terraform

# Terraform 最佳实践与模式 ## Terraform 项目结构 ### 标准模块结构 terraform/ ├── environments/ │ ├── dev/ │ │ ├── main.tf │ │ ├── variables.tf │ │ ├── outputs.tf │ │ ├── terraform.tfvars │ │ └── backend.tf │ ├── staging/ │ └── prod/ ├── modules/ │ ├── vpc/ │ │ ├── main.tf │ │ ├── variables.tf │ │ ├── outputs.tf │ │ └── README.md │ ├── eks/ │ ├── rds/ │ └── s3-bucket/ └── README.md **为什么采用这种结构？** - 分离环境配置以实现隔离 - 促进模块在不同环境间的复用 - 使状态管理更清晰（每个环境一个状态文件） - 支持环境特定的变量覆盖 ### 模块开发模板 **modules/vpc/main.tf:** hcl # VPC resource "aws_vpc" "main" { cidr_block = var.vpc_cidr enable_dns_hostnames = var.enable_dns_hostnames enable_dns_support = var.enable_dns_support tags = merge( var.tags, { Name = "${var.name_prefix}-vpc" } ) } # 公有子网 resource "aws_subnet" "public" { count = length(var.public_subnet_cidrs) vpc_id = aws_vpc.main.id cidr_block = var.public_subnet_cidrs[count.index] availability_zone = var.availability_zones[count.index] map_public_ip_on_launch = true tags = merge( var.tags, { Name = "${var.name_prefix}-public-${var.availability_zones[count.index]}" Type = "public" } ) } # 私有子网 resource "aws_subnet" "private" { count = length(var.private_subnet_cidrs) vpc_id = aws_vpc.main.id cidr_block = var.private_subnet_cidrs[count.index] availability_zone = var.availability_zones[count.index] tags = merge( var.tags, { Name = "${var.name_prefix}-private-${var.availability_zones[count.index]}" Type = "private" } ) } # Internet 网关 resource "aws_internet_gateway" "main" { count = length(var.public_subnet_cidrs) > 0 ? 1 : 0 vpc_id = aws_vpc.main.id tags = merge( var.tags, { Name = "${var.name_prefix}-igw" } ) } # NAT 网关 resource "aws_eip" "nat" { count = var.enable_nat_gateway ? var.single_nat_gateway ? 1 : length(var.availability_zones) : 0 domain = "vpc" tags = merge( var.tags, { Name = "${var.name_prefix}-nat-eip-${count.index + 1}" } ) } resource "aws_nat_gateway" "main" { count = var.enable_nat_gatewa