Automate Cloud Deployments Cost‑Effectively with Terraform on Alibaba Cloud

Introduction

With cloud computing becoming ubiquitous, enterprises have shifted focus from “whether to adopt cloud” to “how to quickly adopt cloud” and “how to use cloud cost‑effectively”. This brings new requirements such as containerization, automatic deployment, elastic scaling, monitoring, and multi‑account, multi‑region deployments.

Typical cloud adoption involves selecting cloud products, authorizing them, building network foundations, configuring workloads, and finally launching applications.

End‑to‑End Solution

Alibaba Cloud Open Platform has released an end‑to‑end solution that removes the main obstacles to automation on OpenAPI. The article demonstrates a practical scenario using Terraform, Argo, and various Alibaba Cloud services to build an “automation‑elastic landing zone” that automatically deploys and scales Kubernetes applications.

1. Automated Cloud Product Activation

When a new Alibaba Cloud account first uses a product, the user must read the service agreement and click “Activate”. Manual activation is required for many products, which hinders Terraform and ROS automation. Over 30 products now support 100 % automated activation via OpenAPI, eliminating this barrier.

data "alicloud_ack_service" "open" {
  enable = var.enable_service
  type   = "propayasgo"
}

data "alicloud_log_service" "open" {
  enable = var.enable_service
}

data "alicloud_cms_service" "open" {
  enable = var.enable_service
}

For detailed usage see the article “Terraform supports automated activation of Alibaba Cloud products”.

2. Elasticity with Cost Control

Elastic resource provisioning is a key advantage of cloud over traditional IDC. The solution achieves elasticity at both the infrastructure layer (managed Kubernetes clusters with ESS node pools) and the application layer (Argo‑driven pod deployment with HPA).

resource "alicloud_cs_managed_kubernetes" "this" {
  name         = local.k8s_name
  pod_cidr     = var.k8s_pod_cidr
  cluster_spec = "ack.pro.small"
  worker_number = var.worker_number
  ...
}

resource "alicloud_cs_kubernetes_node_pool" "autoscaling" {
  name       = "autoscaling"
  cluster_id = alicloud_cs_managed_kubernetes.this.id
  # automatic scaling node pool configuration.
  scaling_config {
    min_size = var.autoscaling_node_min_number
    max_size = var.autoscaling_node_max_number
    ...
  }
  ...
}

The challenges addressed include on‑demand resource usage, guaranteed resource supply, cost close to subscription pricing, and automatic monitoring of elastic resources.

3.1 Quota Center

The Quota Center provides real‑time quota queries, online quota requests, cascading quota applications, API flow control, and alerts, enabling automatic adjustment of quotas such as instance specifications, EIP, SLB, and node counts.

3.2 Reserved Instance Coupons

Reserved Instance (RI) coupons combine the flexibility of pay‑as‑you‑go with the cost advantage of subscription, allowing automatic matching of RI to on‑demand instances and dynamic adjustment based on quota consumption.

3.3 Cloud Monitoring Plugin

Installing the cloud‑monitoring plugin on automatically scaled ECS nodes enables Kubernetes to auto‑discover and monitor elastic resources, and the configuration can be automated with Terraform.

name                 = "autoscaling"
cluster_id           = alicloud_cs_managed_kubernetes.this.id
# 自动安装云监控插件
install_cloud_monitor = true
scaling_config {
  min_size = var.autoscaling_node_min_number
  max_size = var.autoscaling_node_max_number
  ...
}

4. Automated Export of RAM Policies

Generating fine‑grained RAM policies for Terraform templates is difficult. Alibaba Cloud’s IaC Service parses any Terraform template, identifies the OpenAPI calls for each resource, and automatically exports the corresponding RAM policy, reducing manual effort.

5. Results

The automation‑elastic landing zone is fully open‑sourced on Terraform Registry (terraform‑alicloud‑modules/automation‑elastic‑landing) and can be run via Terraform CLI or the IaC Service online workflow. It demonstrates automatic product activation, quota alerts and requests, RI integration, container service integration, and full‑stack auto‑scaling.

Conclusion

The end‑to‑end solution delivers 100 % automated activation for Terraform/ROS‑integrated products, quota management for 30+ services, expanded Terraform integration to 61 products, and IaC Service‑driven automatic RAM policy export, thereby reducing cost and improving efficiency for cloud‑native deployments.