A utilização de ferramentas de automação para criação dos recursos nos provedores de Cloud está com uma crescente gigantesca. O ganho que os Especialistas em Cloud desfrutam durante a implementação é imenso, trazendo benefícios diretamente para o Business da empresa, melhorando o processo e aproveitando muito mais o tempo disponível.
Nesse post, aprofundaremos nas etapas para criação de recursos de rede, como por exemplo: VPC, subnet pública, internet gateway, tabela de roteamento e rota para internet utilizando o Terraform.
Preparados? Não tenho dúvidas que sim. Vamos colocar a mão na massa.
Arquitetura
Criando um usuário IAM na AWS
1. Acesse o serviço de IAM na sua conta na AWS.
2. Em Access Management, clique em Users. Em seguida, clique em Add User.
3. Em User Name, adicione o nome de sua preferência e em Access Type, selecione Programmatic access. Clique em Next: Permissions.
4. Em Set Permissions, clique em Attach existing policies directly. Em Filter policies, pesquise por “vpc” e selecione a política AmazonVPCFullAccess. Clique em Next: Tags.
5. Em Add Tags, clique em Next: Review.
6. Em Review, verique suas escolhas. Se estiver pendente alguma opção, retorne e ajuste. Caso estiver tudo ok, clique em Create User para avançar.
Excelente!! Faltando apenas um passo para finalizar a criação do usuário. #pracima
7. Para concluir, clique em Download .csv. Copie a Access Key ID e clique em Show, para copiar a Secret Access Key, armazenando-as com muito cuidado em seu bloco de notas.
Obs.: Em outro momento, não será possível obter as informações coletadas acima, portanto, tenha cuidado ao executar essa etapa.
Clique em Close.
Preparando o ambiente
1. Faça o download do Terraform de acordo com o seu SO, clicando aqui.
2. Crie uma pasta no seu computador.
3. Mova o arquivo do Terraform que realizou o download para a pasta criada e extraia-o, obtendo o seguinte resultado:
4. Remova o arquivo .zip da pasta.
5. Utilizando o VS Code, crie os arquivos provider.tf e main.tf dentro da pasta onde se encontra o arquivo executável do Terraform.
Obs.: Caso não tiver o VS Code instalado em seu computador, clique aqui para fazer o download e realizar a instalação.
provider.tf – será destinado para adição das informações, como Region, Access Key ID e Secret Access Key.
main.tf – será destinado para adição das informações para criação dos recursos de rede na AWS.
6. Prepare o arquivo provider.tf da seguinte forma:
provider "aws" {
region = "us-east-1"
access_key = "AKIA4UTEPSVVPQ7FNMYZ"
secret_key = "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"
}
region: Insira a sua região.
access_key: Insira a sua Access Key ID.
secret_key: Insira a sua Secret Access Key.
7. Prepare o arquivo main.tf da seguinte forma:
# Criação da VPC
resource "aws_vpc" "tcb_blog_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
tags = {
Name = "tcb_blog_vpc"
}
}
# Criação da Subnet Pública
resource "aws_subnet" "tcb_blog_public_subnet" {
vpc_id = aws_vpc.tcb_blog_vpc.id
cidr_block = "10.0.1.0/24"
tags = {
Name = "tcb_blog_public_subnet"
}
}
# Criação do Internet Gateway
resource "aws_internet_gateway" "tcb_blog_igw" {
vpc_id = aws_vpc.tcb_blog_vpc.id
tags = {
Name = "tcb_blog_igw"
}
}
# Criação da Tabela de Roteamento
resource "aws_route_table" "tcb_blog_rt" {
vpc_id = aws_vpc.tcb_blog_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.tcb_blog_igw.id
}
tags = {
Name = "tcb_blog_rt"
}
}
# Criação da Rota Default para Acesso à Internet
resource "aws_route" "tcb_blog_routetointernet" {
route_table_id = aws_route_table.tcb_blog_rt.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.tcb_blog_igw.id
}
# Associação da Subnet Pública com a Tabela de Roteamento
resource "aws_route_table_association" "tcb_blog_pub_association" {
subnet_id = aws_subnet.tcb_blog_public_subnet.id
route_table_id = aws_route_table.tcb_blog_rt.id
}
Obs.: Durante a edição do arquivo main.tf, após, por exemplo, resource “aws_vpc”, na próximo conjunto de aspas (” “), você pode alterar a variável para uma de sua preferência. Em Tags, Name, personalize com o nome de sua escolha. #pracima
Realizando a criação da VPC com uma subnet pública utilizando o Terraform
Para execução dos comandos do Terraform, será utilizado o GitBash. Caso utilize o SO Windows e não tiver instalado em seu computador, clique aqui para realizar o download. Em seguida, realize a instalação.
1. Abra o Git Bash na pasta criada nos passos anteriores, clicando com o botão direito do mouse na pasta, em seguida em Git Bash here.
2. Execute o comando ./terraform.exe init para iniciar o Terraform.
$ ./terraform.exe init
Initializing the backend...
Initializing provider plugins...
- Finding latest version of hashicorp/aws...
- Installing hashicorp/aws v3.23.0...
