하마롱크의 블로그
AWS에서 Terraform 기본 구성(2) 본문
1. EIP 및 NAT Gateway 생성
resource "aws_eip" "lb_ip_a" {
# instance = aws_instance.web.id
vpc = true
}
resource "aws_eip" "lb_ip_c" {
# instance = aws_instance.web.id
vpc = true
}
resource "aws_nat_gateway" "test_nga_a" {
allocation_id = aws_eip.lb_ip_a.id
subnet_id = aws_subnet.test_puba.id
tags = {
Name = "test-nga-a"
}
}
resource "aws_nat_gateway" "test_nga_c" {
allocation_id = aws_eip.lb_ip_c.id
subnet_id = aws_subnet.test_pubc.id
tags = {
Name = "test-nga-c"
}
}
2. NAT Routing Table 생성
resource "aws_route_table" "test_ngart_a" {
vpc_id = aws_vpc.test_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.test_nga_a.id
}
tags = {
Name = "test_nga-rta"
}
}
resource "aws_route_table" "test_ngart_c" {
vpc_id = aws_vpc.test_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.test_nga_c.id
}
tags = {
Name = "test_nga-rtc"
}
}
3. Private Subnet 연결
resource "aws_route_table_association" "test_ngartas_a" {
subnet_id = aws_subnet.test_pria.id
route_table_id = aws_route_table.test_ngart_a.id
}
resource "aws_route_table_association" "test_ngartas_c" {
subnet_id = aws_subnet.test_pric.id
route_table_id = aws_route_table.test_ngart_c.id
}
4. Security Group 생성
resource "aws_security_group" "test_websg" {
name = "Allow-WEB"
description = "http-ssh-icmp"
vpc_id = aws_vpc.test_vpc.id
ingress = [
{
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_groups = null
prefix_list_ids = null
self = null
},
{
description = "http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_groups = null
prefix_list_ids = null
self = null
},
{
description = "icmp"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_groups = null
prefix_list_ids = null
self = null
}
]
egress = [
{
description = "All"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
security_groups = null
prefix_list_ids = null
self = null
}
]
tags = {
Name = "test-sg"
}
}
5. Web Server 배포
데이터 소스를 사용하여 AMI ID를 가져와서 사용했다.
user_data에 워드프레스 설치 스크립트 파일을 넣어 워드프레스 서비스가 가능할 수 있도록 했다.
data "aws_ami" "amzn" {
most_recent = true
filter {
name = "name"
values = ["amzn2-ami-hvm-*-x86_64-ebs"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["amazon"]
}
resource "aws_instance" "test_weba" {
ami = data.aws_ami.amzn.id
instance_type = "t2.micro"
key_name = "tf-key"
vpc_security_group_ids = [aws_security_group.test_websg.id]
availability_zone = "ap-northeast-2a"
associate_public_ip_address = true
private_ip = "10.0.0.11"
subnet_id = aws_subnet.test_puba.id
user_data = file("./install_wp.sh")
tags = {
Name = "test-weba"
}
}
'Terraform' 카테고리의 다른 글
| 테라폼 모듈(Terraform Module) (0) | 2021.11.02 |
|---|---|
| AWS에서 Terraform 기본 구성(3) (0) | 2021.10.30 |
| AWS에서 Terraform 기본 구성(1) (0) | 2021.10.27 |
| 테라폼(Terraform) (0) | 2021.10.27 |