19탄-12. 테라폼-AWS-네트워크 구축하기 예제

다음은 주말 CloudNet 테라폼 스터디 내용 참고하여 정리한 부분입니다.

https://gasidaseo.notion.site/gasidaseo/CloudNet-Blog-c9dfa44a27ff431dafdd2edacc8a1863

<1> Public Subnet 2개 구축하기

<2> Public Subnet 1개 , Private Subnet 1개 구축하기, NAT 1개 포함

<3> Public Subnet 2개 , Private Subnet 2개 구축하기, NAT 2개 포함

<4> Public Subnet 1개 , 변수로 처리

<1> Public Subnet 2개 구축하기

cat <<EOT > vpc.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "masterseo-dev-vpc" {

cidr_block = "10.10.0.0/16"

enable_dns_support = true

enable_dns_hostnames = true

tags = {

Name = "masterseo-dev-study"

}

}

resource "aws_subnet" "masterseo-dev-subnet1" {

vpc_id = aws_vpc.masterseo-dev-vpc.id

cidr_block = "10.10.1.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "masterseo-dev-subnet1"

}

}

resource "aws_subnet" "masterseo-dev-subnet2" {

vpc_id = aws_vpc.masterseo-dev-vpc.id

cidr_block = "10.10.2.0/24"

availability_zone = "ap-northeast-2c"

tags = {

Name = "masterseo-dev-subnet2"

}

}

resource "aws_internet_gateway" "masterseo-dev-igw" {

vpc_id = aws_vpc.masterseo-dev-vpc.id

tags = {

Name = "masterseo-dev-igw"

}

}

resource "aws_route_table" "masterseo-dev-rt" {

vpc_id = aws_vpc.masterseo-dev-vpc.id

tags = {

Name = "masterseo-dev-rt"

}

}

resource "aws_route_table_association" "masterseo-dev-rtassociation1" {

subnet_id = aws_subnet.masterseo-dev-subnet1.id

route_table_id = aws_route_table.masterseo-dev-rt.id

}

resource "aws_route_table_association" "masterseo-dev-rtassociation2" {

subnet_id = aws_subnet.masterseo-dev-subnet2.id

route_table_id = aws_route_table.masterseo-dev-rt.id

}

resource "aws_route" "mydefaultroute" {

route_table_id = aws_route_table.masterseo-dev-rt.id

destination_cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.masterseo-dev-igw.id

}

EOT

80 masterseo vpc-pub2.txt

2

terraform init

terraform plan

terraform apply -auto-approve

3

삭제

terraform destroy -auto-approve

<2> Public Subnet 1개 , Private Subnet 1개 구축하기, NAT 1개 포함

1

vpc 만들기

vpc를 만들면 vpc와 로컬 라우팅 테이블 1개가 생긴다.

cat <<EOF > provider.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "main" {

cidr_block = "10.0.0.0/16"

tags = {

Name = "terraform-101"

}

}

resource "aws_subnet" "public_subnet" {

vpc_id = aws_vpc.main.id

cidr_block = "10.0.0.0/24"

availability_zone = "ap-northeast-2a"

tags = {

Name = "terraform-101-public-subnet"

}

}

resource "aws_subnet" "private_subnet" {

vpc_id = aws_vpc.main.id

cidr_block = "10.0.10.0/24"

tags = {

Name = "terraform-101-private-subnet"

}

}

resource "aws_internet_gateway" "igw" {

vpc_id = aws_vpc.main.id

tags = {

Name = "terraform-101-igw"

}

}

resource "aws_eip" "nat" {

vpc = true

lifecycle {

create_before_destroy = true

}

}

resource "aws_nat_gateway" "nat_gateway" {

allocation_id = aws_eip.nat.id

subnet_id = aws_subnet.public_subnet.id

tags = {

Name = "terraform-NATGW"

}

}

resource "aws_route_table" "public" {

vpc_id = aws_vpc.main.id

route {

cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.igw.id

}

tags = {

Name = "terraform-101-rt-public"

