47 lines
2.1 KiB
Markdown
47 lines
2.1 KiB
Markdown
---
|
||
title: "Terraform-IaC"
|
||
type: concept
|
||
tags: [IaC, Terraform, AWS, Automation]
|
||
sources: [ctp-topic-7-saas-landing-zone-design]
|
||
last_updated: 2026-05-06
|
||
---
|
||
|
||
## Terraform-IaC
|
||
|
||
使用 HashiCorp Terraform 实现基础设施即代码(Infrastructure as Code)的实践方法论。
|
||
|
||
## Definition
|
||
|
||
Terraform-IaC 是 SAS Landing Zone 自动化部署的核心支柱:
|
||
- **核心原则**:所有 AWS 资源通过 Terraform 代码声明,无需手动 Console 操作
|
||
- **工作方式**:声明式配置 → `terraform plan`(预览)→ `terraform apply`(执行)
|
||
- **状态管理**:Terraform State 记录资源的当前状态,与实际环境保持同步
|
||
- **GitOps 集成**:代码存储在 GitHub,通过 Git Hook 触发 CI/CD 流水线
|
||
|
||
## Role in SAS Landing Zone
|
||
|
||
在 [[ctp-topic-7-saas-landing-zone-design]] 定义的自动化部署链路中:
|
||
- **每个账户独立仓库**:Core/Baseline/Shared Services/Product 每个账户拥有独立 GitHub 仓库管理 Terraform 代码
|
||
- **TerraGrunt 封装**:使用 TerraGrunt 简化跨账户 Terraform 配置
|
||
- **部署链路**:GitHub 代码变更 → GitHub Hook → Jenkins → Management VPC → Lambda → ECS Cluster → Terraform apply
|
||
- **Staging 测试**:所有变更先在 Staging 环境测试,通过后才部署生产
|
||
|
||
## Key Properties
|
||
- **Type**: Infrastructure as Code Practice
|
||
- **Tool**: Terraform + TerraGrunt
|
||
- **Version Control**: GitHub repositories (one per account)
|
||
- **CI/CD Integration**: Jenkins + GitHub webhooks
|
||
- **In SAS LZ**: 端到端自动化部署的核心
|
||
|
||
## Related Concepts
|
||
- [[Infrastructure-as-Code]] — IaC 通用方法论
|
||
- [[Terraform-Modules]] — 可复用 Terraform 模块
|
||
- [[GitOps]] — Git 作为 IaC 的事实来源
|
||
- [[TerraGrant]] — TerraGrunt(Terraform 封装工具)
|
||
|
||
## Connections
|
||
- [[ctp-topic-7-saas-landing-zone-design]] — SAS LZ IaC 部署方法
|
||
- [[ctp-topic-1-gruntwork-landing-zone-architecture]] — Gruntwork 模块化的 Terraform 架构
|
||
- [[ctp-topic-16-cross-account-terraform-modules]] — 跨账户 Terraform 模块中心化部署
|
||
- [[ctp-topic-48-terraform-vs-terragrunt]] — Terraform vs TerraGrunt 深度对比
|