$ mkdir -p terraform/aws
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.14.0"
}
}
}
provider "aws" {
region = "us-east-2"
access_key = "AKI..."
secret_key = "RrV..."
default_tags {
tags = {
Environment = "Lab"
Terraform = "yes"
}
}
}
resource "aws_vpc" "us-east-tf-vpc" {
cidr_block = "10.22.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "us-east-tf-vpc"
}
}
$ terraform init Initializing the backend... Initializing provider plugins... - Finding hashicorp/aws versions matching "5.14.0"... - Installing hashicorp/aws v5.14.0... - Installed hashicorp/aws v5.14.0 (signed by HashiCorp) Terraform has created a lock file .terraform.lock.hcl to record the provider selections it made above. Include this file in your version control repository so that Terraform can guarantee to make the same selections by default when you run "terraform init" in the future. Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
$ terraform fmt
00-provider.tf
$ terraform validate
Success! The configuration is valid.
$ terraform plan Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_vpc.us-east-tf-vpc will be created + resource "aws_vpc" "us-east-tf-vpc" { + arn = (known after apply) + cidr_block = "10.22.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_dns_hostnames = true + enable_dns_support = true + enable_network_address_usage_metrics = (known after apply) + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_network_border_group = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "us-east-tf-vpc" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-tf-vpc" + "Terraform" = "yes" } } Plan: 1 to add, 0 to change, 0 to destroy. ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
$ terraform apply Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_vpc.us-east-tf-vpc will be created + resource "aws_vpc" "us-east-tf-vpc" { + arn = (known after apply) + cidr_block = "10.22.0.0/16" + default_network_acl_id = (known after apply) + default_route_table_id = (known after apply) + default_security_group_id = (known after apply) + dhcp_options_id = (known after apply) + enable_dns_hostnames = true + enable_dns_support = true + enable_network_address_usage_metrics = (known after apply) + id = (known after apply) + instance_tenancy = "default" + ipv6_association_id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_network_border_group = (known after apply) + main_route_table_id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "us-east-tf-vpc" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-tf-vpc" + "Terraform" = "yes" } } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_vpc.us-east-tf-vpc: Creating... aws_vpc.us-east-tf-vpc: Still creating... [10s elapsed] aws_vpc.us-east-tf-vpc: Creation complete after 14s [id=vpc-0da4f5c6f6db12a12] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Consultando o ID da VPC
$ terraform state list aws_vpc.us-east-tf-vpc
$ terraform state show aws_vpc.us-east-tf-vpc # aws_vpc.us-east-tf-vpc: resource "aws_vpc" "us-east-tf-vpc" { arn = "arn:aws:ec2:us-east-2:662644875436:vpc/vpc-0da4f5c6f6db12a12" assign_generated_ipv6_cidr_block = false cidr_block = "10.22.0.0/16" default_network_acl_id = "acl-0fbe42b1767a6ff7b" default_route_table_id = "rtb-01c135cec424c4457" default_security_group_id = "sg-0a1b27de005d0e907" dhcp_options_id = "dopt-0251f420400d60db9" enable_dns_hostnames = true enable_dns_support = true enable_network_address_usage_metrics = false id = "vpc-0da4f5c6f6db12a12" instance_tenancy = "default" ipv6_netmask_length = 0 main_route_table_id = "rtb-01c135cec424c4457" owner_id = "662644875436" tags = { "Name" = "us-east-tf-vpc" } tags_all = { "Environment" = "Lab" "Name" = "us-east-tf-vpc" "Terraform" = "yes" } }
resource "aws_internet_gateway" "us-east-tf-gw" {
vpc_id = "vpc-0da4f5c6f6db12a12"
tags = {
Name = "us-east-tf-gw"
}
}
$ terraform apply aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_internet_gateway.us-east-tf-gw will be created + resource "aws_internet_gateway" "us-east-tf-gw" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + tags = { + "Name" = "us-east-tf-gw" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-tf-gw" + "Terraform" = "yes" } + vpc_id = "vpc-0da4f5c6f6db12a12" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_internet_gateway.us-east-tf-gw: Creating... aws_internet_gateway.us-east-tf-gw: Creation complete after 2s [id=igw-052948fe8f76be6c3] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
Consultando o ID do gateway
$ terraform state list aws_internet_gateway.us-east-tf-gw aws_vpc.us-east-tf-vpc
$ terraform state show aws_internet_gateway.us-east-tf-gw # aws_internet_gateway.us-east-tf-gw: resource "aws_internet_gateway" "us-east-tf-gw" { arn = "arn:aws:ec2:us-east-2:662644875436:internet-gateway/igw-052948fe8f76be6c3" id = "igw-052948fe8f76be6c3" owner_id = "662644875436" tags = { "Name" = "us-east-tf-gw" } tags_all = { "Environment" = "Lab" "Name" = "us-east-tf-gw" "Terraform" = "yes" } vpc_id = "vpc-0da4f5c6f6db12a12" }
