19탄-4. 테라폼-AWS-VPC, data사용
다음은 주말 CloudNet 테라폼 스터디 내용 참고하여 정리한 부분입니다.
https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863
VPC 퍼블릭 서브넷 1개 부터 만들어 보자
VPC 서브넷 2개 만들어 보자
보안 그룹 만들어보자
EC2 만들어보자
총 3개의 tf파일을 만들게 된다.
<1> VPC - subnet 1개 만들기
<2> VPC - subnet 2개 만들기
<3> data 사용 - 이론 확인
<4> 보안 그룹
<5> EC2 생성
<6> 과제
<1> VPC - subnet 1개 만들기
1
우선 디폴트 VPC를 콘솔에서 삭제한다.
기존 테라폼으로 만든것도 삭제
terraform destroy -auto-approve
변수 부분은 복잡도가 증가하여 최대한 제거함.
mkdir vpc
cd vpc
cat <<EOT > vpc.tf
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_vpc" "myvpc" {
cidr_block = "10.10.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "t101-study"
}
}
EOT
// aws_vpc = aws아래 vpc 가 있다.
2
terraform init
terraform plan && terraform apply -auto-approve
terraform state list
aws_vpc.myvpc
// vpc와 라우팅테이블 1개가 만들어진다.
3
aws cli로 vpc 확인
xport AWS_PAGER=""
aws ec2 describe-vpcs | jq
4
public subnet 1개 만들기
cat <<EOT > vpc.tf
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_vpc" "myvpc" {
cidr_block = "10.10.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "t101-study"
}
}
resource "aws_subnet" "mysubnet1" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.10.1.0/24"
availability_zone = "ap-northeast-2a"
tags = {
Name = "t101-subnet1"
}
}
EOT
5
terraform plan && terraform apply -auto-approve
6
aws configure
ap-northeast-2
subnet 확인
aws ec2 describe-subnets --output text
10.10.1.0/24
VPCID=vpc-0b28xxxxxxxx
aws ec2 describe-subnets --filters "Name=vpc-id,Values=$VPCID" | jq
"CidrBlock": "10.10.1.0/24",
7
인터넷 게이트 웨이
cat <<EOT > vpc.tf
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_vpc" "myvpc" {
cidr_block = "10.10.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "t101-study"
}
}
resource "aws_subnet" "mysubnet1" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.10.1.0/24"
availability_zone = "ap-northeast-2a"
tags = {
Name = "t101-subnet1"
}
}
resource "aws_internet_gateway" "myigw" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "t101-igw"
}
}
EOT
8
terraform plan && terraform apply -auto-approve
terraform state list
9
라우팅 테이블
cat <<EOT > vpc.tf
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_vpc" "myvpc" {
cidr_block = "10.10.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "t101-study"
}
}
resource "aws_subnet" "mysubnet1" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.10.1.0/24"
availability_zone = "ap-northeast-2a"
tags = {
Name = "t101-subnet1"
}
}
resource "aws_internet_gateway" "myigw" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "t101-igw"
}
}
resource "aws_route_table" "myrt" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "t101-rt"
}
}
resource "aws_route_table_association" "myrtassociation1" {
subnet_id = aws_subnet.mysubnet1.id
route_table_id = aws_route_table.myrt.id
}
resource "aws_route" "mydefaultroute" {
route_table_id = aws_route_table.myrt.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.myigw.id
}
EOT
10
terraform plan && terraform apply -auto-approve
terraform state list
11
라우팅 테이블 확인
aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --query 'RouteTables[].Associations[].SubnetId'
aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --output table
<2> VPC - subnet 2개 만들기
1
cat <<EOT > vpc.tf
provider "aws" {
region = "ap-northeast-2"
}
resource "aws_vpc" "myvpc" {
cidr_block = "10.10.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "t101-study"
}
}
resource "aws_subnet" "mysubnet1" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.10.1.0/24"
availability_zone = "ap-northeast-2a"
tags = {
Name = "t101-subnet1"
}
}
resource "aws_subnet" "mysubnet2" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "10.10.2.0/24"
availability_zone = "ap-northeast-2c"
tags = {
Name = "t101-subnet2"
}
}
resource "aws_internet_gateway" "myigw" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "t101-igw"
}
}
resource "aws_route_table" "myrt" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "t101-rt"
}
}
resource "aws_route_table_association" "myrtassociation1" {
subnet_id = aws_subnet.mysubnet1.id
route_table_id = aws_route_table.myrt.id
}
resource "aws_route_table_association" "myrtassociation2" {
subnet_id = aws_subnet.mysubnet2.id
route_table_id = aws_route_table.myrt.id
}
resource "aws_route" "mydefaultroute" {
route_table_id = aws_route_table.myrt.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.myigw.id
}
EOT
2
terraform plan && terraform apply -auto-approve
terraform state list
3
라우팅 테이블 확인
aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --query 'RouteTables[].Associations[].SubnetId'
aws ec2 describe-route-tables --filters 'Name=tag:Name,Values=t101-rt' --output table
<3> data 사용 - 이론 확인
1
데이터 소스 data ?
