매거진 네이버 클라우드 온라인 강의 자료

6. (온라인) 네이버 클라우드 테라폼-2025-11

Oct 27. 2025

# 실습 코드

1

명령어와 코드

6 테라폼 실습-2025-11-03-4.txt

2

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

Download PuTTY: latest release (0.83)

https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html

putty-64bit-0.83-installer.msi

3

실습 명령어

테라폼 실습-2025-11-03-1.txt

4

6개 서브넷 생성 테라폼 코드

100 6subnet-2025-10-28-1.txt

5

서버 생성부분 제외된 코드

40 vpc1 - 서버제외1.txt

----

<1> 테라폼 소스 받기

wget https://github.com/NaverCloudPlatform/terraform-provider-ncloud/archive/refs/heads/master.zip

unzip master.zip

cd /root/terraform-provider-ncloud-main/examples/vpc/scenario01

mkdir backup

cp -rf *.* backup/

참고

https://brunch.co.kr/@topasvga/4965

<2> 테라폼 소스 수정하기

0

[root@com1 scenario01]# ls

main.tf variables.tf versions.tf

1

# 변수 수정

vi variables.tf

variable client_ip {

default = "YOUR_CLIENT_IP"

}

variable access_key {

default = "YOUR_ACCESS_KEY"

}

variable secret_key {

default = "YOUR_SECRET_KEY"

}

2

[root@com1 scenario01]# more *.tf

::::::::::::::

main.tf

::::::::::::::

# VPC > User scenario > Scenario 1. Single Public Subnet

# https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html

provider "ncloud" {

support_vpc = true

region = "KR"

access_key = var.access_key

secret_key = var.secret_key

}

~~resource "ncloud_login_key" "key_scn_01" {~~

~~key_name = var.name_scn01~~

}

resource "ncloud_vpc" "vpc_scn_01" {

name = var.name_scn01

ipv4_cidr_block = "10.0.0.0/16"

}

resource "ncloud_subnet" "subnet_scn_01" {

name = var.name_scn01

vpc_no = ncloud_vpc.vpc_scn_01.id

subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 8, 1)

// 10.0.1.0/24

zone = "KR-2"

network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

subnet_type = "PUBLIC"

// PUBLIC(Public) | PRIVATE(Private)

}

~~resource "ncloud_server" "server_scn_01" {~~

~~subnet_no = ncloud_subnet.subnet_scn_01.id~~

~~name = var.name_scn01~~

~~server_image_product_code = "SW.VSVR.OS.LNX64.CNTOS.0703.B050"~~

~~login_key_name = ncloud_login_key.key_scn_01.key_name~~

}

~~resource "ncloud_public_ip" "public_ip_scn_01" {~~

~~server_instance_no = ncloud_server.server_scn_01.id~~

~~description = "for ${var.name_scn01}"~~

}

locals {

scn01_inbound = [

[1, "TCP", "0.0.0.0/0", "80", "ALLOW"],

[2, "TCP", "0.0.0.0/0", "443", "ALLOW"],

[3, "TCP", "${var.client_ip}/32", "22", "ALLOW"],

[4, "TCP", "${var.client_ip}/32", "3389", "ALLOW"],

[5, "TCP", "0.0.0.0/0", "32768-65535", "ALLOW"],

[197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],

[198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],

[199, "ICMP", "0.0.0.0/0", null, "DROP"],

]

scn01_outbound = [

[1, "TCP", "0.0.0.0/0", "80", "ALLOW"],

[2, "TCP", "0.0.0.0/0", "443", "ALLOW"],

[3, "TCP", "${var.client_ip}/32", "1000-65535", "ALLOW"],

[197, "TCP", "0.0.0.0/0", "1-65535", "DROP"],

[198, "UDP", "0.0.0.0/0", "1-65535", "DROP"],

[199, "ICMP", "0.0.0.0/0", null, "DROP"]

]

}

resource "ncloud_network_acl_rule" "network_acl_01_rule" {

network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no

dynamic "inbound" {

for_each = local.scn01_inbound

content {

priority = inbound.value[0]

protocol = inbound.value[1]

ip_block = inbound.value[2]

port_range = inbound.value[3]

rule_action = inbound.value[4]

description = "for ${var.name_scn01}"

}

}

dynamic "outbound" {

for_each = local.scn01_outbound

content {

priority = outbound.value[0]

protocol = outbound.value[1]

ip_block = outbound.value[2]

port_range = outbound.value[3]

rule_action = outbound.value[4]

description = "for ${var.name_scn01}"

}

}

}

::::::::::::::

variables.tf

::::::::::::::

variable name_scn01 {

default = "tf-scn01"

}

variable client_ip {

default = "YOUR_CLIENT_IP"

}

variable access_key {

default = "YOUR_ACCESS_KEY"

}

variable secret_key {

default = "YOUR_SECRET_KEY"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

required_providers {

ncloud = {

source = "navercloudplatform/ncloud"

}

}

required_version = ">= 0.13"

}

# 서버 생성부분 제외된 코드

40 vpc1 - 서버제외1.txt

3

terraform init

terraform plan

terraform apply -auto-approve

4

Plan: 3 to add, 0 to change, 0 to destroy.

ncloud_vpc.vpc_scn_01: Creating...

ncloud_vpc.vpc_scn_01: Still creating... [00m10s elapsed]

ncloud_vpc.vpc_scn_01: Creation complete after 12s [id=127190]

ncloud_subnet.subnet_scn_01: Creating...

ncloud_network_acl_rule.network_acl_01_rule: Creating...

