_key 281 | } 282 | ``` 283 | 284 | Создаём бакет в объектном хранилище для хранения данных сайта и резервных копий: 285 | 286 | ```bash 287 | resource "aws_s3_bucket" "bucket" { 288 | provider = aws.noregion 289 | # Задаём имя хранилища из переменной bucket_name 290 | bucket = var.bucket_name 291 | # Указываем разрешения на доступ 292 | acl = "private" 293 | } 294 | ``` 295 | 296 | Выделяем Elastic IP для доступа к серверу с веб-приложением извне: 297 | 298 | ```bash 299 | resource "aws_eip" "eips" { 300 | # Указываем количество выделяемых EIP в переменной eips_count – 301 | # это позволяет сразу выделить необходимое количество EIP. 302 | # В нашем случае адрес выделяется только первому серверу 303 | count = var.eips_count 304 | # Выделяем в рамках нашего VPC 305 | vpc = true 306 | # и только после его создания 307 | depends_on = [aws_vpc.vpc] 308 | 309 | # В качестве значения тега Name берём имя хоста будущей ВМ из переменной hostnames 310 | # по индексу из массива 311 | tags = { 312 | Name = "${var.hostnames[count.index]}" 313 | } 314 | } 315 | ``` 316 | 317 | Затем создаём две группы безопасности – одна открывает доступ со всех адресов через порты 22, 80 и 443, а вторая разрешает полный доступ внутри себя самой. 318 | В первую позже добавим ВМ с веб-приложением, а во вторую поместим оба наших сервера, чтобы они могли взаимодействовать между собой: 319 | 320 | ```bash 321 | # Создаём группу безопасности для доступа извне 322 | resource "aws_security_group" "ext" { 323 | # В рамках нашего VPC 324 | vpc_id = aws_vpc.vpc.id 325 | # задаём имя группы безопасности 326 | name = "ext" 327 | # и её описание 328 | description = "External SG" 329 | 330 | # Определяем входящие правила 331 | dynamic "ingress" { 332 | # Задаём имя переменной, которая будет использоваться 333 | # для перебора всех заданных портов 334 | iterator = port 335 | # Перебираем порты из списка портов allow_tcp_ports 336 | for_each = var.allow_tcp_ports 337 | content { 338 | # Задаём диапазон портов (в нашем случае он состоит из одного порта), 339 | from_port = port.value 340 | to_port = port.value 341 | # протокол, 342 | protocol = "tcp" 343 | # и IP-адрес источника в нотации CIDR (IP/Prefix) 344 | cidr_blocks = ["0.0.0.0/0"] 345 | } 346 | } 347 | 348 | # Определяем исходящее правило – разрешаем весь исходящий IPv4-трафик 349 | egress { 350 | from_port = 0 351 | to_port = 0 352 | protocol = "-1" 353 | cidr_blocks = ["0.0.0.0/0"] 354 | } 355 | 356 | depends_on = [aws_vpc.vpc] 357 | 358 | tags = { 359 | Name = "External SG" 360 | } 361 | } 362 | 363 | # Создаём внутреннюю группу безопасности, 364 | # внутри которой будет разрешён весь трафик между её членами 365 | resource "aws_security_group" "int" { 366 | vpc_id = aws_vpc.vpc.id 367 | name = "int" 368 | description = "Internal SG" 369 | 370 | ingress { 371 | from_port = 0 372 | to_port = 0 373 | protocol = "-1" 374 | self = true 375 | } 376 | 377 | egress { 378 | from_port = 0 379 | to_port = 0 380 | protocol = "-1" 381 | cidr_blocks = ["0.0.0.0/0"] 382 | } 383 | 384 | depends_on = [aws_vpc.vpc] 385 | 386 | tags = { 387 | Name = "Internal SG" 388 | } 389 | } 390 | ``` 391 | 392 | Теперь напишем блок кода для создания виртуальных машин: 393 | 394 | ```bash 395 | resource "aws_instance" "vms" { 396 | # Количество создаваемых виртуальных машин берём из переменной vms_count 397 | count = var.vms_count 398 | # ID шаблона для создания экземпляра ВМ – из переменной vm_template 399 | ami = var.vm_template 400 | # Наименование типа экземпляра создаваемой ВМ – из переменной vm_instance_type 401 | instance_type = var.vm_instance_type 402 | # Назначаем экземпляру внутренний IP-адрес из созданной ранее подсети в VPC 403 | subnet_id = aws_subnet.subnet.id 404 | # Подключаем к создаваемому экзепляру внутреннюю группу безопасности 405 | vpc_security_group_ids = [aws_security_group.int.id] 406 | # Добавляем на сервер публичный SSH-ключ, созданный ранее 407 | key_name = var.pubkey_name 408 | # Не выделяем и не присваиваем экземпляру внешний Elastic IP 409 | associate_public_ip_address = false 410 | # Активируем мониторинг экземпляра 411 | monitoring = true 412 | 413 | # Экземпляр создаём только после того как созданы: 414 | # – подсеть 415 | # – внутренняя группа безопасности 416 | # – публичный SSH-ключ 417 | depends_on = [ 418 | aws_subnet.subnet, 419 | aws_security_group.int, 420 | aws_key_pair.pubkey, 421 | ] 422 | 423 | tags = { 424 | Name = "VM for ${var.hostnames[count.index]}" 425 | } 426 | 427 | # Создаём диск, подключаемый к экземпляру 428 | ebs_block_device { 429 | # Говорим удалять диск вместе с экземпляром 430 | delete_on_termination = true 431 | # Задаём имя устройства вида "disk", 432 | device_name = "disk1" 433 | # его тип 434 | volume_type = var.vm_volume_type 435 | # и размер 436 | volume_size = var.vm_volume_size 437 | 438 | tags = { 439 | Name = "Disk for ${var.hostnames[count.index]}" 440 | } 441 | } 442 | } 443 | ``` 444 | 445 | После создания экземпляров виртуальных машин подключаем к первому внешнюю группу безопасности: 446 | 447 | ```bash 448 | resource "aws_network_interface_sg_attachment" "sg_attachment" { 449 | # Получаем ID внешней группы безопасности 450 | security_group_id = aws_security_group.ext.id 451 | # и ID сетевого интерфейса первого экземпляра 452 | network_interface_id = aws_instance.vms[0].primary_network_interface_id 453 | # Назначаем группу безопасности только после того, как созданы 454 | # соответствующие экземпляр и группа безопасности 455 | depends_on = [ 456 | aws_instance.vms, 457 | aws_security_group.ext, 458 | ] 459 | } 460 | ``` 461 | 462 | И внешний Elastic IP: 463 | 464 | ```bash 465 | resource "aws_eip_association" "eips_association" { 466 | # Получаем количество созданных EIP 467 | count = var.eips_count 468 | # и по очереди назначаем каждый из них экземплярам 469 | instance_id = element(aws_instance.vms.*.id, count.index) 470 | allocation_id = element(aws_eip.eips.*.id, count.index) 471 | } 472 | ``` 473 | 474 | ### Выходные переменные – outputs.tf 475 | 476 | При помощи подряд идущих блоков `output` в файле `outputs.tf` описываются все переменные, результат которых становится известен после применения плана конфигурации. 477 | 478 | В нашем случае конфигурацию завершаем единственным блоком `output`. 479 | Этот блок выводит в терминале Elastic IP-адрес сервера с веб-приложением, так что пользователю не надо искать его в веб-интерфейсе облака: 480 | 481 | ```bash 482 | output "ip_of_webapp" { 483 | description = "IP of webapp" 484 | # Берём значение публичного IP-адреса первого экземпляра 485 | # и выводим его по завершении работы Terraform 486 | value = aws_eip.eips[0].public_ip 487 | } 488 | ``` 489 | 490 | Таким образом, мы можем сразу скопировать IP-адрес для подключения к серверу и продолжить работу с ним. 491 | 492 | ## Использование готовой конфигурации 493 | 494 | В результате описанных действий получается конфигурация Terraform, состоящая из пяти файлов: 495 | 496 | - **providers.tf** – файл с настройками подключения и взаимодействия с сервисами или платформами, на базе которых будет строиться инфраструктура; 497 | - **variables.tf** – файл с описанием всех используемых переменных и их значениями по умолчанию; 498 | - **terraform.tfvars** – файл со значениями переменных, включая секретные ключи и ключи доступа, поэтому его следует надёжно хранить в скрытом от посторонних месте; 499 | - **main.tf** – основной файл конфигурации, в котором описана вся инфраструктура проекта, управляемая при помощи Terraform; 500 | - **outputs.tf** – файл с описанием выходных переменных. 