}

}

resource "aws_route_table_association" "route_table_association_public" {

subnet_id = aws_subnet.public_subnet.id

route_table_id = aws_route_table.public.id

}

resource "aws_route_table" "private" {

vpc_id = aws_vpc.main.id

tags = {

Name = "terraform-101-rt-private"

}

}

resource "aws_route_table_association" "route_table_association_private" {

subnet_id = aws_subnet.private_subnet.id

route_table_id = aws_route_table.private.id

}

resource "aws_route" "private_nat" {

route_table_id = aws_route_table.private.id

destination_cidr_block = "0.0.0.0/0"

nat_gateway_id = aws_nat_gateway.nat_gateway.id

}

EOF

30 vpc2-pub1,pri1,nat1.txt

terraform init

terraform plan

terraform apply -auto-approve

2

terraform destroy -auto-approve

<3> Public Subnet 2개 , Private Subnet 2개 구축하기, NAT 2개 포함

1

# pub2 , pri2 , nat 2 -> pub2, pri2, pridb2, nat2

cat <<EOF > provider.tf

provider "aws" {

region = "ap-northeast-2"

}

resource "aws_vpc" "main" {

cidr_block = "10.0.0.0/20"

tags = {

Name = "terraform-101"

}

}

resource "aws_subnet" "pub1" {

vpc_id = aws_vpc.main.id

cidr_block = "10.0.0.0/23"

availability_zone = "ap-northeast-2a"

tags = {

Name = "101subnet-1"

}

}

resource "aws_subnet" "pub2" {

vpc_id = aws_vpc.main.id

cidr_block = "10.0.2.0/23"

availability_zone = "ap-northeast-2c"

tags = {

Name = "101subnet-2"

}

}

resource "aws_internet_gateway" "igw" {

vpc_id = aws_vpc.main.id

tags = {

Name = "main"

}

}

# default route

resource "aws_route_table" "public" {

vpc_id = aws_vpc.main.id

route {

cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.igw.id

}

tags = {

Name = "main-public"

}

}

resource "aws_route_table_association" "public_association_1" {

subnet_id = aws_subnet.pub1.id

route_table_id = aws_route_table.public.id

}

resource "aws_route_table_association" "public_association_2" {

subnet_id = aws_subnet.pub2.id

route_table_id = aws_route_table.public.id

}

resource "aws_subnet" "pri1" {

vpc_id = aws_vpc.main.id

cidr_block = "10.0.4.0/23"

availability_zone = "ap-northeast-2a"

tags = {

Name = "101subnet-private-1"

}

}

resource "aws_subnet" "pri2" {

vpc_id = aws_vpc.main.id

cidr_block = "10.0.6.0/23"

availability_zone = "ap-northeast-2c"

tags = {

Name = "101subnet-private-2"

}

}

# nat

resource "aws_eip" "nat_1" {

vpc = true

lifecycle {

create_before_destroy = true

}

}

resource "aws_eip" "nat_2" {

vpc = true

lifecycle {

create_before_destroy = true

}

}

resource "aws_nat_gateway" "nat_gateway_1" {

allocation_id = aws_eip.nat_1.id

# Private subnet이 아니라 public subnet을 연결하셔야 합니다.

subnet_id = aws_subnet.pub1.id

tags = {

Name = "NAT-GW-1"

}

}

resource "aws_nat_gateway" "nat_gateway_2" {

allocation_id = aws_eip.nat_2.id

subnet_id = aws_subnet.pub2.id

tags = {

Name = "NAT-GW-2"

}

}

# private route table add

resource "aws_route_table" "public_private_1" {

vpc_id = aws_vpc.main.id

tags = {

Name = "main-private-1"

}

}

resource "aws_route_table" "public_private_2" {

vpc_id = aws_vpc.main.id

tags = {

Name = "main-private-2"

