공부합시다!/Terraform

20단계로 따라하는 AWS Terraform + AWS(Wordpress + RDS)

간서치 2024. 6. 14. 15:10
728x90

전체 코드

-> 문자열내에서 변수 사용 시 ${var.변수명}

 

00_init.tf

00_init.tf

terraform {
  required_providers {
    aws = {
        source = "hashicorp/aws"
        version = "~> 5.0"
    }
  }
}

 

01_region.tf

provider "aws" {
  region = var.region
}

resource "aws_key_pair" "sdkim" {
  key_name = "${var.name}"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAt4liBf35ifYpljnT7pgiLpQGC8ROJGm1UVr2o4u9RsXE7nBQX+6E4DwppWWYg0MTLAaVhFhCxD0PxaAIfava9XIuPFM9b4ZsT26cwHVU+cGWYD4OdgkbljbDCiNghKLyUNBMw++1t3qTPXezxfsAuDGaBXrhattYMI+X+ZbYvJB2F1OMdzRrznjykYRRrr3a1JhS01EOSbJ8PjQDJ2Wad6JU5Jc4l8g6kOU/MyBNf2LajvGpSqQ6aCIDOvsoBF9P/OC4RNq5Ogghd+51LMX8hfUSdp4KwFDUdYGqib7tg0pytxpa5cSDKTNyBboUdtCoP/ZFe8HfzciO7qcKTx9RnplYpao1TKdb15QOeOjCrUCU5nSK3cXrm8yJhceTckEMHuHuFvveQDShNdxJRZ1dxWng6BzDI1ByQBqDOJamaplfixv1yx3YeMZrGwaoA5F6rSG3Md2VSyKr6arPopkj/eLqLNgH9Rxa6XzomCRyoewX+zatZ4LCm62jUssicL0="
}

resource "aws_key_pair" "sdkim1" {
  key_name = "${var.name}1"
  public_key = file("sdkim.pub")
}

# ssh-keygen -m PEM -f sdkim -b 2048 -q -N ""

 

02_vpc.tf

resource "aws_vpc" "sdkim_vpc" {
  cidr_block           = "${var.cidr}"
  instance_tenancy     = "default"
  enable_dns_hostnames = var.bool1
  enable_dns_support   = var.bool1

  tags = {
    Name = "${var.name}-vpc"
  }
}

 

03_ig.tf

resource "aws_internet_gateway" "sdkim_ig" {
  vpc_id = aws_vpc.sdkim_vpc.id

  tags = {
    Name = "${var.name}-ig"
  }
}

 

04_subnet.tf

resource "aws_subnet" "sdkim_web" {
  count = 2
  vpc_id                  = aws_vpc.sdkim_vpc.id
  cidr_block              = "${var.subip}${count.index}.0/24"
  availability_zone       = "${var.region}${count.index == 0 ? "a" : "c"}"
  map_public_ip_on_launch = var.bool1

  tags = {
    Name = "${var.name}-web${count.index == 0 ? "a" : "c"}"
  }
}
/*
resource "aws_subnet" "sdkim_webc" {
  vpc_id                  = aws_vpc.sdkim_vpc.id
  cidr_block              = "10.0.1.0/24"
  availability_zone       = "ap-northeast-2c"
  map_public_ip_on_launch = true

  tags = {
    Name = "sdkim-webc"
  }
}
*/
resource "aws_subnet" "sdkim_was" {
  count = 2
  vpc_id            = aws_vpc.sdkim_vpc.id
  cidr_block        = "${var.subip}${count.index + 2}.0/24"
  availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}"
  #  map_public_ip_on_launch = true

  tags = {
    Name = "${var.name}-was${count.index == 0 ? "a" : "c"}"
  }
}
/*
resource "aws_subnet" "sdkim_wasc" {
  vpc_id            = aws_vpc.sdkim_vpc.id
  cidr_block        = "10.0.3.0/24"
  availability_zone = "ap-northeast-2c"
  #  map_public_ip_on_launch = true

