19탄-4. 테라폼-AWS-VPC, data사용

다음은 주말 CloudNet 테라폼 스터디 내용 참고하여 정리한 부분입니다.

https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863

VPC 퍼블릭 서브넷 1개 부터 만들어 보자

VPC 서브넷 2개 만들어 보자

보안 그룹 만들어보자

EC2 만들어보자

총 3개의 tf파일을 만들게 된다.

<1> VPC - subnet 1개 만들기

<2> VPC - subnet 2개 만들기

<3> data 사용 - 이론 확인

<4> 보안 그룹

<5> EC2 생성

<6> 과제

<1> VPC - subnet 1개 만들기

1

우선 디폴트 VPC를 콘솔에서 삭제한다.

기존 테라폼으로 만든것도 삭제

terraform destroy -auto-approve

변수 부분은 복잡도가 증가하여 최대한 제거함.

mkdir vpc

cd vpc

cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "t101-study"

}

}

EOT

// aws_vpc = aws아래 vpc 가 있다.

11 vpc.txt

2

terraform init

terraform plan && terraform apply -auto-approve

terraform state list

aws_vpc.myvpc

// vpc와 라우팅테이블 1개가 만들어진다.

3

aws cli로 vpc 확인

xport AWS_PAGER=""

aws ec2 describe-vpcs | jq

4

public subnet 1개 만들기

cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "t101-study"

}

}

resource "aws_subnet" "mysubnet1" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "t101-subnet1"

}

}

EOT

9 pub1.txt

5

terraform plan && terraform apply -auto-approve

6

aws configure

ap-northeast-2

subnet 확인

aws ec2 describe-subnets --output text

10.10.1.0/24

VPCID=vpc-0b28xxxxxxxx

aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPCID" | jq

"CidrBlock": "10.10.1.0/24",

7

인터넷 게이트 웨이

cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "t101-study"

}

}

resource "aws_subnet" "mysubnet1" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "t101-subnet1"

}

}

resource "aws_internet_gateway" "myigw" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-igw"

}

}

EOT

30 igw.txt

8

terraform plan && terraform apply -auto-approve

terraform state list

9

라우팅 테이블

cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "t101-study"

}

}

resource "aws_subnet" "mysubnet1" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "t101-subnet1"

}

}

resource "aws_internet_gateway" "myigw" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-igw"

}

}

resource "aws_route_table" "myrt" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-rt"

}

}

resource "aws_route_table_association" "myrtassociation1" {

subnet_id = aws_subnet.mysubnet1.id

route_table_id = aws_route_table.myrt.id

}

resource "aws_route" "mydefaultroute" {

route_table_id = aws_route_table.myrt.id

destination_cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.myigw.id

}

EOT

40 route.txt

10

terraform plan && terraform apply -auto-approve

terraform state list

11

라우팅 테이블 확인

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --query 'RouteTables[].Associations[].SubnetId'

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --output table

<2> VPC - subnet 2개 만들기

1

cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "t101-study"

}

}

resource "aws_subnet" "mysubnet1" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "t101-subnet1"

}

}

resource "aws_subnet" "mysubnet2" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.2.0/24"

availability_zone = "ap-northeast-2c"

tags = {

Name = "t101-subnet2"

}

}

resource "aws_internet_gateway" "myigw" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-igw"

}

}

resource "aws_route_table" "myrt" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-rt"

}

}

resource "aws_route_table_association" "myrtassociation1" {

subnet_id = aws_subnet.mysubnet1.id

route_table_id = aws_route_table.myrt.id

}

resource "aws_route_table_association" "myrtassociation2" {

subnet_id = aws_subnet.mysubnet2.id

route_table_id = aws_route_table.myrt.id

}

resource "aws_route" "mydefaultroute" {

route_table_id = aws_route_table.myrt.id

destination_cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.myigw.id

}

EOT

50 route2.txt

2

terraform plan && terraform apply -auto-approve

terraform state list

3

라우팅 테이블 확인

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --query 'RouteTables[].Associations[].SubnetId'

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --output table

<3> data 사용 - 이론 확인

1

데이터 소스 data ?