501 | 502 | Чтобы развернуть с её помощью инфраструктуру, выполните пошагово следующие действия: 503 | 504 | 1. Клонируйте репозиторий и перейдите в папку, где находятся файлы конфигурации: 505 | 506 | ```bash 507 | git clone https://github.com/C2Devel/terraform-examples.git && cd terraform-examples/quick_start 508 | ``` 509 | 510 | 2. Скопируйте шаблон переменных окружения с их значениями из файла-примера: 511 | 512 | ```bash 513 | cp terraform.tfvars.example terraform.tfvars 514 | ``` 515 | 516 | Не забудьте внести в новый файл необходимые изменения. Для получения минимально рабочей конфигурации необходимо обязательно указать в нём свои `secret_key` и `access_key` для работы c API К2 Облака. 517 | 518 | 3. Выполните команду инициализации: 519 | 520 | ```bash 521 | terraform init 522 | ``` 523 | 524 | С её помощью Terraform инициализирует конфигурацию, загрузит все необходимые плагины и будет готов к работе с инфраструктурой. 525 | 526 | 4. Выполните команду генерирования плана вносимых изменений: 527 | 528 | ```bash 529 | terraform plan 530 | ``` 531 | 532 | В терминале будут отображены все изменения, которые Terraform планирует осуществить на реальной инфраструктуре. 533 | 534 | 5. Тщательно изучите вывод. Если предлагаемые изменения совпадают с ожидаемыми, примените их: 535 | 536 | ```bash 537 | terraform apply 538 | ``` 539 | 540 | План будет выведен снова, внимательно проверьте его ещё раз. Для выполнения плана наберите `yes` и нажмите `Enter`. 541 | 542 | Через некоторое время в К2 Облаке будет создана вся описанная инфраструктура. В дальнейшем, если потребуется внести в неё изменения, необходимо сделать правки в текущей конфигурации Terraform и повторно примененить план. 543 | 544 | Чтобы ещё раз вывести в терминал значения выходных переменных, введите команду: 545 | 546 | ```bash 547 | terraform output 548 | ``` 549 | 550 | Если потребуется удалить созданную при помощи Terraform инфраструктуру, это можно сделать следующей командой: 551 | 552 | ```bash 553 | terraform destroy 554 | ``` 555 | 556 | В терминале будет отображён план удаления инфраструктуры, а для подтверждения удаления необходимо ввести `yes` и нажать `Enter`. 557 | 558 | > :exclamation:   Будьте особенно внимательны при выполнении данной команды – удаляется вся инфраструктура, описанная в конфигурации. 559 | 560 | Подводя итог, основная конфигурация Terraform, которая непосредственно отвечает за действия над инфраструктурой, состоит из блоков – ресурсов. 561 | Меняя последовательность и тип блоков, можно, как из элементов конструктора, создать именно ту инфраструктуру, которая требуется вашему проекту. 562 | 563 | C дополнительными примерами использования Terraform, а также поддерживаемыми и неподдерживаемыми параметрами для каждого ресурса вы можете ознакомиться в нашем официальном репозитории [terraform-examples](https://github.com/c2devel/terraform-examples) на GitHub в папке ``cases``. Примеры составлены для провайдера AWS v3.63.0 (Terraform v0.14.0). 564 | -------------------------------------------------------------------------------- /quick_start/main.tf: -------------------------------------------------------------------------------- 1 | # Сначала создадим VPC для изоляции ресурсов проекта на сетевом уровне 2 | resource "aws_vpc" "vpc" { 3 | # Задаём IP-адрес сети VPC в нотации CIDR (IP/Prefix) 4 | cidr_block = "172.16.8.0/24" 5 | # Активируем поддержку разрешения доменных имён с помощью DNS-серверов К2 Облака 6 | enable_dns_support = true 7 | 8 | # Присваиваем создаваемому ресурсу тег Name 9 | tags = { 10 | Name = "My project" 11 | } 12 | } 13 | 14 | # Затем определим подсеть в ранее созданном VPC 15 | # (CIDR-блок подсети должен принадлежать адресному пространству, выделенному VPC) 16 | resource "aws_subnet" "subnet" { 17 | # Задаём зону доступности, в которой будет создана подсеть 18 | # Её значение берём из переменной az 19 | availability_zone = var.az 20 | # Используем для подсети тот же CIDR-блок IP-адресов, что и для VPC 21 | cidr_block = aws_vpc.vpc.cidr_block 22 | # Указываем VPC, где будет создана подсеть 23 | vpc_id = aws_vpc.vpc.id 24 | # Подсеть создаём только после создания VPC 25 | depends_on = [aws_vpc.vpc] 26 | 27 | # В тег Name для подсети включаем значение переменной az и тег Name для VPC 28 | tags = { 29 | Name = "Subnet in ${var.az} for ${lookup(aws_vpc.vpc.tags, "Name")}" 30 | } 31 | } 32 | 33 | # Далее добавляем публичный SSH-ключ, 34 | # который позже будет использоваться для доступа к виртуальной машине 35 | resource "aws_key_pair" "pubkey" { 36 | # Указываем имя SSH-ключа (значение берётся из переменной pubkey_name) 37 | key_name = var.pubkey_name 38 | # и содержимое публичного ключа 39 | public_key = var.public_key 40 | } 41 | 42 | # Создаём бакет в объектном хранилище для хранения данных сайта и резервных копий 43 | resource "aws_s3_bucket" "bucket" { 44 | provider = aws.noregion 45 | # Задаём имя хранилища из переменной bucket_name 46 | bucket = var.bucket_name 47 | # Указываем разрешения на доступ 48 | acl = "private" 49 | } 50 | 51 | # Выделяем Elastic IP для доступа к серверу с веб-приложением извне 52 | resource "aws_eip" "eips" { 53 | # Указываем количество выделяемых EIP в переменной eips_count – 54 | # это позволяет сразу выделить необходимое количество EIP. 55 | # В нашем случае адрес выделяется только первому серверу 56 | count = var.eips_count 57 | # Выделяем в рамках нашего VPC 58 | vpc = true 59 | # и только после его создания 60 | depends_on = [aws_vpc.vpc] 61 | 62 | # В качестве значения тега Name берём имя хоста будущей ВМ из переменной hostnames 63 | # по индексу из массива 64 | tags = { 65 | Name = "${var.hostnames[count.index]}" 66 | } 67 | } 68 | 69 | # Создаём группу безопасности для доступа извне 70 | resource "aws_security_group" "ext" { 71 | # В рамках нашего VPC 72 | vpc_id = aws_vpc.vpc.id 73 | # задаём имя группы безопасности 74 | name = "ext" 75 | # и её описание 76 | description = "External SG" 77 | 78 | # Определяем входящие правила 79 | dynamic "ingress" { 80 | # Задаём имя переменной, которая будет использоваться 81 | # для перебора всех заданных портов 82 | iterator = port 83 | # Перебираем порты из списка портов allow_tcp_ports 84 | for_each = var.allow_tcp_ports 85 | content { 86 | # Задаём диапазон портов (в нашем случае он состоит из одного порта), 87 | from_port = port.value 88 | to_port = port.value 89 | # протокол, 90 | protocol = "tcp" 91 | # и IP-адрес источника в нотации CIDR (IP/Prefix) 92 | cidr_blocks = ["0.0.0.0/0"] 93 | } 94 | } 95 | 96 | # Определяем исходящее правило – разрешаем весь исходящий IPv4-трафик 97 | egress { 98 | from_port = 0 99 | to_port = 0 100 | protocol = "-1" 101 | cidr_blocks = ["0.0.0.0/0"] 102 | } 103 | 104 | depends_on = [aws_vpc.vpc] 105 | 106 | tags = { 107 | Name = "External SG" 108 | } 109 | } 110 | 111 | # Создаём внутреннюю группу безопасности, 112 | # внутри которой будет разрешён весь трафик между её членами 113 | resource "aws_security_group" "int" { 114 | vpc_id = aws_vpc.vpc.id 115 | name = "int" 116 | description = "Internal SG" 117 | 118 | ingress { 119 | from_port = 0 120 | to_port = 0 121 | protocol = "-1" 122 | self = true 123 | } 124 | 125 | egress { 126 | from_port = 0 127 | to_port = 0 128 | protocol = "-1" 129 | cidr_blocks = ["0.0.0.0/0"] 130 | } 131 | 132 | depends_on = [aws_vpc.vpc] 133 | 134 | tags = { 135 | Name = "Internal SG" 136 | } 137 | } 138 | 139 | # Создаём виртуальные машины 140 | resource "aws_instance" "vms" { 141 | # Количество создаваемых виртуальных машин берём из переменной vms_count 142 | count = var.vms_count 143 | # ID шаблона для создания экземпляра ВМ – из переменной vm_template 144 | ami = var.vm_template 145 | # Наименование типа экземпляра создаваемой ВМ – из переменной vm_instance_type 146 | instance_type = var.vm_instance_type 147 | # Назначаем экземпляру внутренний IP-адрес из созданной ранее подсети в VPC 148 | subnet_id = aws_subnet.subnet.id 149 | # Подключаем к создаваемому экзепляру внутреннюю группу безопасности 150 | vpc_security_group_ids = [aws_security_group.int.id] 151 | # Добавляем на сервер публичный SSH-ключ, созданный ранее 152 | key_name = var.pubkey_name 153 | # Не выделяем и не присваиваем экземпляру внешний Elastic IP 154 | associate_public_ip_address = false 155 | # Активируем мониторинг экземпляра 156 | monitoring = true 157 | 158 | # Экземпляр создаём только после того как созданы: 159 | # – подсеть 160 | # – внутренняя группа безопасности 161 | # – публичный SSH-ключ 162 | depends_on = [ 163 | aws_subnet.subnet, 164 | aws_security_group.int, 165 | aws_key_pair.pubkey, 166 | ] 167 | 168 | tags = { 169 | Name = "VM for ${var.hostnames[count.index]}" 170 | } 171 | 172 | # Создаём диск, подключаемый к экземпляру 173 | ebs_block_device { 174 | # Говорим удалять диск вместе с экземпляром 175 | delete_on_termination = true 176 | # Задаём имя устройства вида "disk", 177 | device_name = "disk1" 178 | # его тип 179 | volume_type = var.vm_volume_type 180 | # и размер 181 | volume_size = var.vm_volume_size 182 | 183 | tags = { 184 | Name = "Disk for ${var.hostnames[count.index]}" 185 | } 186 | } 187 | } 188 | 189 | # После создания экземпляров виртуальных машин подключаем к первому внешнюю группу безопасности 190 | resource "aws_network_interface_sg_attachment" "sg_attachment" { 191 | # Получаем ID внешней группы безопасности 192 | security_group_id = aws_security_group.ext.id 193 | # и ID сетевого интерфейса первого экземпляра 194 | network_interface_id = aws_instance.vms[0].primary_network_interface_id 195 | # Назначаем группу безопасности только после того, как созданы 196 | # соответствующие экземпляр и группа безопасности 197 | depends_on = [ 198 | aws_instance.vms, 199 | aws_security_group.ext, 200 | ] 201 | } 202 | 203 | # И внешний Elastic IP 204 | resource "aws_eip_association" "eips_association" { 205 | # Получаем количество созданных EIP 206 | count = var.eips_count 207 | # и по очереди назначаем каждый из них экземплярам 208 | instance_id = element(aws_instance.vms.*.id, count.index) 209 | allocation_id = element(aws_eip.eips.*.id, count.index) 210 | } 211 | -------------------------------------------------------------------------------- /quick_start/outputs.tf: -------------------------------------------------------------------------------- 1 | # Завершаем конфигурацию единственным блоком output, который 2 | # выводит в терминале Elastic IP-адрес сервера с веб-приложением 3 | output "ip_of_webapp" { 4 | description = "IP of webapp" 5 | # Берём значение публичного IP-адреса первого экземпляра 6 | # и выводим его по завершении работы Terraform 7 | value = aws_eip.eips[0].public_ip 8 | } 9 | -------------------------------------------------------------------------------- /quick_start/providers.tf: -------------------------------------------------------------------------------- 1 | # Фиксируем версию провайдера, чтобы гарантировать совместимость 2 | # и стабильную работу написанной конфигурации 3 | terraform { 4 | required_providers { 5 | aws = { 6 | # Используем локальное зеркало К2 Облака 7 | # как источник загрузки провайдера c2devel/rockitcloud 8 | source = "hc-registry.website.k2.cloud/c2devel/rockitcloud" 9 | version = "24.1.0" 10 | } 11 | } 12 | } 13 | 14 | # Подключаем и настраиваем провайдера для работы 15 | # со всеми сервисами К2 Облака, кроме объектного хранилища 16 | provider "aws" { 17 | endpoints { 18 | ec2 = "https://ec2.k2.cloud" 19 | } 20 | 21 | skip_credentials_validation = true 22 | skip_requesting_account_id = true 23 | skip_region_validation = true 24 | 25 | insecure = false 26 | access_key = var.access_key 27 | secret_key = var.secret_key 28 | region = "ru-msk" 29 | } 30 | 31 | # Подключаем и настраиваем провайдера 32 | # для работы с объектным хранилищем облака 33 | provider "aws" { 34 | alias = "noregion" 35 | endpoints { 36 | s3 = "https://s3.k2.cloud" 37 | } 38 | 39 | skip_credentials_validation = true 40 | skip_requesting_account_id = true 41 | skip_region_validation = true 42 | 43 | insecure = false 44 | access_key = var.access_key 45 | secret_key = var.secret_key 46 | region = "us-east-1" 47 | } 48 | -------------------------------------------------------------------------------- /quick_start/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | secret_key = "ENTER_YOUR_SECRET_KEY_HERE" 2 | access_key = "ENTER_YOUR_ACCESS_KEY_HERE" 3 | public_key = "ENTER_YOUR_PUBLIC_KEY_HERE" 4 | pubkey_name = "My project SSH key" 5 | bucket_name = "my-project-bucket" 6 | az = "ru-msk-comp1p" 7 | eips_count = 1 8 | vms_count = 2 9 | hostnames = ["webapp", "db"] 10 | allow_tcp_ports = [22, 80, 443] 11 | vm_template = "cmi-AC76609F" 12 | vm_instance_type = "m5.2small" 13 | vm_volume_type = "gp2" 14 | vm_volume_size = 32 15 | -------------------------------------------------------------------------------- /quick_start/variables.tf: -------------------------------------------------------------------------------- 1 | variable "secret_key" { 2 | description = "Enter the secret key" 3 | } 4 | 5 | variable "access_key" { 6 | description = "Enter the access key" 7 | } 8 | 9 | variable "public_key" { 10 | description = "Enter the public SSH key" 11 | } 12 | 13 | variable "pubkey_name" { 14 | description = "Enter the name of the public SSH key" 15 | } 16 | 17 | variable "bucket_name" { 18 | description = "Enter the bucket name" 19 | } 20 | 21 | variable "az" { 22 | description = "Enter availability zone (ru-msk-comp1p by default)" 23 | default = "ru-msk-comp1p" 24 | } 25 | 26 | variable "eips_count" { 27 | description = "Enter the number of Elastic IP addresses to create (1 by default)" 28 | default = 1 29 | } 30 | 31 | variable "vms_count" { 32 | description = "Enter the number of virtual machines to create (2 by default)" 33 | default = 2 34 | } 35 | 36 | variable "hostnames" { 37 | description = "Enter hostnames of VMs" 38 | } 39 | 40 | variable "allow_tcp_ports" { 41 | description = "Enter TCP ports to allow connections to (22, 80, 443 by default)" 42 | default = [22, 80, 443] 43 | } 44 | 45 | variable "vm_template" { 46 | description = "Enter the template ID to create a VM from (cmi-AC76609F [CentOS 8.2] by default)" 47 | default = "cmi-AC76609F" 48 | } 49 | 50 | variable "vm_instance_type" { 51 | description = "Enter the instance type for a VM (m5.2small by default)" 52 | default = "m5.2small" 53 | } 54 | 55 | variable "vm_volume_type" { 