CDK for Terraform を試してみる
S3を構築してみる
CDK for Terraform Is Now Generally Available
対応言語: TypeScript, Python, Java, C#, Golang
余談: Manage Kubernetes custom Resource (CRDS)
Manage Kubernetes Custom Resources | Terraform - HashiCorp Learn
Cloud Development Kit for Terraform (CDKTF)は、インフラの定義を、使い慣れたプログラミング言語で記述するためのものです。
これまで Terraform は、HCL(HashiCopr Configuration Language)で書く必要がありましたが、CDKTFでは、HCLを学ぶ必要がなく、Terraform のエコシステムに乗ることができます。
対応言語: TypeScript, Python, Java, C#, Golang
CDK for Terraform は、AWS Cloud Development Kit を参考にして作られています。
雛形から作成することもできるし、1から作成することもできます
インフラ定義を既存の言語で記述することができます
cdktf コマンドをつかってデプロイができます
terraform から利用できる json 形式のファイルを出力することもできます
オススメの言語は TypeScript とのこと
CDKTFのインストール
Install CDK for Terraform and Run a Quick Start Demo | Terraform - HashiCorp Learn
まず、 terraform cli はインストールする必要がある
また、node.js はインストールする必要がある
cdktf コマンドをインストールする
code:sh
$ npm install --global cdktf-cli@latest
$ cdktf --version
0.12.0
init する
チュートリアルだと --local を指定しているが、これは local に状態を保存するやつなので、一旦使わないことに
Terraform Cloud remote state management というのが、Terraform のクラウドを使うのか、 S3 を使うのか、などがよく分からなかった
code:sh
$ cdktf init --template=typescript
Welcome to CDK for Terraform!
By default, cdktf allows you to manage the state of your stacks using Terraform Cloud for free.
cdktf will request an API token for app.terraform.io using your browser.
If login is successful, cdktf will store the token in plain text in
the following file for use by subsequent Terraform commands:
/Users/yoshiyuki_sakamoto/.terraform.d/credentials.tfrc.json
Note: The local storage mode isn't recommended for storing the state of your stacks.
? Do you want to continue with Terraform Cloud remote state management? No
? Project Name cdktf-sample-app
? Project Description A simple getting started project for cdktf.
? Do you want to start from a Terraform project? No
No
npm notice created a lockfile as package-lock.json. You should commit this file.
+ constructs@10.1.70
+ cdktf@0.12.0
added 53 packages from 27 contributors and audited 53 packages in 1.624s
5 packages are looking for funding
run npm fund for details
found 0 vulnerabilities
+ ts-node@10.9.1
+ @types/node@18.6.4
+ ts-jest@28.0.7
+ @types/jest@28.1.6
+ jest@28.1.3
+ typescript@4.7.4
added 300 packages from 263 contributors and audited 353 packages in 20.376s
35 packages are looking for funding
run npm fund for details
found 0 vulnerabilities
========================================================================================================
Your cdktf typescript project is ready!
cat help Print this message
Compile:
npm run get Import/update Terraform providers and modules (you should check-in this directory)
npm run compile Compile typescript code to javascript (or "npm run watch")
npm run watch Watch for changes and compile typescript in the background
npm run build Compile typescript
Synthesize:
cdktf synth stack Synthesize Terraform resources from stacks to cdktf.out/ (ready for 'terraform apply') Diff:
cdktf diff stack Perform a diff (terraform plan) for the given stack Deploy:
cdktf deploy stack Deploy the given stack Destroy:
cdktf destroy stack Destroy the stack Test:
npm run test Runs unit tests (edit __tests__/main-test.ts to add your own tests)
npm run test:watch Watches the tests and reruns them on change
Upgrades:
npm run upgrade Upgrade cdktf modules to latest version
npm run upgrade:next Upgrade cdktf modules to latest "@next" version (last commit)
Use Providers:
You can add prebuilt providers (if available) or locally generated ones using the add command:
cdktf provider add "aws@~>3.0" null kreuzwerker/docker
You can also install these providers directly through npm:
npm install @cdktf/provider-aws
npm install @cdktf/provider-google
npm install @cdktf/provider-azurerm
npm install @cdktf/provider-docker
npm install @cdktf/provider-github
npm install @cdktf/provider-null
========================================================================================================
aws で作るので provider-aws もインストールしておく
code:sh
npm install @cdktf/provider-aws
main.ts が本体
S3 バケットを作成してみる
code:ts
import { Construct } from "constructs";
import { App, TerraformStack } from "cdktf";
import { AwsProvider } from "@cdktf/provider-aws";
import { S3Bucket } from "@cdktf/provider-aws/lib/s3";
class MyStack extends TerraformStack {
constructor(scope: Construct, name: string) {
super(scope, name);
new AwsProvider(this, 'aws', {
region: 'ap-northeast-1',
})
new S3Bucket(this, 'cdftf-test')
}
}
const app = new App();
new MyStack(app, "cdktf-sample-app");
app.synth();
cdktf deply コマンドを叩く
差分が出てきて、Approve するかどうかを選べる
code:sh
$ cdktf deploy
cdktf-sample-app Initializing the backend...
