本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 使用 Terraform 部署 ParallelCluster API
在本教程中,您将定义一个简单的 Terraform 项目来部署 API。 ParallelCluster
**先决条件**
+ Terraform v1.5.7\$1 已安装。
+ 具有部署 ParallelCluster API 权限的 IAM 角色。请参阅[所需的权限](tutorial-deploy-terraform-permissions.md)。
# 定义 Terraform 项目
在本教程中,您将定义一个 Terraform 项目。
1. 创建名为 `my-pcluster-api` 的目录。
您创建的所有文件都将位于此目录中。
1. 创建用于配置`provider.tf` AWS 提供程序的文件。
```
provider "aws" {
region = var.region
profile = var.profile
}
```
1. 使用 ParallelCluster模块创建文件`main.tf`以定义资源。
```
module "parallelcluster_pcluster_api" {
source = "aws-tf/parallelcluster/aws//modules/pcluster_api"
version = "1.1.0"
region = var.region
api_stack_name = var.api_stack_name
api_version = var.api_version
parameters = {
EnableIamAdminAccess = "true"
}
}
```
1. 创建 `variables.tf` 文件来定义可以为此项目注入的变量。
```
variable "region" {
description = "The region the ParallelCluster API is deployed in."
type = string
default = "us-east-1"
}
variable "profile" {
type = string
description = "The AWS profile used to deploy the clusters."
default = null
}
variable "api_stack_name" {
type = string
description = "The name of the CloudFormation stack used to deploy the ParallelCluster API."
default = "ParallelCluster"
}
variable "api_version" {
type = string
description = "The version of the ParallelCluster API."
}
```
1. 创建 `terraform.tfvars` 文件来设置变量的任意值。
下面的文件`us-east-1`使用堆栈名称部署了 ParallelCluster API 3.11.1。`MyParallelClusterAPI-3111`您将能够使用其堆栈名称来引用此 ParallelCluster API 部署。
**注意**
以下代码中的`api_version`赋值可以替换为任何支持的 AWS ParallelCluster 版本。
```
region = "us-east-1"
api_stack_name = "MyParallelClusterAPI-3111"
api_version = "3.11.1"
```
1. 创建 `outputs.tf` 文件来定义此项目返回的输出。
```
output "pcluster_api_stack_outputs" {
value = module.parallelcluster_pcluster_api.stack_outputs
}
```
项目目录为:
```
my-pcluster-api
├── main.tf - Terraform entrypoint to define the resources using the ParallelCluster module.
├── outputs.tf - Defines the outputs returned by Terraform.
├── providers.tf - Configures the AWS provider.
├── terraform.tfvars - Set the arbitrary values for the variables, i.e. region, PCAPI version, PCAPI stack name
└── variables.tf - Defines the variables, e.g. region, PCAPI version, PCAPI stack name.
```
# 部署 API
要部署 API,请按顺序运行标准的 Terraform 命令。
1. 构建项目:
```
terraform init
```
1. 定义部署计划:
```
terraform plan -out tfplan
```
1. 部署计划:
```
terraform apply tfplan
```
# 所需的权限
你需要以下权限才能使用 Terraform 部署 ParallelCluster API:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:DescribeStacks",
"cloudformation:GetTemplate"
],
"Resource": "arn:aws:cloudformation:us-east-1:111122223333:stack/*",
"Effect": "Allow",
"Sid": "CloudFormationRead"
},
{
"Action": [
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:CreateChangeSet"
],
"Resource": "arn:aws:cloudformation:us-east-1:111122223333:stack/MyParallelClusterAPI*",
"Effect": "Allow",
"Sid": "CloudFormationWrite"
},
{
"Action": [
"cloudformation:CreateChangeSet"
],
"Resource": [
"arn:aws:cloudformation:us-east-1:111122223333:aws:transform/Include",
"arn:aws:cloudformation:us-east-1:111122223333:aws:transform/Serverless-2016-10-31"
],
"Effect": "Allow",
"Sid": "CloudFormationTransformWrite"
},
{
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:us-east-1:111122223333:*-aws-parallelcluster/parallelcluster/*/api/ParallelCluster.openapi.yaml",
"arn:aws:s3:us-east-1:111122223333:*-aws-parallelcluster/parallelcluster/*/layers/aws-parallelcluster/lambda-layer.zip"
],
"Effect": "Allow",
"Sid": "S3ParallelClusterArtifacts"
},
{
"Action": [
"iam:CreateRole",
"iam:DeleteRole",
"iam:GetRole",
"iam:CreatePolicy",
"iam:DeletePolicy",
"iam:GetPolicy",
"iam:GetRolePolicy",
"iam:AttachRolePolicy",
"iam:DetachRolePolicy",
"iam:PutRolePolicy",
"iam:DeleteRolePolicy",
"iam:ListPolicyVersions"
],
"Resource": [
"arn:aws:iam::111122223333:role/*",
"arn:aws:iam::111122223333:policy/*"
],
"Effect": "Allow",
"Sid": "IAM"
},
{
"Action": [
"iam:PassRole"
],
"Resource": [
"arn:aws:iam::111122223333:role/ParallelClusterLambdaRole-*",
"arn:aws:iam::111122223333:role/APIGatewayExecutionRole-*"
],
"Effect": "Allow",
"Sid": "IAMPassRole"
},
{
"Action": [
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:PublishLayerVersion",
"lambda:DeleteLayerVersion",
"lambda:GetLayerVersion",
"lambda:TagResource",
"lambda:UntagResource"
],
"Resource": [
"arn:aws:lambda:us-east-1:111122223333:layer:PCLayer-*",
"arn:aws:lambda:us-east-1:111122223333:function:*-ParallelClusterFunction-*"
],
"Effect": "Allow",
"Sid": "Lambda"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:DeleteLogGroup",
"logs:DescribeLogGroups",
"logs:PutRetentionPolicy",
"logs:TagLogGroup",
"logs:UntagLogGroup"
],
"Resource": [
"arn:aws:logs:us-east-1:111122223333:log-group:/aws/lambda/*-ParallelClusterFunction-*"
],
"Effect": "Allow",
"Sid": "Logs"
},
{
"Action": [
"apigateway:DELETE",
"apigateway:GET",
"apigateway:PATCH",
"apigateway:POST",
"apigateway:PUT",
"apigateway:UpdateRestApiPolicy"
],
"Resource": [
"arn:aws:apigateway:us-east-1::/restapis",
"arn:aws:apigateway:us-east-1::/restapis/*",
"arn:aws:apigateway:us-east-1::/tags/*"
],
"Effect": "Allow",
"Sid": "APIGateway"
}
]
}
```
------