brunch

You can make anything
by writing

C.S.Lewis

by Master Seo Nov 09. 2022

19탄-12. 테라폼-AWS-네트워크 구축하기 예제

다음은 주말 CloudNet 테라폼 스터디 내용 참고하여  정리한 부분입니다.

https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863



<1> Public Subnet 2개 구축하기

<2> Public Subnet 1개 , Private Subnet 1개 구축하기,  NAT 1개 포함

<3> Public Subnet 2개 , Private Subnet 2개 구축하기,  NAT 2개 포함

<4> Public Subnet 1개 , 변수로 처리



<1> Public Subnet 2개 구축하기


cat <<EOT > vpc.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "masterseo-dev-vpc" {

  cidr_block       = "10.10.0.0/16"

  enable_dns_support   = true

  enable_dns_hostnames = true

  tags = {

    Name = "masterseo-dev-study"

  }

}

resource "aws_subnet" "masterseo-dev-subnet1" {

  vpc_id     = aws_vpc.masterseo-dev-vpc.id

  cidr_block = "10.10.1.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "masterseo-dev-subnet1"

  }

}

resource "aws_subnet" "masterseo-dev-subnet2" {

  vpc_id     = aws_vpc.masterseo-dev-vpc.id

  cidr_block = "10.10.2.0/24"

  availability_zone = "ap-northeast-2c"

  tags = {

    Name = "masterseo-dev-subnet2"

  }

}

resource "aws_internet_gateway" "masterseo-dev-igw" {

  vpc_id = aws_vpc.masterseo-dev-vpc.id

  tags = {

    Name = "masterseo-dev-igw"

  }

}

resource "aws_route_table" "masterseo-dev-rt" {

  vpc_id = aws_vpc.masterseo-dev-vpc.id

  tags = {

    Name = "masterseo-dev-rt"

  }

}

resource "aws_route_table_association" "masterseo-dev-rtassociation1" {

  subnet_id      = aws_subnet.masterseo-dev-subnet1.id

  route_table_id = aws_route_table.masterseo-dev-rt.id

}

resource "aws_route_table_association" "masterseo-dev-rtassociation2" {

  subnet_id      = aws_subnet.masterseo-dev-subnet2.id

  route_table_id = aws_route_table.masterseo-dev-rt.id

}

resource "aws_route" "mydefaultroute" {

  route_table_id         = aws_route_table.masterseo-dev-rt.id

  destination_cidr_block = "0.0.0.0/0"

  gateway_id             = aws_internet_gateway.masterseo-dev-igw.id

}

EOT





2

terraform init

terraform plan

terraform apply -auto-approve



3

삭제

 terraform destroy -auto-approve



<2> Public Subnet 1개 , Private Subnet 1개 구축하기,  NAT 1개 포함


1

vpc 만들기

vpc를 만들면 vpc와  로컬 라우팅 테이블 1개가 생긴다.


cat <<EOF > provider.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "main" {

  cidr_block = "10.0.0.0/16"

  tags = {

    Name = "terraform-101"

  }

}

resource "aws_subnet" "public_subnet" {

  vpc_id = aws_vpc.main.id

  cidr_block = "10.0.0.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "terraform-101-public-subnet"

  }

}

resource "aws_subnet" "private_subnet" {

  vpc_id = aws_vpc.main.id

  cidr_block = "10.0.10.0/24"

  tags = {

    Name = "terraform-101-private-subnet"

  }

}

resource "aws_internet_gateway" "igw" {

  vpc_id = aws_vpc.main.id

  tags = {

    Name = "terraform-101-igw"

  }

}

resource "aws_eip" "nat" {

  vpc   = true

  lifecycle {

    create_before_destroy = true

  }

}

resource "aws_nat_gateway" "nat_gateway" {

  allocation_id = aws_eip.nat.id

  subnet_id = aws_subnet.public_subnet.id

  tags = {

    Name = "terraform-NATGW"

  }

}

resource "aws_route_table" "public" {

  vpc_id = aws_vpc.main.id

  route {

    cidr_block = "0.0.0.0/0"

    gateway_id = aws_internet_gateway.igw.id

  }

  tags = {

    Name = "terraform-101-rt-public"

