docker-compose를 통해Terraform의 AWS 구축 환경 만들기 [AWS CLI2 지원]

전제 조건

https://qiita.com/reflet/items/de57ae767c8f368372ba
아마도 이쪽 사이트를 참고한 것 같은데, 파이톤의 포장 관리자 pip가 AWS CLI2를 지원하지 않아서 대응 전략으로 제작되었습니다.
https://qiita.com/Tocyuki/items/0cb655e6357d9bf0c40f
또 우리처럼 메이크파일을 활용하면 간단하게 실행할 수 있다.

창고.

https://github.com/Kai180621/docker-terraform-aws
마지막으로 만든 창고는 여기 있습니다.가능하다면 자유롭게 이용하세요.

해설

트레이에 aws cli와 terraform cli를 설치합니다.

구성도

├── docker
│   ├── .aws
│   │   ├── config.default
│   │	└── credentials.default
│   ├── init.sh
│   └── Dockerfile
├── terraform
├── .env（ローカルで作成してください）
├── docker-compose.yml
└── Makefile

각종 문건

Dockerfile

FROM ubuntu:20.04

# install command.
RUN apt-get update && apt-get install -y less vim unzip curl

# install awscli
RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.0.30.zip" -o "awscliv2.zip" && \
    unzip awscliv2.zip && \
    ./aws/install && \
    bash -c 'echo complete -C '/usr/bin/aws_completer' aws  >> $HOME/.bashrc'

ENV PS1="awscliv2> "

# install terraform.
# https://azukipochette.hatenablog.com/entry/2018/06/24/004354
RUN curl "https://releases.hashicorp.com/terraform/0.15.0/terraform_0.15.0_linux_amd64.zip" -o "terraform.zip" && \
    unzip ./terraform.zip -d /usr/local/bin/

# create workspace.
COPY ./terraform /infra/terraform

# initialize command.
ARG AWS_ACCESS_KEY_ID
ARG AWS_SECRET_ACCESS_KEY
COPY ./docker/.aws /infra/.aws
COPY ./docker/init.sh /infra/init.sh
RUN chmod +x /infra/init.sh && /infra/init.sh

init.sh

#!/bin/bash

source /root/.bashrc

if [[ ! -e /infra/.aws/config ]]; then
    mv /infra/.aws/config.default /infra/.aws/config
fi

if [[ ! -e /infra/.aws/credentials ]]; then
    mv /infra/.aws/credentials.default /infra/.aws/credentials
    sed -i "s/<access-key>/${AWS_ACCESS_KEY_ID}/g" /infra/.aws/credentials
    sed -i "s/<secret-key>/${AWS_SECRET_ACCESS_KEY}/g" /infra/.aws/credentials
fi

.aws/config.default

[default]
region = ap-northeast-1
output = json

.aws/credentials.default

[default]
aws_access_key_id = <access-key>
aws_secret_access_key = <secret-key>

docker-compose.yml

version: "3"

x-dev-base: &dev-base
  build:
    context: .
    dockerfile: ./docker/Dockerfile
  environment: 
    - AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-hogehoge}
    - AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY:-hogehoge}
  volumes: 
    - ./terraform:/infra/terraform

services:
  stg:
    << : *dev-base
    working_dir: /infra/env/stg
  
  prod:
    << : *dev-base
    working_dir: /infra/env/prod

Makefile

.PHONY: up build remake stop down restart rmi-local destroy \
				destroy-volumes ps \
				stg-init stg-plan stg-apply stg-destroy \
				prod-init prod-plan prod-apply prod-destroy check

up:
	docker-compose up -d
build:
	docker-compose build --no-cache --force-rm
remake:
	@make destroy
	@make init
stop:
	docker-compose stop
down:
	docker-compose down --remove-orphans
restart:
	@make down
	@make up
rmi-local:
	docker-compose down --rmi local --remove-orphans
destroy:
	docker-compose down --rmi all --volumes --remove-orphans
destroy-volumes:
	docker-compose down --volumes --remove-orphans
ps:
	docker-compose ps

stg-init:
	@docker-compose run --rm stg terraform init

stg-plan:
	@docker-compose run --rm stg terraform plan

stg-apply:
	@docker-compose run --rm stg terraform apply

stg-destroy:
	@docker-compose run --rm stg terraform destroy

prod-init:
	@docker-compose run --rm prod terraform init

prod-plan:
	@docker-compose run --rm prod terraform plan

prod-apply:
	@docker-compose run --rm prod terraform apply

prod-destroy:
	@docker-compose run --rm prod terraform destroy

덤

stg/prod의 환경을 모듈로 분리하는 것으로 구성되어 있습니다.이것에 관해서는 이쪽을 참고하세요.
https://qiita.com/reireias/items/253529c889cafb3fa4c7