56 | description = "Enter the volume type for VM disks (gp2 by default)" 57 | default = "gp2" 58 | } 59 | 60 | variable "vm_volume_size" { 61 | # Размер по умолчанию и шаг наращивания указаны для типа дисков gp2 62 | # Для других типов дисков они могут быть иными – подробнее см. в документации на диски 63 | description = "Enter the volume size for VM disks (32 by default, in GiB, must be multiple of 32)" 64 | default = 32 65 | } 66 | -------------------------------------------------------------------------------- /terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | ec2_url = "https://ec2.k2.cloud" 2 | s3_url = "https://s3.k2.cloud" 3 | 4 | secret_key = "" 5 | 6 | access_key = "" 7 | 8 | az = "ru-msk-vol51" 9 | 10 | account_id = "" 11 | 12 | instance_type = "" 13 | 14 | ami = "" 15 | 16 | public_ipv4_pool = "" 17 | 18 | template_owner = "" 19 | template_name = "" 20 | 21 | switch_id = "" 22 | -------------------------------------------------------------------------------- /tests/Makefile.in: -------------------------------------------------------------------------------- 1 | PACKAGE_NAME = @PACKAGE_NAME@ 2 | PACKAGE_TARNAME = @PACKAGE_TARNAME@ 3 | PACKAGE_VERSION = @PACKAGE_VERSION@ 4 | PACKAGE_STRING = @PACKAGE_STRING@ 5 | PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ 6 | PACKAGE_URL = @PACKAGE_URL@ 7 | 8 | srcdir = @srcdir@ 9 | top_srcdir = @top_srcdir@ 10 | top_builddir = @top_builddir@ 11 | 12 | TESTSUITE = $(srcdir)/testsuite 13 | # TODO: do not hardcode all test files here 14 | TESTSOURCES = $(srcdir)/local.at $(srcdir)/aws_ami.at $(srcdir)/aws_ami_from_instance.at $(srcdir)/aws_ami_launch_permission.at $(srcdir)/aws_customer_gateway.at $(srcdir)/aws_default_network_acl.at $(srcdir)/aws_default_route_table.at $(srcdir)/aws_default_security_group.at $(srcdir)/aws_default_vpc.at $(srcdir)/aws_default_vpc_dhcp_options.at $(srcdir)/aws_ebs_snapshot.at $(srcdir)/aws_ebs_volume.at $(srcdir)/aws_eip_association.at $(srcdir)/aws_eip.at $(srcdir)/aws_instance.at $(srcdir)/aws_key_pair.at $(srcdir)/aws_launch_template.at $(srcdir)/aws_network_acl.at $(srcdir)/aws_network_acl_rule.at $(srcdir)/aws_network_interface.at $(srcdir)/aws_placement_group.at $(srcdir)/aws_route.at $(srcdir)/aws_route_table_association.at $(srcdir)/aws_route_table.at $(srcdir)/aws_s3_bucket.at $(srcdir)/aws_security_group.at $(srcdir)/aws_security_group_rule.at $(srcdir)/aws_snapshot_create_volume_permission.at $(srcdir)/aws_subnet.at $(srcdir)/aws_volume_attachment.at $(srcdir)/aws_vpc.at $(srcdir)/aws_vpc_dhcp_options_association.at $(srcdir)/aws_vpc_dhcp_options.at $(srcdir)/local.at $(srcdir)/testsuite.at 15 | AUTOM4TE = autom4te 16 | AUTOTEST = $(AUTOM4TE) --language=autotest 17 | 18 | check-local: atconfig atlocal $(TESTSUITE) 19 | $(SHELL) '$(TESTSUITE)' $(TESTSUITEFLAGS) 20 | 21 | $(srcdir)/package.m4: $(top_srcdir)/configure.ac 22 | $(AM_V_GEN) :;{ \ 23 | echo '# Signature of the current package.' && \ 24 | echo 'm4_define([AT_PACKAGE_NAME], [$(PACKAGE_NAME)])' && \ 25 | echo 'm4_define([AT_PACKAGE_TARNAME], [$(PACKAGE_TARNAME)])' && \ 26 | echo 'm4_define([AT_PACKAGE_VERSION], [$(PACKAGE_VERSION)])' && \ 27 | echo 'm4_define([AT_PACKAGE_STRING], [$(PACKAGE_STRING)])' && \ 28 | echo 'm4_define([AT_PACKAGE_BUGREPORT], [$(PACKAGE_BUGREPORT)])'; \ 29 | echo 'm4_define([AT_PACKAGE_URL], [$(PACKAGE_URL)])'; \ 30 | } >'$(srcdir)/package.m4' 31 | 32 | $(TESTSUITE): $(TESTSOURCES) $(srcdir)/package.m4 33 | $(AM_V_GEN) $(AUTOTEST) -I '$(srcdir)' -o $@.tmp $@.at; mv $@.tmp $@ 34 | 35 | atconfig: $(top_builddir)/config.status 36 | cd $(top_builddir) && \ 37 | $(SHELL) ./config.status $(subdir)/$@ 38 | 39 | atlocal: $(srcdir)/atlocal.in $(top_builddir)/config.status 40 | cd $(top_builddir) && \ 41 | $(SHELL) ./config.status $(subdir)/$@ 42 | -------------------------------------------------------------------------------- /tests/atlocal.in: -------------------------------------------------------------------------------- 1 | SRCDIR=$(pwd)/../ 2 | -------------------------------------------------------------------------------- /tests/aws_ami.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_ami resource]) 2 | 3 | AT_SETUP([plan aws_ami]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_ami],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_ami]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_ami],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_ami]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_ami]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_ami],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_ami]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_ami],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_ami]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_ami_from_instance.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply.destroy aws_ami_from_instance resource]) 2 | 3 | AT_SETUP([plan aws_ami_from_instance]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_ami_from_instance],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_ami_from_instance]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_ami_from_instance],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_ami_from_instance]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_ami_from_instance]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_ami_from_instance],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_ami_from_instance]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_ami_from_instance],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_ami_from_instance]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_ami_launch_permission.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_ami_launch_permission resource]) 2 | 3 | AT_SETUP([plan aws_ami_launch_permission]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_ami_launch_permission],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_ami_launch_permission]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_ami_launch_permission],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_ami_launch_permission]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_ami_launch_permission]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_ami_launch_permission],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_ami_launch_permission]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_ami_launch_permission],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_ami_launch_permission]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_customer_gateway.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_customer_gateway resource]) 2 | 3 | AT_SETUP([plan aws_customer_gateway]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_customer_gateway],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_customer_gateway]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_customer_gateway],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_customer_gateway]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_customer_gateway]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_customer_gateway],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_customer_gateway]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_customer_gateway],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_customer_gateway]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_default_network_acl.