}

}

resource "aws_route_table_association" "public_association_private_1" {

subnet_id = aws_subnet.pri1.id

route_table_id = aws_route_table.public_private_1.id

}

resource "aws_route_table_association" "public_association_private_2" {

subnet_id = aws_subnet.pri2.id

route_table_id = aws_route_table.public_private_2.id

}

resource "aws_route" "private_nat_1" {

route_table_id = aws_route_table.public_private_1.id

destination_cidr_block = "0.0.0.0/0"

nat_gateway_id = aws_nat_gateway.nat_gateway_1.id

}

resource "aws_route" "private_nat_2" {

route_table_id = aws_route_table.public_private_2.id

destination_cidr_block = "0.0.0.0/0"

nat_gateway_id = aws_nat_gateway.nat_gateway_2.id

}

EOF

terraform init

terraform plan

terraform apply -auto-approve

2

terraform destroy -auto-approve

20 vpc-subnet-pub2,pri2,nat2.txt

<4> Public Subnet 1개 , 변수로 처리

1

cat <<EOT > var.tf

variable "vpc_cidr" {

default = "10.0.0.0/16"

}

variable "public_cidr" {

default = "10.0.10.0/24"

}

data "aws_ami" "ubuntu" {

most_recent = true

filter {

name = "name"

values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]

}

filter {

name = "virtualization-type"

values = ["hvm"]

}

owners = ["099720109477"] # Canonical

}

variable "server_port" {

default = "50000"

}

EOT

# 1주차 과제 - AWS VPC(Subnet, IGW 등)을 코드로 배포한 환경에서 EC2 웹 서버 배포

cat <<EOT > main.tf

# provider 설정

provider "aws" {

region = "ap-northeast-2"

}

# vpc 생성

resource "aws_vpc" "vpc" {

cidr_block = var.vpc_cidr

enable_dns_hostnames = true

enable_dns_support = true

tags = {

"Name" = "vpc"

}

}

# public subnet 생성

resource "aws_subnet" "pub1" {

vpc_id = aws_vpc.vpc.id

cidr_block = var.public_cidr

availability_zone = "ap-northeast-2a"

map_public_ip_on_launch = true

tags = {

Name = "pub1"

}

}

# igw 생성

resource "aws_internet_gateway" "igw" {

vpc_id = aws_vpc.vpc.id

tags = {

Name = "igw"

}

}

# public route table 생성 및 igw로의 라우팅 설정

resource "aws_route_table" "pubrt" {

vpc_id = aws_vpc.vpc.id

route {

cidr_block = "0.0.0.0/0"

gateway_id = aws_internet_gateway.igw.id

}

tags = {

Name = "pubrt"

}

}

# 라우팅 테이블과 서브넷 연결

resource "aws_route_table_association" "prta" {

subnet_id = aws_subnet.pub1.id

route_table_id = aws_route_table.pubrt.id

}

# EC2 생성 (Ubuntu, Apache, 닉네임포함 index.html, 포트 50000)

resource "aws_instance" "ec2" {

ami = data.aws_ami.ubuntu.id

instance_type = "t2.micro"

subnet_id = aws_subnet.pub1.id

vpc_security_group_ids = [aws_security_group.ec2-sg.id]

user_data = <<EOF

#!/bin/bash

apt install -y apache2

echo "Hello nasir, from Terraform 101 Study" > index.html

nohup busybox httpd -f -p ${var.server_port} &

EOF

tags = {

Name = "ec2"

}

}

# EC2 보안그룹 (포트 50000에 대해서만 개방)

resource "aws_security_group" "ec2-sg" {

name = "ec2-sg"

description = "Security group for EC2 instance"

vpc_id = aws_vpc.vpc.id

ingress {

from_port = var.server_port

to_port = var.server_port

protocol = "tcp"

cidr_blocks = ["0.0.0.0/0"]

}

egress {

protocol = "-1"

from_port = 0

to_port = 0

cidr_blocks = ["0.0.0.0/0"]

}

tags = {

Name = "ec2-sg"

}

}

}

EOT

terraform init

terraform plan

terraform apply -auto-approve

302 vpc1-full-변수-pub1.txt

3

삭제

terraform destroy -auto-approve

다음

https://brunch.co.kr/@topasvga/2806

13. 테라폼-AWS-모듈 이론 1

https://brunch.co.kr/@topasvga/2421

19탄-(몰아보기) 테라폼-AWS

감사합니다.