-
20단계로 구현하는 Terraform + AWS(Wordpress + RDS)공부합시다!/Terraform 2024. 6. 14. 15:10728x90
전체 코드
-> 문자열내에서 변수 사용 시 ${var.변수명}
00_init.tf
00_init.tf terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } }01_region.tf
provider "aws" { region = var.region } resource "aws_key_pair" "sdkim" { key_name = "${var.name}" public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAt4liBf35ifYpljnT7pgiLpQGC8ROJGm1UVr2o4u9RsXE7nBQX+6E4DwppWWYg0MTLAaVhFhCxD0PxaAIfava9XIuPFM9b4ZsT26cwHVU+cGWYD4OdgkbljbDCiNghKLyUNBMw++1t3qTPXezxfsAuDGaBXrhattYMI+X+ZbYvJB2F1OMdzRrznjykYRRrr3a1JhS01EOSbJ8PjQDJ2Wad6JU5Jc4l8g6kOU/MyBNf2LajvGpSqQ6aCIDOvsoBF9P/OC4RNq5Ogghd+51LMX8hfUSdp4KwFDUdYGqib7tg0pytxpa5cSDKTNyBboUdtCoP/ZFe8HfzciO7qcKTx9RnplYpao1TKdb15QOeOjCrUCU5nSK3cXrm8yJhceTckEMHuHuFvveQDShNdxJRZ1dxWng6BzDI1ByQBqDOJamaplfixv1yx3YeMZrGwaoA5F6rSG3Md2VSyKr6arPopkj/eLqLNgH9Rxa6XzomCRyoewX+zatZ4LCm62jUssicL0=" } resource "aws_key_pair" "sdkim1" { key_name = "${var.name}1" public_key = file("sdkim.pub") } # ssh-keygen -m PEM -f sdkim -b 2048 -q -N ""02_vpc.tf
resource "aws_vpc" "sdkim_vpc" { cidr_block = "${var.cidr}" instance_tenancy = "default" enable_dns_hostnames = var.bool1 enable_dns_support = var.bool1 tags = { Name = "${var.name}-vpc" } }03_ig.tf
resource "aws_internet_gateway" "sdkim_ig" { vpc_id = aws_vpc.sdkim_vpc.id tags = { Name = "${var.name}-ig" } }04_subnet.tf
resource "aws_subnet" "sdkim_web" { count = 2 vpc_id = aws_vpc.sdkim_vpc.id cidr_block = "${var.subip}${count.index}.0/24" availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}" map_public_ip_on_launch = var.bool1 tags = { Name = "${var.name}-web${count.index == 0 ? "a" : "c"}" } } /* resource "aws_subnet" "sdkim_webc" { vpc_id = aws_vpc.sdkim_vpc.id cidr_block = "10.0.1.0/24" availability_zone = "ap-northeast-2c" map_public_ip_on_launch = true tags = { Name = "sdkim-webc" } } */ resource "aws_subnet" "sdkim_was" { count = 2 vpc_id = aws_vpc.sdkim_vpc.id cidr_block = "${var.subip}${count.index + 2}.0/24" availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}" # map_public_ip_on_launch = true tags = { Name = "${var.name}-was${count.index == 0 ? "a" : "c"}" } } /* resource "aws_subnet" "sdkim_wasc" { vpc_id = aws_vpc.sdkim_vpc.id cidr_block = "10.0.3.0/24" availability_zone = "ap-northeast-2c" # map_public_ip_on_launch = true tags = { Name = "sdkim-wasc" } } */ resource "aws_subnet" "sdkim_db" { count = 2 vpc_id = aws_vpc.sdkim_vpc.id cidr_block = "${var.subip}${count.index + 4}.0/24" availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}" # map_public_ip_on_launch = true tags = { Name = "${var.name}-was${count.index == 0 ? "a" : "c"}" } } /* resource "aws_subnet" "sdkim_dbc" { vpc_id = aws_vpc.sdkim_vpc.id cidr_block = "10.0.5.0/24" availability_zone = "ap-northeast-2c" # map_public_ip_on_launch = true tags = { Name = "sdkim-dbc" } } */05_rt.tf
resource "aws_route_table" "sdkim_rt" { vpc_id = aws_vpc.sdkim_vpc.id route { cidr_block = "${var.dert}" gateway_id = aws_internet_gateway.sdkim_ig.id } tags = { Name = "${var.name}-rt" } }06_rtas.tf
resource "aws_route_table_association" "sdkim_rtas" { count = 2 subnet_id = aws_subnet.sdkim_web[count.index].id route_table_id = aws_route_table.sdkim_rt.id } /* resource "aws_route_table_association" "sdkim_rtasc" { subnet_id = aws_subnet.sdkim_webc.id route_table_id = aws_route_table.sdkim_rt.id } */07_nig.tf
