19탄-8. 테라폼-AWS-DEV,STG 환경

by Master Seo

Oct 26. 2022

다음은 주말 CloudNet 테라폼 스터디 내용 참고하여 정리한 부분입니다.

https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863

앞장에서 s3 버킷을 만들었다.

해당 버킷을 사용하자.

<1> dev 환경에서 vpc , ec2 생성. 백엔드 적용

<2> stg 환경에서 vpc , ec2 생성. 백엔드 적용

<1> dev 환경에서 vpc , ec2 생성. 백엔드 적용

1 mkdir dev

cd dev

3개 리소스를 만든다.

vpc.tf

sg.tf

ec2.tf

3 cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "t101-study"

}

resource "aws_subnet" "mysubnet1" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "t101-subnet1"

}

resource "aws_subnet" "mysubnet2" {

vpc_id = aws_vpc.myvpc.id

cidr_block = "10.10.2.0/24"

availability_zone = "ap-northeast-2c"

tags = {

Name = "t101-subnet2"

}

resource "aws_internet_gateway" "myigw" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-igw"

}

resource "aws_route_table" "myrt" {

vpc_id = aws_vpc.myvpc.id

tags = {

Name = "t101-rt"

}

resource "aws_route_table_association" "myrtassociation1" {

subnet_id = aws_subnet.mysubnet1.id

route_table_id = aws_route_table.myrt.id

}

resource "aws_route_table_association" "myrtassociation2" {

subnet_id = aws_subnet.mysubnet2.id

route_table_id = aws_route_table.myrt.id

}

resource "aws_route" "mydefaultroute" {

route_table_id = aws_route_table.myrt.id

destination_cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.myigw.id

}

EOT

4 cat <<EOT > sg.tf

resource "aws_security_group" "mysg" {

vpc_id = aws_vpc.myvpc.id

name = "T101 SG"

description = "T101 Study SG"

}

resource "aws_security_group_rule" "mysginbound" {

type = "ingress"

from_port = 0

to_port = 80

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"]

security_group_id = aws_security_group.mysg.id

}

resource "aws_security_group_rule" "mysgoutbound" {

type = "egress"

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]

security_group_id = aws_security_group.mysg.id

}

EOT

5 cat <<EOT > ec2.tf

data "aws_ami" "my_amazonlinux2" {

most_recent = true

filter {

name = "owner-alias"

values = ["amazon"]

}

filter {

name = "name"

values = ["amzn2-ami-hvm-*-x86_64-ebs"]

}

owners = ["amazon"]

}

resource "aws_instance" "myec2" {

depends_on = [

aws_internet_gateway.myigw

]

ami = data.aws_ami.my_amazonlinux2.id

associate_public_ip_address = true

instance_type = "t2.micro"

vpc_security_group_ids = ["\${aws_security_group.mysg.id}"]

subnet_id = aws_subnet.mysubnet1.id

user_data = <<-EOF

#!/bin/bash

wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64

mv busybox-x86_64 busybox

chmod +x busybox

IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

echo "<h1>Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

nohup ./busybox httpd -f -p 80 &

EOF

user_data_replace_on_change = true

tags = {

Name = "HallsHolicker-jjang"

}

output "myec2_public_ip" {

value = aws_instance.myec2.public_ip

description = "The public IP of the Instance"

}

EOT

6 terraform init && terraform plan && terraform apply -auto-approve

7 다른 터미널에서 curl로 확인한다. EC2로 접근이 되는지 확인한다.

MYIP=$(terraform output -raw myec2_public_ip)

while true; do curl --connect-timeout 1 http://$MYIP/ ; echo "------------------------------"; date; sleep 1; done

100 ec2 check.txt

------------------------------

Thu Oct 27 06:07:05 UTC 2022

<h1>Instance ID(i-002c47956784bd36b) : Private IP(10.10.1.246) : Web Server</h1>

------------------------------

Thu Oct 27 06:07:06 UTC 2022

<h1>Instance ID(i-002c47956784bd36b) : Private IP(10.10.1.246) : Web Server</h1>

8 다른 터미널에서 s3 버킷 모니터링 ?

버킷 하위에 파일이 있는지 모니터링

NICKNAME=masterseo

while true; do aws s3 ls s3://$NICKNAME-t101study-tfstate --recursive --human-readable --summarize ; echo "------------------------------"; date; sleep 1; done

Total Objects: 0

Total Size: 0 Bytes

------------------------------

Thu Oct 27 06:14:12 UTC 2022

Total Objects: 0

9 NICKNAME=masterseo

cat <<EOT > backend.tf

terraform {

backend "s3" {

bucket = "$NICKNAME-t101study-tfstate"

key = "dev/terraform.tfstate"

region = "ap-northeast-2"

dynamodb_table = "terraform-locks"

# encrypt = true

}

EOT

10 terraform init

yes

ls terraform.tfstate*

# ls terraform.tfstate*

terraform.tfstate terraform.tfstate.backup

10 # S3 버킷에 파일 확인 - 원격에 tfstate 파일이 위치한다.

Total Objects: 1

Total Size: 21.7 KiB

------------------------------

Thu Oct 27 06:19:16 UTC 2022

2022-10-27 06:15:05 21.7 KiB dev/terraform.tfstate

# DynamoDB에 LockID 확인

태그변경 , 적용

sed -i -e 's/HallsHolicker-jjang/akbun-jjangg/g' ec2.tf

terraform plan && terraform apply -lock-timeout=60s -auto-approve

다이나모 디비가서 확인 tfstate가 LockID로 나옴.