  tags = {
    Name = "sdkim-wasc"
  }
}
*/
resource "aws_subnet" "sdkim_db" {
  count = 2
  vpc_id            = aws_vpc.sdkim_vpc.id
  cidr_block        = "${var.subip}${count.index + 4}.0/24"
  availability_zone = "${var.region}${count.index == 0 ? "a" : "c"}"
  #  map_public_ip_on_launch = true

  tags = {
    Name = "${var.name}-was${count.index == 0 ? "a" : "c"}"
  }
}
/*
resource "aws_subnet" "sdkim_dbc" {
  vpc_id            = aws_vpc.sdkim_vpc.id
  cidr_block        = "10.0.5.0/24"
  availability_zone = "ap-northeast-2c"
  #  map_public_ip_on_launch = true

  tags = {
    Name = "sdkim-dbc"
  }
}
*/

 

05_rt.tf

resource "aws_route_table" "sdkim_rt" {
  vpc_id = aws_vpc.sdkim_vpc.id

  route {
    cidr_block = "${var.dert}"
    gateway_id = aws_internet_gateway.sdkim_ig.id
  }

  tags = {
    Name = "${var.name}-rt"
  }
}

 

06_rtas.tf

resource "aws_route_table_association" "sdkim_rtas" {
  count = 2
  subnet_id      = aws_subnet.sdkim_web[count.index].id
  route_table_id = aws_route_table.sdkim_rt.id
}
/*
resource "aws_route_table_association" "sdkim_rtasc" {
  subnet_id      = aws_subnet.sdkim_webc.id
  route_table_id = aws_route_table.sdkim_rt.id
}
*/

 

07_nig.tf

resource "aws_eip" "sdkim_eip" {
  domain = "vpc"
}

output "eip" {
  value = aws_eip.sdkim_eip.public_ip
}

resource "aws_nat_gateway" "sdkim_nig" {
  allocation_id = aws_eip.sdkim_eip.id
  subnet_id     = aws_subnet.sdkim_web[0].id
  private_ip    = "${var.pri}"

  depends_on = [aws_internet_gateway.sdkim_ig]

  tags = {
    Name = "${var.name}-nig"
  }
}

 

08_nrt.tf

resource "aws_route_table" "sdkim_nrt" {
  vpc_id = aws_vpc.sdkim_vpc.id

  route {
    cidr_block = "${var.dert}"
    gateway_id = aws_nat_gateway.sdkim_nig.id
  }

  tags = {
    Name = "${var.name}-nrt"
  }
}

 

09_nrtas.tf

resource "aws_route_table_association" "sdkim_nrtas_w" {
  count = 2
  subnet_id      = aws_subnet.sdkim_was[count.index].id
  route_table_id = aws_route_table.sdkim_nrt.id
}
/*
resource "aws_route_table_association" "sdkim_nrtas_wc" {
  subnet_id      = aws_subnet.sdkim_wasc.id
  route_table_id = aws_route_table.sdkim_nrt.id
}
*/
resource "aws_route_table_association" "sdkim_nrtas_d" {
  count = 2
  subnet_id      = aws_subnet.sdkim_db[count.index].id
  route_table_id = aws_route_table.sdkim_nrt.id
}
/*
resource "aws_route_table_association" "sdkim_nrtas_dc" {
  subnet_id      = aws_subnet.sdkim_dbc.id
  route_table_id = aws_route_table.sdkim_nrt.id
}
*/

 

10_sg.tf

resource "aws_security_group" "sdkim_sg" {
  name        = "${var.name}-sg"
  description = "${var.ssh}-${var.http}-${var.mysql}-${var.icmp}"
  vpc_id      = aws_vpc.sdkim_vpc.id

