terraform使用心得

Main commands:
  init          Prepare your working directory for other commands
  validate      Check whether the configuration is valid
  plan          Show changes required by the current configuration
  apply         Create or update infrastructure
  destroy       Destroy previously-created infrastructure

All other commands:
  console       Try Terraform expressions at an interactive command prompt
  fmt           Reformat your configuration in the standard style
  force-unlock  Release a stuck lock on the current workspace
  get           Install or upgrade remote Terraform modules
  graph         Generate a Graphviz graph of the steps in an operation
  import        Associate existing infrastructure with a Terraform resource
  login         Obtain and save credentials for a remote host
  logout        Remove locally-stored credentials for a remote host
  metadata      Metadata related commands
  output        Show output values from your root module
  providers     Show the providers required for this configuration
  refresh       Update the state to match remote systems
  show          Show the current state or a saved plan
  state         Advanced state management
  taint         Mark a resource instance as not fully functional
  test          Experimental support for module integration testing
  untaint       Remove the 'tainted' state from a resource instance
  version       Show the current Terraform version
  workspace     Workspace management

Global options (use these before the subcommand, if any):
  -chdir=DIR    Switch to a different working directory before executing the
                given subcommand.
  -help         Show this help output, or the help for a specified subcommand.
  -version      An alias for the "version" subcommand.

provider是指定你运行环境的，里面的profile是指定运行的key和region的，如果你是多环境弄错了，行为就会古怪，如果import的resource就会找不到，这个害了我差不多多花了一天工作。

如果是import的资源

terraform import "module.network-gcc-dev.module.vpc-app.aws_vpc.this[0].id" vpc-000ac2037c94a0ce7

如果报错资源不能创建，多半是挂载的资源ip地址有冲突造成的（因为我们经常拷贝代码造成的）

删除资源

terraform state rm "module.network-gcc-dev.module.vpc-app.aws_vpc.this[0]"

每个子网只能有一个路由表，路由表默认添加了本网段的路由（即使是多个网段的）

一个子网只能挂载一个路由表，多个子网可以共享一个路由表

resource "aws_route_table_association" "public" {
  count = local.create_public_subnets ? local.len_public_subnets : 0

  subnet_id      = element(aws_subnet.public[*].id, count.index)
  route_table_id = aws_route_table.public[0].id
}

这段代码是根据公网地址个数关联路由表，并且是自关联一个路由表

在模块里面经常看到this，感觉是不是c++的this指针来了，其实不是哈，就是一个资源的命名

如果resource里面用了count，那么就可以用[*]来引用他了

resource "aws_vpc" "this" {
  count = local.create_vpc ? 1 : 0

}

count还可以用来控制是否创建资源的功能，如果是0代表不创建资源

private_subnets     = [for k, v in local.azs : cidrsubnet(local.vpc_cidr, 8, k)]

这个函数是自动进行子网list生成的，k是local.azs的map里面的item里面的序号，cidrsubnet(local.vpc_cidr, 8, k)这个函数的第一个参数vpc_cidr = "10.0.0.0/16"，第二个参数是要划分的子网的子网长度，k代表是这个网段的第几个子网。