在阿里云进行授权划分的步骤有

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了在阿里云进行授权划分的步骤有相关的知识,希望对你有一定的参考价值。

参考技术A 在阿里云进行授权划分的步骤有:
1、开发者需要拼接一个授权的URL,将此URL生成二维码。
2、用户打开手机支付宝钱包的扫一扫功能,扫描上述的二维码,扫描成功会跳出一个授权页面,用户点击授权。
3、用户点击授权之后,第一步中,开发者提供的redirect-uri地址会接收到auth-code、app-id、scope等参数。
4、开发者再通过获取到的auth-code来换取authtoken。
5、用获取到的auth-token访问获取用户信息的接口,以此来获取用户信息。

Terraform 管理阿里云 VPC

创建阿里云 RAM 子用户,并进行授权

注意,需要将我们生成的 ​​AccessKey​​ 保存至本地

Terraform

Terraform

配置环境变量

​alicloud_authentication​

定义的环境变量必须以 ​​TF_VAR​​ 开头,这样就被 terraform 在读取环境变量时就认为是他自己的环境变量

虽然也可以写在配置文件中明文保存,但是强烈不建议这样用,一旦配置文件泄露,便有非常大的风险。

# 第一种方式,需要去掉 main.tf 中的变量,直接全空即可,此变量是官方默认提供变量,不需要加 TF_VAR
export ALICLOUD_ACCESS_KEY="LTA**************<strong>"
export ALICLOUD_SECRET_KEY="Hp</strong>**************"
export ALICLOUD_REGION="cn-beijing"
# 第二种方式,下边定义阿里云 provider 用的是第二种
export TF_VAR_access_key="LTA**************<strong>"
export TF_VAR_secret_key="Hp</strong>**************"
export TF_VAR_region="cn-beijing"

定义阿里云 provider

​alicloud_docs​

version.tf 定义 terraform 版本信息

# versions.tf 
// 定义 terraform 的 版本信息
terraform
required_version = ">= 1.1.0"
required_providers
alicloud =
source = "aliyun/alicloud"
version = "1.162.0"


variables.tf 定义相关变量

# variables.tf 
// 定义的变量会从环境变量中取值
// 分别对应 ALICLOUD_ACCESS_KEY, ALICLOUD_SECRET_KEY, ALICLOUD_REGION
variable "access_key"
type = string


variable "secret_key"
type = string


variable "region"
type = string

main.tf 定义阿里云登录信息

# main.tf 
// 阿里云登录信息,采用的是环境变量
provider "alicloud"
# Configuration options
access_key = var.access_key
secret_key = var.secret_key
region = var.region

alicloud_vpc.tf 定义 vpc 相关配置

# alicloud_vpc.tf 
// 创建 VPC 专有网络
resource "alicloud_vpc" "vpc"
vpc_name = "tf_test_foo"
cidr_block = "172.96.0.0/12"


// 创建 Vswitch 交换机
resource "alicloud_vswitch" "vsw"
vpc_id = alicloud_vpc.vpc.id
cidr_block = "172.96.0.0/21"
zone_id = "cn-beijing-b"

alicloud_security_group.tf 定义安全组相关配置

# alicloud_security_group.tf 
// 创建 安全组 group
resource "alicloud_security_group" "group"
name = "demo-group"
vpc_id = alicloud_vpc.vpc.id
security_group_type = "normal"


// 定义安全组规则,放开 22 端口
resource "alicloud_security_group_rule" "allow_22_tcp"
type = "ingress"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = alicloud_security_group.group.id
cidr_ip = "0.0.0.0/0"
# 相关文件的目录结构
.
├── alicloud_security_group.tf
├── alicloud_vpc.tf
├── main.tf
├── variables.tf
└── versions.tf

0 directories, 5 files

fmt 格式化代码

用于格式化代码,增强其可读性

terraform fmt

init 初始化

下载 provider 的相关插件,此命令需要连接 terraform 仓库

terraform init

Terraform

init 的操作会把相关包下载到本地,此步骤时间略长

Terraform

validate 校验

校验配置项中是否有报错的地方

terraform validate -json
# 输出如下结果

"format_version": "1.0",
"valid": true,
"error_count": 0,
"warning_count": 0,
"diagnostics": []

plan 预览

打印所有资源的期望状态

将期望资源的状态与当前工作目录的状态进行对比

打印当前状态与期望状态的差异,并不会实际实行

~# terraform plan


Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create

Terraform will perform the following actions:

# alicloud_security_group.group will be created
+ resource "alicloud_security_group" "group"
+ id = (known after apply)
+ inner_access = (known after apply)
+ inner_access_policy = (known after apply)
+ name = "demo-group"
+ security_group_type = "normal"
+ vpc_id = (known after apply)


# alicloud_security_group_rule.allow_22_tcp will be created
+ resource "alicloud_security_group_rule" "allow_22_tcp"
+ cidr_ip = "0.0.0.0/0"
+ id = (known after apply)
+ ip_protocol = "tcp"
+ nic_type = "internet"
+ policy = "accept"
+ port_range = "22/22"
+ prefix_list_id = (known after apply)
+ priority = 1
+ security_group_id = (known after apply)
+ type = "ingress"


# alicloud_vpc.vpc will be created
+ resource "alicloud_vpc" "vpc"
+ cidr_block = "172.96.0.0/12"
+ id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ name = (known after apply)
+ resource_group_id = (known after apply)
+ route_table_id = (known after apply)
+ router_id = (known after apply)
+ router_table_id = (known after apply)
+ status = (known after apply)
+ vpc_name = "tf_test_foo"


# alicloud_vswitch.vsw will be created
+ resource "alicloud_vswitch" "vsw"
+ availability_zone = (known after apply)
+ cidr_block = "172.96.0.0/21"
+ id = (known after apply)
+ name = (known after apply)
+ status = (known after apply)
+ vpc_id = (known after apply)
+ vswitch_name = (known after apply)
+ zone_id = "cn-beijing-b"


Plan: 4 to add, 0 to change, 0 to destroy.

────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didnt use the -out option to save this plan, so Terraform cant guarantee to take exactly these actions if you run "terraform
apply" now.

apply 创建资源

terraform apply

登录阿里云后进行验证

vpc 验证

Terraform

vswitch 验证

Terraform

安全组验证

Terraform

Terraform

show 查看资源申请情况

~# terraform show
# alicloud_security_group.group:
resource "alicloud_security_group" "group"
id = "sg-2zee17d94vu8k5kx99fz"
inner_access = true
inner_access_policy = "Accept"
name = "demo-group"
security_group_type = "normal"
tags =
vpc_id = "vpc-2zee4goyffxj46uz5j869"


# alicloud_security_group_rule.allow_22_tcp:
resource "alicloud_security_group_rule" "allow_22_tcp"
cidr_ip = "0.0.0.0/0"
id = "sg-2zee17d94vu8k5kx99fz:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1"
ip_protocol = "tcp"
nic_type = "intranet"
policy = "accept"
port_range = "22/22"
priority = 1
security_group_id = "sg-2zee17d94vu8k5kx99fz"
type = "ingress"


# alicloud_vpc.vpc:
resource "alicloud_vpc" "vpc"
cidr_block = "172.96.0.0/12"
id = "vpc-2zee4goyffxj46uz5j869"
name = "tf_test_foo"
resource_group_id = "rg-acfmybfthr6yliq"
route_table_id = "vtb-2zeksbc0su4tecdy7j5er"
router_id = "vrt-2ze1lmeuaf424yol3twki"
router_table_id = "vtb-2zeksbc0su4tecdy7j5er"
secondary_cidr_blocks = []
status = "Available"
user_cidrs = []
vpc_name = "tf_test_foo"


# alicloud_vswitch.vsw:
resource "alicloud_vswitch" "vsw"
availability_zone = "cn-beijing-b"
cidr_block = "172.96.0.0/21"
id = "vsw-2zeqb015cd9hogrp6fa4a"
status

以上是关于在阿里云进行授权划分的步骤有的主要内容,如果未能解决你的问题,请参考以下文章

爱快设置阿里云域名解析更新结果失败

阿里云-容器镜像服务

云服务器(阿里云)的安全组设置

如何将自建库迁移到阿里云RDS

3分钟教你开通阿里云AccessKey秘钥,并完成对应授权!

数据库分库分表容量划分建议参考阿里云DRDS原则