  ingress = [
    {
      description      = "${var.ssh}"
      from_port        = var.sshport
      to_port          = var.sshport
      protocol         = "${var.protcp}"
      cidr_blocks      = ["${var.dert}"]
      ipv6_cidr_blocks = ["${var.dert6}"]
      prefix_list_ids  = null
      security_groups  = null
      self             = null
    },
    {
      description      = "${var.http}"
      from_port        = var.httpport
      to_port          = var.httpport
      protocol         = "${var.protcp}"
      cidr_blocks      = ["${var.dert}"]
      ipv6_cidr_blocks = ["${var.dert6}"]
      prefix_list_ids  = null
      security_groups  = null
      self             = null
    },
    {
      description      = "${var.mysql}"
      from_port        = var.mysqlport
      to_port          = var.mysqlport
      protocol         = "${var.protcp}"
      cidr_blocks      = ["${var.dert}"]
      ipv6_cidr_blocks = ["${var.dert6}"]
      prefix_list_ids  = null
      security_groups  = null
      self             = null   
    },
    {
      description      = "${var.icmp}"
      from_port        = var.icmpport
      to_port          = var.icmpport
      protocol         = "${var.icmp}"
      cidr_blocks      = ["${var.dert}"]
      ipv6_cidr_blocks = ["${var.dert6}"]
      prefix_list_ids  = null
      security_groups  = null
      self             = null
    },
    {
      description      = "docker_http"
      from_port        = 60080
      to_port          = 65500
      protocol         = "${var.protcp}"
      cidr_blocks      = ["${var.dert}"]
      ipv6_cidr_blocks = ["${var.dert6}"]
      prefix_list_ids  = null
      security_groups  = null
      self             = null
    }
  ]


  egress {
    description      = "all"
    from_port        = 0
    to_port          = 0
    protocol         = var.icmpport
    cidr_blocks      = ["${var.dert}"]
    ipv6_cidr_blocks = ["${var.dert6}"]
  }

  tags = {
    Name = "${var.name}-sg"
  }
}

 

11_ec2.tf

data "aws_ami" "amzn" {
  most_recent = true

  filter {
    name   = "name"
    values = ["amzn2-ami-kernel-5.10*-hvm-*-x86_64-gp2"]
 #   Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["amazon"]
}


resource "aws_instance" "sdkim_weba" {
  ami                    = data.aws_ami.amzn.id
  instance_type          = "${var.type}"
  key_name               = "${var.name}"
  availability_zone      = "${var.region}a"
  private_ip             = "${var.pri1}"
  subnet_id              = aws_subnet.sdkim_web[0].id
  vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
#  user_data_base64 = "IyEgL2Jpbi9iYXNoCiAgICAgICAgeXVtIGluc3RhbGwgLXkgaHR0cGQKICAgICAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IGh0dHBk"
#  user_data = <<end
#        #! /bin/bash
#        yum install -y httpd
#        systemctl enable --now httpd
#        end
  user_data = file("install.sh")
  tags = {
    Name = "${var.name}-weba"
  }
}

output "ec2_publicip" {
  value = aws_instance.sdkim_weba.public_ip
}
/*
resource "aws_instance" "sdkim_dba" {
  ami                    = data.aws_ami.amzn.id
  instance_type          = "t2.micro"
  key_name               = "sdkim"
  availability_zone      = "ap-northeast-2a"
  private_ip             = "10.0.4.11"
  subnet_id              = aws_subnet.sdkim_dba.id
  vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
#  user_data_base64 = "IyEgL2Jpbi9iYXNoCiAgICAgICAgeXVtIGluc3RhbGwgLXkgaHR0cGQKICAgICAgICBzeXN0ZW1jdGwgZW5hYmxlIC0tbm93IGh0dHBk"
#  user_data = <<end
#        #! /bin/bash
#        yum install -y httpd
#        systemctl enable --now httpd
#        end
  user_data = file("db.sh")
  depends_on = [aws_route_table_association.sdkim_nrtas_da]
  tags = {
    Name = "sdkim-dba"
  }
}
*/

 

12_alb.tf

resource "aws_lb" "sdkim_lb" {
  name               = "${var.name}-lb"
  internal           = var.bool0
  load_balancer_type = "${var.load}"
  security_groups    = [aws_security_group.sdkim_sg.id]
  subnets            = concat(aws_subnet.sdkim_web[*].id)

  tags = {
    Name = "${var.name}-lb"
  }
}

output "load_dns" {
  value = aws_lb.sdkim_lb.dns_name
}

 

