728x90
for_expression을 활용하여, AWS 인스턴스 배포
- vpc.tf
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_vpc" "ssungz-vpc" {
cidr_block = "10.100.0.0/16"
tags = {
Name = "ssungz-vpc"
}
}
resource "aws_subnet" "ssungz-subnet" {
for_each = var.subnets
vpc_id = aws_vpc.ssungz-vpc.id
cidr_block = each.value.cidr_block
availability_zone = each.value.az
map_public_ip_on_launch = each.value.public
tags = {
Name = "subnet-${each.key}"
}
}
resource "aws_internet_gateway" "ssungz-igw" {
vpc_id = aws_vpc.ssungz-vpc.id
tags = {
Name = "ssungz-igw"
}
}
resource "aws_route_table" "ssungz-rt" {
vpc_id = aws_vpc.ssungz-vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.ssungz-igw.id
}
tags = {
Name = "public-rt"
}
}
resource "aws_route_table_association" "ssungz-rt-asso" {
for_each = { for k, v in var.subnets : k => v if v.public }
subnet_id = aws_subnet.ssungz-subnet[each.key].id
route_table_id = aws_route_table.ssungz-rt.id
}
- variable.tf
variable "subnets" {
type = map(object({
cidr_block = string
az = string
public = bool
}))
default = {
public1 = {
cidr_block = "10.100.1.0/24"
az = "ap-northeast-2a"
public = true
}
public2 = {
cidr_block = "10.100.2.0/24"
az = "ap-northeast-2c"
public = true
}
private1 = {
cidr_block = "10.100.10.0/24"
az = "ap-northeast-2a"
public = false
}
private2 = {
cidr_block = "10.100.20.0/24"
az = "ap-northeast-2c"
public = false
}
}
}
- ec2.tf
resource "aws_launch_template" "web" {
name_prefix = "web-launch-template"
image_id = "ami-0483306a66170cd99"
instance_type = "t2.micro"
key_name = "my-key"
user_data = base64encode(<<EOF
#!/bin/bash
HOSTNAME = `hostname -f`
yum update -y
yum install -y httpd
systemctl start httpd
systemctl enable httpd
echo "Hello, ssungz test web $HOSTNAME" > /var/www/html/index.html
EOF
)
network_interfaces {
security_groups = [aws_security_group.pub-sg.id]
associate_public_ip_address = true
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "web-asg" {
desired_capacity = 2
max_size = 3
min_size = 1
vpc_zone_identifier = [for k,v in aws_subnet.ssungz-subnet : v.id if var.subnets[k].public]
launch_template {
id = aws_launch_template.web.id
version = "$Latest"
}
}
resource "aws_autoscaling_attachment" "asg-attach" {
autoscaling_group_name = aws_autoscaling_group.web-asg.name
lb_target_group_arn = aws_lb_target_group.web-tg.arn
}
- sg.tf
resource "aws_security_group" "pub-sg" {
vpc_id = aws_vpc.ssungz-vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "web-sg"
}
}
resource "aws_security_group" "priv-sg" {
vpc_id = aws_vpc.ssungz-vpc.id
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = [aws_vpc.ssungz-vpc.cidr_block]
}
egress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
}
- lb.tf
resource "aws_lb" "web-lb" {
name = "web-lb"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.pub-sg.id]
subnets = [for k, v in aws_subnet.ssungz-subnet : v.id if var.subnets[k].public]
tags = {
Name = "web-alb"
}
}
resource "aws_lb_target_group" "web-tg" {
name = "web-tg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.ssungz-vpc.id
target_type = "instance"
health_check {
interval = 30
path = "/"
timeout = 5
healthy_threshold = 5
unhealthy_threshold = 5
matcher = "200"
}
tags = {
Name = "web-tg"
}
}
resource "aws_lb_listener" "web-listener" {
load_balancer_arn = aws_lb.web-lb.arn
port = 80
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.web-tg.arn
}
}
output "public_dns_name" {
description = "Public DNS name of load balancer"
value = aws_lb.web-lb.dns_name
}
- rds.tf
resource "aws_db_subnet_group" "rds-subnet" {
name = "main-subnet-group"
subnet_ids = [for k , v in aws_subnet.ssungz-subnet : v.id if !var.subnets[k].public]
tags = {
Name = "main-subnet-group"
}
}
resource "aws_db_instance" "ssungz-rds" {
instance_class = "db.t3.micro"
identifier = "main-rds"
allocated_storage = 20
storage_type = "gp2"
engine = "mysql"
engine_version = "8.0"
username = "admin"
password = "dlsvmfk1029#*$&"
db_subnet_group_name = aws_db_subnet_group.rds-subnet.name
vpc_security_group_ids = [aws_security_group.priv-sg.id]
skip_final_snapshot = true
publicly_accessible = false
tags = {
Name = "ssungz-db"
}
}
728x90
'Cloud > Terraform' 카테고리의 다른 글
| [T101] Terraform 101 Study 5주차 (Atlantis custom workflow) (1) | 2024.07.12 |
|---|---|
| [T101] Terraform 101 Study 4주차 (0) | 2024.07.05 |
| [T101] Terraform 101 Study 실습(4) - data resource (0) | 2024.07.02 |
| [T101] Terraform 101 Study 실습(3) - AWS 자원 생성 (0) | 2024.07.01 |
| [T101] Terraform 101 Study 실습(2) - precondition (0) | 2024.07.01 |