ncloud_subnet.subnet_scn_01: Still creating... [00m10s elapsed]

ncloud_network_acl_rule.network_acl_01_rule: Still creating... [00m10s elapsed]

ncloud_subnet.subnet_scn_01: Creation complete after 11s [id=269462]

ncloud_network_acl_rule.network_acl_01_rule: Still creating... [00m20s elapsed]

ncloud_network_acl_rule.network_acl_01_rule: Still creating... [00m30s elapsed]

ncloud_network_acl_rule.network_acl_01_rule: Creation complete after 33s [id=172904]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

5

콘솔에서 확인

80 nacl-out.png

acg

<3> 6개 서브넷 생성 테라폼 코드

100 6subnet-2025-10-28-1.txt

[root@ngame-web01-dev 6]# more *.tf

::::::::::::::

main.tf

::::::::::::::

provider "ncloud" {

support_vpc = true

region = "KR"

access_key = var.access_key

secret_key = var.secret_key

}

resource "ncloud_vpc" "vpc_vpc" {

name = var.name_vpc

ipv4_cidr_block = "10.0.0.0/20"

}

resource "ncloud_subnet" "subnet_pri1" {

name = var.name_pri1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,3 ,0 )

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub1" {

name = var.name_pub1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,4 , 2)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-db1" {

name = var.name_pri-db1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,4 , 3)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-nat1" {

name = var.name_pub-nat1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,4 , 4)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

usage_type = "NATGW"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pub-lb1" {

name = var.name_pub-lb1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,4 , 5)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PUBLIC"

usage_type = "LOADB"

// PUBLIC(Public) | PRIVATE(Private)

}

resource "ncloud_subnet" "subnet_pri-lb1" {

name = var.name_pri-lb1

vpc_no = ncloud_vpc.vpc_vpc.id

subnet = cidrsubnet(ncloud_vpc.vpc_vpc.ipv4_cidr_block,4 , 6)

zone = "KR-1"

network_acl_no = ncloud_vpc.vpc_vpc.default_network_acl_no

subnet_type = "PRIVATE"

// PUBLIC(Public) | PRIVATE(Private)

usage_type = "LOADB"

}

::::::::::::::

nat.tf

::::::::::::::

resource "ncloud_route_table" "route_table_pri1" {

name = var.name_pri1

vpc_no = ncloud_vpc.vpc_vpc.id

supported_subnet_type = "PRIVATE"

}

resource "ncloud_route_table_association" "subnet_pri-db1" {

route_table_no = ncloud_route_table.route_table_pri1.id

subnet_no = ncloud_subnet.subnet_pri-db1.id

}

# NAT Gateway

resource "ncloud_nat_gateway" "nat_gateway_scn_02" {

vpc_no = ncloud_vpc.vpc_vpc.id

subnet_no = ncloud_subnet.subnet_pub-nat1.id

zone = "KR-1"

name = var.name_pub-nat1

}

# Route Table

resource "ncloud_route" "route_scn_02_nat" {

route_table_no = ncloud_vpc.vpc_vpc.default_private_route_table_no

#route_table_no = ncloud_route_table.route_table_pri1.id

destination_cidr_block = "0.0.0.0/0"

target_type = "NATGW"

target_name = ncloud_nat_gateway.nat_gateway_scn_02.name

target_no = ncloud_nat_gateway.nat_gateway_scn_02.id

}

::::::::::::::

variables.tf

::::::::::::::

variable name_vpc {

default = "agame-dev-vpc8"

}

variable name_pri1 {

default = "agame-dev-pri1"

}

variable name_pub1 {

default = "agame-dev-pub1"

}

variable name_pri-db1 {

default = "agame-dev-pri-db1"

}

variable name_pub-nat1 {

default = "agame-dev-pub-nat1"

}

variable name_pub-lb1 {

default = "agame-dev-pub-lb1"

}

variable name_pri-lb1 {

default = "agame-dev-pri-lb1"

}

variable client_ip {

default = "3.3.3.3"

}

variable access_key {

default = "ncp_iam_BPAMKk4DuDA"

}

variable secret_key {

default = "ncp_iam_BPKMKRT5rLqFKuLdhkhZv"

}

variable nks_version {

default = "1.32"

}

variable name_scn_02 {

default = "tf-scn02"

}

variable login_key {

default = "agame-k8s12"

}

::::::::::::::

versions.tf

::::::::::::::

terraform {

required_providers {

ncloud = {

source = "navercloudplatform/ncloud"

}

}

required_version = ">= 0.13"

}

<4> 실습 자료

https://brunch.co.kr/@topasvga/5007

<4> 테라폼-네이버 클라우드 한 번에 구축기-2025

# 테라폼으로 네이버 클라우드 네트워크 한방에 구축하는 법 <4> 테라폼-단독 AZ 네트워크 <5> 테라폼-멀티존 네트워크 <4> 테라폼-단독 AZ 네트워크 1 terraform init terraform plan terraform apply -auto-approve 2

https://brunch.co.kr/@topasvga/undefined/@topasvga/5007

1 naver trainer.png

Master Seo 소속 클라우드전문가카페 직업 엔지니어

전) 네이버 엔지니어 7년, 네이버 클라우드 공인강사,마스터, PRO , AWS아키프로, Google프로아키, Azure어드민, CCNP, 맛집,여행 전문가, 좋은 기운을 주는사람

구독자 2,545

매거진의 이전글5. (온라인) 네이버클라우드 쿠버네티스-2025-107.(온라인) AI워크로드 쿠버네티스-2025-11매거진의 다음글