cdktf-sample-app Initializing provider plugins...
cdktf-sample-app - Reusing previous version of hashicorp/aws from the dependency lock file
cdktf-sample-app - Using previously-installed hashicorp/aws v4.24.0
cdktf-sample-app Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
cdktf-sample-app Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
cdktf-sample-app # aws_s3_bucket.cdftf-test (cdftf-test) will be created
+ resource "aws_s3_bucket" "cdftf-test" {
+ acceleration_status = (known after apply)
+ acl = (known after apply)
+ arn = (known after apply)
+ bucket = (known after apply)
+ bucket_domain_name = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ object_lock_enabled = (known after apply)
+ policy = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags_all = (known after apply)
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ cors_rule {
+ allowed_headers = (known after apply)
+ allowed_methods = (known after apply)
+ allowed_origins = (known after apply)
+ expose_headers = (known after apply)
+ max_age_seconds = (known after apply)
}
+ grant {
+ id = (known after apply)
+ permissions = (known after apply)
+ type = (known after apply)
+ uri = (known after apply)
}
+ lifecycle_rule {
+ abort_incomplete_multipart_upload_days = (known after apply)
+ enabled = (known after apply)
+ id = (known after apply)
+ prefix = (known after apply)
+ tags = (known after apply)
+ expiration {
+ date = (known after apply)
+ days = (known after apply)
+ expired_object_delete_marker = (known after apply)
}
+ noncurrent_version_expiration {
+ days = (known after apply)
}
+ noncurrent_version_transition {
+ days = (known after apply)
+ storage_class = (known after apply)
}
+ transition {
+ date = (known after apply)
+ days = (known after apply)
+ storage_class = (known after apply)
}
}
+ logging {
+ target_bucket = (known after apply)
+ target_prefix = (known after apply)
}
+ object_lock_configuration {
+ object_lock_enabled = (known after apply)
+ rule {
+ default_retention {
+ days = (known after apply)
+ mode = (known after apply)
+ years = (known after apply)
}
}
}
+ replication_configuration {
+ role = (known after apply)
+ rules {
+ delete_marker_replication_status = (known after apply)
+ id = (known after apply)
+ prefix = (known after apply)
+ priority = (known after apply)
+ status = (known after apply)
+ destination {
+ account_id = (known after apply)
+ bucket = (known after apply)
+ replica_kms_key_id = (known after apply)
+ storage_class = (known after apply)
+ access_control_translation {
+ owner = (known after apply)
}
+ metrics {
+ minutes = (known after apply)
+ status = (known after apply)
}
+ replication_time {
+ minutes = (known after apply)
+ status = (known after apply)
}
}
+ filter {
+ prefix = (known after apply)
+ tags = (known after apply)
}
+ source_selection_criteria {
+ sse_kms_encrypted_objects {
+ enabled = (known after apply)
}
}
}
}
+ server_side_encryption_configuration {
+ rule {
+ bucket_key_enabled = (known after apply)
+ apply_server_side_encryption_by_default {
+ kms_master_key_id = (known after apply)
+ sse_algorithm = (known after apply)
}
}
}
+ versioning {
+ enabled = (known after apply)
+ mfa_delete = (known after apply)
}
+ website {
+ error_document = (known after apply)
+ index_document = (known after apply)
+ redirect_all_requests_to = (known after apply)
+ routing_rules = (known after apply)
}
}
cdktf-sample-app Plan: 1 to add, 0 to change, 0 to destroy.
─────────────────────────────────────────────────────────────────────────────
Saved the plan to: plan
To perform exactly these actions, run the following command to apply:
terraform apply "plan"
Please review the diff output above for cdktf-sample-app
❯ Approve Applies the changes outlined in the plan.
Dismiss
Stop
Approve すると
code:sh
cdktf-sample-app aws_s3_bucket.cdftf-test (cdftf-test): Creating...
cdktf-sample-app
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
No outputs found.
コード差分