# terraform-instance

Part of **TERRAFORM**

<!-- intent-backlink:auto -->

> 💡 **Path Selection**: This skill is one implementation path for the following routing skills. If you're unsure which path to take, check the corresponding routing skill:

> - [Automate Terraform execution via CI/CD pipelines](../../intent/terraform-automate-cd/SKILL.md)
> - [Bring existing cloud resources under Terraform management](../../intent/terraform-import-resources/SKILL.md)
> - [Provision cloud infrastructure (compute, network, storage)](../../intent/terraform-provision-infrastructure/SKILL.md)

# Terraform Instance Management Console Guide

## Operations Overview

| Operation | Console Entry Path | Prerequisites | Description |
|----------|-------------------|--------------|------------|
| Automate Application Deployment | Console > Infrastructure > Automated Deployment | Terraform CLI installed, Alibaba Cloud account with permissions, basic IaC knowledge | Deploy applications automatically using Terraform configurations through a guided UI workflow |
| Deploy Web Cluster | Console > ECS > Instances > Create Instance | Terraform installed locally, Aliyun account with permissions, access key ID/secret | Set up a scalable web server cluster with VPC, SLB, Auto Scaling, and ECS instances serving a Hello World page |
| Configure Remote State Backend | Terraform > Configuration > Backend Settings | Terraform v0.12.2+, Alibaba Cloud account with OSS/Tablestore access | Set up Alibaba Cloud OSS as a remote backend for Terraform state storage with locking via Tablestore |
| Import Existing Resources | Console > Terraform > Manage Existing Resources | Terraform runtime environment, read-only permissions for resources, resource IDs | Bring existing cloud resources under Terraform management using import commands or blocks |
| Create Instance from Template | API Tools > Terraform Explorer | Alibaba Cloud account with appropriate permissions | Use Terraform Explorer to debug and create instances from templates via form-based configuration |
| Create Alibaba Cloud Resources | Alibaba Cloud Management Console > Dashboard > Product and Service | Linux system with CLI access, Terraform installed, RAM user credentials | Provision Alibaba Cloud infrastructure using Terraform on Linux through terminal commands |
| Create OSS Bucket via GitLab Pipeline | Console > Cloud Management Platform > Resource Application > Apply for Resources | Delivered cloud account, Terraform templates in GitLab, CMP-GitLab integration | Automate OSS bucket creation using CMP and GitLab CI/CD with Terraform-based deployments |
| Manage Infrastructure Lifecycle | Console > Infrastructure Automation > Terraform Examples | Terraform installed, AccessKey pair, Alibaba Cloud account | Handle full lifecycle operations for infrastructure using real-world code examples |
| Create New Account with Baseline Configuration | Console > Cloud Governance Center > Account Factory | Enterprise-verified account, blank management account, Resource Directory access | Efficiently provision secure and compliant cloud accounts with Terraform automation |
| Create Distributed Cluster with File Deployment | Console > Terraform > Create Distributed Cluster | Cloud Shell access, basic Terraform knowledge, valid Alibaba Cloud account | Deploy a distributed computing cluster in master/slave mode and distribute files using Terraform |
| Deploy OpenShift Cluster | Cloud Shell > Run Terraform commands | Cloud Shell access, AccessKey pair, local public key in ~/.ssh/id_rsa.pub | Set up an OpenShift container platform on cloud infrastructure using Terraform |
| Deploy Application | Console > Infrastructure > Deployments > Create Deployment | Terraform CLI installed, cloud environment access, valid .tf configuration files | General application deployment workflow using Terraform through the console UI |
| Create VPC | API Tools > Terraform Explorer | Alibaba Cloud account, permission to create/manage cloud resources | Provision a Virtual Private Cloud network using Terraform Explorer's web interface |
| Create Instance | Console > Terraform > Infrastructure > Create Instance | Terraform CLI installed, cloud account with permissions, online debugging access | Launch cloud compute instances using Terraform in the cloud environment |
| Create ECS Instance and Deploy Flask App | Console > ECS > Instances | RAM user with ECS/VPC permissions, Alibaba Cloud Shell launched | End-to-end example of provisioning an ECS instance and deploying a Flask application |