resource "aws_internet_gateway" "us-east-tf-gw" {
vpc_id = "vpc-0da4f5c6f6db12a12"
tags = {
Name = "us-east-tf-gw"
}
}
resource "aws_route_table" "us-east-tf-rt-public" {
vpc_id = "vpc-0da4f5c6f6db12a12"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "igw-052948fe8f76be6c3"
}
tags = {
Name = "us-east-tf-rt-public"
}
}
$ terraform plan aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_route_table.us-east-tf-rt-public will be created + resource "aws_route_table" "us-east-tf-rt-public" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + route = [ + { + carrier_gateway_id = "" + cidr_block = "0.0.0.0/0" + core_network_arn = "" + destination_prefix_list_id = "" + egress_only_gateway_id = "" + gateway_id = "igw-052948fe8f76be6c3" + ipv6_cidr_block = "" + local_gateway_id = "" + nat_gateway_id = "" + network_interface_id = "" + transit_gateway_id = "" + vpc_endpoint_id = "" + vpc_peering_connection_id = "" }, ] + tags = { + "Name" = "us-east-tf-rt-public" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-tf-rt-public" + "Terraform" = "yes" } + vpc_id = "vpc-0da4f5c6f6db12a12" } Plan: 1 to add, 0 to change, 0 to destroy. ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
$ terraform apply aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_route_table.us-east-tf-rt-public will be created + resource "aws_route_table" "us-east-tf-rt-public" { + arn = (known after apply) + id = (known after apply) + owner_id = (known after apply) + propagating_vgws = (known after apply) + route = [ + { + carrier_gateway_id = "" + cidr_block = "0.0.0.0/0" + core_network_arn = "" + destination_prefix_list_id = "" + egress_only_gateway_id = "" + gateway_id = "igw-052948fe8f76be6c3" + ipv6_cidr_block = "" + local_gateway_id = "" + nat_gateway_id = "" + network_interface_id = "" + transit_gateway_id = "" + vpc_endpoint_id = "" + vpc_peering_connection_id = "" }, ] + tags = { + "Name" = "us-east-tf-rt-public" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-tf-rt-public" + "Terraform" = "yes" } + vpc_id = "vpc-0da4f5c6f6db12a12" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_route_table.us-east-tf-rt-public: Creating... aws_route_table.us-east-tf-rt-public: Creation complete after 2s [id=rtb-0286ae2521f3181ab] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
resource "aws_subnet" "us-east-2a-tf-public_subnet" {
vpc_id = "vpc-0da4f5c6f6db12a12"
cidr_block = "10.22.100.0/24"
availability_zone = "us-east-2a"
map_public_ip_on_launch = true
tags = {
Name = "us-east-2a-tf-public_subnet"
}
}
resource "aws_subnet" "us-east-2a-tf-private_subnet" {
vpc_id = "vpc-0da4f5c6f6db12a12"
cidr_block = "10.22.200.0/24"
availability_zone = "us-east-2a"
tags = {
Name = "us-east-2a-tf-private_subnet"
}
}
$ terraform apply aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_route_table.us-east-tf-rt-public: Refreshing state... [id=rtb-0286ae2521f3181ab] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_subnet.us-east-2a-tf-private_subnet will be created + resource "aws_subnet" "us-east-2a-tf-private_subnet" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "us-east-2a" + availability_zone_id = (known after apply) + cidr_block = "10.22.200.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = false + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "Name" = "us-east-2a-tf-private_subnet" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-2a-tf-private_subnet" + "Terraform" = "yes" } + vpc_id = "vpc-0da4f5c6f6db12a12" } # aws_subnet.us-east-2a-tf-public_subnet will be created + resource "aws_subnet" "us-east-2a-tf-public_subnet" { + arn = (known after apply) + assign_ipv6_address_on_creation = false + availability_zone = "us-east-2a" + availability_zone_id = (known after apply) + cidr_block = "10.22.100.0/24" + enable_dns64 = false + enable_resource_name_dns_a_record_on_launch = false + enable_resource_name_dns_aaaa_record_on_launch = false + id = (known after apply) + ipv6_cidr_block_association_id = (known after apply) + ipv6_native = false + map_public_ip_on_launch = true + owner_id = (known after apply) + private_dns_hostname_type_on_launch = (known after apply) + tags = { + "Name" = "us-east-2a-tf-public_subnet" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-2a-tf-public_subnet" + "Terraform" = "yes" } + vpc_id = "vpc-0da4f5c6f6db12a12" } Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_subnet.us-east-2a-tf-private_subnet: Creating... aws_subnet.us-east-2a-tf-public_subnet: Creating... aws_subnet.us-east-2a-tf-private_subnet: Creation complete after 2s [id=subnet-0957e7b3d46ac7f8c] aws_subnet.us-east-2a-tf-public_subnet: Still creating... [10s elapsed] aws_subnet.us-east-2a-tf-public_subnet: Creation complete after 12s [id=subnet-0b0627f1af34d5022] Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