resource "aws_eip" "sdkim_eip" { domain = "vpc" } output "eip" { value = aws_eip.sdkim_eip.public_ip } resource "aws_nat_gateway" "sdkim_nig" { allocation_id = aws_eip.sdkim_eip.id subnet_id = aws_subnet.sdkim_web[0].id private_ip = "${var.pri}" depends_on = [aws_internet_gateway.sdkim_ig] tags = { Name = "${var.name}-nig" } }08_nrt.tf
resource "aws_route_table" "sdkim_nrt" { vpc_id = aws_vpc.sdkim_vpc.id route { cidr_block = "${var.dert}" gateway_id = aws_nat_gateway.sdkim_nig.id } tags = { Name = "${var.name}-nrt" } }09_nrtas.tf
resource "aws_route_table_association" "sdkim_nrtas_w" { count = 2 subnet_id = aws_subnet.sdkim_was[count.index].id route_table_id = aws_route_table.sdkim_nrt.id } /* resource "aws_route_table_association" "sdkim_nrtas_wc" { subnet_id = aws_subnet.sdkim_wasc.id route_table_id = aws_route_table.sdkim_nrt.id } */ resource "aws_route_table_association" "sdkim_nrtas_d" { count = 2 subnet_id = aws_subnet.sdkim_db[count.index].id route_table_id = aws_route_table.sdkim_nrt.id } /* resource "aws_route_table_association" "sdkim_nrtas_dc" { subnet_id = aws_subnet.sdkim_dbc.id route_table_id = aws_route_table.sdkim_nrt.id } */10_sg.tf
resource "aws_security_group" "sdkim_sg" { name = "${var.name}-sg" description = "${var.ssh}-${var.http}-${var.mysql}-${var.icmp}" vpc_id = aws_vpc.sdkim_vpc.id ingress = [ { description = "${var.ssh}" from_port = var.sshport to_port = var.sshport protocol = "${var.protcp}" cidr_blocks = ["${var.dert}"] ipv6_cidr_blocks = ["${var.dert6}"] prefix_list_ids = null security_groups = null self = null }, { description = "${var.http}" from_port = var.httpport to_port = var.httpport protocol = "${var.protcp}" cidr_blocks = ["${var.dert}"] ipv6_cidr_blocks = ["${var.dert6}"] prefix_list_ids = null security_groups = null self = null }, { description = "${var.mysql}" from_port = var.mysqlport to_port = var.mysqlport protocol = "${var.protcp}" cidr_blocks = ["${var.dert}"] ipv6_cidr_blocks = ["${var.dert6}"] prefix_list_ids = null security_groups = null self = null }, { description = "${var.icmp}" from_port = var.icmpport to_port = var.icmpport protocol = "${var.icmp}" cidr_blocks = ["${var.dert}"] ipv6_cidr_blocks = ["${var.dert6}"] prefix_list_ids = null security_groups = null self = null }, { description = "docker_http" from_port = 60080 to_port = 65500 protocol = "${var.protcp}" cidr_blocks = ["${var.dert}"] ipv6_cidr_blocks = ["${var.dert6}"] prefix_list_ids = null security_groups = null self = null } ] egress { description = "all" from_port = 0 to_port = 0 protocol = var.icmpport cidr_blocks = ["${var.dert}"] ipv6_cidr_blocks = ["${var.dert6}"] } tags = { Name = "${var.name}-sg" } }11_ec2.tf
data "aws_ami" "amzn" { most_recent = true filter { name = "name" values = ["amzn2-ami-kernel-5.10*-hvm-*-x86_64-gp2"] # Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type } filter { name = "virtualization-type" values = ["hvm"] } owners = ["amazon"] } resource "aws_instance" "sdkim_weba" { ami = data.aws_ami.amzn.id instance_type = "${var.type}" key_name = "${var.name}" availability_zone = "${var.region}a" private_ip = "${var.pri1}" subnet_id = aws_subnet.sdkim_web[0].id vpc_security_group_ids = [aws_security_group.sdkim_sg.id] # user_data_base64 = "IyEgL2Jpbi9iYXNoCiAgICAgICAgeXVtIGluc3RhbGwgLXkgaHR0cGQKICAgICAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IGh0dHBk" # user_data = <<end # #! /bin/bash # yum install -y httpd # systemctl enable --now httpd # end user_data = file("install.sh") tags = { Name = "${var.name}-weba" } } output "ec2_publicip" { value = aws_instance.sdkim_weba.public_ip } /* resource "aws_instance" "sdkim_dba" { ami = data.aws_ami.amzn.id instance_type = "t2.micro" key_name = "sdkim" availability_zone = "ap-northeast-2a" private_ip = "10.0.4.11" subnet_id = aws_subnet.sdkim_dba.id vpc_security_group_ids = [aws_security_group.sdkim_sg.id] # user_data_base64 = "IyEgL2Jpbi9iYXNoCiAgICAgICAgeXVtIGluc3RhbGwgLXkgaHR0cGQKICAgICAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IGh0dHBk" # user_data = <<end # #! /bin/bash # yum install -y httpd # systemctl enable --now httpd # end user_data = file("db.sh") depends_on = [aws_route_table_association.sdkim_nrtas_da] tags = { Name = "sdkim-dba" } } */12_alb.tf
resource "aws_lb" "sdkim_lb" { name = "${var.name}-lb" internal = var.bool0 load_balancer_type = "${var.load}" security_groups = [aws_security_group.sdkim_sg.id] subnets = concat(aws_subnet.sdkim_web[*].id) tags = { Name = "${var.name}-lb" } } output "load_dns" { value = aws_lb.sdkim_lb.dns_name }13_albtg.tf
resource "aws_lb_target_group" "sdkim_albtg" { name = "sdkim-albtg" port = 80 protocol = "HTTP" vpc_id = aws_vpc.sdkim_vpc.id health_check { enabled = true healthy_threshold = 2 interval = 5 matcher = 200 path = "/index.html" port = "traffic-port" protocol = "HTTP" timeout = 3 unhealthy_threshold = 3 } tags = { Name = "${var.name}-albtg" } }14_albli.tf
resource "aws_lb_listener" "sdkim_albli" { load_balancer_arn = aws_lb.sdkim_lb.arn port = var.httpport protocol = "HTTP" default_action { type = "forward" target_group_arn = aws_lb_target_group.sdkim_albtg.arn } tags = { Name = "${var.name}-albli" } }15_albtgat.tf (이전에 생성한 인스턴스를 alb의 타겟(backend)으로 사용
resource "aws_lb_target_group_attachment" "sdkim_albtgat" { target_group_arn = aws_lb_target_group.sdkim_albtg.arn target_id = aws_instance.sdkim_weba.id port = var.httpport }15. ami.tf (ami를 이용하여 Launch Template 만들기)
resource "aws_ami_from_instance" "sdkim_ami" { name = "sdkim-ami" source_instance_id = aws_instance.sdkim_weba.id tags = { Name = "sdkim-ami" } }16_aslt.tf
resource "aws_launch_template" "sdkim_lt" { name = "${var.name)-lt" block_device_mappings { device_name = "/dev/sdd" ebs { volume_size = 10 volume_type = "gp2" } } image_id = aws_ami_from_instance.sdkim_ami.id instance_type = "t2.micro" key_name = "${var.name}" vpc_security_group_ids = [aws_security_group.sdkim_sg.id] tag_specifications { resource_type = "instance" tags = { Name = "${var.name}-lt" } } }17_asg.tf
resource "aws_autoscaling_group" "sdkim_asg" { name = "${var.name}-asg" min_size = 1 max_size = 6 desired_capacity = 1 health_check_grace_period = 30 health_check_type = "EC2" force_delete = var.bool0 vpc_zone_identifier = concat(aws_subnet.sdkim_web[*].id) launch_template { id = aws_launch_template.sdkim_lt.id version = "$Latest" } }18_asgat.tf
resource "aws_autoscaling_attachment" "sdkim_asgat" { autoscaling_group_name = aws_autoscaling_group.sdkim_asg.id lb_target_group_arn = aws_lb_target_group.sdkim_albtg.arn }19_rds.tf
resource "aws_db_instance" "sdkim_db" { allocated_storage = 20 storage_type = "${var.ssdtype}" engine = "${var.mysql}" engine_version = "5.7" instance_class = "${var.dbtype}" db_name = "wordpress" identifier = "sdkimdb" username = "root" password = "It12345!" availability_zone = "${var.region}a" db_subnet_group_name = aws_db_subnet_group.sdkim_dbsg.id vpc_security_group_ids = [aws_security_group.sdkim_sg.id] skip_final_snapshot = var.bool1 tags = { Name = "${var.name}-db" } } resource "aws_db_subnet_group" "sdkim_dbsg" { name = "${var.name}-dbsg" subnet_ids = concat(aws_subnet.sdkim_db[*].id) } output "sdkim_db" { value = aws_db_instance.sdkim_db.endpoint }db.sh