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_default_network_acl resource]) 2 | 3 | AT_SETUP([plan aws_default_network_acl]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_default_network_acl],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_default_network_acl]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_default_network_acl],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_default_network_acl]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_default_network_acl]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_default_network_acl],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_default_network_acl]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_default_network_acl],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_default_network_acl]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_default_route_table.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_default_route_table resource]) 2 | 3 | AT_SETUP([plan aws_default_route_table]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_default_route_table],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_default_route_table]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_default_route_table],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_default_route_table]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_default_route_table]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_default_route_table],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_default_route_table]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_default_route_table],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_default_route_table]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_default_security_group.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_default_security_group resource]) 2 | 3 | AT_SETUP([plan aws_default_security_group]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_default_security_group],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_default_security_group]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_default_security_group],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_default_security_group]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_default_security_group]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_default_security_group],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_default_security_group]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_default_security_group],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_default_security_group]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_default_vpc.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_default_vpc resource]) 2 | 3 | AT_SETUP([plan aws_default_vpc]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_default_vpc],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_default_vpc]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_default_vpc],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_default_vpc]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_default_vpc]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_default_vpc],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_default_vpc]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_default_vpc],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_default_vpc]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_default_vpc_dhcp_options.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([aws_default_vpc_dhcp_options resource; most of tests are skipped due to c2 bugs]) 2 | 3 | AT_SETUP([plan aws_default_vpc_dhcp_options]) 4 | AT_SKIP_IF([true]) 5 | AT_CHECK([make -C "$SRCDIR" plan-aws_default_vpc_dhcp_options],,[ignore],[ignore]) 6 | AT_CLEANUP 7 | 8 | AT_SETUP([apply aws_default_vpc_dhcp_options]) 9 | AT_SKIP_IF([true]) 10 | AT_CHECK([make -C "$SRCDIR" apply-aws_default_vpc_dhcp_options],,[ignore],[ignore]) 11 | AT_CLEANUP 12 | 13 | AT_SETUP([apply data-aws_default_vpc_dhcp_options]) 14 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_default_vpc_dhcp_options]) 15 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_default_vpc_dhcp_options],,[ignore],[ignore]) 16 | AT_CLEANUP 17 | 18 | AT_SETUP([destroy aws_default_vpc_dhcp_options]) 19 | AT_SKIP_IF([true]) 20 | AT_CHECK([make -C "$SRCDIR" destroy-aws_default_vpc_dhcp_options],,[ignore],[ignore]) 21 | AT_CLEANUP 22 | 23 | AT_SETUP([import aws_default_vpc_dhcp_options]) 24 | AT_SKIP_IF([true]) 25 | AT_CLEANUP 26 | -------------------------------------------------------------------------------- /tests/aws_ebs_snapshot.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_ebs_snapshot resource]) 2 | 3 | AT_SETUP([plan aws_ebs_snapshot]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_ebs_snapshot],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_ebs_snapshot]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_ebs_snapshot],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_ebs_snapshot]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_ebs_snapshot]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_ebs_snapshot],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_ebs_snapshot]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_ebs_snapshot],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_ebs_snapshot]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_ebs_volume.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_ebs_volume resource]) 2 | 3 | AT_SETUP([plan aws_ebs_volume]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_ebs_volume],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_ebs_volume]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_ebs_volume],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_ebs_volume]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_ebs_volume]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_ebs_volume],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_ebs_volume]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_ebs_volume],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_ebs_volume]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_eip.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_eip resource]) 2 | 3 | AT_SETUP([plan aws_eip]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_eip],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_eip]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_eip],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_eip]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_eip]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_eip],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_eip]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_eip],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_eip]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_eip_association.