$ terraform state list aws_internet_gateway.us-east-tf-gw aws_route_table.us-east-tf-rt-public aws_subnet.us-east-2a-tf-private_subnet aws_subnet.us-east-2a-tf-public_subnet aws_vpc.us-east-tf-vpc
$ terraform state show aws_subnet.us-east-2a-tf-public_subnet # aws_subnet.us-east-2a-tf-public_subnet: resource "aws_subnet" "us-east-2a-tf-public_subnet" { arn = "arn:aws:ec2:us-east-2:662644875436:subnet/subnet-0b0627f1af34d5022" assign_ipv6_address_on_creation = false availability_zone = "us-east-2a" availability_zone_id = "use2-az1" cidr_block = "10.22.100.0/24" enable_dns64 = false enable_lni_at_device_index = 0 enable_resource_name_dns_a_record_on_launch = false enable_resource_name_dns_aaaa_record_on_launch = false id = "subnet-0b0627f1af34d5022" ipv6_native = false map_customer_owned_ip_on_launch = false map_public_ip_on_launch = true owner_id = "662644875436" private_dns_hostname_type_on_launch = "ip-name" tags = { "Name" = "us-east-2a-tf-public_subnet" } tags_all = { "Environment" = "Lab" "Name" = "us-east-2a-tf-public_subnet" "Terraform" = "yes" } vpc_id = "vpc-0da4f5c6f6db12a12" }
$ terraform state show aws_route_table.us-east-tf-rt-public # aws_route_table.us-east-tf-rt-public: resource "aws_route_table" "us-east-tf-rt-public" { arn = "arn:aws:ec2:us-east-2:662644875436:route-table/rtb-0286ae2521f3181ab" id = "rtb-0286ae2521f3181ab" owner_id = "662644875436" propagating_vgws = [] route = [ { carrier_gateway_id = "" cidr_block = "0.0.0.0/0" core_network_arn = "" destination_prefix_list_id = "" egress_only_gateway_id = "" gateway_id = "igw-052948fe8f76be6c3" ipv6_cidr_block = "" local_gateway_id = "" nat_gateway_id = "" network_interface_id = "" transit_gateway_id = "" vpc_endpoint_id = "" vpc_peering_connection_id = "" }, ] tags = { "Name" = "us-east-tf-rt-public" } tags_all = { "Environment" = "Lab" "Name" = "us-east-tf-rt-public" "Terraform" = "yes" } vpc_id = "vpc-0da4f5c6f6db12a12" }
resource "aws_internet_gateway" "us-east-tf-gw" {
vpc_id = "vpc-0da4f5c6f6db12a12"
tags = {
Name = "us-east-tf-gw"
}
}
resource "aws_route_table" "us-east-tf-rt-public" {
vpc_id = "vpc-0da4f5c6f6db12a12"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "igw-052948fe8f76be6c3"
}
tags = {
Name = "us-east-tf-rt-public"
}
}
resource "aws_route_table_association" "us-east-tf-rt-public-association" {
subnet_id = "subnet-0b0627f1af34d5022"
route_table_id = "rtb-0286ae2521f3181ab"
}
$ terraform apply aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_subnet.us-east-2a-tf-public_subnet: Refreshing state... [id=subnet-0b0627f1af34d5022] aws_subnet.us-east-2a-tf-private_subnet: Refreshing state... [id=subnet-0957e7b3d46ac7f8c] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] aws_route_table.us-east-tf-rt-public: Refreshing state... [id=rtb-0286ae2521f3181ab] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_route_table_association.us-east-tf-rt-public-association will be created + resource "aws_route_table_association" "us-east-tf-rt-public-association" { + id = (known after apply) + route_table_id = "rtb-0286ae2521f3181ab" + subnet_id = "subnet-0b0627f1af34d5022" } Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_route_table_association.us-east-tf-rt-public-association: Creating... aws_route_table_association.us-east-tf-rt-public-association: Creation complete after 1s [id=rtbassoc-05923419316f18c4e] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
resource "aws_instance" "us-east-2a-tf-vm-01" {
ami = "ami-0cf0e376c672104d6"
instance_type = "t2.micro"
associate_public_ip_address = true
subnet_id = "subnet-0b0627f1af34d5022"
tags = {
Name = "us-east-2a-tf-vm-01"
}
}
resource "aws_security_group" "us-east-tf-sg" {
name = "us-east-tf-sg"
description = "us-east-tf-sg"
vpc_id = "vpc-0da4f5c6f6db12a12"
ingress {
description = "Allow ICMP"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "us-east-tf-sg"
}
}
