Automated ECS Creation with Terraform

Quickly Create an Alibaba Cloud ECS Instance

Specify Terraform Version

Here, we specify the Alibaba Cloud provider version and set the required Terraform version.

# mkdir aliyun-ecs-one && cd aliyun-ecs-one
# touch versions.tf
# vim versions.tf
terraform {
  required_providers {
    alicloud = {
      source  = "aliyun/alicloud"
      version = "1.115.1"
    }
  }

  required_version = ">= 0.12"
}

Configure Variables

Here we define key pairs, cloud region, ECS account, and image information.

# vim variables.tf
# Alibaba Cloud sub-account access_key
variable "alicloud_access_key" {
  default     = "LTAI4GBXXXXXXXXXXXXXXXXXXXXXX"
  description = "The Alicloud Access Key ID to launch resources. Support environment variable 'ALICLOUD_ACCESS_KEY'."
}

# Alibaba Cloud sub-account secret_key
variable "alicloud_secret_key" {
  default     = "4Z4gbl3dXXXXXXXXXXXXXXXXXXXXX"
  description = "The Alicloud Access Secret Key to launch resources. Support environment variable 'ALICLOUD_SECRET_KEY'."
}

# Alibaba Cloud region (Hangzhou in this case)
variable "region" {
  default     = "cn-hangzhou"
  description = "The Alicloud region for resources. Support environment variable 'REGION'."
}

# Available zone in Hangzhou region
variable "availability_zone" {
  description = "The available zone to launch ECS instance and other resources."
  default     = "cn-hangzhou-i"
}

# Image ID
variable "image_id" {
  default = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
}

# ECS instance type
variable "ecs_type" {
  default = "ecs.s6-c1m2.small"
}

# ECS instance password
variable "ecs_password" {
  default = "Test12345"
}

# Disk category (cloud efficiency disk here)
variable "disk_category" {
  default = "cloud_efficiency"
}

# Disk size
variable "disk_size" {
  default = "40"
}

# Internet charge type (default: PayByTraffic)
variable "internet_charge_type" {
  default = "PayByTraffic"
}

# Maximum outbound bandwidth on public network (default > 0 will automatically assign a dedicated public IP from v1.7 onwards)
variable "internet_max_bandwidth_out" {
  default = 5
}

Configure Instance Resources

Since this is for testing, we need to create VPC, VSwitch, Security Group, and Security Group Rules beforehand.

# vim main.tf
provider "alicloud" {
  region     = var.region
  access_key = var.alicloud_access_key
  secret_key = var.alicloud_secret_key
}

resource "alicloud_vpc" "vpc" {
  name       = "tf_test_foo"
  cidr_block = "10.100.0.0/16"
}

resource "alicloud_vswitch" "vsw" {
  vpc_id            = alicloud_vpc.vpc.id
  cidr_block        = "10.100.0.0/24"
  availability_zone = var.availability_zone
}

resource "alicloud_security_group" "default" {
  name   = "default"
  vpc_id = alicloud_vpc.vpc.id
}

resource "alicloud_security_group_rule" "allow_all_tcp" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = "1/65535"
  priority          = 1
  security_group_id = alicloud_security_group.default.id
  cidr_ip           = "0.0.0.0/0"
}

resource "alicloud_instance" "wanzi_test" {
  availability_zone = var.availability_zone
  security_groups   = alicloud_security_group.default.*.id

  instance_type        = var.ecs_type
  system_disk_category = var.disk_category
  image_id             = var.image_id
  instance_name        = "wanzi_tf001"
  vswitch_id           = alicloud_vswitch.vsw.id
  password             = var.ecs_password
}

Run plan to simulate the execution:

