Web 应用部署实战 #
项目概述 #
本案例将部署一个完整的 Web 应用架构,包括:
text
┌─────────────────────────────────────────────────────────────┐
│ 架构概览 │
├─────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────┐ │
│ │ ALB │ │
│ └────┬────┘ │
│ │ │
│ ┌────────────┼────────────┐ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌────────┐ ┌────────┐ ┌────────┐ │
│ │ EC2 │ │ EC2 │ │ EC2 │ │
│ │ Web │ │ Web │ │ Web │ │
│ └────────┘ └────────┘ └────────┘ │
│ │ │ │ │
│ └────────────┼────────────┘ │
│ │ │
│ ┌────┴────┐ │
│ │ RDS │ │
│ └─────────┘ │
│ │
└─────────────────────────────────────────────────────────────┘
项目结构 #
text
web-app/
├── main.tf
├── variables.tf
├── outputs.tf
├── providers.tf
├── versions.tf
├── vpc.tf
├── security.tf
├── compute.tf
├── database.tf
├── loadbalancer.tf
└── terraform.tfvars
配置文件 #
versions.tf #
hcl
terraform {
required_version = ">= 1.0.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
random = {
source = "hashicorp/random"
version = "~> 3.0"
}
}
}
providers.tf #
hcl
provider "aws" {
region = var.region
default_tags {
tags = {
Project = var.project_name
Environment = var.environment
ManagedBy = "terraform"
}
}
}
variables.tf #
hcl
variable "region" {
description = "AWS region"
type = string
default = "us-east-1"
}
variable "project_name" {
description = "Project name"
type = string
}
variable "environment" {
description = "Environment name"
type = string
validation {
condition = contains(["dev", "staging", "prod"], var.environment)
error_message = "Environment must be dev, staging, or prod."
}
}
variable "vpc_cidr" {
description = "VPC CIDR block"
type = string
default = "10.0.0.0/16"
}
variable "availability_zones" {
description = "List of availability zones"
type = list(string)
default = ["us-east-1a", "us-east-1b"]
}
variable "instance_type" {
description = "EC2 instance type"
type = string
default = "t2.micro"
}
variable "min_size" {
description = "Minimum number of instances"
type = number
default = 2
}
variable "max_size" {
description = "Maximum number of instances"
type = number
default = 4
}
variable "db_instance_class" {
description = "Database instance class"
type = string
default = "db.t3.micro"
}
variable "db_name" {
description = "Database name"
type = string
default = "webapp"
}
variable "db_username" {
description = "Database username"
type = string
default = "admin"
}
variable "db_password" {
description = "Database password"
type = string
sensitive = true
}
variable "tags" {
description = "Additional tags"
type = map(string)
default = {}
}
vpc.tf #
hcl
data "aws_availability_zones" "available" {
state = "available"
}
locals {
name_prefix = "${var.project_name}-${var.environment}"
azs = coalesce(var.availability_zones, slice(data.aws_availability_zones.available.names, 0, 2))
public_subnet_cidrs = [
cidrsubnet(var.vpc_cidr, 8, 0),
cidrsubnet(var.vpc_cidr, 8, 1)
]
private_subnet_cidrs = [
cidrsubnet(var.vpc_cidr, 8, 10),
cidrsubnet(var.vpc_cidr, 8, 11)
]
}
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
enable_dns_hostnames = true
enable_dns_support = true
tags = {
Name = "${local.name_prefix}-vpc"
}
}
resource "aws_subnet" "public" {
count = length(local.azs)
vpc_id = aws_vpc.main.id
cidr_block = local.public_subnet_cidrs[count.index]
availability_zone = local.azs[count.index]
map_public_ip_on_launch = true
tags = {
Name = "${local.name_prefix}-public-${count.index + 1}"
Tier = "public"
}
}
resource "aws_subnet" "private" {
count = length(local.azs)
vpc_id = aws_vpc.main.id
cidr_block = local.private_subnet_cidrs[count.index]
availability_zone = local.azs[count.index]
tags = {
Name = "${local.name_prefix}-private-${count.index + 1}"
Tier = "private"
}
}
resource "aws_internet_gateway" "main" {
vpc_id = aws_vpc.main.id
tags = {
Name = "${local.name_prefix}-igw"
}
}
resource "aws_eip" "nat" {
count = length(local.azs)
domain = "vpc"
tags = {
Name = "${local.name_prefix}-nat-${count.index + 1}"
}
depends_on = [aws_internet_gateway.main]
}
resource "aws_nat_gateway" "main" {
count = length(local.azs)
allocation_id = aws_eip.nat[count.index].id
subnet_id = aws_subnet.public[count.index].id
tags = {
Name = "${local.name_prefix}-nat-${count.index + 1}"
}
}
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.main.id
}
tags = {
Name = "${local.name_prefix}-public-rt"
}
}
resource "aws_route_table" "private" {
count = length(local.azs)
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.main[count.index].id
}
tags = {