$ terraform apply aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_route_table.us-east-tf-rt-public: Refreshing state... [id=rtb-0286ae2521f3181ab] aws_route_table_association.us-east-tf-rt-public-association: Refreshing state... [id=rtbassoc-05923419316f18c4e] aws_subnet.us-east-2a-tf-private_subnet: Refreshing state... [id=subnet-0957e7b3d46ac7f8c] aws_subnet.us-east-2a-tf-public_subnet: Refreshing state... [id=subnet-0b0627f1af34d5022] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_instance.us-east-2a-tf-vm-01 will be created + resource "aws_instance" "us-east-2a-tf-vm-01" { + ami = "ami-0cf0e376c672104d6" + arn = (known after apply) + associate_public_ip_address = true + availability_zone = (known after apply) + cpu_core_count = (known after apply) + cpu_threads_per_core = (known after apply) + disable_api_stop = (known after apply) + disable_api_termination = (known after apply) + ebs_optimized = (known after apply) + get_password_data = false + host_id = (known after apply) + host_resource_group_arn = (known after apply) + iam_instance_profile = (known after apply) + id = (known after apply) + instance_initiated_shutdown_behavior = (known after apply) + instance_lifecycle = (known after apply) + instance_state = (known after apply) + instance_type = "t2.micro" + ipv6_address_count = (known after apply) + ipv6_addresses = (known after apply) + key_name = (known after apply) + monitoring = (known after apply) + outpost_arn = (known after apply) + password_data = (known after apply) + placement_group = (known after apply) + placement_partition_number = (known after apply) + primary_network_interface_id = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + secondary_private_ips = (known after apply) + security_groups = (known after apply) + source_dest_check = true + spot_instance_request_id = (known after apply) + subnet_id = "subnet-0b0627f1af34d5022" + tags = { + "Name" = "us-east-2a-tf-vm-01" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-2a-tf-vm-01" + "Terraform" = "yes" } + tenancy = (known after apply) + user_data = (known after apply) + user_data_base64 = (known after apply) + user_data_replace_on_change = false + vpc_security_group_ids = (known after apply) } # aws_security_group.us-east-tf-sg will be created + resource "aws_security_group" "us-east-tf-sg" { + arn = (known after apply) + description = "us-east-tf-sg" + egress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "" + from_port = 0 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "-1" + security_groups = [] + self = false + to_port = 0 }, ] + id = (known after apply) + ingress = [ + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allow ICMP" + from_port = -1 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "icmp" + security_groups = [] + self = false + to_port = -1 }, + { + cidr_blocks = [ + "0.0.0.0/0", ] + description = "Allow SSH" + from_port = 22 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 22 }, ] + name = "us-east-tf-sg" + name_prefix = (known after apply) + owner_id = (known after apply) + revoke_rules_on_delete = false + tags = { + "Name" = "us-east-tf-sg" } + tags_all = { + "Environment" = "Lab" + "Name" = "us-east-tf-sg" + "Terraform" = "yes" } + vpc_id = "vpc-0da4f5c6f6db12a12" } Plan: 2 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_security_group.us-east-tf-sg: Creating... aws_instance.us-east-2a-tf-vm-01: Creating... aws_security_group.us-east-tf-sg: Creation complete after 5s [id=sg-08e5c60c51926286d] aws_instance.us-east-2a-tf-vm-01: Still creating... [10s elapsed] aws_instance.us-east-2a-tf-vm-01: Still creating... [20s elapsed] aws_instance.us-east-2a-tf-vm-01: Creation complete after 25s [id=i-0670a1d1fea3a2e01] Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
$ terraform state list aws_instance.us-east-2a-tf-vm-01 aws_internet_gateway.us-east-tf-gw aws_route_table.us-east-tf-rt-public aws_route_table_association.us-east-tf-rt-public-association aws_security_group.us-east-tf-sg aws_subnet.us-east-2a-tf-private_subnet aws_subnet.us-east-2a-tf-public_subnet aws_vpc.us-east-tf-vpc
$ terraform state show aws_security_group.us-east-tf-sg # aws_security_group.us-east-tf-sg: resource "aws_security_group" "us-east-tf-sg" { arn = "arn:aws:ec2:us-east-2:662644875436:security-group/sg-08e5c60c51926286d" description = "us-east-tf-sg" egress = [ { cidr_blocks = [ "0.0.0.0/0", ] description = "" from_port = 0 ipv6_cidr_blocks = [] prefix_list_ids = [] protocol = "-1" security_groups = [] self = false to_port = 0 }, ] id = "sg-08e5c60c51926286d" ingress = [ { cidr_blocks = [ "0.0.0.0/0", ] description = "Allow ICMP" from_port = -1 ipv6_cidr_blocks = [] prefix_list_ids = [] protocol = "icmp" security_groups = [] self = false to_port = -1 }, { cidr_blocks = [ "0.0.0.0/0", ] description = "Allow SSH" from_port = 22 ipv6_cidr_blocks = [] prefix_list_ids = [] protocol = "tcp" security_groups = [] self = false to_port = 22 }, ] name = "us-east-tf-sg" owner_id = "662644875436" revoke_rules_on_delete = false tags = { "Name" = "us-east-tf-sg" } tags_all = { "Environment" = "Lab" "Name" = "us-east-tf-sg" "Terraform" = "yes" } vpc_id = "vpc-0da4f5c6f6db12a12" }
resource "aws_instance" "us-east-2a-tf-vm-01" {
ami = "ami-0cf0e376c672104d6"
instance_type = "t2.micro"
associate_public_ip_address = true
vpc_security_group_ids = ["sg-08e5c60c51926286d"]
subnet_id = "subnet-0b0627f1af34d5022"
tags = {
Name = "us-east-2a-tf-vm-01"
}
}
$ terraform validate
Success! The configuration is valid.
