Back to Details

terraform

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Terraform

Terraform

Terraform is the world's most popular Infrastructure as Code (IaC) tool. It uses HCL to provision resources on any cloud. 2025 introduces Terraform Stacks for easier component management.
Terraform是全球最受欢迎的基础设施即代码(IaC)工具。它使用HCL语言在任意云平台上部署资源。2025年推出了Terraform Stacks功能,可更便捷地管理组件。

When to Use

适用场景

  • Provisioning: Creating VPCs, Databases, K8s Clusters.
  • Multi-Cloud: Learn one syntax (HCL), use it for AWS, Azure, GCP, Datadog, etc.
  • State Management: It tracks resource state, allowing "Plan" (preview) and "Apply".
  • 资源编排:创建VPC、数据库、K8s集群等资源。
  • 多云环境:只需掌握一种语法(HCL),即可用于AWS、Azure、GCP、Datadog等平台。
  • 状态管理:跟踪资源状态,支持“Plan(预览)”和“Apply(部署)”操作。

Quick Start

快速开始

hcl
undefined
hcl
undefined

main.tf

main.tf

provider "aws" { region = "us-west-2" }
resource "aws_s3_bucket" "b" { bucket = "my-tf-test-bucket" tags = { Name = "My bucket" } }
undefined
provider "aws" { region = "us-west-2" }
resource "aws_s3_bucket" "b" { bucket = "my-tf-test-bucket" tags = { Name = "My bucket" } }
undefined

Core Concepts

核心概念

Providers

Providers

Plugins that talk to APIs (AWS, Azure, Kubernetes).
与各类API(AWS、Azure、Kubernetes等)交互的插件。

State

State

terraform.tfstate
. The source of truth mapping your code to real-world resource IDs. Must be stored remotely (S3 + DynamoDB Locking) in teams.
terraform.tfstate
:是映射代码与实际资源ID的可信数据源。在团队协作场景下,必须存储在远程位置(如S3 + DynamoDB锁)。

Stacks (2025)

Stacks(2025新功能)

A new layer above Modules. Allows defined dependencies between deployments (e.g., Deploy VPC, then Deploy K8s using VPC ID output).
位于Modules之上的新层级,可定义部署之间的依赖关系(例如:先部署VPC,使用VPC ID输出部署K8s)。

Best Practices (2025)

2025最佳实践

Do:
  • Use Remote State: S3 backend or Terraform Cloud. Never local state.
  • Use Modules: DRY. Write a "Company Standard Bucket" module and reuse it.
  • Use 
    tfsec
    / 
    trivy
    : Scan HCL for misconfigurations (open security groups) before deploy.
Don't:
  • Don't hardcode secrets: Use 
    variable "db_password" {}
    and pass it via 
    TF_VAR_
    or a secret manager.
建议
  • 使用远程状态存储:采用S3后端或Terraform Cloud,切勿使用本地状态。
  • 使用Modules:遵循DRY原则,编写“企业标准存储桶”模块并复用。
  • 使用
    tfsec
    / 
    trivy
    :部署前扫描HCL代码,检查配置错误(如开放的安全组)。
禁止
  • 不要硬编码密钥:使用
    variable "db_password" {}
    定义变量,并通过
    TF_VAR_
    环境变量或密钥管理器传入。

References

参考资料