AWS ANSIBLE 네트워크 구성 Terraform(테라폼)

하기의 파일과 동일한 구조로 네트워크 구성

https://hiheey.tistory.com/116

AWS : VPC ~ Instance 생성하여 인터넷 접속

 

.tf 파일에 access Key 안 넣어주려면 terraform init 전에 하기와 같이 환경 변수 지정

set AWS_ACCESS_KEY_ID=AKIAUQCSSSZLQEQXL2MB
set AWS_SECRET_ACCESS_KEY=your-secret-access-key

<<참고>>

이 명령은 해당 세션에서만 환경 변수를 설정하므로, 터미널을 종료하면 설정이 없어지기 때문에 영구적으로 설정하려면 해당 명령을 셸 구성 파일 (예: .bashrc, .bash_profile, .zshrc 등)에 추가해야함

 

 

Terraform 사용

하기와 같이 tf로 확장명 설정 필수

00_init.tf

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "ap-northeast-2"
}

 

 

01_vpc.tf

resource "aws_vpc" "kang_vpc" {
    cidr_block = "10.0.0.0/16"

    tags = {
        Name = "kang-vpc"
    }
}

 

 

02_sub.tf

resource "aws_subnet" "kang_puba" {
    vpc_id            = aws_vpc.kang_vpc.id
    cidr_block        = "10.0.0.0/24"
    availability_zone = "ap-northeast-2a"

    tags = {
        Name = "kang-puba"
    }
}

resource "aws_subnet" "kang_pubc" {
    vpc_id            = aws_vpc.kang_vpc.id
    cidr_block        = "10.0.1.0/24"
    availability_zone = "ap-northeast-2c"

    tags = {
        Name = "kang-pubc"
    }
}

resource "aws_subnet" "kang_pria" {
    vpc_id            = aws_vpc.kang_vpc.id
    cidr_block        = "10.0.2.0/24"
    availability_zone = "ap-northeast-2a"

    tags = {
        Name = "kang-pria"
    }
}

 

 

03_inf.tf

resource "aws_internet_gateway" "kang_ig" {
  vpc_id = aws_vpc.kang_vpc.id

  tags = {
    Name = "kang-ig"
  }
}

 

 

04_rt_tf

resource "aws_route_table" "kang_rt" {
    vpc_id = aws_vpc.kang_vpc.id
    
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = aws_internet_gateway.kang_ig.id
    }

    tags = {
        Name = "kang-rt"
    }
}

 

 

05_rtaso.tf

resource "aws_route_table_association" "kang_rta" {
    subnet_id = aws_subnet.kang_puba.id
    route_table_id = aws_route_table.kang_rt.id
}

resource "aws_route_table_association" "kang_rtc" {
    subnet_id = aws_subnet.kang_pubc.id
    route_table_id = aws_route_table.kang_rt.id
}

 

06_ng.tf

resource "aws_eip" "kang_ng_ip" {
  domain = "vpc"
}

resource "aws_nat_gateway" "kang_ng" {
  allocation_id = aws_eip.kang_ng_ip.id
  subnet_id     = aws_subnet.kang_puba.id

  tags = {
    Name = "kang-ng"
  }
}

 

 

07_ngwrt.tf

resource "aws_route_table" "kang_ngwrt" {
    vpc_id = aws_vpc.kang_vpc.id
    
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = aws_nat_gateway.kang_ng.id
    }

    tags = {
        Name = "kang-ngwrt"
    }
}

 

 

 

08_ngwrtas.tf

resource "aws_route_table_association" "kang_ngwrta" {
    subnet_id = aws_subnet.kang_pria.id
    route_table_id = aws_route_table.kang_ngwrt.id
}

resource "aws_route_table_association" "kang_ngwrtc" {
    subnet_id = aws_subnet.kang_pric.id
    route_table_id = aws_route_table.kang_ngwrt.id
}

 

 

09_key.tf

resource "aws_key_pair" "kang_key" {
    key_name = "kang"
    public_key = file("../../users/gahee/.ssh/id_rsa.pub")
}

 

10_sg.tf

resource "aws_security_group" "kang_sg" {
    name = "kang-sg"
    description = "HTTP-SSH-SQL-ICMP"
    vpc_id = aws_vpc.kang_vpc.id

    ingress = [
        {
            description = "ssh"
            from_port = 22
            to_port = 22
            protocol = "tcp"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks = ["::/0"]
            security_groups = null
            prefix_list_ids = null
            self = null    
        },
        {
            description = "http"
            from_port = 80
            to_port = 80
            protocol = "tcp"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks = ["::/0"]
            security_groups = null
            prefix_list_ids = null
            self = null 
        },
        {
            description = "sql"
            from_port = 3306
            to_port = 3306
            protocol = "tcp"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks = ["::/0"]
            security_groups = null
            prefix_list_ids = null
            self = null        
        },
        {
            description = "ICMP"
            from_port = -1
            to_port = -1
            protocol = "icmp"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks = ["::/0"]
            security_groups = null
            prefix_list_ids = null
            self = null 
        }
    ]
    egress = [
        {
            description = "all"
            from_port = 0
            to_port = 0
            protocol = -1
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks = ["::/0"]
            security_groups = null
            prefix_list_ids = null
            self = null 
        }
    ]
    tags = {
      Name = "kang-sg"
    }
  
}

 

 

11_ins.tf

resource "aws_instance" "kang_ins" {
    ami  = "ami-01123b84e2a4fba05"
    instance_type = "t2.micro"
    key_name = "kang"
    availability_zone = "ap-northeast-2a"
    private_ip = "10.0.0.11"
    subnet_id = aws_subnet.kang_puba.id
    associate_public_ip_address = true
    vpc_security_group_ids = [aws_security_group.kang_sg.id]
    user_data = <<-EOF
    #! /bin/bash
    yum install -y httpd
    systemctl start httpd
    echo "kang-aws-webserver" > /var/www/html/index.html
    EOF
    
    tags = {
      Name = "kang-ins"
        }
    }

    output "public_ip" {
        value = aws_instance.kang_ins.public_ip
    }

 

 

실행 후, visual studio 터미널 창

 

실제 PC 인터넷창

 

<<참고>>

c:\Terraform\01_test>terraform init

c:\Terraform\01_test>terraform plan

c:\Terraform\01_test>terraform apply (--auto-approve)

c:\Terraform\01_test>destroy (--auto-approve)\

terraform state list

Terraform 생성 중 복수 형태는 무조건 대괄호 사용

eg. groups []