$ terraform plan aws_subnet.us-east-2a-tf-public_subnet: Refreshing state... [id=subnet-0b0627f1af34d5022] aws_route_table.us-east-tf-rt-public: Refreshing state... [id=rtb-0286ae2521f3181ab] aws_route_table_association.us-east-tf-rt-public-association: Refreshing state... [id=rtbassoc-05923419316f18c4e] aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] aws_subnet.us-east-2a-tf-private_subnet: Refreshing state... [id=subnet-0957e7b3d46ac7f8c] aws_security_group.us-east-tf-sg: Refreshing state... [id=sg-08e5c60c51926286d] aws_instance.us-east-2a-tf-vm-01: Refreshing state... [id=i-0670a1d1fea3a2e01] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_instance.us-east-2a-tf-vm-01 will be updated in-place ~ resource "aws_instance" "us-east-2a-tf-vm-01" { id = "i-0670a1d1fea3a2e01" tags = { "Name" = "us-east-2a-tf-vm-01" } ~ vpc_security_group_ids = [ - "sg-0a1b27de005d0e907", + "sg-08e5c60c51926286d", ] # (30 unchanged attributes hidden) # (8 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. ─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now.
$ terraform apply aws_route_table_association.us-east-tf-rt-public-association: Refreshing state... [id=rtbassoc-05923419316f18c4e] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] aws_subnet.us-east-2a-tf-public_subnet: Refreshing state... [id=subnet-0b0627f1af34d5022] aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_subnet.us-east-2a-tf-private_subnet: Refreshing state... [id=subnet-0957e7b3d46ac7f8c] aws_route_table.us-east-tf-rt-public: Refreshing state... [id=rtb-0286ae2521f3181ab] aws_security_group.us-east-tf-sg: Refreshing state... [id=sg-08e5c60c51926286d] aws_instance.us-east-2a-tf-vm-01: Refreshing state... [id=i-0670a1d1fea3a2e01] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_instance.us-east-2a-tf-vm-01 will be updated in-place ~ resource "aws_instance" "us-east-2a-tf-vm-01" { id = "i-0670a1d1fea3a2e01" tags = { "Name" = "us-east-2a-tf-vm-01" } ~ vpc_security_group_ids = [ - "sg-0a1b27de005d0e907", + "sg-08e5c60c51926286d", ] # (30 unchanged attributes hidden) # (8 unchanged blocks hidden) } Plan: 0 to add, 1 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes aws_instance.us-east-2a-tf-vm-01: Modifying... [id=i-0670a1d1fea3a2e01] aws_instance.us-east-2a-tf-vm-01: Modifications complete after 4s [id=i-0670a1d1fea3a2e01] Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
$ terraform state list aws_instance.us-east-2a-tf-vm-01 aws_internet_gateway.us-east-tf-gw aws_route_table.us-east-tf-rt-public aws_route_table_association.us-east-tf-rt-public-association aws_security_group.us-east-tf-sg aws_subnet.us-east-2a-tf-private_subnet aws_subnet.us-east-2a-tf-public_subnet aws_vpc.us-east-tf-vpc
$ terraform state show aws_instance.us-east-2a-tf-vm-01 # aws_instance.us-east-2a-tf-vm-01: resource "aws_instance" "us-east-2a-tf-vm-01" { ami = "ami-0cf0e376c672104d6" arn = "arn:aws:ec2:us-east-2:662644875436:instance/i-0670a1d1fea3a2e01" associate_public_ip_address = true availability_zone = "us-east-2a" cpu_core_count = 1 cpu_threads_per_core = 1 disable_api_stop = false disable_api_termination = false ebs_optimized = false get_password_data = false hibernation = false id = "i-0670a1d1fea3a2e01" instance_initiated_shutdown_behavior = "stop" instance_state = "running" instance_type = "t2.micro" ipv6_address_count = 0 ipv6_addresses = [] monitoring = false placement_partition_number = 0 primary_network_interface_id = "eni-0bc8b5582ba5943db" private_dns = "ip-10-22-100-5.us-east-2.compute.internal" private_ip = "10.22.100.5" public_dns = "ec2-3-144-11-107.us-east-2.compute.amazonaws.com" public_ip = "3.144.11.107" secondary_private_ips = [] security_groups = [] source_dest_check = true subnet_id = "subnet-0b0627f1af34d5022" tags = { "Name" = "us-east-2a-tf-vm-01" } tags_all = { "Environment" = "Lab" "Name" = "us-east-2a-tf-vm-01" "Terraform" = "yes" } tenancy = "default" user_data_replace_on_change = false vpc_security_group_ids = [ "sg-08e5c60c51926286d", ] capacity_reservation_specification { capacity_reservation_preference = "open" } cpu_options { core_count = 1 threads_per_core = 1 } credit_specification { cpu_credits = "standard" } enclave_options { enabled = false } maintenance_options { auto_recovery = "default" } metadata_options { http_endpoint = "enabled" http_protocol_ipv6 = "disabled" http_put_response_hop_limit = 2 http_tokens = "required" instance_metadata_tags = "disabled" } private_dns_name_options { enable_resource_name_dns_a_record = false enable_resource_name_dns_aaaa_record = false hostname_type = "ip-name" } root_block_device { delete_on_termination = true device_name = "/dev/xvda" encrypted = false iops = 3000 tags = {} throughput = 125 volume_id = "vol-0ef32a9165aa36ae1" volume_size = 8 volume_type = "gp3" } }