# terraform plan

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_instance.wanzi_test will be created
  + resource "alicloud_instance" "wanzi_test" {
      + availability_zone             = "cn-hangzhou-i"
      + credit_specification          = (known after apply)
      + deletion_protection           = false
      + dry_run                       = false
      + host_name                     = (known after apply)
      + id                            = (known after apply)
      + image_id                      = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
      + instance_charge_type          = "PostPaid"
      + instance_name                 = "wanzi_tf001"
      + instance_type                 = "ecs.s6-c1m2.small"
      + internet_max_bandwidth_in     = (known after apply)
      + internet_max_bandwidth_out    = 0
      + key_name                      = (known after apply)
      + password                      = (sensitive value)
      + private_ip                    = (known after apply)
      + public_ip                     = (known after apply)
      + role_name                     = (known after apply)
      + security_groups               = (known after apply)
      + spot_strategy                 = "NoSpot"
      + status                        = "Running"
      + subnet_id                     = (known after apply)
      + system_disk_category          = "cloud_efficiency"
      + system_disk_performance_level = (known after apply)
      + system_disk_size              = 40
      + volume_tags                   = (known after apply)
      + vswitch_id                    = (known after apply)
    }

Create the cloud instance — this process calls Alibaba Cloud APIs and generates a local Terraform state file:

# terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # alicloud_instance.wanzi_test will be created
  + resource "alicloud_instance" "wanzi_test" {
      + availability_zone             = "cn-hangzhou-i"
      + credit_specification          = (known after apply)
      + deletion_protection           = false
      + dry_run                       = false
      + host_name                     = (known after apply)
      + id                            = (known after apply)
      + image_id                      = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
      + instance_charge_type          = "PostPaid"
      + instance_name                 = "wanzi_tf001"
      + instance_type                 = "ecs.s6-c1m2.small"
      + internet_max_bandwidth_in     = (known after apply)
      + internet_max_bandwidth_out    = 0
      + key_name                      = (known after apply)
      + password                      = (sensitive value)
      + private_ip                    = (known after apply)
      + public_ip                     = (known after apply)
      + role_name                     = (known after apply)
      + security_groups               = (known after apply)
      + spot_strategy                 = "NoSpot"
      + status                        = "Running"
      + subnet_id                     = (known after apply)
      + system_disk_category          = "cloud_efficiency"
      + system_disk_performance_level = (known after apply)
      + system_disk_size              = 40
      + volume_tags                   = (known after apply)
      + vswitch_id                    = (known after apply)
    }

  # alicloud_security_group.default will be created
  + resource "alicloud_security_group" "default" {
      + id                  = (known after apply)
      + inner_access        = (known after apply)
      + inner_access_policy = (known after apply)
      + name                = "default"
      + security_group_type = "normal"
      + vpc_id              = (known after apply)
    }
......
......
Plan: 5 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_vpc.vpc: Creating...
alicloud_vpc.vpc: Creation complete after 9s [id=vpc-bp1kulcyygsi727aay4hd]
alicloud_security_group.default: Creating...
alicloud_vswitch.vsw: Creating...
alicloud_security_group.default: Creation complete after 1s [id=sg-bp11s5pka9pxtj6pn4xq]
alicloud_security_group_rule.allow_all_tcp: Creating...
alicloud_security_group_rule.allow_all_tcp: Creation complete after 1s [id=sg-bp11s5pka9pxtj6pn4xq:ingress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
alicloud_vswitch.vsw: Creation complete after 4s [id=vsw-bp1wgpgz9z8y2lfsl2beo]
alicloud_instance.wanzi_test: Creating...
alicloud_instance.wanzi_test: Still creating... [10s elapsed]
alicloud_instance.wanzi_test: Still creating... [20s elapsed]
alicloud_instance.wanzi_test: Creation complete after 22s [id=i-bp1gt9mb9asadff9r2zr]

Apply complete! Resources: 5 added, 0 changed, 0 destroyed.

After these steps, the resources have been successfully created. A .tfstate file is also generated in the current directory — this file is critical and must not be deleted. You can later use terraform show to view the created resource details.

Batch Create Multiple ECS Instances

Configure Module

Since many excellent modules are available on https://registry.terraform.io, we directly use the alibaba/ecs-instance/alicloud module.