  }

}

resource "aws_route_table_association" "route_table_association_public" {

  subnet_id      = aws_subnet.public_subnet.id

  route_table_id = aws_route_table.public.id

}

resource "aws_route_table" "private" {

  vpc_id = aws_vpc.main.id

  tags = {

    Name = "terraform-101-rt-private"

  }

}

resource "aws_route_table_association" "route_table_association_private" {

  subnet_id      = aws_subnet.private_subnet.id

  route_table_id = aws_route_table.private.id

}

resource "aws_route" "private_nat" {

  route_table_id              = aws_route_table.private.id

  destination_cidr_block      = "0.0.0.0/0"

  nat_gateway_id              = aws_nat_gateway.nat_gateway.id

}

EOF




terraform init

terraform plan

terraform apply -auto-approve


2

 terraform destroy -auto-approve




<3> Public Subnet 2개 , Private Subnet 2개 구축하기,  NAT 2개 포함


1

# pub2 , pri2 , nat 2 -> pub2, pri2, pridb2, nat2



cat <<EOF > provider.tf

provider "aws" {

  region  = "ap-northeast-2"

}

resource "aws_vpc" "main" {

  cidr_block       = "10.0.0.0/20"

  tags = {

    Name = "terraform-101"

  }

}

resource "aws_subnet" "pub1" {

  vpc_id     = aws_vpc.main.id

  cidr_block = "10.0.0.0/23"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "101subnet-1"

  }

}

resource "aws_subnet" "pub2" {

  vpc_id     = aws_vpc.main.id

  cidr_block = "10.0.2.0/23"

  availability_zone = "ap-northeast-2c"

  tags = {

    Name = "101subnet-2"

  }

}

resource "aws_internet_gateway" "igw" {

  vpc_id = aws_vpc.main.id

  tags = {

    Name = "main"

  }

}

# default route 

resource "aws_route_table" "public" {

  vpc_id = aws_vpc.main.id

  route {

    cidr_block = "0.0.0.0/0"

    gateway_id = aws_internet_gateway.igw.id

  }

    tags = {

    Name = "main-public"

  }

}

resource "aws_route_table_association" "public_association_1" {

  subnet_id      = aws_subnet.pub1.id

  route_table_id = aws_route_table.public.id

}

resource "aws_route_table_association" "public_association_2" {

  subnet_id      = aws_subnet.pub2.id

  route_table_id = aws_route_table.public.id

}

resource "aws_subnet" "pri1" {

  vpc_id     = aws_vpc.main.id

  cidr_block = "10.0.4.0/23"

  availability_zone = "ap-northeast-2a"

  tags = {

    Name = "101subnet-private-1"

  }

}

resource "aws_subnet" "pri2" {

  vpc_id     = aws_vpc.main.id

  cidr_block = "10.0.6.0/23"

  availability_zone = "ap-northeast-2c"

  tags = {

    Name = "101subnet-private-2"

  }

}

# nat

resource "aws_eip" "nat_1" {

  vpc   = true

  lifecycle {

    create_before_destroy = true

  }

}

resource "aws_eip" "nat_2" {

  vpc   = true

  lifecycle {

    create_before_destroy = true

  }

}

resource "aws_nat_gateway" "nat_gateway_1" {

  allocation_id = aws_eip.nat_1.id

  # Private subnet이 아니라 public subnet을 연결하셔야 합니다.

  subnet_id = aws_subnet.pub1.id

  tags = {

    Name = "NAT-GW-1"

  }

}

resource "aws_nat_gateway" "nat_gateway_2" {

  allocation_id = aws_eip.nat_2.id

  subnet_id = aws_subnet.pub2.id

  tags = {

    Name = "NAT-GW-2"

  }

}

# private route table add

resource "aws_route_table" "public_private_1" {

  vpc_id = aws_vpc.main.id

  tags = {

    Name = "main-private-1"

  }

}

resource "aws_route_table" "public_private_2" {

  vpc_id = aws_vpc.main.id

  tags = {

    Name = "main-private-2"

