All Products
Search
Document Center

Terraform:Cloud Shell

Last Updated:Jul 24, 2025

Alibaba Cloud Cloud Shell is a free operations and maintenance product that comes pre-installed with Terraform and configured with identity credentials. You can run Terraform commands directly in Cloud Shell.

Log on to Cloud Shell

Open your browser and enter https://shell.alibabacloud.com/ in the address bar to access Cloud Shell. For more information about Cloud Shell access and usage, see Use Cloud Shell.

Note

We recommend that you log on as a RAM user. To ensure the security of your Alibaba Cloud account, avoid using your Alibaba Cloud account to access cloud resources unless necessary.

Switch Terraform versions

The default Terraform version in Cloud Shell might be outdated, which can cause some features to malfunction. We recommend switching to a newer version.

  1. Check the current Terraform version. If the version is earlier than 1.2, we recommend switching to a newer version.

    terraform version

    image

  2. View the built-in Terraform versions in Cloud Shell:

    tfenv list

    image

  3. Switch to a specific Terraform version:

    tfenv use <terraform_version>

    For example, to switch to version 1.9.5:

    image

Compile Terraform templates

This topic uses creating an ECS instance with Terraform as an example to help you understand how Terraform orchestrates resources and how to use Terraform commands to create and destroy resources.

  1. Create a Terraform template file named main.tf and edit it directly using the vim command.

    mkdir tf-demo && cd tf-demo vim main.tf

    Copy the following Terraform example code to the main.tf file:

    provider "alicloud" { region = var.region } # Region for resource creation variable "region" { default = "cn-beijing" } # ECS instance name variable "instance_name" { default = "tf-cloudshell-test" } # ECS instance type variable "instance_type" { default = "ecs.n2.small" } # Outbound public bandwidth, value 0 means no public network access variable "internet_bandwidth" { default = 10 } # ECS OS image variable "image_id" { default = "ubuntu_18_04_64_20G_alibase_20190624.vhd" } # ECS system disk type variable "disk_category" { default = "cloud_efficiency" } # ECS instance logon password variable "password" { default = "TF-test@1234" } # Create a VPC resource "alicloud_vpc" "vpc" { vpc_name = "tf_test_foo" cidr_block = "172.16.0.0/12" } # Query available zones based on instance type and disk category data "alicloud_zones" "default" { available_disk_category = var.disk_category available_resource_creation = "VSwitch" available_instance_type = var.instance_type } # Create a vSwitch resource "alicloud_vswitch" "vsw" { vpc_id = alicloud_vpc.vpc.id cidr_block = "172.16.0.0/21" zone_id = data.alicloud_zones.default.zones.0.id } # Create a security group resource "alicloud_security_group" "default" { security_group_name = "default" vpc_id = alicloud_vpc.vpc.id } # Create an inbound rule for the security group resource "alicloud_security_group_rule" "allow_all_tcp" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = "1/65535" priority = 1 security_group_id = alicloud_security_group.default.id cidr_ip = "0.0.0.0/0" } resource "alicloud_instance" "instance" { # Attach security group security_groups = alicloud_security_group.default.*.id instance_type = var.instance_type system_disk_category = var.disk_category image_id = var.image_id instance_name = var.instance_name # vSwitch vswitch_id = alicloud_vswitch.vsw.id internet_max_bandwidth_out = var.internet_bandwidth password = var.password }

  2. Run the terraform init command to initialize the configuration.

  3. Run the terraform plan command to preview the configuration.image

  4. Run the terraform apply command to create an ECS instance. If the execution result returns "Apply complete!", the resource has been created successfully.image.png

  5. If you no longer need this instance, you can run the terraform destroy command to release the resources you created.