## Step-by-Step Instructions

### Automate Application Deployment

**Navigation**: Console > Infrastructure > Automated Deployment

**Prerequisites**:
- Terraform CLI installed on your machine
- Access to Alibaba Cloud account with appropriate permissions
- Basic understanding of IaC concepts

1. Navigate to the Infrastructure section in the console
   - Element: **Infrastructure** (menu) — left navigation panel

2. Click on 'Automated Deployment' from the submenu
   - Element: **Automated Deployment** (link) — main content area

3. Click the 'Create Deployment' button to start a new deployment workflow
   - Element: **Create Deployment** (button) — top-right corner
   - Notes: A modal window will appear with configuration options.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Deployment Name | text_input | Yes | — | Enter a unique name for this deployment task. |
| Region | dropdown | Yes | China (Beijing), China (Shanghai), International (Singapore), International (Virginia) | Select the region where the infrastructure will be deployed. |
| Terraform Version | dropdown | Yes | 0.15.x, 1.0.x, 1.2.x, 1.4.x | Choose the version of Terraform to use for this deployment. |
| Enable Auto-Approval | toggle | No | — | If enabled, the deployment will proceed without manual approval. |

### Deploy Web Cluster

**Navigation**: Console > ECS > Instances > Create Instance

**Prerequisites**:
- Terraform installed on the local machine
- Aliyun account with appropriate permissions
- Access key ID and secret for authentication

1. Create a VPC and a VSwitch
   - Element: **Create VPC** (button) — main content area

2. Run the terraform apply command to create a VPC and a VSwitch
   - Element: **terraform apply** (text_input) — terminal

3. Run the terraform show command to view the created VPC and VSwitch
   - Element: **terraform show** (text_input) — terminal

4. Create a security group and apply it to the VPC
   - Element: **Create Security Group** (button) — main content area

5. Run the terraform apply command to create a security group
   - Element: **terraform apply** (text_input) — terminal

6. Run the terraform show command to view the created security group
   - Element: **terraform show** (text_input) — terminal

7. Create a Server Load Balancer (SLB) instance and assign a public IP address
   - Element: **Create SLB Instance** (button) — main content area

8. Run the terraform apply command to create an SLB instance
   - Element: **terraform apply** (text_input) — terminal

9. Run the terraform show command to view the created SLB instance
   - Element: **terraform show** (text_input) — terminal

10. Create Auto Scaling resources including scaling group, configuration, and rule
    - Element: **Create Scaling Group** (button) — main content area

11. Run the terraform apply command to create resources
    - Element: **terraform apply** (text_input) — terminal

12. Run the curl command to verify the results
    - Element: **curl http://<slb public ip>** (text_input) — terminal
    - Notes: Replace <slb public ip> with the actual public IP from output

13. Run the terraform destroy command to delete the test environment
    - Element: **terraform destroy** (text_input) — terminal
    - Notes: Confirm deletion when prompted

### Configure Remote State Backend

**Navigation**: Terraform > Configuration > Backend Settings

**Prerequisites**:
- Terraform v0.12.2 or later installed
- Alibaba Cloud account with OSS and Tablestore access
- Permissions to create and manage OSS buckets and Tablestore instances

1. Navigate to the Terraform configuration directory
   - Element: **Configuration Directory** (text_input) — main content area
   - Notes: Ensure you are in the correct working directory where your Terraform configuration files are located.

2. Create a new configuration file named terraform.tf
   - Element: **New File** (button) — top-right corner
   - Notes: Use a text editor to create the file if no GUI is available.

3. Add the backend configuration block for OSS
   - Element: **backend "oss" { ... }** (text_input) — main content area
   - Notes: Copy the example configuration from the documentation into the file.