13_albtg.tf

resource "aws_lb_target_group" "sdkim_albtg" {
  name     = "sdkim-albtg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = aws_vpc.sdkim_vpc.id

  health_check {
    enabled             = true
    healthy_threshold   = 2
    interval            = 5
    matcher             = 200
    path                = "/index.html"
    port                = "traffic-port"
    protocol            = "HTTP"
    timeout             = 3
    unhealthy_threshold = 3

  }

  tags = {
    Name = "${var.name}-albtg"
  }
}

 

14_albli.tf

resource "aws_lb_listener" "sdkim_albli" {
  load_balancer_arn = aws_lb.sdkim_lb.arn
  port              = var.httpport
  protocol          = "HTTP"
  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.sdkim_albtg.arn
  }

  tags = {
    Name = "${var.name}-albli"
  }
}

 

15_albtgat.tf (이전에 생성한 인스턴스를 alb의  타겟(backend)으로 사용

resource "aws_lb_target_group_attachment" "sdkim_albtgat" {
  target_group_arn = aws_lb_target_group.sdkim_albtg.arn
  target_id        = aws_instance.sdkim_weba.id
  port             = var.httpport
}

 

15. ami.tf (ami를 이용하여 Launch Template 만들기)

resource "aws_ami_from_instance" "sdkim_ami" {
  name               = "sdkim-ami"
  source_instance_id = aws_instance.sdkim_weba.id

  tags = {
    Name = "sdkim-ami"
  }
}

 

16_aslt.tf

resource "aws_launch_template" "sdkim_lt" {
  name = "${var.name)-lt"
  block_device_mappings {
    device_name = "/dev/sdd"
    ebs {
      volume_size = 10
      volume_type = "gp2"
    }
  }

  image_id               = aws_ami_from_instance.sdkim_ami.id
  instance_type          = "t2.micro"
  key_name               = "${var.name}"
  vpc_security_group_ids = [aws_security_group.sdkim_sg.id]

  tag_specifications {
    resource_type = "instance"
    tags = {
      Name = "${var.name}-lt"
    }
  }
}

 

17_asg.tf

resource "aws_autoscaling_group" "sdkim_asg" {
  name                      = "${var.name}-asg"
  min_size                  = 1
  max_size                  = 6
  desired_capacity          = 1
  health_check_grace_period = 30
  health_check_type         = "EC2"
  force_delete              = var.bool0
  vpc_zone_identifier       = concat(aws_subnet.sdkim_web[*].id)

  launch_template {
    id      = aws_launch_template.sdkim_lt.id
    version = "$Latest"
  }
}

 

18_asgat.tf

resource "aws_autoscaling_attachment" "sdkim_asgat" {
  autoscaling_group_name = aws_autoscaling_group.sdkim_asg.id
  lb_target_group_arn    = aws_lb_target_group.sdkim_albtg.arn
}

 

19_rds.tf

resource "aws_db_instance" "sdkim_db" {
  allocated_storage      = 20
  storage_type           = "${var.ssdtype}"
  engine                 = "${var.mysql}"
  engine_version         = "5.7"
  instance_class         = "${var.dbtype}"
  db_name                = "wordpress"
  identifier             = "sdkimdb"
  username               = "root"
  password               = "It12345!"
  availability_zone      = "${var.region}a"
  db_subnet_group_name   = aws_db_subnet_group.sdkim_dbsg.id
  vpc_security_group_ids = [aws_security_group.sdkim_sg.id]
  skip_final_snapshot    = var.bool1

  tags = {
    Name = "${var.name}-db"
  }
}

resource "aws_db_subnet_group" "sdkim_dbsg" {
  name       = "${var.name}-dbsg"
  subnet_ids = concat(aws_subnet.sdkim_db[*].id)
}

output "sdkim_db" {
  value = aws_db_instance.sdkim_db.endpoint
}

 

db.sh

#! /bin/bash

yum install -y http://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sed -i 's/gpgcheck=1/gpgcheck=0/g' /etc/yum.repos.d/mysql-community.repo
yum install -y mysql-community-server
systemctl enable --now mysqld
password_match=`awk '/A temporary password is generated for/ {a=$0} END{ print a }' /var/log/mysqld.log | awk '{print $(NF)}'`
echo $password_match
mysql -uroot -p$password_match --connect-expired-password -e "ALTER USER 'root'@'localhost' IDENTIFIED BY 'It12345!'; flush privileges; "
password=It12345!
mysql -uroot -p$password -e "grant all privileges on *.* to 'root'@'%' IDENTIFIED BY 'It12345!'; create database wordpress; flush privileges;"