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_eip_association resource]) 2 | 3 | AT_SETUP([plan aws_eip_association]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_eip_association],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_eip_association]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_eip_association],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_eip_association]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_eip_association]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_eip_association],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_eip_association]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_eip_association],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_eip_association]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_instance.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_instance resource]) 2 | 3 | AT_SETUP([plan aws_instance]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_instance],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_instance]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_instance],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_instance]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_instance]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_instance],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_instance]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_instance],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_instance]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | 24 | AT_SETUP([apply run_instances_remove_cdrom]) 25 | AT_CHECK([make -C "$SRCDIR" apply-run_instances_remove_cdrom],,[ignore],[ignore]) 26 | AT_CLEANUP 27 | 28 | AT_SETUP([destroy run_instances_remove_cdrom]) 29 | AT_CHECK([make -C "$SRCDIR" destroy-run_instances_remove_cdrom],,[ignore],[ignore]) 30 | AT_CLEANUP 31 | 32 | AT_SETUP([apply run_instance_with_cdrom]) 33 | AT_CHECK([make -C "$SRCDIR" apply-run_instance_with_cdrom],,[ignore],[ignore]) 34 | AT_CLEANUP 35 | 36 | AT_SETUP([destroy run_instance_with_cdrom]) 37 | AT_CHECK([make -C "$SRCDIR" destroy-run_instance_with_cdrom],,[ignore],[ignore]) 38 | AT_CLEANUP 39 | 40 | AT_SETUP([apply run_instance_with_ebs_override]) 41 | AT_CHECK([make -C "$SRCDIR" apply-run_instance_with_ebs_override],,[ignore],[ignore]) 42 | AT_CLEANUP 43 | 44 | AT_SETUP([destroy run_instance_with_ebs_override]) 45 | AT_CHECK([make -C "$SRCDIR" destroy-run_instance_with_ebs_override],,[ignore],[ignore]) 46 | AT_CLEANUP 47 | 48 | AT_SETUP([apply run_instance_with_existing_network_interface]) 49 | AT_CHECK([make -C "$SRCDIR" apply-run_instance_with_existing_network_interface],,[ignore],[ignore]) 50 | AT_CLEANUP 51 | 52 | AT_SETUP([destroy run_instance_with_existing_network_interface]) 53 | AT_CHECK([make -C "$SRCDIR" destroy-run_instance_with_existing_network_interface],,[ignore],[ignore]) 54 | AT_CLEANUP 55 | 56 | AT_SETUP([apply run_instance_with_launch_template]) 57 | AT_CHECK([make -C "$SRCDIR" apply-run_instance_with_launch_template],,[ignore],[ignore]) 58 | AT_CLEANUP 59 | 60 | AT_SETUP([destroy run_instance_with_launch_template]) 61 | AT_CHECK([make -C "$SRCDIR" destroy-run_instance_with_launch_template],,[ignore],[ignore]) 62 | AT_CLEANUP 63 | 64 | AT_SETUP([apply run_instance_in_switch]) 65 | AT_CHECK([make -C "$SRCDIR" apply-run_instance_in_switch],,[ignore],[ignore]) 66 | AT_CLEANUP 67 | 68 | AT_SETUP([destroy run_instance_in_switch]) 69 | AT_CHECK([make -C "$SRCDIR" destroy-run_instance_in_switch],,[ignore],[ignore]) 70 | AT_CLEANUP 71 | 72 | AT_SETUP([apply run_instance_default_subnet]) 73 | AT_CHECK([make -C "$SRCDIR" apply-run_instance_default_subnet],,[ignore],[ignore]) 74 | AT_CLEANUP 75 | 76 | AT_SETUP([destroy run_instance_default_subnet]) 77 | AT_CHECK([make -C "$SRCDIR" destroy-run_instance_default_subnet],,[ignore],[ignore]) 78 | AT_CLEANUP 79 | -------------------------------------------------------------------------------- /tests/aws_key_pair.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_key_pair resource]) 2 | 3 | AT_SETUP([plan aws_key_pair]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_key_pair],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_key_pair]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_key_pair],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_key_pair]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_key_pair]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_key_pair],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_key_pair]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_key_pair],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_key_pair]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_launch_template.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_launch_template resource]) 2 | 3 | AT_SETUP([plan aws_launch_template]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_launch_template],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_launch_template]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_launch_template],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_launch_template]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/aws_launch_template]) 13 | AT_CHECK([make -C "$SRCDIR" apply-aws_launch_template],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_launch_template]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_launch_template],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_launch_template]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_network_acl.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_network_acl resource]) 2 | 3 | AT_SETUP([plan aws_network_acl]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_network_acl],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_network_acl]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_network_acl],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_network_acl]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_network_acl]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_network_acl],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_network_acl]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_network_acl],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_network_acl]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_network_acl_rule.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_network_acl_rule resource]) 2 | 3 | AT_SETUP([plan aws_network_acl_rule]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_network_acl_rule],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_network_acl_rule]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_network_acl_rule],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_network_acl_rule]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_network_acl_rule]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_network_acl_rule],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_network_acl_rule]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_network_acl_rule],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_network_acl_rule]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_network_interface.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_network_interface resource]) 2 | 3 | AT_SETUP([plan aws_network_interface]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_network_interface],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_network_interface]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_network_interface],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_network_interface]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_network_interface]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_network_interface],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_network_interface]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_network_interface],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_network_interface]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_placement_group.