#! /bin/bash yum install -y http://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/mysql-community.repo yum install -y mysql-community-server systemctl enable --now mysqld password_match=`awk '/A temporary password is generated for/ {a=$0} END{ print a }' /var/log/mysqld.log | awk '{print $(NF)}'` echo $password_match mysql -uroot -p$password_match --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'It12345!'; flush privileges; " password=It12345! mysql -uroot -p$password -e "grant all privileges on *.* to 'root'@'%' IDENTIFIED BY 'It12345!'; create database wordpress; flush privileges;"install.sh
#! /bin/bash yum install -y httpd wget https://ko.wordpress.org/wordpress-5.8.8-ko_KR.tar.gz tar xvfz wordpress-5.8.8-ko_KR.tar.gz cp -r wordpress/* /var/www/html/ echo "hello world" > /var/www/html/index.html sed -i 's/DirectoryIndex index.html/DirectoryIndex index.php/g' /etc/httpd/conf/httpd.conf cp /var/www/html/{wp-config-sample.php,wp-config.php} amazon-linux-extras enable php7.4 yum install -y php php-cli php-common php-gd php-opcache php-curl php-mysqlnd sed -i 's/database_name_here/wordpress/g' /var/www/html/wp-config.php sed -i 's/username_here/root/g' /var/www/html/wp-config.php sed -i 's/password_here/It12345!/g' /var/www/html/wp-config.php sed -i 's/localhost/sdkimdb.----------.ap-northeast-2.rds.amazonaws.com/g' /var/www/html/wp-config.php systemctl enable --now httpdvar.tf
variable "region" { type = string # default = "ap-northeast-2" } variable "name" { type = string # default = "sdkim" } variable "cidr" { type = string # default = "10.0.0.0/16" } variable "pri" { type = string # default = "10.0.0.21" } variable "type" { type = string # default = "t2.micro" } variable "pri1" { type = string # default = "10.0.0.11" } variable "load" { type = string # default = "application" } variable "bool0" { type = bool # default = false } variable "bool1" { type = bool # default = true } variable "ssh" { type = string # default = "ssh" } variable "http" { type = string # default = "http" } variable "mysql" { type = string # default = "mysql" } variable "icmp" { type = string # default = "icmp" } variable "protcp" { type = string # default = "tcp" } variable "proudp" { type = string # default = "udp" } variable "proicmp" { type = string # default = "icmp" } variable "sshport" { type = number # default = 22 } variable "httpport" { type = number # default = 80 } variable "mysqlport" { type = number # default = 3306 } variable "icmpport" { type = number # default = -1 } variable "dert" { type = string # default = "0.0.0.0/0" } variable "dert6" { type = string # default = "::/0" } variable "dbtype" { type = string # default = "db.t3.micro" } variable "ssdtype" { type = string # default = "gp2" } variable "subip" { type = string }data.tf
module "test" { source = "../01_EXAM" region = "ap-northeast-2" name = "sdkim" cidr = "10.0.0.0/16" pri = "10.0.0.21" type = "t2.micro" pri1 = "10.0.0.11" load = "application" bool0 = false bool1 = true ssh = "ssh" http = "http" mysql = "mysql" icmp = "icmp" protcp = "tcp" proudp = "udp" proicmp = "icmp" sshport = 22 httpport = 80 mysqlport = 3306 icmpport = -1 dert = "0.0.0.0/0" dert6 = "::/0" dbtype = "db.t3.micro" ssdtype = "gp2" subip = "10.0." }
728x90'공부합시다! > Terraform' 카테고리의 다른 글
Terraform: EKS 구성 (0) 2023.07.15 Terraform : 15. AutoScale (Launch Template) (0) 2023.07.15 재사용 가능한 Module 만들기2: 디렉토리 구조화 및 설정파일 생성 (0) 2022.12.15 재사용 가능한 Module 만들기 1: 변수처리 (0) 2022.12.15 Terraform : 4.5. Routing Table (0) 2022.07.15