For more information about the official ECS module, see: https://github.com/terraform-alicloud-modules/terraform-alicloud-ecs-instance

The variables.tf and versions.tf files remain as configured in Step 1. In main.tf, add the module configuration for batch creation of ECS instances:

module "tf-instances" {
  source                      = "alibaba/ecs-instance/alicloud"
  region                      = "cn-hangzhou"
  number_of_instances         = "3"
  vswitch_id                  = alicloud_vswitch.vsw.id
  group_ids                   = [alicloud_security_group.default.id]
  private_ips                 = ["10.100.0.10", "10.100.0.11", "10.100.0.12"]
  image_ids                   = ["ubuntu_18_04_64_20G_alibase_20190624.vhd"]
  instance_type               = var.ecs_type
  internet_max_bandwidth_out  = 10
  associate_public_ip_address = true
  instance_name               = "my_module_instances_"
  host_name                   = "wanzi-cluster"
  internet_charge_type        = "PayByTraffic"
  password                    = var.ecs_password
  system_disk_category        = "cloud_ssd"
  data_disks = [
    {
      disk_category = "cloud_ssd"
      disk_name     = "my_module_disk"
      disk_size     = "50"
    }
  ]
}

Note: By default, setting internet_max_bandwidth_out triggers automatic assignment of a dedicated public IP. If you don’t need this, you can omit the setting.

Batch Create Resources

➜ terraform apply
alicloud_vpc.vpc: Refreshing state... [id=vpc-bp1kulcyygsi727aay4hd]
alicloud_vswitch.vsw: Refreshing state... [id=vsw-bp1wgpgz9z8y2lfsl2beo]
alicloud_security_group.default: Refreshing state... [id=sg-bp11s5pka9pxtj6pn4xq]
alicloud_security_group_rule.allow_all_tcp: Refreshing state... [id=sg-bp11s5pka9pxtj6pn4xq:ingress:tcp:1/65535:intranet:0.0.0.0/0:accept:1]
alicloud_instance.wanzi_test: Refreshing state... [id=i-bp1gt9mb9asadff9r2zr]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # module.tf-instances.alicloud_instance.this[0] will be created
  + resource "alicloud_instance" "this" {
      + availability_zone             = (known after apply)
      + credit_specification          = (known after apply)
      + deletion_protection           = false
      + description                   = "An ECS instance came from terraform-alicloud-modules/ecs-instance"
      + dry_run                       = false
      + host_name                     = "wanzi-cluster001"
      + id                            = (known after apply)
      + image_id                      = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
      + instance_charge_type          = "PostPaid"
      + instance_name                 = "my_module_instances_001"
      + instance_type                 = "ecs.s6-c1m2.small"
      + internet_charge_type          = "PayByTraffic"
      + internet_max_bandwidth_in     = (known after apply)
      + internet_max_bandwidth_out    = 10
      + key_name                      = (known after apply)
      + password                      = (sensitive value)
      + private_ip                    = "10.100.0.10"
      + public_ip                     = (known after apply)
      + role_name                     = (known after apply)
      + security_enhancement_strategy = "Active"
      + security_groups               = [
          + "sg-bp11s5pka9pxtj6pn4xq",
        ]
      + spot_strategy                 = "NoSpot"
      + status                        = "Running"
      + subnet_id                     = (known after apply)
      + system_disk_category          = "cloud_ssd"
      + system_disk_performance_level = (known after apply)
      + system_disk_size              = 40
      + tags                          = {
          + "Name" = "my_module_instances_001"
        }
      + volume_tags                   = {
          + "Name" = "my_module_instances_001"
        }
      + vswitch_id                    = "vsw-bp1wgpgz9z8y2lfsl2beo"

      + data_disks {
          + category             = "cloud_efficiency"
          + delete_with_instance = true
          + encrypted            = false
          + name                 = "TF_ECS_Disk"
          + performance_level    = (known after apply)
          + size                 = 40
        }
    }

  # module.tf-instances.alicloud_instance.this[1] will be created
  + resource "alicloud_instance" "this" {
      + availability_zone             = (known after apply)
      + credit_specification          = (known after apply)
      + deletion_protection           = false
      + description                   = "An ECS instance came from terraform-alicloud-modules/ecs-instance"
      + dry_run                       = false
      + host_name                     = "wanzi-cluster002"
      + id                            = (known after apply)
      + image_id                      = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
      + instance_charge_type          = "PostPaid"
      + instance_name                 = "my_module_instances_002"
      + instance_type                 = "ecs.s6-c1m2.small"
      + internet_charge_type          = "PayByTraffic"
      + internet_max_bandwidth_in     = (known after apply)
      + internet_max_bandwidth_out    = 10
      + key_name                      = (known after apply)
      + password                      = (sensitive value)
      + private_ip                    = "10.100.0.11"
      + public_ip                     = (known after apply)
      + role_name                     = (known after apply)
      + security_enhancement_strategy = "Active"
      + security_groups               = [
          + "sg-bp11s5pka9pxtj6pn4xq",
        ]
      + spot_strategy                 = "NoSpot"
      + status                        = "Running"
      + subnet_id                     = (known after apply)
      + system_disk_category          = "cloud_ssd"
      + system_disk_performance_level = (known after apply)
      + system_disk_size              = 40
      + tags                          = {
          + "Name" = "my_module_instances_002"
        }
      + volume_tags                   = {
          + "Name" = "my_module_instances_002"
        }
      + vswitch_id                    = "vsw-bp1wgpgz9z8y2lfsl2beo"

