공부합시다!/Terraform
20단계로 따라하는 AWS Terraform + AWS(Wordpress + RDS)
간서치
2024. 6. 14. 15:10
728x90
전체 코드
-> 문자열내에서 변수 사용 시 ${var.변수명}
00_init.tf
00_init.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
01_region.tf
provider "aws" {
region = var.region
}
resource "aws_key_pair" "sdkim" {
key_name = "${var.name}"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAt4liBf35ifYpljnT7pgiLpQGC8ROJGm1UVr2o4u9RsXE7nBQX+6E4DwppWWYg0MTLAaVhFhCxD0PxaAIfava9XIuPFM9b4ZsT26cwHVU+cGWYD4OdgkbljbDCiNghKLyUNBMw++1t3qTPXezxfsAuDGaBXrhattYMI+X+ZbYvJB2F1OMdzRrznjykYRRrr3a1JhS01EOSbJ8PjQDJ2Wad6JU5Jc4l8g6kOU/MyBNf2LajvGpSqQ6aCIDOvsoBF9P/OC4RNq5Ogghd+51LMX8hfUSdp4KwFDUdYGqib7tg0pytxpa5cSDKTNyBboUdtCoP/ZFe8HfzciO7qcKTx9RnplYpao1TKdb15QOeOjCrUCU5nSK3cXrm8yJhceTckEMHuHuFvveQDShNdxJRZ1dxWng6BzDI1ByQBqDOJamaplfixv1yx3YeMZrGwaoA5F6rSG3Md2VSyKr6arPopkj/eLqLNgH9Rxa6XzomCRyoewX+zatZ4LCm62jUssicL0="
}
resource "aws_key_pair" "sdkim1" {
key_name = "${var.name}1"
public_key = file("sdkim.pub")
}
# ssh-keygen -m PEM -f sdkim -b 2048 -q -N ""
02_vpc.tf
resource "aws_vpc" "sdkim_vpc" {
cidr_block = "${var.cidr}"
instance_tenancy = "default"
enable_dns_hostnames = var.bool1
enable_dns_support = var.bool1
tags = {
Name = "${var.name}-vpc"
}
}
03_ig.tf
resource "aws_internet_gateway" "sdkim_ig" {
vpc_id = aws_vpc.sdkim_vpc.id
tags = {
Name = "${var.name}-ig"
}
}
04_subnet.tf
resource "aws_subnet" "sdkim_web" {
count = 2
vpc_id = aws_vpc.sdkim_vpc.id
cidr_block = "${var.subip}${count.index}.0/24"
availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}"
map_public_ip_on_launch = var.bool1
tags = {
Name = "${var.name}-web${count.index == 0 ? "a" : "c"}"
}
}
/*
resource "aws_subnet" "sdkim_webc" {
vpc_id = aws_vpc.sdkim_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = true
tags = {
Name = "sdkim-webc"
}
}
*/
resource "aws_subnet" "sdkim_was" {
count = 2
vpc_id = aws_vpc.sdkim_vpc.id
cidr_block = "${var.subip}${count.index + 2}.0/24"
availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}"
# map_public_ip_on_launch = true
tags = {
Name = "${var.name}-was${count.index == 0 ? "a" : "c"}"
}
}
/*
resource "aws_subnet" "sdkim_wasc" {
vpc_id = aws_vpc.sdkim_vpc.id
cidr_block = "10.0.3.0/24"
availability_zone = "ap-northeast-2c"
# map_public_ip_on_launch = true
tags = {
Name = "sdkim-wasc"
}
}
*/
resource "aws_subnet" "sdkim_db" {
count = 2
vpc_id = aws_vpc.sdkim_vpc.id
cidr_block = "${var.subip}${count.index + 4}.0/24"
availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}"
# map_public_ip_on_launch = true
tags = {
Name = "${var.name}-was${count.index == 0 ? "a" : "c"}"
}
}
/*
resource "aws_subnet" "sdkim_dbc" {
vpc_id = aws_vpc.sdkim_vpc.id
cidr_block = "10.0.5.0/24"
availability_zone = "ap-northeast-2c"
# map_public_ip_on_launch = true
tags = {
Name = "sdkim-dbc"
}
}
*/
05_rt.tf
resource "aws_route_table" "sdkim_rt" {
vpc_id = aws_vpc.sdkim_vpc.id
route {
cidr_block = "${var.dert}"
gateway_id = aws_internet_gateway.sdkim_ig.id
}
tags = {
Name = "${var.name}-rt"
}
}
06_rtas.tf
resource "aws_route_table_association" "sdkim_rtas" {
count = 2
subnet_id = aws_subnet.sdkim_web[count.index].id
route_table_id = aws_route_table.sdkim_rt.id
}
/*
resource "aws_route_table_association" "sdkim_rtasc" {
subnet_id = aws_subnet.sdkim_webc.id
route_table_id = aws_route_table.sdkim_rt.id
}
*/
07_nig.tf
resource "aws_eip" "sdkim_eip" {