4. Run the terraform init command
   - Element: **terraform init** (text_input) — terminal/command line
   - Notes: This command initializes the backend and synchronizes local state with remote storage.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| profile | text | No | — | The name of the profile to use for authentication. If not specified, uses the default profile. |
| bucket | text | Yes | — | The name of the OSS bucket where the state file will be stored. |
| key | text | Yes | — | The path within the bucket where the state file is stored. |
| tablestore_endpoint | text | Yes | — | The endpoint URL for the Tablestore instance used for state locking. |
| tablestore_table | text | Yes | — | The name of the Tablestore table used to store lock data. |
| acl | dropdown | No | private, public-read, public-read-write | Access control list for the state file in OSS. |
| encrypt | checkbox | No | true, false | Whether to encrypt the state file stored in OSS. |

### Import Existing Resources

**Navigation**: Console > Terraform > Manage Existing Resources

**Prerequisites**:
- Prepare a Terraform runtime environment (Cloud Shell or custom developer environment)
- Grant read-only permissions for relevant resources to the active account
- Ensure Terraform version is v1.5.0 or later for import block feature
- Install Terraform and terraform-provider-alicloud for Terraformer tools

1. Create a working directory and create a configuration file named main.tf
   - Element: **main.tf** (text_input) — main content area

2. Run the terraform init command to initialize the runtime environment
   - Element: **terraform init** (text_input) — terminal/command line

3. Run the terraform import command with the resource address and ID
   - Element: **terraform import** (text_input) — terminal/command line
   - Notes: Replace 'oss-bucket-import' with your actual bucket name

4. Run terraform show to view all properties of the current resource
   - Element: **terraform show** (text_input) — terminal/command line

5. Add the retrieved properties to your template and remove read-only properties
   - Element: **template editor** (text_input) — main content area
   - Notes: Follow the documentation for removing read-only properties

### Create Instance from Template

**Navigation**: API Tools > Terraform Explorer

**Prerequisites**:
- Access to Alibaba Cloud account with appropriate permissions
- Authorization via RAM policies or access control API

1. Click Start Debugging
   - Element: **Start Debugging** (button) — top-right corner

2. Select a cloud product and resource type
   - Element: **Product** (dropdown) — left navigation panel
   - Notes: Supports fuzzy search by keywords

3. Choose between automatic template generation or example template selection
   - Element: **Automatically generating configuration files** (checkbox) — main content area
   - Notes: If selecting example template, click 'Start Debugging' after selection

4. Fill in parameters through the form on the left
   - Element: **Form fields** (text_input) — left panel
   - Notes: Parameters are dynamically populated based on selected resource type

5. Click Preview to generate execution plan
   - Element: **Preview** (button) — top-right corner
   - Notes: Runs terraform init and terraform plan internally

6. Click Execute to apply changes
   - Element: **Execute** (button) — top-right corner
   - Notes: Runs terraform apply after successful preview

7. Click Destroy Resources to remove created infrastructure
   - Element: **Destroy Resources** (button) — top-right corner
   - Notes: Generates a destruction plan before execution

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Product | dropdown | Yes | ECS, RDS, VPC, SLB, OSS | The cloud product to be configured |
| Resource type | dropdown | Yes | ECS Instance, RDS Instance, VPC, Security Group, Load Balancer | The specific resource type within the selected product |
| Template | text | No | — | Name of the template to use for configuration |
| Version | text | No | — | Minimum supported version of Alibaba Cloud Terraform Provider |

### Create OSS Bucket via GitLab Pipeline

**Navigation**: Console > Cloud Management Platform > Resource Application > Apply for Resources

**Prerequisites**:
- Business team has a delivered cloud account
- Operations team has configured Terraform templates in GitLab
- GitLab repository with proper access controls
- CMP integrated with GitLab API

1. Apply for cloud resources through the Cloud Management Platform
   - Element: **Apply for Resources** (button) — top navigation panel

2. Enter resource details including name, OSS bucket name, reason for application, region, and environment
   - Element: **Resource Name** (text_input) — main content area
   - Notes: Environment options: Daily, Pre-release, Production

3. Submit the resource application ticket
   - Element: **Submit** (button) — bottom of form

4. Wait for management approval; click Pass to approve the ticket
   - Element: **Pass** (button) — resource ticket list
   - Notes: After approval, status changes to 'Change Initiated'

