19탄-4. 테라폼-AWS-VPC, data사용

다음은 주말 CloudNet 테라폼 스터디 내용 참고하여  정리한 부분입니다.

https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863

VPC 퍼블릭 서브넷 1개 부터 만들어 보자

VPC 서브넷 2개 만들어 보자

보안 그룹 만들어보자

EC2 만들어보자

총 3개의 tf파일을 만들게 된다.

<1> VPC - subnet 1개  만들기

<2> VPC - subnet 2개  만들기

<3> data 사용 - 이론 확인

<4> 보안 그룹

<5> EC2 생성

<6> 과제

<1> VPC - subnet 1개  만들기

1

우선 디폴트  VPC를 콘솔에서 삭제한다.

 기존 테라폼으로 만든것도 삭제

terraform destroy -auto-approve

변수 부분은 복잡도가 증가하여 최대한 제거함.

mkdir vpc

cd vpc

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "t101-study"

  }

}

EOT

// aws_vpc = aws아래 vpc 가 있다.

11 vpc.txt

2

terraform init

terraform plan && terraform apply -auto-approve

terraform state list

aws_vpc.myvpc

// vpc와 라우팅테이블 1개가 만들어진다.

3

aws cli로 vpc 확인

xport AWS_PAGER=""

aws ec2 describe-vpcs | jq

4

public subnet 1개 만들기

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "t101-study"

  }

}

resource "aws_subnet" "mysubnet1" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "t101-subnet1"

  }

}

EOT

9 pub1.txt

5

terraform plan && terraform apply -auto-approve

6

aws configure

ap-northeast-2

subnet 확인

aws ec2 describe-subnets --output text

 10.10.1.0/24

VPCID=vpc-0b28xxxxxxxx

aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPCID" | jq

"CidrBlock": "10.10.1.0/24",

7

인터넷 게이트 웨이

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "t101-study"

  }

}

resource "aws_subnet" "mysubnet1" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "t101-subnet1"

  }

}

resource "aws_internet_gateway" "myigw" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-igw"

  }

}

EOT

30 igw.txt

8

terraform plan && terraform apply -auto-approve

terraform state list

9

라우팅 테이블 

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "t101-study"

  }

}

resource "aws_subnet" "mysubnet1" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "t101-subnet1"

  }

}

resource "aws_internet_gateway" "myigw" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-igw"

  }

}

resource "aws_route_table" "myrt" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-rt"

  }

}

resource "aws_route_table_association" "myrtassociation1" {

  subnet_id      = aws_subnet.mysubnet1.id

  route_table_id = aws_route_table.myrt.id

}

resource "aws_route" "mydefaultroute" {

  route_table_id         = aws_route_table.myrt.id

  destination_cidr_block = "0.0.0.0/0"

  gateway_id             = aws_internet_gateway.myigw.id

}

EOT

40 route.txt

10

terraform plan && terraform apply -auto-approve

terraform state list

11

라우팅 테이블 확인

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --query 'RouteTables[].Associations[].SubnetId'

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --output table

<2> VPC - subnet 2개  만들기

1

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "t101-study"

  }

}

resource "aws_subnet" "mysubnet1" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "t101-subnet1"

  }

}

resource "aws_subnet" "mysubnet2" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.2.0/24"

  availability_zone = "ap-northeast-2c"

  tags = {

    Name = "t101-subnet2"

  }

}

resource "aws_internet_gateway" "myigw" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-igw"

  }

}

resource "aws_route_table" "myrt" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-rt"

  }

}

resource "aws_route_table_association" "myrtassociation1" {

  subnet_id      = aws_subnet.mysubnet1.id

  route_table_id = aws_route_table.myrt.id

}

resource "aws_route_table_association" "myrtassociation2" {

  subnet_id      = aws_subnet.mysubnet2.id

  route_table_id = aws_route_table.myrt.id

}

resource "aws_route" "mydefaultroute" {

  route_table_id         = aws_route_table.myrt.id

  destination_cidr_block = "0.0.0.0/0"

  gateway_id             = aws_internet_gateway.myigw.id

}

EOT

50 route2.txt

2

terraform plan && terraform apply -auto-approve

terraform state list

3

라우팅 테이블 확인

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --query 'RouteTables[].Associations[].SubnetId'

aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --output table

<3>  data 사용 - 이론 확인

1

데이터 소스 data  ?