domain = "vpc"
}
output "eip" {
value = aws_eip.sdkim_eip.public_ip
}
resource "aws_nat_gateway" "sdkim_nig" {
allocation_id = aws_eip.sdkim_eip.id
subnet_id = aws_subnet.sdkim_web[0].id
private_ip = "${var.pri}"
depends_on = [aws_internet_gateway.sdkim_ig]
tags = {
Name = "${var.name}-nig"
}
}
08_nrt.tf
resource "aws_route_table" "sdkim_nrt" {
vpc_id = aws_vpc.sdkim_vpc.id
route {
cidr_block = "${var.dert}"
gateway_id = aws_nat_gateway.sdkim_nig.id
}
tags = {
Name = "${var.name}-nrt"
}
}
09_nrtas.tf
resource "aws_route_table_association" "sdkim_nrtas_w" {
count = 2
subnet_id = aws_subnet.sdkim_was[count.index].id
route_table_id = aws_route_table.sdkim_nrt.id
}
/*
resource "aws_route_table_association" "sdkim_nrtas_wc" {
subnet_id = aws_subnet.sdkim_wasc.id
route_table_id = aws_route_table.sdkim_nrt.id
}
*/
resource "aws_route_table_association" "sdkim_nrtas_d" {
count = 2
subnet_id = aws_subnet.sdkim_db[count.index].id
route_table_id = aws_route_table.sdkim_nrt.id
}
/*
resource "aws_route_table_association" "sdkim_nrtas_dc" {
subnet_id = aws_subnet.sdkim_dbc.id
route_table_id = aws_route_table.sdkim_nrt.id
}
*/
10_sg.tf
resource "aws_security_group" "sdkim_sg" {
name = "${var.name}-sg"
description = "${var.ssh}-${var.http}-${var.mysql}-${var.icmp}"
vpc_id = aws_vpc.sdkim_vpc.id
ingress = [
{
description = "${var.ssh}"
from_port = var.sshport
to_port = var.sshport
protocol = "${var.protcp}"
cidr_blocks = ["${var.dert}"]
ipv6_cidr_blocks = ["${var.dert6}"]
prefix_list_ids = null
security_groups = null
self = null
},
{
description = "${var.http}"
from_port = var.httpport
to_port = var.httpport
protocol = "${var.protcp}"
cidr_blocks = ["${var.dert}"]
ipv6_cidr_blocks = ["${var.dert6}"]
prefix_list_ids = null
security_groups = null
self = null
},
{
description = "${var.mysql}"
from_port = var.mysqlport
to_port = var.mysqlport
protocol = "${var.protcp}"
cidr_blocks = ["${var.dert}"]
ipv6_cidr_blocks = ["${var.dert6}"]
prefix_list_ids = null
security_groups = null
self = null
},
{
description = "${var.icmp}"
from_port = var.icmpport
to_port = var.icmpport
protocol = "${var.icmp}"
cidr_blocks = ["${var.dert}"]
ipv6_cidr_blocks = ["${var.dert6}"]
prefix_list_ids = null
security_groups = null
self = null
},
{
description = "docker_http"
from_port = 60080
to_port = 65500
protocol = "${var.protcp}"
cidr_blocks = ["${var.dert}"]
ipv6_cidr_blocks = ["${var.dert6}"]
prefix_list_ids = null
security_groups = null
self = null
}
]
egress {
description = "all"
from_port = 0
to_port = 0
protocol = var.icmpport
cidr_blocks = ["${var.dert}"]
ipv6_cidr_blocks = ["${var.dert6}"]
}
tags = {
Name = "${var.name}-sg"
}
}
11_ec2.tf
data "aws_ami" "amzn" {
most_recent = true
filter {
name = "name"
values = ["amzn2-ami-kernel-5.10*-hvm-*-x86_64-gp2"]
# Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
owners = ["amazon"]
}
resource "aws_instance" "sdkim_weba" {
ami = data.aws_ami.amzn.id
instance_type = "${var.type}"
key_name = "${var.name}"
availability_zone = "${var.region}a"
private_ip = "${var.pri1}"
subnet_id = aws_subnet.sdkim_web[0].id
vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
# user_data_base64 = "IyEgL2Jpbi9iYXNoCiAgICAgICAgeXVtIGluc3RhbGwgLXkgaHR0cGQKICAgICAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IGh0dHBk"
# user_data = <<end
# #! /bin/bash
# yum install -y httpd
# systemctl enable --now httpd
# end
user_data = file("install.sh")
