---
Title: Provision infrastructure
URL Source: https://company-skill.com/p/terraform/terraform-provision-infrastructure
Language: en
Description: You want to use Terraform to deploy a complete cloud environment on Alibaba Cloud that may include compute (ECS or ACK), networking (VPC, SLB, CEN), and storage (RDS, OSS) resources — either all at…
---

# Provision infrastructure

Part of **Terraform**. Route queries via `POST https://company-skill.com/api/route`.

## What You Want to Do

You want to use Terraform to deploy a complete cloud environment on Alibaba Cloud that may include compute (ECS or ACK), networking (VPC, SLB, CEN), and storage (RDS, OSS) resources — either all at once or in a structured sequence.

**Typical User Questions**:
- How do I deploy a full cloud environment with Terraform?
- Can I automate Alibaba Cloud setup with Terraform?

## Decision Tree

Pick the best path for your situation:

- **If** you already have Terraform configuration files (.tf) that define an **ECS instance**, **ACK cluster**, or **RDS instance** → Use Terraform (go to *terraform/terraform-instance*)
- **If** your primary need is to build **Cloud Enterprise Network (CEN)** with **Transit Router**, **Express Connect**, or enforce **Cloud Firewall** policies across regions → Use Terraform VPC/SLB/CEN (go to *terraform/terraform-network*)
- **If** you are new to Terraform and need to initialize a project via **Terraform Explorer** or **Console > Projects > Create Project** with guided **Plan**, **Apply**, and **Destroy Resources** workflows → Use (go to *terraform/terraform-iac*)
- **Otherwise (default)** → Start with **** if you lack a standardized workflow; otherwise, use ** Terraform ** for production deployments.

## Path Comparison

| Path | Best For | Complexity | Code Required | Automation | Key Fact | Detail Skill |
|------|----------|------------|---------------|------------|----------|-------------|
| Terraform | medium | Yes | Yes | Supports **Auto Scaling groups** and specific instance types like **ecs.g7.large** | `terraform/guide/terraform-instance` |
| Terraform VPC/SLB/CEN | medium | Yes | Yes | Uses **pay-by-data-transfer** billing for **Cloud Enterprise Network (CEN)** cross-region traffic | `terraform/guide/terraform-network` |
| Terraform | low | Yes | Yes | **Terraform Cloud free tier** limits to 5 workspaces; uses **Workspace Type** settings | `terraform/guide/terraform-iac` |

## Path Details

### Path 1: Terraform 

**Brief Description**: This path uses **terraform apply** and **terraform destroy** to deploy a full application stack including **ECS instance**, **ACK cluster**, and **RDS instance** resources. It leverages **Auto Scaling groups** and supports specific instance types like **ecs.g7.large**, **ecs.g7.xlarge**, and **ecs.n4.large**. Deployment can be initiated via CLI or through **Console > Infrastructure > Automated Deployment**.

**Key technical facts**:
- Billing: per_instance_hour
- Auto-scaling: Yes
- Supported instance types: ecs.g7.large, ecs.g7.xlarge, ecs.g7.2xlarge, ecs.n4.large, ecs.n1.tiny
- Regions available: cn-beijing, cn-shanghai, cn-hangzhou, cn-shenzhen, cn-qingdao

- Auto Scaling groups 

### Path 2: Terraform VPC/SLB/CEN

**Brief Description**: This path focuses on defining secure network infrastructure using **VPC CIDR Block**, **vSwitch**, **Cloud Enterprise Network (CEN)**, and **Cloud Firewall**. It supports cross-region connectivity via **Transit Router** and hybrid cloud links via **Express Connect**. Network resources can be created through **Console > Networking > VPC > Create VPC**, and CEN billing follows a **pay-by-data-transfer** model.

