通过Terraform创建基于阿里云的自定义私有网络 - Terraform

本文介绍如何使用Terraform创建专有网络，交换机以及NAT网关。

前提条件

在开始之前，请您确保完成以下操作：

使用Terraform，您需要一个阿里云账号和访问密钥（AccessKey）。请在阿里云控制台中的AccessKey管理页面上创建和查看您的AccessKey。
已经安装并配置了Terraform，具体操作请参见在本地安装和配置Terraform和在Cloud Shell中使用Terraform。

操作步骤

创建专有网络和交换机。

创建terraform.tf文件，定义专有网络和交换机资源，文件内容如下。

provider "alicloud" {
  configuration_source = "terraform-provider-alicloud/examples/vpc"
}

resource "alicloud_vpc" "main" {
  # VPC名称
  vpc_name = "alicloud"
  # VPC地址块
  cidr_block = "10.1.0.0/21"
}

resource "alicloud_vswitch" "main" {
  # VPC ID
  vpc_id            = alicloud_vpc.main.id
  # 交换机地址块
  cidr_block        = "10.1.0.0/24"
  # 可用区
  availability_zone = "cn-hangzhou-b"
  # 资源依赖,会优先创建该依赖资源
  depends_on = [alicloud_vpc.main]
}

运行terraform apply开始创建。出现类似下面的日志，说明创建成功。

alicloud_vpc.main: Creating...
alicloud_vpc.main: Creation complete after 6s [id=vpc-bp1uxxxxxxxxxxxx]
alicloud_vswitch.main: Creating...
alicloud_vswitch.main: Creation complete after 6s [id=vsw-bp17yxxxxxxxxx]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed

运行terraform show查看已创建的专有和专有网络。

创建NAT网关。

在terraform.tf文件中增加以下内容：

variable "name" {
  default = "natGatewayExampleName"
}

resource "alicloud_vpc" "enhanced" {
  vpc_name   = var.name
  cidr_block = "10.0.0.0/8"
}

data "alicloud_enhanced_nat_available_zones" "enhanced"{}

resource "alicloud_vswitch" "enhanced" {
  vswitch_name      = var.name
  zone_id           = data.alicloud_enhanced_nat_available_zones.enhanced.zones.0.zone_id
  cidr_block        = "10.10.0.0/20"
  vpc_id            = alicloud_vpc.enhanced.id
}

resource "alicloud_nat_gateway" "main" {
  vpc_id               = alicloud_vpc.enhanced.id
  nat_gateway_name     = var.name
  payment_type         = "PayAsYouGo"
  vswitch_id           = alicloud_vswitch.enhanced.id
  nat_type             = "Enhanced"
}

resource "alicloud_eip" "foo" {
}

resource "alicloud_eip_association" "foo" {
  allocation_id = alicloud_eip.foo.id
  instance_id   = alicloud_nat_gateway.main.id
}

运行terraform apply开始创建。出现下面的日志，说明创建成功。

alicloud_eip.foo: Creating...
alicloud_vpc.enhanced: Creating...
alicloud_vpc.enhanced: Creation complete after 6s [id=vpc-2zeqn3iafxxxxxxxx]
alicloud_vswitch.enhanced: Creating...
alicloud_eip.foo: Creation complete after 8s [id=eip-2zew51gfxxxxxxxx]
alicloud_vswitch.enhanced: Creation complete after 6s [id=vsw-2zeesfxxxxxxxx]
alicloud_nat_gateway.main: Creating...
alicloud_nat_gateway.main: Still creating... [10s elapsed]
alicloud_nat_gateway.main: Still creating... [20s elapsed]
alicloud_nat_gateway.main: Still creating... [30s elapsed]
alicloud_nat_gateway.main: Still creating... [40s elapsed]
alicloud_nat_gateway.main: Still creating... [50s elapsed]
alicloud_nat_gateway.main: Creation complete after 57s [id=ngw-2ze6yxxxxxxxxxx]
alicloud_eip_association.foo: Creating...
alicloud_eip_association.foo: Still creating... [10s elapsed]
alicloud_eip_association.foo: Creation complete after 11s [id=eip-2zew5xxxxxxx:ngw-2ze6ysuxxxxxxxx]

Apply complete! Resources: 5 added, 0 changed, 0 destroyed.

运行terraform show查看已经创建的NAT网关。