 

install.sh

#! /bin/bash

yum install -y httpd
wget https://ko.wordpress.org/wordpress-5.8.8-ko_KR.tar.gz
tar xvfz wordpress-5.8.8-ko_KR.tar.gz 
cp -r wordpress/* /var/www/html/
echo "hello world" > /var/www/html/index.html
sed -i 's/DirectoryIndex index.html/DirectoryIndex index.php/g' /etc/httpd/conf/httpd.conf
cp /var/www/html/{wp-config-sample.php,wp-config.php}
amazon-linux-extras enable php7.4
yum install -y php php-cli php-common php-gd php-opcache php-curl php-mysqlnd
sed -i 's/database_name_here/wordpress/g' /var/www/html/wp-config.php
sed -i 's/username_here/root/g' /var/www/html/wp-config.php
sed -i 's/password_here/It12345!/g' /var/www/html/wp-config.php
sed -i 's/localhost/sdkimdb.----------.ap-northeast-2.rds.amazonaws.com/g' /var/www/html/wp-config.php
systemctl enable --now httpd

 

var.tf

variable "region" {
  type    = string
#  default = "ap-northeast-2"
}

variable "name" {
  type    = string
#  default = "sdkim"
}

variable "cidr" {
  type    = string
#  default = "10.0.0.0/16"
}

variable "pri" {
  type    = string
#  default = "10.0.0.21"
}

variable "type" {
  type    = string
#  default = "t2.micro"
}

variable "pri1" {
  type    = string
#  default = "10.0.0.11"
}

variable "load" {
  type    = string
#  default = "application"
}

variable "bool0" {
  type    = bool
#  default = false
}

variable "bool1" {
  type    = bool
#  default = true
}

variable "ssh" {
  type    = string
#  default = "ssh"
}

variable "http" {
  type    = string
#  default = "http"
}

variable "mysql" {
  type    = string
#  default = "mysql"
}

variable "icmp" {
  type    = string
#  default = "icmp"
}

variable "protcp" {
  type    = string
#  default = "tcp"
}

variable "proudp" {
  type    = string
#  default = "udp"
}

variable "proicmp" {
  type    = string
#  default = "icmp"
}

variable "sshport" {
  type    = number
#  default = 22
}

variable "httpport" {
  type    = number
#  default = 80
}

variable "mysqlport" {
  type    = number
#  default = 3306
}

variable "icmpport" {
  type    = number
#  default = -1
}

variable "dert" {
  type    = string
#  default = "0.0.0.0/0"
}

variable "dert6" {
  type    = string
#  default = "::/0"
}

variable "dbtype" {
  type    = string
#  default = "db.t3.micro"
}

variable "ssdtype" {
  type    = string
#  default = "gp2"
}

variable "subip" {
  type = string
}

 

data.tf

module "test" {
  source = "../01_EXAM"

  region    = "ap-northeast-2"
  name      = "sdkim"
  cidr      = "10.0.0.0/16"
  pri       = "10.0.0.21"
  type      = "t2.micro"
  pri1      = "10.0.0.11"
  load      = "application"
  bool0     = false
  bool1     = true
  ssh       = "ssh"
  http      = "http"
  mysql     = "mysql"
  icmp      = "icmp"
  protcp    = "tcp"
  proudp    = "udp"
  proicmp   = "icmp"
  sshport   = 22
  httpport  = 80
  mysqlport = 3306
  icmpport  = -1
  dert      = "0.0.0.0/0"
  dert6     = "::/0"
  dbtype    = "db.t3.micro"
  ssdtype   = "gp2"
  subip      = "10.0."
}

 

 

728x90