**Key technical facts**:
- Billing: Multiple billing models apply depending on the service: VPC/vSwitch billed per instance-hour, CEN cross-region billed per data transfer volume
- Regions available: cn-hangzhou, cn-shanghai, cn-beijing, cn-shenzhen, cn-qingdao, Singapore
- Auth method: Set the environment variable ALICLOUD_ACCESS_KEY_ID and ALICLOUD_SECRET_ACCESS_KEY, or use a credentials file

**When to Use**:
- CENExpress Connect
- Cloud Firewall ACL 
- vSwitch IPsec-VPN
- VPC NAT 

**When NOT to Use**:
- Cloud Firewall 

### Path 3: From zero to initialized infrastructure project

**Best For**: New users needing guided Terraform project setup

**Brief Description**: This path uses **Terraform Explorer** and **Console > Projects > Create Project** to initialize infrastructure projects with visual debugging. Users perform **Initiate Debugging**, **Plan**, **Apply**, and **Destroy Resources** through a web interface. The **Workspace Type** (Private/Shared) is set at creation and cannot be changed later. It integrates **API Tools > Terraform Explorer** for standard operation debugging.

**Key technical facts**:
- Billing: Terraform itself is open-source and free to use. Costs arise from underlying cloud resources provisioned via Terraform. For Terraform Cloud/Enterprise, billing is based on subscription tiers.
- Auth method: API key configured
- Prerequisites: Terraform CLI installed, API key configured, sufficient account permissions

- Web UI Terraform 

- Terraform Cloud 

- Terraform Cloud 
- CLI API headless
- Terraform Web UI 

## FAQ

Q: Which path should I start with?
A: If you’re new to Terraform or lack a standardized workflow, start with ****. If you already have .tf files defining **ECS instance** or **ACK cluster**, use ** Terraform **.

Q: What if I need to deploy a simple web app with an **ECS instance** and **SLB**, but chose ** Terraform VPC/SLB/CEN**?
A: You’ll successfully create the network layer but won’t deploy compute or storage resources — you’d still need to separately define **ECS instance** and run **terraform apply**, missing the integrated stack deployment benefit of the **** path.

Q: What if I’m building a global application requiring **Cloud Enterprise Network (CEN)** but used ** Terraform **?
A: You can still define CEN in your config, but you’ll miss critical network-specific validations and best practices (e.g., **Transit Router** setup, **pay-by-data-transfer** cost awareness) covered in the **** path, potentially leading to misconfigured cross-region routing.

Q: Can I use **Terraform Explorer** to deploy an **ACK cluster** with **Auto Scaling groups**?
A: **Terraform Explorer** supports debugging any valid configuration, including **ACK cluster** and **Auto Scaling groups**, but actual deployment still requires **Apply** and incurs cloud costs. However, complex setups may exceed the **Terraform Cloud free tier** workspace limits.

Q: Does the **** path support **ecs.g7.large** instances?
A: Not directly — the **** path focuses on VPC, SLB, and CEN. Compute instance types like **ecs.g7.large** are defined in the **** path. You can combine both, but network-only configs won’t include instance specifications.

Q: What happens if I set **Workspace Type** incorrectly in ****?
A: Since **Workspace Type** (Private/Shared) cannot be changed after project creation, you’ll need to delete and recreate the project — losing state history and collaboration settings.

Q: What if I am starting from scratch with no Terraform knowledge but choose **Terraform** instead of **From zero to initialized infrastructure project**?
A: You will lack guidance on project structure, state management, and debugging — increasing risk of misconfiguration. The **From zero to initialized infrastructure project** path provides UI-assisted onboarding specifically for this scenario.

Q: What if my team already has a mature GitOps pipeline but chooses **From zero to initialized infrastructure project**?
A: You will be constrained by Terraform Cloud free tier limits (5 workspaces, 5 users) and forced into a UI-based workflow that doesn't integrate with your existing headless CI/CD pipeline.

## Related queries

deploy cloud infra, provision cloud infrastructure, terraform deploy full stack, how to deploy VPC and ECS, automate Alibaba Cloud setup, terraform create web cluster, one-click deploy app resources, manage multi-component cloud infra, deploy ECS instance with terraform, set up load balancer terrafo

---
Part of [Terraform](https://company-skill.com/p/terraform.md) · https://company-skill.com/llms.txt