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_placement_group resource]) 2 | 3 | AT_SETUP([plan aws_placement_group]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_placement_group],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_placement_group]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_placement_group],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_placement_group]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_placement_group]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_placement_group],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_placement_group]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_placement_group],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_placement_group]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_route.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_route resource]) 2 | 3 | AT_SETUP([plan aws_route]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_route],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_route]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_route],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_route]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_route]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_route],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_route]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_route],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_route]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_route_table.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_route_table resource]) 2 | 3 | AT_SETUP([plan aws_route_table]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_route_table],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_route_table]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_route_table],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_route_table]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_route_table]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_route_table],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_route_table]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_route_table],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_route_table]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_route_table_association.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_route_table_association resource]) 2 | 3 | AT_SETUP([plan aws_route_table_association]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_route_table_association],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_route_table_association]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_route_table_association],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_route_table_association]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_route_table_association]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_route_table_association],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_route_table_association]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_route_table_association],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_route_table_association]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_s3_bucket.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_s3_bucket resource]) 2 | 3 | AT_SETUP([plan aws_s3_bucket]) 4 | AT_CHECK([cd "$SRCDIR" && make plan-aws_s3_bucket],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_s3_bucket]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_s3_bucket],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_s3_bucket]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_s3_bucket]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_s3_bucket],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_s3_bucket]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_s3_bucket],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_s3_bucket]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_security_group.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_security_group resource]) 2 | 3 | AT_SETUP([plan aws_security_group]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_security_group],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_security_group]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_security_group],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_security_group]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_security_group]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_security_group],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_security_group]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_security_group],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_security_group]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_security_group_rule.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_security_group_rule resource]) 2 | 3 | AT_SETUP([plan aws_security_group_rule]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_security_group_rule],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_security_group_rule]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_security_group_rule],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_security_group_rule]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_security_group_rule]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_security_group_rule],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_security_group_rule]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_security_group_rule],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_security_group_rule]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_snapshot_create_volume_permission.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_snapshot_create_volume_permission resource]) 2 | 3 | AT_SETUP([plan aws_snapshot_create_volume_permission]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_snapshot_create_volume_permission],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_snapshot_create_volume_permission]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_snapshot_create_volume_permission],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_snapshot_create_volume_permission]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_snapshot_create_volume_permission]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_snapshot_create_volume_permission],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_snapshot_create_volume_permission]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_snapshot_create_volume_permission],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_snapshot_create_volume_permission]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_subnet.