$ sudo ping -c3 3.144.11.107 PING 3.144.11.107 (3.144.11.107) 56(84) bytes of data. 64 bytes from 3.144.11.107: icmp_seq=1 ttl=105 time=180 ms 64 bytes from 3.144.11.107: icmp_seq=2 ttl=105 time=182 ms 64 bytes from 3.144.11.107: icmp_seq=3 ttl=105 time=186 ms --- 3.144.11.107 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 180.010/182.656/185.987/2.487 ms
$ terraform destroy -auto-approve aws_internet_gateway.us-east-tf-gw: Refreshing state... [id=igw-052948fe8f76be6c3] aws_route_table_association.us-east-tf-rt-public-association: Refreshing state... [id=rtbassoc-05923419316f18c4e] aws_subnet.us-east-2a-tf-public_subnet: Refreshing state... [id=subnet-0b0627f1af34d5022] aws_subnet.us-east-2a-tf-private_subnet: Refreshing state... [id=subnet-0957e7b3d46ac7f8c] aws_route_table.us-east-tf-rt-public: Refreshing state... [id=rtb-0286ae2521f3181ab] aws_vpc.us-east-tf-vpc: Refreshing state... [id=vpc-0da4f5c6f6db12a12] aws_security_group.us-east-tf-sg: Refreshing state... [id=sg-08e5c60c51926286d] aws_instance.us-east-2a-tf-vm-01: Refreshing state... [id=i-0670a1d1fea3a2e01] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: - destroy Terraform will perform the following actions: # aws_instance.us-east-2a-tf-vm-01 will be destroyed - resource "aws_instance" "us-east-2a-tf-vm-01" { - ami = "ami-0cf0e376c672104d6" -> null - arn = "arn:aws:ec2:us-east-2:662644875436:instance/i-0670a1d1fea3a2e01" -> null - associate_public_ip_address = true -> null - availability_zone = "us-east-2a" -> null - cpu_core_count = 1 -> null - cpu_threads_per_core = 1 -> null - disable_api_stop = false -> null - disable_api_termination = false -> null - ebs_optimized = false -> null - get_password_data = false -> null - hibernation = false -> null - id = "i-0670a1d1fea3a2e01" -> null - instance_initiated_shutdown_behavior = "stop" -> null - instance_state = "running" -> null - instance_type = "t2.micro" -> null - ipv6_address_count = 0 -> null - ipv6_addresses = [] -> null - monitoring = false -> null - placement_partition_number = 0 -> null - primary_network_interface_id = "eni-0bc8b5582ba5943db" -> null - private_dns = "ip-10-22-100-5.us-east-2.compute.internal" -> null - private_ip = "10.22.100.5" -> null - public_dns = "ec2-3-144-11-107.us-east-2.compute.amazonaws.com" -> null - public_ip = "3.144.11.107" -> null - secondary_private_ips = [] -> null - security_groups = [] -> null - source_dest_check = true -> null - subnet_id = "subnet-0b0627f1af34d5022" -> null - tags = { - "Name" = "us-east-2a-tf-vm-01" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-2a-tf-vm-01" - "Terraform" = "yes" } -> null - tenancy = "default" -> null - user_data_replace_on_change = false -> null - vpc_security_group_ids = [ - "sg-08e5c60c51926286d", ] -> null - capacity_reservation_specification { - capacity_reservation_preference = "open" -> null } - cpu_options { - core_count = 1 -> null - threads_per_core = 1 -> null } - credit_specification { - cpu_credits = "standard" -> null } - enclave_options { - enabled = false -> null } - maintenance_options { - auto_recovery = "default" -> null } - metadata_options { - http_endpoint = "enabled" -> null - http_protocol_ipv6 = "disabled" -> null - http_put_response_hop_limit = 2 -> null - http_tokens = "required" -> null - instance_metadata_tags = "disabled" -> null } - private_dns_name_options { - enable_resource_name_dns_a_record = false -> null - enable_resource_name_dns_aaaa_record = false -> null - hostname_type = "ip-name" -> null } - root_block_device { - delete_on_termination = true -> null - device_name = "/dev/xvda" -> null - encrypted = false -> null - iops = 3000 -> null - tags = {} -> null - throughput = 125 -> null - volume_id = "vol-0ef32a9165aa36ae1" -> null - volume_size = 8 -> null - volume_type = "gp3" -> null } } # aws_internet_gateway.us-east-tf-gw will be destroyed - resource "aws_internet_gateway" "us-east-tf-gw" { - arn = "arn:aws:ec2:us-east-2:662644875436:internet-gateway/igw-052948fe8f76be6c3" -> null - id = "igw-052948fe8f76be6c3" -> null - owner_id = "662644875436" -> null - tags = { - "Name" = "us-east-tf-gw" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-tf-gw" - "Terraform" = "yes" } -> null - vpc_id = "vpc-0da4f5c6f6db12a12" -> null } # aws_route_table.us-east-tf-rt-public will be destroyed - resource "aws_route_table" "us-east-tf-rt-public" { - arn = "arn:aws:ec2:us-east-2:662644875436:route-table/rtb-0286ae2521f3181ab" -> null - id = "rtb-0286ae2521f3181ab" -> null - owner_id = "662644875436" -> null - propagating_vgws = [] -> null - route = [ - { - carrier_gateway_id = "" - cidr_block = "0.0.0.0/0" - core_network_arn = "" - destination_prefix_list_id = "" - egress_only_gateway_id = "" - gateway_id = "igw-052948fe8f76be6c3" - ipv6_cidr_block = "" - local_gateway_id = "" - nat_gateway_id = "" - network_interface_id = "" - transit_gateway_id = "" - vpc_endpoint_id = "" - vpc_peering_connection_id = "" }, ] -> null - tags = { - "Name" = "us-east-tf-rt-public" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-tf-rt-public" - "Terraform" = "yes" } -> null - vpc_id = "vpc-0da4f5c6f6db12a12" -> null } # aws_route_table_association.us-east-tf-rt-public-association will be destroyed - resource "aws_route_table_association" "us-east-tf-rt-public-association" { - id = "rtbassoc-05923419316f18c4e" -> null - route_table_id = "rtb-0286ae2521f3181ab" -> null - subnet_id = "subnet-0b0627f1af34d5022" -> null } # aws_security_group.us-east-tf-sg will be destroyed - resource "aws_security_group" "us-east-tf-sg" { - arn = "arn:aws:ec2:us-east-2:662644875436:security-group/sg-08e5c60c51926286d" -> null - description = "us-east-tf-sg" -> null - egress = [ - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "" - from_port = 0 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "-1" - security_groups = [] - self = false - to_port = 0 }, ] -> null - id = "sg-08e5c60c51926286d" -> null - ingress = [ - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "Allow ICMP" - from_port = -1 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "icmp" - security_groups = [] - self = false - to_port = -1 }, - { - cidr_blocks = [ - "0.0.0.0/0", ] - description = "Allow SSH" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, ] -> null - name = "us-east-tf-sg" -> null - owner_id = "662644875436" -> null - revoke_rules_on_delete = false -> null - tags = { - "Name" = "us-east-tf-sg" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-tf-sg" - "Terraform" = "yes" } -> null - vpc_id = "vpc-0da4f5c6f6db12a12" -> null } # aws_subnet.us-east-2a-tf-private_subnet will be destroyed - resource "aws_subnet" "us-east-2a-tf-private_subnet" { - arn = "arn:aws:ec2:us-east-2:662644875436:subnet/subnet-0957e7b3d46ac7f8c" -> null - assign_ipv6_address_on_creation = false -> null - availability_zone = "us-east-2a" -> null - availability_zone_id = "use2-az1" -> null - cidr_block = "10.22.200.0/24" -> null - enable_dns64 = false -> null - enable_lni_at_device_index = 0 -> null - enable_resource_name_dns_a_record_on_launch = false -> null - enable_resource_name_dns_aaaa_record_on_launch = false -> null - id = "subnet-0957e7b3d46ac7f8c" -> null - ipv6_native = false -> null - map_customer_owned_ip_on_launch = false -> null - map_public_ip_on_launch = false -> null - owner_id = "662644875436" -> null - private_dns_hostname_type_on_launch = "ip-name" -> null - tags = { - "Name" = "us-east-2a-tf-private_subnet" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-2a-tf-private_subnet" - "Terraform" = "yes" } -> null - vpc_id = "vpc-0da4f5c6f6db12a12" -> null } # aws_subnet.us-east-2a-tf-public_subnet will be destroyed - resource "aws_subnet" "us-east-2a-tf-public_subnet" { - arn = "arn:aws:ec2:us-east-2:662644875436:subnet/subnet-0b0627f1af34d5022" -> null - assign_ipv6_address_on_creation = false -> null - availability_zone = "us-east-2a" -> null - availability_zone_id = "use2-az1" -> null - cidr_block = "10.22.100.0/24" -> null - enable_dns64 = false -> null - enable_lni_at_device_index = 0 -> null - enable_resource_name_dns_a_record_on_launch = false -> null - enable_resource_name_dns_aaaa_record_on_launch = false -> null - id = "subnet-0b0627f1af34d5022" -> null - ipv6_native = false -> null - map_customer_owned_ip_on_launch = false -> null - map_public_ip_on_launch = true -> null - owner_id = "662644875436" -> null - private_dns_hostname_type_on_launch = "ip-name" -> null - tags = { - "Name" = "us-east-2a-tf-public_subnet" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-2a-tf-public_subnet" - "Terraform" = "yes" } -> null - vpc_id = "vpc-0da4f5c6f6db12a12" -> null } # aws_vpc.us-east-tf-vpc will be destroyed - resource "aws_vpc" "us-east-tf-vpc" { - arn = "arn:aws:ec2:us-east-2:662644875436:vpc/vpc-0da4f5c6f6db12a12" -> null - assign_generated_ipv6_cidr_block = false -> null - cidr_block = "10.22.0.0/16" -> null - default_network_acl_id = "acl-0fbe42b1767a6ff7b" -> null - default_route_table_id = "rtb-01c135cec424c4457" -> null - default_security_group_id = "sg-0a1b27de005d0e907" -> null - dhcp_options_id = "dopt-0251f420400d60db9" -> null - enable_dns_hostnames = true -> null - enable_dns_support = true -> null - enable_network_address_usage_metrics = false -> null - id = "vpc-0da4f5c6f6db12a12" -> null - instance_tenancy = "default" -> null - ipv6_netmask_length = 0 -> null - main_route_table_id = "rtb-01c135cec424c4457" -> null - owner_id = "662644875436" -> null - tags = { - "Name" = "us-east-tf-vpc" } -> null - tags_all = { - "Environment" = "Lab" - "Name" = "us-east-tf-vpc" - "Terraform" = "yes" } -> null } Plan: 0 to add, 0 to change, 8 to destroy. aws_internet_gateway.us-east-tf-gw: Destroying... [id=igw-052948fe8f76be6c3] aws_route_table_association.us-east-tf-rt-public-association: Destroying... [id=rtbassoc-05923419316f18c4e] aws_subnet.us-east-2a-tf-private_subnet: Destroying... [id=subnet-0957e7b3d46ac7f8c] aws_vpc.us-east-tf-vpc: Destroying... [id=vpc-0da4f5c6f6db12a12] aws_route_table.us-east-tf-rt-public: Destroying... [id=rtb-0286ae2521f3181ab] aws_subnet.us-east-2a-tf-public_subnet: Destroying... [id=subnet-0b0627f1af34d5022] aws_security_group.us-east-tf-sg: Destroying... [id=sg-08e5c60c51926286d] aws_instance.us-east-2a-tf-vm-01: Destroying... [id=i-0670a1d1fea3a2e01] aws_route_table_association.us-east-tf-rt-public-association: Destruction complete after 1s aws_subnet.us-east-2a-tf-private_subnet: Destruction complete after 1s aws_route_table.us-east-tf-rt-public: Destruction complete after 2s aws_internet_gateway.us-east-tf-gw: Still destroying... [id=igw-052948fe8f76be6c3, 10s elapsed] aws_vpc.us-east-tf-vpc: Still destroying... [id=vpc-0da4f5c6f6db12a12, 10s elapsed] aws_subnet.us-east-2a-tf-public_subnet: Still destroying... [id=subnet-0b0627f1af34d5022, 10s elapsed] aws_instance.us-east-2a-tf-vm-01: Still destroying... [id=i-0670a1d1fea3a2e01, 10s elapsed] aws_security_group.us-east-tf-sg: Still destroying... [id=sg-08e5c60c51926286d, 10s elapsed] aws_vpc.us-east-tf-vpc: Still destroying... [id=vpc-0da4f5c6f6db12a12, 20s elapsed] aws_internet_gateway.us-east-tf-gw: Still destroying... [id=igw-052948fe8f76be6c3, 20s elapsed] aws_security_group.us-east-tf-sg: Still destroying... [id=sg-08e5c60c51926286d, 20s elapsed] aws_instance.us-east-2a-tf-vm-01: Still destroying... [id=i-0670a1d1fea3a2e01, 20s elapsed] aws_subnet.us-east-2a-tf-public_subnet: Still destroying... [id=subnet-0b0627f1af34d5022, 20s elapsed] aws_internet_gateway.us-east-tf-gw: Still destroying... [id=igw-052948fe8f76be6c3, 30s elapsed] aws_subnet.us-east-2a-tf-public_subnet: Still destroying... [id=subnet-0b0627f1af34d5022, 30s elapsed] aws_vpc.us-east-tf-vpc: Still destroying... [id=vpc-0da4f5c6f6db12a12, 30s elapsed] aws_security_group.us-east-tf-sg: Still destroying... [id=sg-08e5c60c51926286d, 30s elapsed] aws_instance.us-east-2a-tf-vm-01: Still destroying... [id=i-0670a1d1fea3a2e01, 30s elapsed] aws_internet_gateway.us-east-tf-gw: Destruction complete after 30s aws_subnet.us-east-2a-tf-public_subnet: Destruction complete after 31s aws_security_group.us-east-tf-sg: Destruction complete after 31s aws_instance.us-east-2a-tf-vm-01: Destruction complete after 32s aws_vpc.us-east-tf-vpc: Still destroying... [id=vpc-0da4f5c6f6db12a12, 40s elapsed] aws_vpc.us-east-tf-vpc: Destruction complete after 42s Destroy complete! Resources: 8 destroyed.