  }

}

resource "aws_route_table_association" "public_association_private_1" {

  subnet_id      = aws_subnet.pri1.id

  route_table_id = aws_route_table.public_private_1.id

}

resource "aws_route_table_association" "public_association_private_2" {

  subnet_id      = aws_subnet.pri2.id

  route_table_id = aws_route_table.public_private_2.id

}

resource "aws_route" "private_nat_1" {

  route_table_id              = aws_route_table.public_private_1.id

  destination_cidr_block      = "0.0.0.0/0"

  nat_gateway_id              = aws_nat_gateway.nat_gateway_1.id

}

resource "aws_route" "private_nat_2" {

  route_table_id              = aws_route_table.public_private_2.id

  destination_cidr_block      = "0.0.0.0/0"

  nat_gateway_id              = aws_nat_gateway.nat_gateway_2.id

}

EOF


terraform init

terraform plan

terraform apply -auto-approve



2

 terraform destroy -auto-approve





<4> Public Subnet 1개 , 변수로 처리


1

cat <<EOT > var.tf

variable "vpc_cidr" {

  default = "10.0.0.0/16"

}

variable "public_cidr" {

  default = "10.0.10.0/24"

}

data "aws_ami" "ubuntu" {

  most_recent = true

  filter {

    name   = "name"

    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

  }

  filter {

    name   = "virtualization-type"

    values = ["hvm"]

  }

  owners = ["099720109477"] # Canonical

}

variable "server_port" {

  default = "50000"

}

EOT



# 1주차 과제 -  AWS VPC(Subnet, IGW 등)을 코드로 배포한 환경에서 EC2 웹 서버 배포


cat <<EOT > main.tf

# provider 설정

provider "aws" {

  region = "ap-northeast-2"

}

# vpc 생성

resource "aws_vpc" "vpc" {

  cidr_block = var.vpc_cidr

  enable_dns_hostnames = true

  enable_dns_support = true

  tags = {

    "Name" = "vpc"

  }

}

# public subnet 생성

resource "aws_subnet" "pub1" {

  vpc_id = aws_vpc.vpc.id

  cidr_block = var.public_cidr

  availability_zone = "ap-northeast-2a"

  map_public_ip_on_launch = true

  tags = {

    Name = "pub1"

  }  

}

# igw 생성

resource "aws_internet_gateway" "igw" {

  vpc_id = aws_vpc.vpc.id

  tags = {

    Name = "igw"

  }

}

# public route table 생성 및 igw로의 라우팅 설정

resource "aws_route_table" "pubrt" {

  vpc_id = aws_vpc.vpc.id

  route {

    cidr_block = "0.0.0.0/0"

    gateway_id = aws_internet_gateway.igw.id

  }

  tags = {

    Name = "pubrt"

  }

}

# 라우팅 테이블과 서브넷 연결

resource "aws_route_table_association" "prta" {

  subnet_id      = aws_subnet.pub1.id

  route_table_id = aws_route_table.pubrt.id

}

# EC2 생성 (Ubuntu, Apache, 닉네임포함 index.html, 포트 50000)

resource "aws_instance" "ec2" {

  ami = data.aws_ami.ubuntu.id

  instance_type = "t2.micro"

  subnet_id = aws_subnet.pub1.id

  vpc_security_group_ids = [aws_security_group.ec2-sg.id]

  user_data = <<EOF

#!/bin/bash

apt install -y apache2

echo "Hello nasir, from Terraform 101 Study" > index.html

nohup busybox httpd -f -p ${var.server_port} &

EOF

  tags = {

    Name = "ec2"

  }

}

# EC2 보안그룹 (포트 50000에 대해서만 개방)

resource "aws_security_group" "ec2-sg" {

  name = "ec2-sg"

  description = "Security group for EC2 instance"

  vpc_id = aws_vpc.vpc.id

  ingress {

    from_port = var.server_port

    to_port = var.server_port

    protocol = "tcp"

    cidr_blocks = ["0.0.0.0/0"]

  }

  egress {

    protocol    = "-1"

    from_port   = 0

    to_port     = 0

    cidr_blocks = ["0.0.0.0/0"]

  }  

  tags = {

    Name = "ec2-sg"

  }

}

}

EOT



terraform init

terraform plan

terraform apply -auto-approve




3

삭제

 terraform destroy -auto-approve




다음

https://brunch.co.kr/@topasvga/2806






https://brunch.co.kr/@topasvga/2421


감사합니다.


브런치는 최신 브라우저에 최적화 되어있습니다. IE chrome safari