태그 변경이 완료되면 LockID에서 사라짐

<2> stg 환경에서 vpc , ec2 생성. 백엔드 적용

1

mkdir stg

cd stg

vpc.tf

sg.tf

ec2.tf

2 cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "stg_myvpc" {

cidr_block = "10.20.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "stg_t101-study"

}

resource "aws_subnet" "stg_mysubnet1" {

vpc_id = aws_vpc.stg_myvpc.id

cidr_block = "10.20.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "stg_t101-subnet1"

}

resource "aws_subnet" "stg_mysubnet2" {

vpc_id = aws_vpc.stg_myvpc.id

cidr_block = "10.20.2.0/24"

availability_zone = "ap-northeast-2c"

tags = {

Name = "stg_t101-subnet2"

}

resource "aws_internet_gateway" "stg_myigw" {

vpc_id = aws_vpc.stg_myvpc.id

tags = {

Name = "stg_t101-igw"

}

resource "aws_route_table" "stg_myrt" {

vpc_id = aws_vpc.stg_myvpc.id

tags = {

Name = "stg_t101-rt"

}

resource "aws_route_table_association" "stg_myrtassociation1" {

subnet_id = aws_subnet.stg_mysubnet1.id

route_table_id = aws_route_table.stg_myrt.id

}

resource "aws_route_table_association" "stg_myrtassociation2" {

subnet_id = aws_subnet.stg_mysubnet2.id

route_table_id = aws_route_table.stg_myrt.id

}

resource "aws_route" "stg_mydefaultroute" {

route_table_id = aws_route_table.stg_myrt.id

destination_cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.stg_myigw.id

}

EOT

3 cat <<EOT > sg.tf

resource "aws_security_group" "stg_mysg" {

vpc_id = aws_vpc.stg_myvpc.id

name = "T101 SG"

description = "T101 Study SG"

}

resource "aws_security_group_rule" "stg_mysginbound" {

type = "ingress"

from_port = 0

to_port = 80

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"]

security_group_id = aws_security_group.stg_mysg.id

}

resource "aws_security_group_rule" "stg_mysgoutbound" {

type = "egress"

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = ["0.0.0.0/0"]

security_group_id = aws_security_group.stg_mysg.id

}

EOT

4 cat <<EOT > ec2.tf

data "aws_ami" "my_amazonlinux2" {

most_recent = true

filter {

name = "owner-alias"

values = ["amazon"]

}

filter {

name = "name"

values = ["amzn2-ami-hvm-*-x86_64-ebs"]

}

owners = ["amazon"]

}

resource "aws_instance" "stg_myec2" {

depends_on = [

aws_internet_gateway.stg_myigw

]

ami = data.aws_ami.my_amazonlinux2.id

associate_public_ip_address = true

instance_type = "t2.micro"

vpc_security_group_ids = ["\${aws_security_group.stg_mysg.id}"]

subnet_id = aws_subnet.stg_mysubnet1.id

user_data = <<-EOF

#!/bin/bash

wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64

mv busybox-x86_64 busybox

chmod +x busybox

IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

echo "<h1>Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

nohup ./busybox httpd -f -p 80 &

EOF

user_data_replace_on_change = true

tags = {

Name = "HallsHolicker-jjang"

}

output "myec2_public_ip" {

value = aws_instance.stg_myec2.public_ip

description = "The public IP of the Instance"

}

EOT

5 NICKNAME=masterseo

cat <<EOT > backend.tf

terraform {

backend "s3" {

bucket = "$NICKNAME-t101study-tfstate"

key = "stg/terraform.tfstate"

region = "ap-northeast-2"

dynamodb_table = "terraform-locks"

# encrypt = true

}

EOT

6 배포

terraform init

terraform plan && terraform apply-lock-timeout=60s -auto-approve

130 배포.txt

7 LockID 상태 확인 : 테라폼을 통해 apply 하는 도중에 아래 정보 확인 가능

8 배포후

s3 확인

9 다이나모 디비 확인

https://brunch.co.kr/@topasvga/2782

9. 테라폼-AWS-상태 파일 격리-워크 스페이스

개발, 스테이징, 프로덕트 서비스에 대한 상태 파일은 같이 사용하지 못하므로 각각 격리해야 한다. 테라폼 workspaces 작업공간 격리 파일 레이아웃으로 격리 - 폴더로 격리 1 작업 공간을 통한

https://brunch.co.kr/@topasvga/2782

https://brunch.co.kr/@topasvga/2421

19탄-(몰아보기) 테라폼-AWS

다음은 CloudNet@ 팀에서 진행한 주말 '테라폼' 온라인 스터디에 참여하여 공부한 내용을 정리한 글입니 다. 테라폼을 빠르게 공부하시는데 도움이 되시길 바랍니다~ https://brunch.co.kr/@topasvga/2752 h

https://brunch.co.kr/@topasvga/2421

감사합니다.

Master Seo 소속 클라우드전문가카페 직업 엔지니어

전) 네이버 엔지니어 7년, 네이버 클라우드 공인강사,마스터, PRO , AWS아키프로, Google프로아키, Azure어드민, CCNP, 맛집,여행 전문가, 좋은 기운을 주는사람

구독자 2,546

매거진의 이전글19탄-7. 테라폼-AWS-테라폼 상태관리19탄-9. 테라폼-AWS-상태 파일 격리-워크스페이스매거진의 다음글