- Installed hashicorp/aws v3.23.0 (signed by HashiCorp)
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
3. Execute o comando ./terraform.exe plan.
$ ./terraform.exe plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_internet_gateway.tcb_blog_igw will be created
+ resource "aws_internet_gateway" "tcb_blog_igw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tcb_blog_igw"
}
+ vpc_id = (known after apply)
}
# aws_route.tcb_blog_routetointernet will be created
+ resource "aws_route" "tcb_blog_routetointernet" {
+ destination_cidr_block = "0.0.0.0/0"
+ destination_prefix_list_id = (known after apply)
+ egress_only_gateway_id = (known after apply)
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ local_gateway_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
}
# aws_route_table.tcb_blog_rt will be created
+ resource "aws_route_table" "tcb_blog_rt" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Name" = "tcb_blog_rt"
}
+ vpc_id = (known after apply)
}
# aws_route_table_association.tcb_blog_pub_association will be created
+ resource "aws_route_table_association" "tcb_blog_pub_association" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_subnet.tcb_blog_public_subnet will be created
+ resource "aws_subnet" "tcb_blog_public_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tcb_blog_public_subnet"
}
+ vpc_id = (known after apply)
}
# aws_vpc.tcb_blog_vpc will be created
+ resource "aws_vpc" "tcb_blog_vpc" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tcb_blog_vpc"
}
}
Plan: 6 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
4. Execute o comando ./terraform.exe apply.
$ ./terraform.exe apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_internet_gateway.tcb_blog_igw will be created
+ resource "aws_internet_gateway" "tcb_blog_igw" {
+ arn = (known after apply)
+ id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tcb_blog_igw"
}
+ vpc_id = (known after apply)
}
# aws_route.tcb_blog_routetointernet will be created
+ resource "aws_route" "tcb_blog_routetointernet" {
+ destination_cidr_block = "0.0.0.0/0"
+ destination_prefix_list_id = (known after apply)
+ egress_only_gateway_id = (known after apply)
+ gateway_id = (known after apply)
+ id = (known after apply)
+ instance_id = (known after apply)
+ instance_owner_id = (known after apply)
+ local_gateway_id = (known after apply)
+ nat_gateway_id = (known after apply)
+ network_interface_id = (known after apply)
+ origin = (known after apply)
+ route_table_id = (known after apply)
+ state = (known after apply)
}
# aws_route_table.tcb_blog_rt will be created
+ resource "aws_route_table" "tcb_blog_rt" {
+ id = (known after apply)
+ owner_id = (known after apply)
+ propagating_vgws = (known after apply)
+ route = [
+ {
+ cidr_block = "0.0.0.0/0"
+ egress_only_gateway_id = ""
+ gateway_id = (known after apply)
+ instance_id = ""
+ ipv6_cidr_block = ""
+ local_gateway_id = ""
+ nat_gateway_id = ""
+ network_interface_id = ""
+ transit_gateway_id = ""
+ vpc_endpoint_id = ""
+ vpc_peering_connection_id = ""
},
]
+ tags = {
+ "Name" = "tcb_blog_rt"
}
+ vpc_id = (known after apply)
}
# aws_route_table_association.tcb_blog_pub_association will be created
+ resource "aws_route_table_association" "tcb_blog_pub_association" {
+ id = (known after apply)
+ route_table_id = (known after apply)
+ subnet_id = (known after apply)
}
# aws_subnet.tcb_blog_public_subnet will be created
+ resource "aws_subnet" "tcb_blog_public_subnet" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.1.0/24"
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tcb_blog_public_subnet"
}
+ vpc_id = (known after apply)
}
# aws_vpc.tcb_blog_vpc will be created
+ resource "aws_vpc" "tcb_blog_vpc" {
+ arn = (known after apply)
+ assign_generated_ipv6_cidr_block = false
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_classiclink = (known after apply)
+ enable_classiclink_dns_support = (known after apply)
+ enable_dns_hostnames = true
+ enable_dns_support = true
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "tcb_blog_vpc"
}
}
Plan: 6 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value:
5. Verifique se não existe nenhuma pendência no arquivo main.tf. Caso sim, retorne e ajuste o que for necessário. Caso não, digite yes para confirmar a execução das ações. Em seguide, aperte Enter.
Enter a value: yes
aws_vpc.tcb_blog_vpc: Creating...
aws_vpc.tcb_blog_vpc: Creation complete after 8s [id=vpc-044a05c74d46127b6]
aws_internet_gateway.tcb_blog_igw: Creating...
aws_subnet.tcb_blog_public_subnet: Creating...
aws_subnet.tcb_blog_public_subnet: Creation complete after 3s [id=subnet-0f001d93c9e954103]
aws_internet_gateway.tcb_blog_igw: Creation complete after 5s [id=igw-0ea49253150d183a1]
aws_route_table.tcb_blog_rt: Creating...
aws_route_table.tcb_blog_rt: Creation complete after 4s [id=rtb-01d8d7de42a738719]
aws_route_table_association.tcb_blog_pub_association: Creating...
aws_route.tcb_blog_routetointernet: Creating...
aws_route_table_association.tcb_blog_pub_association: Creation complete after 0s [id=rtbassoc-0abe9abb5cfc716d4]
aws_route.tcb_blog_routetointernet: Creation complete after 2s [id=r-rtb-01d8d7de42a7387191080289494]
Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
Ao concluir essas etapas, você realizou a criação da VPC, subnet pública, internet gateway e a tabela de roteamento com uma rota default para a internet. Excelente trabalho!
No próximo post, faremos a validação dos recursos de rede provisionados, criando uma instância EC2 utilizando o Terraform. Você não pode perder!
Deseja aprofundar os seus conhecimentos nos provedores de Cloud?
Participe da MultiCloud Experience!!
Evento Totalmente Gratuito e com um conteúdo muito enriquecedor para a Sua Carreira.
Clique aqui para se inscrever e receber todas as informações.
Até mais!