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_subnet resource]) 2 | 3 | AT_SETUP([plan aws_subnet]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_subnet],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_subnet]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_subnet],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_subnet]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_subnet]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_subnet],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_subnet]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_subnet],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_subnet]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_volume_attachment.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_volume_attachment resource]) 2 | 3 | AT_SETUP([plan aws_volume_attachment]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_volume_attachment],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_volume_attachment]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_volume_attachment],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_volume_attachment]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_volume_attachment]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_volume_attachment],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_volume_attachment]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_volume_attachment],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_volume_attachment]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_vpc.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_vpc resource]) 2 | 3 | AT_SETUP([plan aws_vpc]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_vpc],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_vpc]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_vpc],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_vpc]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_vpc]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_vpc],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([import aws_vpc]) 17 | AT_CHECK([make -C "$SRCDIR" import-aws_vpc],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([destroy aws_vpc]) 21 | AT_CHECK([make -C "$SRCDIR" destroy-aws_vpc],,[ignore],[ignore]) 22 | AT_CLEANUP 23 | 24 | 25 | -------------------------------------------------------------------------------- /tests/aws_vpc_dhcp_options.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_vpc_dhcp_options resource]) 2 | 3 | AT_SETUP([plan aws_vpc_dhcp_options]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_vpc_dhcp_options],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_vpc_dhcp_options]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_vpc_dhcp_options],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_vpc_dhcp_options]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_vpc_dhcp_options]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_vpc_dhcp_options],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_vpc_dhcp_options]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_vpc_dhcp_options],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_vpc_dhcp_options]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/aws_vpc_dhcp_options_association.at: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import aws_vpc_dhcp_options_association resource]) 2 | 3 | AT_SETUP([plan aws_vpc_dhcp_options_association]) 4 | AT_CHECK([make -C "$SRCDIR" plan-aws_vpc_dhcp_options_association],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply aws_vpc_dhcp_options_association]) 8 | AT_CHECK([make -C "$SRCDIR" apply-aws_vpc_dhcp_options_association],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-aws_vpc_dhcp_options_association]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_aws_vpc_dhcp_options_association]) 13 | AT_CHECK([make -C "$SRCDIR" apply-data_aws_vpc_dhcp_options_association],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy aws_vpc_dhcp_options_association]) 17 | AT_CHECK([make -C "$SRCDIR" destroy-aws_vpc_dhcp_options_association],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import aws_vpc_dhcp_options_association]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/gen-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | find ./cases/ -mindepth 1 -maxdepth 2 -type d -print0 | xargs -0 -i% basename % | grep -vP 'data|README' | xargs -i% bash -c "sed 's/@CASE_NAME@/%/g' tests/template > tests/%.at" 4 | -------------------------------------------------------------------------------- /tests/gen-testsuite.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | echo '' > tests/testsuite.at 4 | find ./cases/ -mindepth 1 -maxdepth 2 -type d -print0 | xargs -i% -0 basename % | xargs -i% bash -c "echo 'm4_include([%.at])' >> tests/testsuite.at" 5 | -------------------------------------------------------------------------------- /tests/local.at: -------------------------------------------------------------------------------- 1 | AT_INIT 2 | AT_COLOR_TESTS 3 | -------------------------------------------------------------------------------- /tests/template: -------------------------------------------------------------------------------- 1 | AT_BANNER([plan,apply,destroy,import @CASE_NAME@ resource]) 2 | 3 | AT_SETUP([plan @CASE_NAME@]) 4 | AT_CHECK([cd "$SRCDIR" && make plan-@CASE_NAME@],,[ignore],[ignore]) 5 | AT_CLEANUP 6 | 7 | AT_SETUP([apply @CASE_NAME@]) 8 | AT_CHECK([cd "$SRCDIR" && make apply-@CASE_NAME@],,[ignore],[ignore]) 9 | AT_CLEANUP 10 | 11 | AT_SETUP([apply data-@CASE_NAME@]) 12 | AT_SKIP_IF([test ! -d "$SRCDIR"cases/data_@CASE_NAME@]) 13 | AT_CHECK([cd "$SRCDIR" && make apply-data_@CASE_NAME@],,[ignore],[ignore]) 14 | AT_CLEANUP 15 | 16 | AT_SETUP([destroy @CASE_NAME@]) 17 | AT_CHECK([cd "$SRCDIR" && make destroy-@CASE_NAME@],,[ignore],[ignore]) 18 | AT_CLEANUP 19 | 20 | AT_SETUP([import @CASE_NAME@]) 21 | AT_SKIP_IF([true]) 22 | AT_CLEANUP 23 | -------------------------------------------------------------------------------- /tests/testsuite.at: -------------------------------------------------------------------------------- 1 | m4_include([aws_eip.at]) 2 | m4_include([aws_subnet.at]) 3 | m4_include([aws_vpc_dhcp_options.at]) 4 | m4_include([aws_route_table.at]) 5 | m4_include([aws_ami_from_instance.at]) 6 | m4_include([aws_vpc_dhcp_options_association.at]) 7 | m4_include([aws_ebs_volume.at]) 8 | m4_include([aws_network_interface.at]) 9 | m4_include([aws_customer_gateway.at]) 10 | m4_include([aws_default_route_table.at]) 11 | m4_include([aws_route.at]) 12 | m4_include([aws_volume_attachment.at]) 13 | m4_include([aws_default_vpc.at]) 14 | m4_include([aws_vpc.at]) 15 | m4_include([aws_key_pair.at]) 16 | m4_include([aws_ami_launch_permission.at]) 17 | m4_include([aws_placement_group.at]) 18 | m4_include([aws_ami.at]) 19 | m4_include([aws_security_group_rule.at]) 20 | m4_include([aws_default_network_acl.at]) 21 | m4_include([aws_default_security_group.at]) 22 | m4_include([aws_ebs_snapshot.at]) 23 | m4_include([aws_s3_bucket.at]) 24 | m4_include([aws_eip_association.at]) 25 | m4_include([aws_network_acl_rule.at]) 26 | m4_include([aws_instance.at]) 27 | m4_include([aws_launch_template.at]) 28 | m4_include([aws_security_group.at]) 29 | m4_include([aws_snapshot_create_volume_permission.at]) 30 | m4_include([aws_network_acl.at]) 31 | m4_include([aws_default_vpc_dhcp_options.at]) 32 | m4_include([aws_route_table_association.at]) 33 | --------------------------------------------------------------------------------