AWS 데이터 소스의 경우 “VPC data, subnet data, AMI IDs, IP address ranges, the current user’s identity, and much more.” 정보를 제공

https://mzcdev.github.io/terraform-workshop/terraform/configuration/data_sources/

2

data.aws_vpc.default.id

다른 데이터 소스인 aws_subnet_ids 와 결합하여 해당 VPC 내 서브넷을 조회할 수 있습니다.

data "aws_subnets" "default" {

filter {

name = "vpc-id"

values = [data.aws_vpc.default.id]

}

}

3

vpc_zone_identifier 인수를 이용해 aws_subnet_ids 데이터 소스에서 서브넷ID를 가져와서

ASG가 이 서브넷을 사용하도록 지시할 수 있습니다.

resource "aws_autoscaling_group" "example" {

launch_configuration = aws_launch_configuration.example.name

vpc_zone_identifier = data.aws_subnets.default.ids

min_size = 2

max_size = 10

tag {

key = "Name"

value = "terraform-asg-example"

propagate_at_launch = true

}

}

<4> 보안그룹

1

보안그룹 만들기

cat <<EOT > sg.tf

resource "aws_security_group" "mysg" {

vpc_id = aws_vpc.myvpc.id

name = "T101 SG"

description = "T101 Study SG"

}

resource "aws_security_group_rule" "mysginbound" {

type = "ingress"

from_port = 0

to_port = 80

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"]

security_group_id = aws_security_group.mysg.id

}

resource "aws_security_group_rule" "mysgoutbound" {

type = "egress"

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]

security_group_id = aws_security_group.mysg.id

}

EOT

// 맨 위에서 만든 mysg 를 참조한다.

55 sg.txt

2

terraform plan && terraform apply -auto-approve

terraform state list

<5> EC2 생성

1

EC2 생성

cat <<EOT > ec2.tf

data "aws_ami" "my_amazonlinux2" {

most_recent = true

filter {

name = "owner-alias"

values = ["amazon"]

}

filter {

name = "name"

values = ["amzn2-ami-hvm-*-x86_64-ebs"]

}

owners = ["amazon"]

}

resource "aws_instance" "myec2" {

depends_on = [

aws_internet_gateway.myigw

]

ami = data.aws_ami.my_amazonlinux2.id

associate_public_ip_address = true

instance_type = "t2.micro"

vpc_security_group_ids = ["\${aws_security_group.mysg.id}"]

subnet_id = aws_subnet.mysubnet1.id

user_data = <<-EOF

#!/bin/bash

wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64

mv busybox-x86_64 busybox

chmod +x busybox

RZAZ=\$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone-id)

IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

echo "<h1>RegionAz(\$RZAZ) : Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

nohup ./busybox httpd -f -p 80 &

EOF

user_data_replace_on_change = true

tags = {

Name = "HallsHolicker-jjang"

}

}

output "myec2_public_ip" {

value = aws_instance.myec2.public_ip

description = "The public IP of the Instance"

}

EOT

*직접 IDE에 붙여넣을때는 \ 는 제거 필요.

60 ec2.txt

2

확인

terraform plan && terraform apply -auto-approve

3

terraform state list

4

확인 - 모니터링

terraform output -raw myec2_public_ip

MYIP=$(terraform output -raw myec2_public_ip)

while true; do curl --connect-timeout 1 http://$MYIP/ ; echo "------------------------------"; date; sleep 1; done

5

OK 결과

Tue Oct 25 02:44:18 UTC 2022

<h1>RegionAz(apne2-az1) : Instance ID(i-0e7532bfae3fa7116) : Private IP(10.10.1.64) : Web Server</h1>

------------------------------

TF 파일 코드의 아래 내용이 결과로 나온것이다.

RZAZ=\$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone-id)

IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

echo "<h1>RegionAz(\$RZAZ) : Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

70 ec2-mon.txt

6

ec2 삭제

rm -f ec2.tf ; terraform apply -auto-approve

<6> 과제

1

과제

myvpc, mysubnet 을 자신의 닉네임으로 해서 소스 올리자.

masterseo-dev-vpc , masterseo-dev-subnet

2

파일 3개

vpc.tf

sg.tf

ec2.tf

3

수정

vpc.tf

myvpc > masterseo-dev-vpc

mysubnet > masterseo-dev-subnet

t101 > masterseo-dev

sg.tf

myvpc 를 masterseo-dev-vpc

T101 > masterseo-dev

ec2.tf

mysg를 masterseo-dev-sg로 변경

myec2 > masterseo-dev-ec2

myigw > masterseo-dev-igw

mysubnet > masterseo-dev-subnet

T101 > masterseo-dev

HallsHolicker-jjang > aws-masterseo-dev-web01

80 masterseo vpc.txt

90 master sg.txt

100 master-ec2.txt

4

terraform plan && terraform apply -auto-approve

5

콘솔에서 확인

6

삭제

terraform destroy -auto-approve

다음

https://brunch.co.kr/@topasvga/2763

5. 테라폼-AWS-오토스케일링

https://brunch.co.kr/@topasvga/2421

19탄-(몰아보기) 테라폼-AWS

감사합니다.

55 sg.txt