AWS에서 콘솔로 리소스를 확인하는 방법말고 Terraform에서는 어떻게 리소스를 확인할 수 있을까?
terraform.tfstate라는 상태파일을 가지고 terraform은 리소스의 상태를 유지
{
"version": 4,
"terraform_version": "1.4.5",
"serial": 81,
"lineage": "3da4c6b4-5daf-435c-08df-14480fda2d1e",
"outputs": {},
"resources": [
{
"mode": "managed",
"type": "aws_dynamodb_table",
"name": "terraform_lock",
"provider": "provider[\\"registry.terraform.io/hashicorp/aws\\"]",
"instances": [
{
"schema_version": 1,
"attributes": {
"arn": "arn:aws:dynamodb:ap-northeast-2:229959446383:table/terraform-up-and-running-locks",
"attribute": [
{
"name": "LockID",
"type": "S"
}
],
"billing_mode": "PAY_PER_REQUEST",
"deletion_protection_enabled": false,
"global_secondary_index": [],
"hash_key": "LockID",
"id": "terraform-up-and-running-locks",
"local_secondary_index": [],
"name": "terraform-up-and-running-locks",
"point_in_time_recovery": [
{
"enabled": false
}
],
"range_key": null,
"read_capacity": 0,
"replica": [],
"restore_date_time": null,
"restore_source_name": null,
"restore_to_latest_time": null,
"server_side_encryption": [],
"stream_arn": "",
"stream_enabled": false,
"stream_label": "",
"stream_view_type": "",
"table_class": "STANDARD",
"tags": null,
"tags_all": {},
"timeouts": null,
"ttl": [
{
"attribute_name": "",
"enabled": false
}
],
"write_capacity": 0
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxODAwMDAwMDAwMDAwLCJkZWxldGUiOjYwMDAwMDAwMDAwMCwidXBkYXRlIjozNjAwMDAwMDAwMDAwfSwic2NoZW1hX3ZlcnNpb24iOiIxIn0="
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket",
"name": "terraform_state",
"provider": "provider[\\"registry.terraform.io/hashicorp/aws\\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"acceleration_status": "",
"acl": null,
"arn": "arn:aws:s3:::terraform-up-and-running-state-hyeongjun",
"bucket": "terraform-up-and-running-state-hyeongjun",
"bucket_domain_name": "terraform-up-and-running-state-hyeongjun.s3.amazonaws.com",
"bucket_prefix": "",
"bucket_regional_domain_name": "terraform-up-and-running-state-hyeongjun.s3.ap-northeast-2.amazonaws.com",
"cors_rule": [],
"force_destroy": false,
"grant": [
{
"id": "72a1f09d1b69e419257efff22dddd09fc851e56be712c277a4efe537b87a3535",
"permissions": [
"FULL_CONTROL"
],
"type": "CanonicalUser",
"uri": ""
}
],
"hosted_zone_id": "Z3W03O7B5YMIYP",
"id": "terraform-up-and-running-state-hyeongjun",
"lifecycle_rule": [],
"logging": [],
"object_lock_configuration": [],
"object_lock_enabled": false,
"policy": "",
"region": "ap-northeast-2",
"replication_configuration": [],
"request_payer": "BucketOwner",
"server_side_encryption_configuration": [
{
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "",
"sse_algorithm": "AES256"
}
],
"bucket_key_enabled": false
}
]
}
],
"tags": null,
"tags_all": {},
"timeouts": null,
"versioning": [
{
"enabled": false,
"mfa_delete": false
}
],
"website": [],
"website_domain": null,
"website_endpoint": null
},
"sensitive_attributes": [],
"private": "eyJlMmJmYjczMC1lY2FhLTExZTYtOGY4OC0zNDM2M2JjN2M0YzAiOnsiY3JlYXRlIjoxMjAwMDAwMDAwMDAwLCJkZWxldGUiOjM2MDAwMDAwMDAwMDAsInJlYWQiOjEyMDAwMDAwMDAwMDAsInVwZGF0ZSI6MTIwMDAwMDAwMDAwMH19"
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket_server_side_encryption_configuration",
"name": "example",
"provider": "provider[\\"registry.terraform.io/hashicorp/aws\\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"bucket": "terraform-up-and-running-state-hyeongjun",
"expected_bucket_owner": "",
"id": "terraform-up-and-running-state-hyeongjun",
"rule": [
{
"apply_server_side_encryption_by_default": [
{
"kms_master_key_id": "",
"sse_algorithm": "AES256"
}
],
"bucket_key_enabled": null
}
]
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_s3_bucket.terraform_state"
]
}
]
},
{
"mode": "managed",
"type": "aws_s3_bucket_versioning",
"name": "versioning_example",
"provider": "provider[\\"registry.terraform.io/hashicorp/aws\\"]",
"instances": [
{
"schema_version": 0,
"attributes": {
"bucket": "terraform-up-and-running-state-hyeongjun",
"expected_bucket_owner": "",
"id": "terraform-up-and-running-state-hyeongjun",
"mfa": null,
"versioning_configuration": [
{
"mfa_delete": "",
"status": "Enabled"
}
]
},
"sensitive_attributes": [],
"private": "bnVsbA==",
"dependencies": [
"aws_s3_bucket.terraform_state"
]
}
]
}
],
"check_results": null
}
terraform 명령어는 terraform state 파일과 api를 통해 얻은 aws의 리소스와 상태를 비교하여 diff를 준다.
❗️근데 terraform을 팀으로 사용할 때는 이 상태파일을 git에 저장하고 있으면 동시성관리가 어려움
⇒ terraform의 원격 백엔드를 이용해 원격 저장소에 저장
또한 상태 파일을 격리하는 방법이 필요함
⇒ terraform workspace 또는 파일 레이아웃으로 격리
일단 terraform으로 버킷과 DynamoDB를 만든다
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_s3_bucket" "terraform_state" {
bucket = "terraform-up-and-running-state-hyeongjun"
# 중요한 리소스를 실수로 destroy 하지 않게 destroy 중 오류 발생
lifecycle {
prevent_destroy = true
}
}
resource "aws_s3_bucket_server_side_encryption_configuration" "example" {
bucket = aws_s3_bucket.terraform_state.id
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
resource "aws_s3_bucket_versioning" "versioning_example" {
bucket = aws_s3_bucket.terraform_state.id
versioning_configuration {
status = "Enabled"
}
}
resource "aws_dynamodb_table" "terraform_lock" {
hash_key = "LockID"
name = "terraform-up-and-running-locks"
billing_mode = "PAY_PER_REQUEST"
attribute {
name = "LockID"
type = "S"
}
}
s3 bucket 생성됨
dynamoDB table 생성됨
terraform {
backend "<BACKEND_NAME>" {
[CONFIG...]
}
}