5. Review the merge request in GitLab
   - Element: **Merge Request** (link) — GitLab pipeline page
   - Notes: The CMP automatically creates a change branch and merge request after approval

6. Confirm the Terraform plan log and execute the pipeline
   - Element: **Execute** (button) — CMP interface
   - Notes: After pre-check, status becomes 'Pending Execution'; clicking Execute triggers Terraform apply

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Resource Name | text | Yes | — | Name of the application or resource being created |
| OSS Bucket Name | text | Yes | — | Name of the OSS bucket to be created |
| Reason for Application | text | Yes | — | Purpose of the resource request (e.g., New application being launched) |
| Region | dropdown | Yes | cn-hangzhou, cn-beijing, cn-shanghai | Geographic location for the resource deployment |
| Environment | dropdown | Yes | Daily, Pre-release, Production | Deployment environment for the application |

### Deploy OpenShift Cluster

**Navigation**: Cloud Shell > Run Terraform commands

**Prerequisites**:
- Access to Cloud Shell
- An AccessKey pair generated for the user
- A local public key available in ~/.ssh/id_rsa.pub

1. Log on to Cloud Shell
   - Element: **Cloud Shell** (link) — top navigation bar

2. Generate an AccessKey pair using ssh-keygen
   - Element: **ssh-keygen** (text_input) — Cloud Shell terminal

3. Edit main.tf file using vim
   - Element: **vim main.tf** (text_input) — Cloud Shell terminal
   - Notes: Press 'i' to enter edit mode in vim

4. Add module configuration with region, zone, and public_key parameters
   - Element: **main.tf** (text_input) — Cloud Shell editor
   - Notes: The public_key field must contain the content of ~/.ssh/id_rsa.pub

5. Write OKD installation script in okd.sh
   - Element: **vim okd.sh** (text_input) — Cloud Shell terminal
   - Notes: Press 'i' to enter edit mode in vim

6. Run terraform init command
   - Element: **terraform init** (text_input) — Cloud Shell terminal

7. Run terraform apply command to create infrastructure
   - Element: **terraform apply** (text_input) — Cloud Shell terminal
   - Notes: Confirm with 'yes' when prompted

8. Open browser and navigate to OpenShift console URL
   - Element: **https://x.x.x.x:8443/console** (text_input) — browser address bar
   - Notes: Replace x.x.x.x with the actual IP address from output

9. Enter admin credentials on the login page
   - Element: **admin** (text_input) — Username field

10. Enter password on the login page
    - Element: **123456** (text_input) — Password field

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| region | dropdown | Yes | cn-hangzhou | Specifies the Alibaba Cloud region where the OpenShift cluster will be deployed. |
| availability_zone | dropdown | Yes | cn-hangzhou-i | Specifies the availability zone within the selected region. |
| public_key | text | Yes | — | The public key used for SSH access to the OpenShift nodes. Must be the content of ~/.ssh/id_rsa.pub. |

### Create VPC

**Navigation**: API Tools > Terraform Explorer

**Prerequisites**:
- Access to Alibaba Cloud account
- Permission to create and manage cloud resources

1. Log on to Terraform Explorer and select Products, Resource type, and enter parameters based on resource documentation
   - Element: **Products** (dropdown) — top navigation panel

2. Enter required parameters such as vpc_name, cidr_block, and description
   - Element: **vpc_name** (text_input) — main content area
   - Notes: Example value: tf-test-vpc

3. Click the 'Online Debug' button to start the process
   - Element: **Online Debug** (button) — bottom of form

4. Review input parameters on the Configuration tab and click 'Preview' to view the execution plan
   - Element: **Preview** (button) — Configuration tab

5. Review the Plan details and click 'Apply' to execute the resource creation
   - Element: **Apply** (button) — Plan details tab

6. View the Apply details to confirm successful execution or troubleshoot failures
   - Element: **Apply details** (tab) — top navigation panel
   - Notes: Success message: 'Apply complete! Resources: 1 added, 0 changed, 0 destroyed.'