tags = {
Name = "${var.name}-weba"
}
}
output "ec2_publicip" {
value = aws_instance.sdkim_weba.public_ip
}
/*
resource "aws_instance" "sdkim_dba" {
ami = data.aws_ami.amzn.id
instance_type = "t2.micro"
key_name = "sdkim"
availability_zone = "ap-northeast-2a"
private_ip = "10.0.4.11"
subnet_id = aws_subnet.sdkim_dba.id
vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
# user_data_base64 = "IyEgL2Jpbi9iYXNoCiAgICAgICAgeXVtIGluc3RhbGwgLXkgaHR0cGQKICAgICAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IGh0dHBk"
# user_data = <<end
# #! /bin/bash
# yum install -y httpd
# systemctl enable --now httpd
# end
user_data = file("db.sh")
depends_on = [aws_route_table_association.sdkim_nrtas_da]
tags = {
Name = "sdkim-dba"
}
}
*/
12_alb.tf
resource "aws_lb" "sdkim_lb" {
name = "${var.name}-lb"
internal = var.bool0
load_balancer_type = "${var.load}"
security_groups = [aws_security_group.sdkim_sg.id]
subnets = concat(aws_subnet.sdkim_web[*].id)
tags = {
Name = "${var.name}-lb"
}
}
output "load_dns" {
value = aws_lb.sdkim_lb.dns_name
}
13_albtg.tf
resource "aws_lb_target_group" "sdkim_albtg" {
name = "sdkim-albtg"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.sdkim_vpc.id
health_check {
enabled = true
healthy_threshold = 2
interval = 5
matcher = 200
path = "/index.html"
port = "traffic-port"
protocol = "HTTP"
timeout = 3
unhealthy_threshold = 3
}
tags = {
Name = "${var.name}-albtg"
}
}
14_albli.tf
resource "aws_lb_listener" "sdkim_albli" {
load_balancer_arn = aws_lb.sdkim_lb.arn
port = var.httpport
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.sdkim_albtg.arn
}
tags = {
Name = "${var.name}-albli"
}
}
15_albtgat.tf (이전에 생성한 인스턴스를 alb의 타겟(backend)으로 사용
resource "aws_lb_target_group_attachment" "sdkim_albtgat" {
target_group_arn = aws_lb_target_group.sdkim_albtg.arn
target_id = aws_instance.sdkim_weba.id
port = var.httpport
}
15. ami.tf (ami를 이용하여 Launch Template 만들기)
resource "aws_ami_from_instance" "sdkim_ami" {
name = "sdkim-ami"
source_instance_id = aws_instance.sdkim_weba.id
tags = {
Name = "sdkim-ami"
}
}
16_aslt.tf
resource "aws_launch_template" "sdkim_lt" {
name = "${var.name)-lt"
block_device_mappings {
device_name = "/dev/sdd"
ebs {
volume_size = 10
volume_type = "gp2"
}
}
image_id = aws_ami_from_instance.sdkim_ami.id
instance_type = "t2.micro"
key_name = "${var.name}"
vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
tag_specifications {
resource_type = "instance"
tags = {
Name = "${var.name}-lt"
}
}
}
17_asg.tf
resource "aws_autoscaling_group" "sdkim_asg" {
name = "${var.name}-asg"
min_size = 1
max_size = 6
desired_capacity = 1
health_check_grace_period = 30
health_check_type = "EC2"
force_delete = var.bool0
vpc_zone_identifier = concat(aws_subnet.sdkim_web[*].id)
launch_template {
id = aws_launch_template.sdkim_lt.id
version = "$Latest"
}
}
18_asgat.tf
resource "aws_autoscaling_attachment" "sdkim_asgat" {
autoscaling_group_name = aws_autoscaling_group.sdkim_asg.id
lb_target_group_arn = aws_lb_target_group.sdkim_albtg.arn
}
19_rds.tf
resource "aws_db_instance" "sdkim_db" {
allocated_storage = 20
storage_type = "${var.ssdtype}"
engine = "${var.mysql}"
engine_version = "5.7"
instance_class = "${var.dbtype}"
db_name = "wordpress"
identifier = "sdkimdb"
username = "root"
password = "It12345!"