Name = "${local.name_prefix}-private-rt-${count.index + 1}"
}
}
resource "aws_route_table_association" "public" {
count = length(local.azs)
subnet_id = aws_subnet.public[count.index].id
route_table_id = aws_route_table.public.id
}
resource "aws_route_table_association" "private" {
count = length(local.azs)
subnet_id = aws_subnet.private[count.index].id
route_table_id = aws_route_table.private[count.index].id
}
security.tf #
hcl
resource "aws_security_group" "alb" {
name = "${local.name_prefix}-alb-sg"
description = "Security group for ALB"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${local.name_prefix}-alb-sg"
}
}
resource "aws_security_group" "web" {
name = "${local.name_prefix}-web-sg"
description = "Security group for web servers"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.alb.id]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
security_groups = [aws_security_group.alb.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${local.name_prefix}-web-sg"
}
}
resource "aws_security_group" "db" {
name = "${local.name_prefix}-db-sg"
description = "Security group for database"
vpc_id = aws_vpc.main.id
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [aws_security_group.web.id]
}
tags = {
Name = "${local.name_prefix}-db-sg"
}
}
database.tf #
hcl
resource "aws_db_subnet_group" "main" {
name = "${local.name_prefix}-db"
subnet_ids = aws_subnet.private[*].id
tags = {
Name = "${local.name_prefix}-db-subnet-group"
}
}
resource "aws_db_instance" "main" {
allocated_storage = 20
engine = "mysql"
engine_version = "8.0"
instance_class = var.db_instance_class
db_name = var.db_name
username = var.db_username
password = var.db_password
db_subnet_group_name = aws_db_subnet_group.main.name
vpc_security_group_ids = [aws_security_group.db.id]
multi_az = var.environment == "prod" ? true : false
skip_final_snapshot = true
backup_retention_period = var.environment == "prod" ? 7 : 1
tags = {
Name = "${local.name_prefix}-db"
}
}
compute.tf #
hcl
data "aws_ami" "amazon_linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-hvm-*-x86_64-gp2"]
}
}
resource "aws_launch_template" "web" {
name_prefix = "${local.name_prefix}-web-"
image_id = data.aws_ami.amazon_linux.id
instance_type = var.instance_type
vpc_security_group_ids = [aws_security_group.web.id]
user_data = base64encode(<<-EOF
#!/bin/bash
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "<h1>Hello from ${var.environment}</h1>" > /var/www/html/index.html
EOF
)
tag_specifications {
resource_type = "instance"
tags = {
Name = "${local.name_prefix}-web"
}
}
}
resource "aws_autoscaling_group" "web" {
name = "${local.name_prefix}-web"
vpc_zone_identifier = aws_subnet.private[*].id
min_size = var.min_size
max_size = var.max_size
desired_capacity = var.min_size
launch_template {
id = aws_launch_template.web.id
version = "$Latest"
}
target_group_arns = [aws_lb_target_group.web.arn]
health_check_type = "ELB"
tag {
key = "Name"
value = "${local.name_prefix}-web"
propagate_at_launch = true
}
}
loadbalancer.tf #
hcl
resource "aws_lb" "web" {
name = "${local.name_prefix}-alb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.alb.id]
subnets = aws_subnet.public[*].id
tags = {
Name = "${local.name_prefix}-alb"
}
}
resource "aws_lb_target_group" "web" {
name = "${local.name_prefix}-web-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.main.id
health_check {
enabled = true
healthy_threshold = 2
interval = 30
matcher = "200"
path = "/"
port = "traffic-port"
protocol = "HTTP"
timeout = 5
unhealthy_threshold = 2
}
}
resource "aws_lb_listener" "http" {
load_balancer_arn = aws_lb.web.arn
port = 80
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.web.arn
}
}
outputs.tf #
hcl
output "vpc_id" {
description = "The ID of the VPC"
value = aws_vpc.main.id
}
output "alb_dns_name" {
description = "DNS name of the load balancer"
value = aws_lb.web.dns_name
}
output "db_endpoint" {
description = "Endpoint of the database"
value = aws_db_instance.main.endpoint
}
output "web_url" {
description = "URL of the web application"
value = "http://${aws_lb.web.dns_name}"
}
terraform.tfvars #
hcl
region = "us-east-1"
project_name = "mywebapp"
environment = "dev"
vpc_cidr = "10.0.0.0/16"
instance_type = "t2.micro"
min_size = 2
max_size = 4
db_instance_class = "db.t3.micro"
db_name = "webapp"
db_username = "admin"
db_password = "ChangeMe123!"
部署步骤 #
bash
terraform init
terraform validate
terraform plan
terraform apply
下一步 #
完成 Web 应用部署后,接下来学习 VPC 网络搭建,深入了解网络架构!
最后更新:2026-03-29