Terraform by HashiCorp

It’s possible to interact with CROC Cloud EC2 API via Terraform version 0.11.x with AWS provider > 1.0

Note

You can find more Terraform examples in official repo terraform-examples

Installation and configuration

Download and unpack Terraform version 0.11.10 executable for target OS and architecture.

Further you need to prepare Terraform configuration file. For Terraform to work correctly with CROC Cloud API you should use next parameters:

  • provider block:

    variable "access_key" {}
    variable "secret_key" {}
    
    variable "region" {
      default = "croc"
    }
    
    provider "aws" {
      endpoints {
        ec2 = "https://api.cloud.croc.ru"
      }
    
      # NOTE: STS API is not implemented, skip validation
      skip_credentials_validation = true
    
      # NOTE: IAM API is not implemented, skip validation
      skip_requesting_account_id = true
    
      # NOTE: Region has different name, skip validation
      skip_region_validation = true
    
      access_key = "${var.access_key}"
      secret_key = "${var.secret_key}"
      region     = "${var.region}"
    }
    

Working with cloud resources

  • Create instance from specified template:

    To create instance it is necessary to set template ID, instance type and network (subnet_id or security_group). CROC Cloud instances are being created with enabled monitoring by default. Disabling monitoring is not available. For Terraform to omit action modifyInstanceAttribute monitoring “true” -> “false” in the plan you need to explicitly specify monitoring = true. CROC Cloud API also doesn’t support instance attribute sourceDestCheck, it’s recommended to set it to false.

    resource "aws_instance" "web1" {
      ami               = "cmi-012345678"
      instance_type     = "m1.medium"
      subnet_id         = "subnet-012345678"
      monitoring        = true
      source_dest_check = false
    }
    
    resource "aws_instance" "backend1" {
      ami               = "cmi-012345678"
      instance_type     = "m1.large"
      subnet_id         = "subnet-012345678"
      monitoring        = true
      source_dest_check = false
    }
    
  • Create volume:

    availability_zone and either size (in Gb) or snapshot_id are required.

    resource "aws_ebs_volume" "web1_volume1" {
      availability_zone = "ru-msk-comp1p"
      size              = 1
      type              = "standard"
    }
    
    resource "aws_ebs_volume" "backend1_volume1" {
      availability_zone = "ru-msk-comp1p"
      size              = 10
      type              = "io1"
      iops              = 400
    }
    
  • Create snapshot of instance:

    name and source_instance_id are required. Instance must be stopped.

    resource "aws_ami_from_instance" "web1snap1" {
      name               = "test_name"
      source_instance_id = "i-01234567"
      description        = "snap description"
    }
    
  • Add SSH key:

    public_key is required.

    resource "aws_key_pair" "key-for-deploy" {
      key_name   = "deployer"
      public_key = "ssh-rsa ......"
    }
    
  • Placement groups:

    Only “distribute” strategy is available.

    resource "aws_placement_group" "web" {
      name     = "web-servers"
      strategy = "distribute"
    }
    
  • Create subnet and instance in default VPC:

    data "aws_vpc" "default_vpc" {
      default = true
    }
    
    resource "aws_subnet" "subnet1" {
      vpc_id     = "${data.aws_vpc.default_vpc.id}"
      cidr_block = "172.31.0.0/20"
    }
    
    resource "aws_instance" "instance1" {
      ami               = "cmi-D7368411"
      instance_type     = "m1.2small"
      subnet_id         = "${aws_subnet.subnet1.id}"
      depends_on        = ["aws_subnet.subnet1"]
      monitoring        = true
      source_dest_check = false
    }