availability_zone = "${var.region}a"
db_subnet_group_name = aws_db_subnet_group.sdkim_dbsg.id
vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
skip_final_snapshot = var.bool1
tags = {
Name = "${var.name}-db"
}
}
resource "aws_db_subnet_group" "sdkim_dbsg" {
name = "${var.name}-dbsg"
subnet_ids = concat(aws_subnet.sdkim_db[*].id)
}
output "sdkim_db" {
value = aws_db_instance.sdkim_db.endpoint
}
db.sh
#! /bin/bash
yum install -y http://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/mysql-community.repo
yum install -y mysql-community-server
systemctl enable --now mysqld
password_match=`awk '/A temporary password is generated for/ {a=$0} END{ print a }' /var/log/mysqld.log | awk '{print $(NF)}'`
echo $password_match
mysql -uroot -p$password_match --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'It12345!'; flush privileges; "
password=It12345!
mysql -uroot -p$password -e "grant all privileges on *.* to 'root'@'%' IDENTIFIED BY 'It12345!'; create database wordpress; flush privileges;"
install.sh
#! /bin/bash
yum install -y httpd
wget https://ko.wordpress.org/wordpress-5.8.8-ko_KR.tar.gz
tar xvfz wordpress-5.8.8-ko_KR.tar.gz
cp -r wordpress/* /var/www/html/
echo "hello world" > /var/www/html/index.html
sed -i 's/DirectoryIndex index.html/DirectoryIndex index.php/g' /etc/httpd/conf/httpd.conf
cp /var/www/html/{wp-config-sample.php,wp-config.php}
amazon-linux-extras enable php7.4
yum install -y php php-cli php-common php-gd php-opcache php-curl php-mysqlnd
sed -i 's/database_name_here/wordpress/g' /var/www/html/wp-config.php
sed -i 's/username_here/root/g' /var/www/html/wp-config.php
sed -i 's/password_here/It12345!/g' /var/www/html/wp-config.php
sed -i 's/localhost/sdkimdb.----------.ap-northeast-2.rds.amazonaws.com/g' /var/www/html/wp-config.php
systemctl enable --now httpd
var.tf
variable "region" {
type = string
# default = "ap-northeast-2"
}
variable "name" {
type = string
# default = "sdkim"
}
variable "cidr" {
type = string
# default = "10.0.0.0/16"
}
variable "pri" {
type = string
# default = "10.0.0.21"
}
variable "type" {
type = string
# default = "t2.micro"
}
variable "pri1" {
type = string
# default = "10.0.0.11"
}
variable "load" {
type = string
# default = "application"
}
variable "bool0" {
type = bool
# default = false
}
variable "bool1" {
type = bool
# default = true
}
variable "ssh" {
type = string
# default = "ssh"
}
variable "http" {
type = string
# default = "http"
}
variable "mysql" {
type = string
# default = "mysql"
}
variable "icmp" {
type = string
# default = "icmp"
}
variable "protcp" {
type = string
# default = "tcp"
}
variable "proudp" {
type = string
# default = "udp"
}
variable "proicmp" {
type = string
# default = "icmp"
}
variable "sshport" {
type = number
# default = 22
}
variable "httpport" {
type = number
# default = 80
}
variable "mysqlport" {
type = number
# default = 3306
}
variable "icmpport" {
type = number
# default = -1
}
variable "dert" {
type = string
# default = "0.0.0.0/0"
}
variable "dert6" {
type = string
# default = "::/0"
}
variable "dbtype" {
type = string
# default = "db.t3.micro"
}
variable "ssdtype" {
type = string
# default = "gp2"
}
variable "subip" {
type = string
}
data.tf
module "test" {
source = "../01_EXAM"
region = "ap-northeast-2"
name = "sdkim"
cidr = "10.0.0.0/16"
pri = "10.0.0.21"
type = "t2.micro"
pri1 = "10.0.0.11"
load = "application"
bool0 = false
bool1 = true
ssh = "ssh"
http = "http"
mysql = "mysql"
icmp = "icmp"
protcp = "tcp"
proudp = "udp"
proicmp = "icmp"
sshport = 22
httpport = 80
mysqlport = 3306
icmpport = -1
dert = "0.0.0.0/0"
dert6 = "::/0"
dbtype = "db.t3.micro"
ssdtype = "gp2"
subip = "10.0."
}
728x90