19탄-8. 테라폼-AWS-DEV,STG 환경

다음은 주말 CloudNet 테라폼 스터디 내용 참고하여  정리한 부분입니다.

https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863

앞장에서 s3 버킷을 만들었다.

해당 버킷을 사용하자.

<1> dev 환경에서 vpc , ec2 생성. 백엔드 적용

<2> stg 환경에서 vpc , ec2 생성. 백엔드 적용

<1> dev 환경에서 vpc , ec2 생성. 백엔드 적용

1

mkdir dev

cd dev

2

3개 리소스를 만든다.

vpc.tf

sg.tf

ec2.tf

3

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "myvpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "t101-study"

  }

}

resource "aws_subnet" "mysubnet1" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "t101-subnet1"

  }

}

resource "aws_subnet" "mysubnet2" {

  vpc_id     = aws_vpc.myvpc.id

  cidr_block = "10.10.2.0/24"

  availability_zone = "ap-northeast-2c"

  tags = {

    Name = "t101-subnet2"

  }

}

resource "aws_internet_gateway" "myigw" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-igw"

  }

}

resource "aws_route_table" "myrt" {

  vpc_id = aws_vpc.myvpc.id

  tags = {

    Name = "t101-rt"

  }

}

resource "aws_route_table_association" "myrtassociation1" {

  subnet_id      = aws_subnet.mysubnet1.id

  route_table_id = aws_route_table.myrt.id

}

resource "aws_route_table_association" "myrtassociation2" {

  subnet_id      = aws_subnet.mysubnet2.id

  route_table_id = aws_route_table.myrt.id

}

resource "aws_route" "mydefaultroute" {

  route_table_id         = aws_route_table.myrt.id

  destination_cidr_block = "0.0.0.0/0"

  gateway_id             = aws_internet_gateway.myigw.id

}

EOT

4

cat <<EOT > sg.tf

resource "aws_security_group" "mysg" {

  vpc_id      = aws_vpc.myvpc.id

  name        = "T101 SG"

  description = "T101 Study SG"

}

resource "aws_security_group_rule" "mysginbound" {

  type              = "ingress"

  from_port         = 0

  to_port           = 80

  protocol          = "tcp"

  cidr_blocks       = ["0.0.0.0/0"]

  security_group_id = aws_security_group.mysg.id

}

resource "aws_security_group_rule" "mysgoutbound" {

  type              = "egress"

  from_port         = 0

  to_port           = 0

  protocol          = "-1"

  cidr_blocks       = ["0.0.0.0/0"]

  security_group_id = aws_security_group.mysg.id

}

EOT

5

cat <<EOT > ec2.tf

data "aws_ami" "my_amazonlinux2" {

  most_recent = true

  filter {

    name   = "owner-alias"

    values = ["amazon"]

  }

  filter {

    name   = "name"

    values = ["amzn2-ami-hvm-*-x86_64-ebs"]

  }

  owners = ["amazon"]

}

resource "aws_instance" "myec2" {

  depends_on = [

    aws_internet_gateway.myigw

  ]

  ami                         = data.aws_ami.my_amazonlinux2.id

  associate_public_ip_address = true

  instance_type               = "t2.micro"

  vpc_security_group_ids      = ["\${aws_security_group.mysg.id}"]

  subnet_id                   = aws_subnet.mysubnet1.id

  user_data = <<-EOF

              #!/bin/bash

              wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64

              mv busybox-x86_64 busybox

              chmod +x busybox

              IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

              LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

              echo "<h1>Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

              nohup ./busybox httpd -f -p 80 &

              EOF

  user_data_replace_on_change = true

  tags = {

    Name = "HallsHolicker-jjang"

  }

}

output "myec2_public_ip" {

  value       = aws_instance.myec2.public_ip

  description = "The public IP of the Instance"

}

EOT

6

terraform init && terraform plan && terraform apply -auto-approve

7

다른 터미널에서 curl로  확인한다.  EC2로 접근이 되는지 확인한다.

MYIP=$(terraform output -raw myec2_public_ip)

while true; do curl --connect-timeout 1  http://$MYIP/ ; echo "------------------------------"; date; sleep 1; done

100 ec2 check.txt

------------------------------

Thu Oct 27 06:07:05 UTC 2022

<h1>Instance ID(i-002c47956784bd36b) : Private IP(10.10.1.246) : Web Server</h1>

------------------------------

Thu Oct 27 06:07:06 UTC 2022

<h1>Instance ID(i-002c47956784bd36b) : Private IP(10.10.1.246) : Web Server</h1>

8

다른 터미널에서 s3 버킷 모니터링 ?

버킷 하위에 파일이 있는지 모니터링

NICKNAME=masterseo

while true; do aws s3 ls s3://$NICKNAME-t101study-tfstate --recursive --human-readable --summarize ; echo "------------------------------"; date; sleep 1; done

Total Objects: 0

   Total Size: 0 Bytes

------------------------------

Thu Oct 27 06:14:12 UTC 2022

Total Objects: 0

9

NICKNAME=masterseo

cat <<EOT > backend.tf

terraform {

  backend "s3" {

    bucket = "$NICKNAME-t101study-tfstate"

    key    = "dev/terraform.tfstate"

    region = "ap-northeast-2"

    dynamodb_table = "terraform-locks"

    # encrypt        = true

  }

}

EOT

10

terraform init

yes

ls terraform.tfstate*

# ls terraform.tfstate*

terraform.tfstate  terraform.tfstate.backup

10

# S3 버킷에 파일 확인 - 원격에 tfstate  파일이 위치한다.

Total Objects: 1

   Total Size: 21.7 KiB

------------------------------

Thu Oct 27 06:19:16 UTC 2022

2022-10-27 06:15:05   21.7 KiB dev/terraform.tfstate

11

# DynamoDB에 LockID 확인

12

태그변경 , 적용

sed -i -e 's/HallsHolicker-jjang/akbun-jjangg/g' ec2.tf

terraform plan && terraform apply -lock-timeout=60s -auto-approve

다이나모 디비가서 확인 tfstate가 LockID로 나옴.

