terraformerを試しに使ってみましたよ

必要に迫られてterraformerを使ってみました。terraform importをお手軽簡単にできるものみたいです。

各種クラウドサービスなどから、Terraformのコードを生成してくれるツールです。インフラからソースコードを生成します。

terraformerを利用する前の準備作業を説明します。

今回はAWSからコードを生成するので、AWSから情報を取得するIAMユーザーを作成します。ポリシーはReadOnlyAccessを割り当ててみました:

IAM Management C

~/.aws/credentialsに先ほど作成したIAMユーザーのアクセスキー・シークレットキーの情報、あとはリージョン情報を格納します:

1
2
3
4
[default]
aws_access_key_id=<ここにアクセスキー>
aws_secret_access_key=<ここにシークレットキー>
region=ap-northeast-1

それではインストールしていきます:

1
2
3
4
5
6
7
8
9
kazu634@bastion2004% export PROVIDER=all
kazu634@bastion2004% curl -LO https://github.com/GoogleCloudPlatform/terraformer/releases/download/$(curl -s https://api.github.com/repos/GoogleCloudPlatform/terraformer/releases/latest | grep tag_name | cut -d '"' -f 4)/terraformer-${PROVIDER}-linux-amd64
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   666  100   666    0     0   2466      0 --:--:-- --:--:-- --:--:--  2475
100  358M  100  358M    0     0  21.0M      0  0:00:17  0:00:17 --:--:-- 26.9M
kazu634@bastion2004% chmod +x terraformer-${PROVIDER}-linux-amd64
kazu634@bastion2004% sudo mv terraformer-${PROVIDER}-linux-amd64 /usr/local/bin/terraformer
[sudo] password for kazu634:

まずはAWSの情報を取得するということを宣言するようで、init.tfprovider “aws” {}を書き込み、terraform initを実行します:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
kazu634@bastion2004% echo 'provider "aws" {}' > init.tf
kazu634@bastion2004% terraform init
Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v3.67.0...
- Installed hashicorp/aws v3.67.0 (signed by HashiCorp)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Route53の情報を取得する場合は、次のようにします:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
kazu634@bastion2004% terraformer import aws --resources=route53
2021/11/27 21:25:49 aws importing default region
2021/11/27 21:25:51 aws importing... route53
2021/11/27 21:25:52 aws done importing route53
2021/11/27 21:25:52 Number of resources for service route53: 16
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_NS_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_pocket-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_minio-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_openvpn-002E-kazu634-002E-com-002E-_CNAME_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_git-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_SOA_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_CAA_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_grafana-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_gitea-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_test-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_g-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_faktory-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:52 Refreshing state... aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com
2021/11/27 21:25:54 Refreshing state... aws_route53_record.tfer--ZI0FHD0611WVA_drone-002E-kazu634-002E-com-002E-_A_
2021/11/27 21:25:55 Filtered number of resources for service route53: 16
2021/11/27 21:25:55 aws Connecting....
2021/11/27 21:25:55 aws save route53
2021/11/27 21:25:55 aws save tfstate for route53

するとgeneratedというディレクトリーが作成され、その中にterraformのソースコードが格納されます:

1
2
3
4
5
6
7
8
kazu634@bastion2004% ll
total 28K
drwxrwxr-x  4 kazu634 kazu634 4.0K Nov 27 21:25 .
drwxr-xr-x 13 kazu634 kazu634 4.0K Nov 26 23:51 ..
drwxrwxr-x  3 kazu634 kazu634 4.0K Nov 27 21:25 generated
-rw-rw-r--  1 kazu634 kazu634   18 Nov 27 00:54 init.tf
drwxr-xr-x  3 kazu634 kazu634 4.0K Nov 27 00:54 .terraform
-rw-r--r--  1 kazu634 kazu634 1.1K Nov 27 00:54 .terraform.lock.hcl

generatedの中身はこのようになっています:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
kazu634@bastion2004% pwd
/home/kazu634/works/mnt/others/terraformer/generated

aws
    └── route53
        ├── outputs.tf
        ├── provider.tf
        ├── route53_record.tf
        ├── route53_zone.tf
        └── terraform.tfstate

2 directories,  5 files

たとえばroute53_record.tfの中身はこのようになっています:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
kazu634@bastion2004% cat route53_record.tf
resource "aws_route53_record" "tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_A_" {
  name    = "blog.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "86400"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_blog-002E-kazu634-002E-com-002E-_CAA_" {
  name    = "blog.kazu634.com"
  records = ["0 issue \"letsencrypt.org\""]
  ttl     = "86400"
  type    = "CAA"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_drone-002E-kazu634-002E-com-002E-_A_" {
  name    = "drone.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_faktory-002E-kazu634-002E-com-002E-_A_" {
  name    = "faktory.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_g-002E-kazu634-002E-com-002E-_A_" {
  name    = "g.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_git-002E-kazu634-002E-com-002E-_A_" {
  name    = "git.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_gitea-002E-kazu634-002E-com-002E-_A_" {
  name    = "gitea.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_grafana-002E-kazu634-002E-com-002E-_A_" {
  name    = "grafana.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_A_" {
  name    = "kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_NS_" {
  name    = "kazu634.com"
  records = ["ns-1111.awsdns-10.org.",  "ns-469.awsdns-58.com.",  "ns-720.awsdns-26.net.",  "ns-1844.awsdns-38.co.uk."]
  ttl     = "172800"
  type    = "NS"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_kazu634-002E-com-002E-_SOA_" {
  name    = "kazu634.com"
  records = ["ns-720.awsdns-26.net. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400"]
  ttl     = "900"
  type    = "SOA"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_minio-002E-kazu634-002E-com-002E-_A_" {
  name    = "minio.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_openvpn-002E-kazu634-002E-com-002E-_CNAME_" {
  name    = "openvpn.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "CNAME"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_pocket-002E-kazu634-002E-com-002E-_A_" {
  name    = "pocket.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

resource "aws_route53_record" "tfer--ZI0FHD0611WVA_test-002E-kazu634-002E-com-002E-_A_" {
  name    = "test.kazu634.com"
  records = ["52.193.98.253"]
  ttl     = "3600"
  type    = "A"
  zone_id = "${aws_route53_zone.tfer--ZI0FHD0611WVA_kazu634-002E-com.zone_id}"
}

terraform importコマンドを使うと、AWSリソースのIDをいちいち調べて指定して、一つずつインポートするという苦行をしていたのですが、terraformerを利用するとコマンド一発でterraformのコードに落とし込んでもらえるので、だいぶ楽になるということがわかりました。はまるとすると、IAMとかポリシーの部分ですかね。