AWS 데이터 소스의 경우 “VPC data, subnet data, AMI IDs, IP address ranges, the current user’s identity, and much more.” 정보를 제공

https://mzcdev.github.io/terraform-workshop/terraform/configuration/data_sources/

2

data.aws_vpc.default.id

다른 데이터 소스인 aws_subnet_ids 와 결합하여 해당 VPC 내 서브넷을 조회할 수 있습니다.

data "aws_subnets" "default" {

  filter {

    name   = "vpc-id"

    values = [data.aws_vpc.default.id]

  }

}

3

vpc_zone_identifier 인수를 이용해 aws_subnet_ids 데이터 소스에서 서브넷ID를 가져와서 

ASG가 이 서브넷을 사용하도록 지시할 수 있습니다.

resource "aws_autoscaling_group" "example" {

  launch_configuration = aws_launch_configuration.example.name

  vpc_zone_identifier  = data.aws_subnets.default.ids

  min_size = 2

  max_size = 10

  tag {

    key                 = "Name"

    value               = "terraform-asg-example"

    propagate_at_launch = true

  }

}

<4> 보안그룹

1

보안그룹 만들기

cat <<EOT > sg.tf

resource "aws_security_group" "mysg" {

  vpc_id      = aws_vpc.myvpc.id

  name        = "T101 SG"

  description = "T101 Study SG"

}

resource "aws_security_group_rule" "mysginbound" {

  type              = "ingress"

  from_port         = 0

  to_port           = 80

  protocol          = "tcp"

  cidr_blocks       = ["0.0.0.0/0"]

  security_group_id = aws_security_group.mysg.id

}

resource "aws_security_group_rule" "mysgoutbound" {

  type              = "egress"

  from_port         = 0

  to_port           = 0

  protocol          = "-1"

  cidr_blocks       = ["0.0.0.0/0"]

  security_group_id = aws_security_group.mysg.id

}

EOT

// 맨 위에서 만든 mysg 를 참조한다.

55 sg.txt

2

terraform plan && terraform apply -auto-approve

terraform state list

<5> EC2 생성

1

EC2 생성

cat <<EOT > ec2.tf

data "aws_ami" "my_amazonlinux2" {

  most_recent = true

  filter {

    name   = "owner-alias"

    values = ["amazon"]

  }

  filter {

    name   = "name"

    values = ["amzn2-ami-hvm-*-x86_64-ebs"]

  }

  owners = ["amazon"]

}

resource "aws_instance" "myec2" {

  depends_on = [

    aws_internet_gateway.myigw

  ]

  ami                         = data.aws_ami.my_amazonlinux2.id

  associate_public_ip_address = true

  instance_type               = "t2.micro"

  vpc_security_group_ids      = ["\${aws_security_group.mysg.id}"]

  subnet_id                   = aws_subnet.mysubnet1.id

  user_data = <<-EOF

              #!/bin/bash

              wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64

              mv busybox-x86_64 busybox

              chmod +x busybox

              RZAZ=\$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone-id)

              IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

              LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

              echo "<h1>RegionAz(\$RZAZ) : Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

              nohup ./busybox httpd -f -p 80 &

              EOF

  user_data_replace_on_change = true

  tags = {

    Name = "HallsHolicker-jjang"

  }

}

output "myec2_public_ip" {

  value       = aws_instance.myec2.public_ip

  description = "The public IP of the Instance"

}

EOT

*직접 IDE에 붙여넣을때는 \ 는 제거 필요.

60 ec2.txt

2

확인

terraform plan && terraform apply -auto-approve

3

terraform state list

4

확인 - 모니터링

terraform output -raw myec2_public_ip

MYIP=$(terraform output -raw myec2_public_ip)

while true; do curl --connect-timeout 1  http://$MYIP/ ; echo "------------------------------"; date; sleep 1; done

5

OK 결과

Tue Oct 25 02:44:18 UTC 2022

<h1>RegionAz(apne2-az1) : Instance ID(i-0e7532bfae3fa7116) : Private IP(10.10.1.64) : Web Server</h1>

------------------------------

TF 파일 코드의 아래 내용이 결과로 나온것이다.

       RZAZ=\$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone-id)

       IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

       LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

echo "<h1>RegionAz(\$RZAZ) : Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

70 ec2-mon.txt

6

ec2 삭제

rm -f ec2.tf ; terraform apply -auto-approve

<6> 과제

1

과제

myvpc, mysubnet 을 자신의 닉네임으로 해서 소스 올리자.

masterseo-dev-vpc  ,  masterseo-dev-subnet

2

파일 3개

vpc.tf

sg.tf

ec2.tf

3

수정

vpc.tf

myvpc   >   masterseo-dev-vpc

mysubnet   > masterseo-dev-subnet

t101 > masterseo-dev

sg.tf

myvpc 를   masterseo-dev-vpc

T101 > masterseo-dev

ec2.tf

mysg를 masterseo-dev-sg로 변경

myec2  > masterseo-dev-ec2

myigw   > masterseo-dev-igw

mysubnet  > masterseo-dev-subnet

T101 > masterseo-dev

HallsHolicker-jjang   > aws-masterseo-dev-web01

80 masterseo vpc.txt

90 master sg.txt

100 master-ec2.txt

4

terraform plan && terraform apply -auto-approve

5

콘솔에서 확인

6

삭제

terraform destroy -auto-approve

다음

https://brunch.co.kr/@topasvga/2763

5. 테라폼-AWS-오토스케일링

https://brunch.co.kr/@topasvga/2421

19탄-(몰아보기) 테라폼-AWS

감사합니다.

55 sg.txt