AWS 데이터 소스의 경우 “VPC data, subnet data, AMI IDs, IP address ranges, the current user’s identity, and much more.” 정보를 제공
https://mzcdev.github.io/terraform-workshop/terraform/configuration/data_sources/
2
data.aws_vpc.default.id
다른 데이터 소스인 aws_subnet_ids 와 결합하여 해당 VPC 내 서브넷을 조회할 수 있습니다.
data "aws_subnets" "default" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
}
3
vpc_zone_identifier 인수를 이용해 aws_subnet_ids 데이터 소스에서 서브넷ID를 가져와서
ASG가 이 서브넷을 사용하도록 지시할 수 있습니다.
resource "aws_autoscaling_group" "example" {
launch_configuration = aws_launch_configuration.example.name
vpc_zone_identifier = data.aws_subnets.default.ids
min_size = 2
max_size = 10
tag {
key = "Name"
value = "terraform-asg-example"
propagate_at_launch = true
}
}
<4> 보안그룹
1
보안그룹 만들기
cat <<EOT > sg.tf
resource "aws_security_group" "mysg" {
vpc_id = aws_vpc.myvpc.id
name = "T101 SG"
description = "T101 Study SG"
}
resource "aws_security_group_rule" "mysginbound" {
type = "ingress"
from_port = 0
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.mysg.id
}
resource "aws_security_group_rule" "mysgoutbound" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = aws_security_group.mysg.id
}
EOT
// 맨 위에서 만든 mysg 를 참조한다.
2
terraform plan && terraform apply -auto-approve
terraform state list
<5> EC2 생성
1
EC2 생성
cat <<EOT > ec2.tf
data "aws_ami" "my_amazonlinux2" {
most_recent = true
filter {
name = "owner-alias"
values = ["amazon"]
}
filter {
name = "name"
values = ["amzn2-ami-hvm-*-x86_64-ebs"]
}
owners = ["amazon"]
}
resource "aws_instance" "myec2" {
depends_on = [
aws_internet_gateway.myigw
]
ami = data.aws_ami.my_amazonlinux2.id
associate_public_ip_address = true
instance_type = "t2.micro"
vpc_security_group_ids = ["\${aws_security_group.mysg.id}"]
subnet_id = aws_subnet.mysubnet1.id
user_data = <<-EOF
#!/bin/bash
wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64
mv busybox-x86_64 busybox
chmod +x busybox
RZAZ=\$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone-id)
IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)
LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)
echo "<h1>RegionAz(\$RZAZ) : Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html
nohup ./busybox httpd -f -p 80 &
EOF
user_data_replace_on_change = true
tags = {
Name = "HallsHolicker-jjang"
}
}
output "myec2_public_ip" {
value = aws_instance.myec2.public_ip
description = "The public IP of the Instance"
}
EOT
*직접 IDE에 붙여넣을때는 \ 는 제거 필요.
2
확인
terraform plan && terraform apply -auto-approve
3
terraform state list
4
확인 - 모니터링
terraform output -raw myec2_public_ip
MYIP=$(terraform output -raw myec2_public_ip)
while true; do curl --connect-timeout 1 http://$MYIP/ ; echo "------------------------------"; date; sleep 1; done
5
OK 결과
Tue Oct 25 02:44:18 UTC 2022
<h1>RegionAz(apne2-az1) : Instance ID(i-0e7532bfae3fa7116) : Private IP(10.10.1.64) : Web Server</h1>
------------------------------
TF 파일 코드의 아래 내용이 결과로 나온것이다.
RZAZ=\$(curl http://169.254.169.254/latest/meta-data/placement/availability-zone-id)
IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)
LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)
echo "<h1>RegionAz(\$RZAZ) : Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html
6
ec2 삭제
rm -f ec2.tf ; terraform apply -auto-approve
<6> 과제
1
과제
myvpc, mysubnet 을 자신의 닉네임으로 해서 소스 올리자.
masterseo-dev-vpc , masterseo-dev-subnet
2
파일 3개
vpc.tf
sg.tf
ec2.tf
3
수정
vpc.tf
myvpc > masterseo-dev-vpc
mysubnet > masterseo-dev-subnet
t101 > masterseo-dev
sg.tf
myvpc 를 masterseo-dev-vpc
T101 > masterseo-dev
ec2.tf
mysg를 masterseo-dev-sg로 변경
myec2 > masterseo-dev-ec2
myigw > masterseo-dev-igw
mysubnet > masterseo-dev-subnet
T101 > masterseo-dev
HallsHolicker-jjang > aws-masterseo-dev-web01
4
terraform plan && terraform apply -auto-approve
5
콘솔에서 확인
6
삭제
terraform destroy -auto-approve
다음
https://brunch.co.kr/@topasvga/2763
https://brunch.co.kr/@topasvga/2421
감사합니다.