      + data_disks {
          + category             = "cloud_efficiency"
          + delete_with_instance = true
          + encrypted            = false
          + name                 = "TF_ECS_Disk"
          + performance_level    = (known after apply)
          + size                 = 40
        }
    }

  # module.tf-instances.alicloud_instance.this[2] will be created
  + resource "alicloud_instance" "this" {
      + availability_zone             = (known after apply)
      + credit_specification          = (known after apply)
      + deletion_protection           = false
      + description                   = "An ECS instance came from terraform-alicloud-modules/ecs-instance"
      + dry_run                       = false
      + host_name                     = "wanzi-cluster003"
      + id                            = (known after apply)
      + image_id                      = "ubuntu_18_04_64_20G_alibase_20190624.vhd"
      + instance_charge_type          = "PostPaid"
      + instance_name                 = "my_module_instances_003"
      + instance_type                 = "ecs.s6-c1m2.small"
      + internet_charge_type          = "PayByTraffic"
      + internet_max_bandwidth_in     = (known after apply)
      + internet_max_bandwidth_out    = 10
      + key_name                      = (known after apply)
      + password                      = (sensitive value)
      + private_ip                    = "10.100.0.12"
      + public_ip                     = (known after apply)
      + role_name                     = (known after apply)
      + security_enhancement_strategy = "Active"
      + security_groups               = [
          + "sg-bp11s5pka9pxtj6pn4xq",
        ]
      + spot_strategy                 = "NoSpot"
      + status                        = "Running"
      + subnet_id                     = (known after apply)
      + system_disk_category          = "cloud_ssd"
      + system_disk_performance_level = (known after apply)
      + system_disk_size              = 40
      + tags                          = {
          + "Name" = "my_module_instances_003"
        }
      + volume_tags                   = {
          + "Name" = "my_module_instances_003"
        }
      + vswitch_id                    = "vsw-bp1wgpgz9z8y2lfsl2beo"

      + data_disks {
          + category             = "cloud_efficiency"
          + delete_with_instance = true
          + encrypted            = false
          + name                 = "TF_ECS_Disk"
          + performance_level    = (known after apply)
          + size                 = 40
        }
    }

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.tf-instances.alicloud_instance.this[2]: Creating...
module.tf-instances.alicloud_instance.this[1]: Creating...
module.tf-instances.alicloud_instance.this[0]: Creating...
module.tf-instances.alicloud_instance.this[1]: Still creating... [10s elapsed]
module.tf-instances.alicloud_instance.this[2]: Still creating... [10s elapsed]
module.tf-instances.alicloud_instance.this[0]: Still creating... [10s elapsed]
module.tf-instances.alicloud_instance.this[1]: Still creating... [20s elapsed]
module.tf-instances.alicloud_instance.this[0]: Still creating... [20s elapsed]
module.tf-instances.alicloud_instance.this[2]: Still creating... [20s elapsed]
module.tf-instances.alicloud_instance.this[0]: Creation complete after 21s [id=i-bp1hwbo4htk8sbwxtk6o]
module.tf-instances.alicloud_instance.this[1]: Creation complete after 21s [id=i-bp17lh41gywyih0xg6we]
module.tf-instances.alicloud_instance.this[2]: Creation complete after 22s [id=i-bp11zlrl6vxeaerz4ad0]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

The batch creation of multiple ECS instances is now complete. For any future adjustments to deployed ECS resources, simply run write/plan/apply — this process may restart the Alibaba Cloud instances.