태그 변경이 완료되면 LockID에서 사라짐

<2> stg 환경에서 vpc , ec2 생성. 백엔드 적용

1

mkdir stg

cd stg

vpc.tf

sg.tf

ec2.tf

2

cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "stg_myvpc" {

  cidr_block       = "10.20.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "stg_t101-study"

  }

}

resource "aws_subnet" "stg_mysubnet1" {

  vpc_id     = aws_vpc.stg_myvpc.id

  cidr_block = "10.20.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "stg_t101-subnet1"

  }

}

resource "aws_subnet" "stg_mysubnet2" {

  vpc_id     = aws_vpc.stg_myvpc.id

  cidr_block = "10.20.2.0/24"

  availability_zone = "ap-northeast-2c"

  tags = {

    Name = "stg_t101-subnet2"

  }

}

resource "aws_internet_gateway" "stg_myigw" {

  vpc_id = aws_vpc.stg_myvpc.id

  tags = {

    Name = "stg_t101-igw"

  }

}

resource "aws_route_table" "stg_myrt" {

  vpc_id = aws_vpc.stg_myvpc.id

  tags = {

    Name = "stg_t101-rt"

  }

}

resource "aws_route_table_association" "stg_myrtassociation1" {

  subnet_id      = aws_subnet.stg_mysubnet1.id

  route_table_id = aws_route_table.stg_myrt.id

}

resource "aws_route_table_association" "stg_myrtassociation2" {

  subnet_id      = aws_subnet.stg_mysubnet2.id

  route_table_id = aws_route_table.stg_myrt.id

}

resource "aws_route" "stg_mydefaultroute" {

  route_table_id         = aws_route_table.stg_myrt.id

  destination_cidr_block = "0.0.0.0/0"

  gateway_id             = aws_internet_gateway.stg_myigw.id

}

EOT

3

cat <<EOT > sg.tf

resource "aws_security_group" "stg_mysg" {

  vpc_id      = aws_vpc.stg_myvpc.id

  name        = "T101 SG"

  description = "T101 Study SG"

}

resource "aws_security_group_rule" "stg_mysginbound" {

  type              = "ingress"

  from_port         = 0

  to_port           = 80

  protocol          = "tcp"

  cidr_blocks       = ["0.0.0.0/0"]

  security_group_id = aws_security_group.stg_mysg.id

}

resource "aws_security_group_rule" "stg_mysgoutbound" {

  type              = "egress"

  from_port         = 0

  to_port           = 0

  protocol          = "-1"

  cidr_blocks       = ["0.0.0.0/0"]

  security_group_id = aws_security_group.stg_mysg.id

}

EOT

4

cat <<EOT > ec2.tf

data "aws_ami" "my_amazonlinux2" {

  most_recent = true

  filter {

    name   = "owner-alias"

    values = ["amazon"]

  }

  filter {

    name   = "name"

    values = ["amzn2-ami-hvm-*-x86_64-ebs"]

  }

  owners = ["amazon"]

}

resource "aws_instance" "stg_myec2" {

  depends_on = [

    aws_internet_gateway.stg_myigw

  ]

  ami                         = data.aws_ami.my_amazonlinux2.id

  associate_public_ip_address = true

  instance_type               = "t2.micro"

  vpc_security_group_ids      = ["\${aws_security_group.stg_mysg.id}"]

  subnet_id                   = aws_subnet.stg_mysubnet1.id

  user_data = <<-EOF

              #!/bin/bash

              wget https://busybox.net/downloads/binaries/1.31.0-defconfig-multiarch-musl/busybox-x86_64

              mv busybox-x86_64 busybox

              chmod +x busybox

              IID=\$(curl 169.254.169.254/latest/meta-data/instance-id)

              LIP=\$(curl 169.254.169.254/latest/meta-data/local-ipv4)

              echo "<h1>Instance ID(\$IID) : Private IP(\$LIP) : Web Server</h1>" > index.html

              nohup ./busybox httpd -f -p 80 &

              EOF

  user_data_replace_on_change = true

  tags = {

    Name = "HallsHolicker-jjang"

  }

}

output "myec2_public_ip" {

  value       = aws_instance.stg_myec2.public_ip

  description = "The public IP of the Instance"

}

EOT

5

NICKNAME=masterseo

cat <<EOT > backend.tf

terraform {

  backend "s3" {

    bucket = "$NICKNAME-t101study-tfstate"

    key    = "stg/terraform.tfstate"

    region = "ap-northeast-2"

    dynamodb_table = "terraform-locks"

    # encrypt        = true

  }

}

EOT

6

배포

terraform init

terraform plan && terraform apply-lock-timeout=60s -auto-approve

130 배포.txt

7

LockID 상태 확인 : 테라폼을 통해 apply 하는 도중에 아래 정보 확인 가능

8

배포후

s3  확인

9

다이나모 디비 확인

다음

https://brunch.co.kr/@topasvga/2782

9. 테라폼-AWS-상태 파일 격리-워크 스페이스

https://brunch.co.kr/@topasvga/2421

19탄-(몰아보기) 테라폼-AWS

감사합니다.