Deploy Multi‑Environment Apps on Alibaba Cloud SAE Using Terraform IaC

Enterprise cloud adoption has accelerated, prompting many companies to migrate applications to public clouds for elasticity, flexibility, security, and cost efficiency. As applications grow, they require multiple cloud resources and environments, making manual provisioning increasingly burdensome. Infrastructure as Code (IaC) addresses this by treating infrastructure like application code, enabling versioning, abstraction, and repeatable deployments.

Evolution of Infrastructure Management

Manual Operations : Early-stage companies manage low‑frequency resources via cloud console clicks.

Scripting : As demand rises, teams write CLI scripts or documents, but scripts struggle with complex resource dependencies.

IaC : Code‑based definitions bring version control, reuse, and rapid delivery of environments.

Why Terraform?

Declarative language ensures idempotent state across runs.

Rich module ecosystem covers most cloud providers via the Terraform Registry.

Built‑in dependency graph (DAG) orchestrates resource creation efficiently.

Preparation

Clone the demonstration repository and expose your Alibaba Cloud AccessKey (AK) and SecretKey (SK) as environment variables:

git clone [email protected]:yangsoon/terraform-sae.git

export ALICLOUD_ACCESS_KEY=YOUR_ACCESS_KEY_ID</code>
<code>export ALICLOUD_SECRET_KEY=YOUR_SECRET_ACCESS_KEY

Creating a Staging Environment

Navigate to terraform-sae/stage/webserver, initialize Terraform, review the plan, and apply:

cd terraform-sae/stage/webserver</code>
<code>terraform init</code>
<code>terraform plan</code>
<code>terraform apply

The stage/webserver/main.tf module references a network module and a webserver module, passing VPC, security‑group, and VSwitch IDs along with application name, image, and namespace variables.

module "network" {</code>
<code>  source   = "../../modules/network"</code>
<code>  vpc_name = var.vpc_name</code>
<code>}</code>
<code></code>
<code>module "webserver" {</code>
<code>  source = "../../modules/webserver"</code>
<code>  sg_id      = module.network.SG_ID</code>
<code>  vpc_id     = module.network.VPC_ID</code>
<code>  vswitch_id = module.network.VSWITCH_ID</code>
<code>  app_name       = var.app_name</code>
<code>  image_url      = var.image_url</code>
<code>  namespace_name = var.namespace_name</code>
<code>  namespace_id   = var.namespace_id</code>
<code>}

Variables such as app_name and image_url are defined in stage/webserver/vars.tf (e.g., webserver-stage and nginx:stable).

Creating a Production Environment

The production configuration reuses the same modules, adds a load‑balancer module, and adjusts variables for the production image and name.

module "lb" {</code>
<code>  source = "../../modules/lb"</code>
<code>  slb_name     = var.app_name</code>
<code>  address_type = "internet"</code>
<code>  vswitch_id   = module.network.VSWITCH_ID</code>
<code>}</code>
<code></code>
<code>resource "alicloud_sae_load_balancer_internet" "example" {</code>
<code>  app_id          = module.webserver.app_id</code>
<code>  internet_slb_id = module.lb.slb_id</code>
<code>  internet {</code>
<code>    protocol    = "HTTP"</code>
<code>    port        = var.port</code>
<code>    target_port = 80</code>
<code>  }</code>
<code>}

After running terraform init, terraform plan, and terraform apply in the prod/webserver directory, Terraform creates the resources and outputs an external address that serves the deployed Nginx container.

Advanced: Combining SAE with Other Cloud Resources (RDS Example)

By adding a MySQL module, Terraform can provision an Alibaba Cloud RDS instance and inject its connection details into the SAE application as environment variables.

module "mysql" {</code>
<code>  source = "../../modules/mysql"</code>
<code>  databases = [{</code>
<code>    "name" : "sae-demo",</code>
<code>    "character_set" : "utf8",</code>
<code>    "description" : "sae demo database"</code>
<code>  }]</code>
<code>  rds_instance_name = var.rds_instance_name</code>
<code>  rds_account_name  = var.rds_account_name</code>
<code>  rds_password      = var.rds_password</code>
<code>}</code>
<code></code>
<code>module "webserver" {</code>
<code>  source = "../../modules/webserver"</code>
<code>  ...</code>
<code>  envs = [{</code>
<code>    name  = "DB_HOST"</code>
<code>    value = module.mysql.DB_HOST</code>
<code>  }, {</code>
<code>    name  = "DB_PORT"</code>
<code>    value = module.mysql.DB_PORT</code>
<code>  }, {</code>
<code>    name  = "DB_PASSWORD"</code>
<code>    value = module.mysql.DB_PASSWORD</code>
<code>  }, {</code>
<code>    name  = "DATABASE_NAME"</code>
<code>    value = module.mysql.DATABASE_NAME</code>
<code>  }]</code>
<code>}

After applying the configuration, the RDS endpoint appears in the SAE console as environment variables, enabling the application to connect to the database automatically.

Cleanup

To avoid unnecessary charges, destroy the demo resources when finished:

$ cd terraform-sae/stage/webserver && terraform destroy</code>
<code>$ cd terraform-sae/prod/webserver && terraform destroy</code>
<code>$ cd terraform-sae/prod/webserver-with-db && terraform destroy

Conclusion

Combining Alibaba Cloud SAE with Terraform lets enterprises manage applications as code, providing auditability, traceability, and rollback capabilities while abstracting low‑level infrastructure details. This approach reduces manual errors, speeds up cloud adoption, and supports scalable, repeatable deployments across multiple environments.

References

Yevgeniy Brikman, Terraform: Up & Running: Writing Infrastructure as Code , O'Reilly Media.

乔梁, 持续交付2.0 , 人民邮电出版社.