7. To modify the resource, adjust parameters and click 'Save and continue', then repeat steps 4–6
   - Element: **Save and continue** (button) — top-right corner

8. To destroy the resource, click 'Destroy' on the Apply details tab, then click 'Apply' on the Plan details tab
   - Element: **Destroy** (button) — Apply details tab

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| vpc_name | text | Yes | — | The name of the VPC. |
| cidr_block | text | Yes | — | The private CIDR block of the VPC. |
| description | text | No | — | The description of the VPC. |

### Create Instance

**Navigation**: Console > Terraform > Infrastructure > Create Instance

**Prerequisites**:
- Terraform CLI installed
- Cloud account with appropriate permissions
- Access to the online debugging feature

1. Navigate to the Terraform console
   - Element: **Terraform** (menu) — left navigation panel

2. Click on 'Infrastructure' to view existing resources
   - Element: **Infrastructure** (tab) — main content area

3. Click 'Create Instance' to start provisioning
   - Element: **Create Instance** (button) — top-right corner
   - Notes: Ensure you have selected the correct region before proceeding.

| Parameter | Type | Required | Options/Values | Description |
|-----------|------|----------|----------------|-------------|
| Instance Name | text_input | Yes | — | Enter a unique name for your instance |
| Region | dropdown | Yes | China (Beijing), China (Shanghai), International (US East), International (Europe) | Select the geographic region where the instance will be deployed |
| Instance Type | dropdown | Yes | ecs.g7.large, ecs.g7.xlarge, ecs.g7.2xlarge | Choose the compute capacity for your instance |
| Enable Online Debug | toggle | No | — | Turn on real-time debugging during deployment |

## FAQ

Q: Where can I find the Terraform Explorer tool in the console?
A: You can access Terraform Explorer through API Tools > Terraform Explorer in the Alibaba Cloud console navigation menu.

Q: What happens if I leave required form fields empty when creating a deployment?
A: The console will display validation errors and prevent you from proceeding until all required fields are filled with valid values.

Q: Can I modify Terraform configuration parameters after creating a deployment?
A: Yes, you can modify parameters by editing the configuration in Terraform Explorer or updating your .tf files and reapplying the configuration.

Q: What permissions do I need to import existing resources into Terraform management?
A: You need read-only permissions for the existing resources you want to import, plus permissions to manage Terraform state files and execute Terraform commands.

Q: How do I verify that my web cluster deployment was successful?
A: After deployment completes, you can run the curl command with the SLB public IP address to verify that the Hello World page is accessible.

## Pricing & Billing

### Billing Model
per_instance_hour

### Price Reference

| Tier | Input Price | Other Price |
|------|-------------|-------------|
| standard | 0.05 / | — |
| ecs.n4.large | 0.12 / | SLB: 0.1 /, Bandwidth: 0.8 /GB |
| OSS Storage | 0.12 /GB/ | — |
| Tablestore Operations | 0.0005 / | — |
| OSS Bucket Creation | 0.002 / | — |
| Standard | 0.002 / | — |
| ecs.g7.large | 0.18 / | — |
| Standard | 0.002 /tokens | — |
| standard | 0.001 / | 0.001 / |
| ecs.g7.large | 0.15 / | — |
| ecs.g7.xlarge | 0.30 / | — |
| ecs.g7.2xlarge | 0.60 / | — |
| ecs.n1.tiny | 0.002 / | — |

### Free Tier

- 100 GB OSS 1000 Tablestore 
- Terraform and related tools are free to use
- Free usage of Terraform Explorer with no cost for standard operations
- 100 tokens 

- 10 ecs.g7.large

### Billing Notes

- Auto ScalingSLB
- OSS Tablestore 
- The mirror service is provided free of charge and does not incur additional costs for users.
- Terraform Explorer is provided as a free online tool for debugging. Actual infrastructure costs are incurred only when resources are created via terraform apply.
- Costs are incurred based on actual resource usage after creation; no mention of minimum charges or billing delays

- Billing starts after successful deployment; minimum 1-hour charge applies.
- Deployments are billed based on runtime duration; minimum charge is 1 hour.

- Billing starts after resource creation. Use terraform destroy to avoid charges.