必要に迫られてterraformerを使ってみました。terraform import
をお手軽簡単にできるものみたいです。
各種クラウドサービスなどから、Terraform
のコードを生成してくれるツールです。インフラからソースコードを生成します。
terraformerを利用する前の準備作業を説明します。
今回はAWSからコードを生成するので、AWSから情報を取得するIAMユーザーを作成します。ポリシーはReadOnlyAccess
を割り当ててみました:
~/.aws/credentials
に先ほど作成したIAMユーザーのアクセスキー・シークレットキーの情報、あとはリージョン情報を格納します:
1
2
3
4
| [default]
aws_access_key_id=<ここにアクセスキー>
aws_secret_access_key=<ここにシークレットキー>
region=ap-northeast-1
|
それではインストールしていきます:
1
2
3
4
5
6
7
8
9
| kazu634@bastion2004% export PROVIDER=all
kazu634@bastion2004% curl -LO https://github.com/GoogleCloudPlatform/terraformer/releases/download/$(curl -s https://api.github.com/repos/GoogleCloudPlatform/terraformer/releases/latest | grep tag_name | cut -d '"' -f 4)/terraformer-${PROVIDER}-linux-amd64
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 666 100 666 0 0 2466 0 --:--:-- --:--:-- --:--:-- 2475
100 358M 100 358M 0 0 21.0M 0 0:00:17 0:00:17 --:--:-- 26.9M
kazu634@bastion2004% chmod +x terraformer-${PROVIDER}-linux-amd64
kazu634@bastion2004% sudo mv terraformer-${PROVIDER}-linux-amd64 /usr/local/bin/terraformer
[sudo] password for kazu634:
|
まずはAWSの情報を取得するということを宣言するようで、init.tf
にprovider “aws” {}
を書き込み、terraform init
を実行します:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
| kazu634@bastion2004% echo 'provider "aws" {}' > init.tf
kazu634@bastion2004% terraform init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v3.67.0...
- Installed hashicorp/aws v3.67.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
|
Route53
の情報を取得する場合は、次のようにします:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| kazu634@bastion2004% terraformer import aws --resources=route53
2021/11/27 21:25:49 aws importing default region
2021/11/27 21:25:51 aws importing... route53
2021/11/27 21:25:52 aws done importing route53
2021/11/27 21:25:52 Number of resources for service route53: 16
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_NS_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_pocket-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_minio-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_openvpn-002E-kazu634-002E-com-002E-_CNAME_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_git-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_SOA_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_CAA_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_grafana-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_gitea-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_test-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_g-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_faktory-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com
2021/11/27 21:25:54 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_drone-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:55 Filtered number of resources for service route53: 16
2021/11/27 21:25:55 aws Connecting....
2021/11/27 21:25:55 aws save route53
2021/11/27 21:25:55 aws save tfstate for route53
|
するとgenerated
というディレクトリーが作成され、その中にterraform
のソースコードが格納されます:
1
2
3
4
5
6
7
8
| kazu634@bastion2004% ll
total 28K
drwxrwxr-x 4 kazu634 kazu634 4.0K Nov 27 21:25 .
drwxr-xr-x 13 kazu634 kazu634 4.0K Nov 26 23:51 ..
drwxrwxr-x 3 kazu634 kazu634 4.0K Nov 27 21:25 generated
-rw-rw-r-- 1 kazu634 kazu634 18 Nov 27 00:54 init.tf
drwxr-xr-x 3 kazu634 kazu634 4.0K Nov 27 00:54 .terraform
-rw-r--r-- 1 kazu634 kazu634 1.1K Nov 27 00:54 .terraform.lock.hcl
|
generated
の中身はこのようになっています:
1
2
3
4
5
6
7
8
9
10
11
12
| kazu634@bastion2004% pwd
/home/kazu634/works/mnt/others/terraformer/generated
aws
└── route53
├── outputs.tf
├── provider.tf
├── route53_record.tf
├── route53_zone.tf
└── terraform.tfstate
2 directories, 5 files
|
たとえばroute53_record.tf
の中身はこのようになっています:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
| kazu634@bastion2004% cat route53_record.tf
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_A_" {
name = "blog.kazu634.com"
records = ["52.193.98.253"]
ttl = "86400"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_CAA_" {
name = "blog.kazu634.com"
records = ["0 issue \"letsencrypt.org\""]
ttl = "86400"
type = "CAA"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_drone-002E-kazu634-002E-com-002E-_A_" {
name = "drone.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_faktory-002E-kazu634-002E-com-002E-_A_" {
name = "faktory.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_g-002E-kazu634-002E-com-002E-_A_" {
name = "g.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_git-002E-kazu634-002E-com-002E-_A_" {
name = "git.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_gitea-002E-kazu634-002E-com-002E-_A_" {
name = "gitea.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_grafana-002E-kazu634-002E-com-002E-_A_" {
name = "grafana.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_A_" {
name = "kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_NS_" {
name = "kazu634.com"
records = ["ns-1111.awsdns-10.org.", "ns-469.awsdns-58.com.", "ns-720.awsdns-26.net.", "ns-1844.awsdns-38.co.uk."]
ttl = "172800"
type = "NS"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_SOA_" {
name = "kazu634.com"
records = ["ns-720.awsdns-26.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"]
ttl = "900"
type = "SOA"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_minio-002E-kazu634-002E-com-002E-_A_" {
name = "minio.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_openvpn-002E-kazu634-002E-com-002E-_CNAME_" {
name = "openvpn.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "CNAME"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_pocket-002E-kazu634-002E-com-002E-_A_" {
name = "pocket.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_test-002E-kazu634-002E-com-002E-_A_" {
name = "test.kazu634.com"
records = ["52.193.98.253"]
ttl = "3600"
type = "A"
zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}
|
terraform import
コマンドを使うと、AWSリソースのIDをいちいち調べて指定して、一つずつインポートするという苦行をしていたのですが、terraformerを利用するとコマンド一発でterraform
のコードに落とし込んでもらえるので、だいぶ楽になるということがわかりました。はまるとすると、IAMとかポリシーの部分ですかね。