<1> 테라폼으로 디폴트 네트워크 만들기 1 ec2 명령서버 1대 생성 cloudformaion-golobal-role 포함 (명령서버 에 role을 자동 부여된다) 2 ec2 로그인 cd mkdir 21 cd 21 aws s3 ls 3 # cat으로 테라폼 파일을 만든다. # 테라폼 파일 # 서브넷 이름, 라우팅 테이블등 모두 보이도록 추가함 cat <<'EOF' > main.tf terraform { required_version = ">= 1.5.0" required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } } } ############################ # 변수 ############################ variable "aws_region" { description = "AWS Region" type = string default = "ap-northeast-2" } variable "name_prefix" { description = "리소스 이름 Prefix" type = string default = "data" } variable "vpc_cidr" { description = "VPC CIDR (예: 10.0.0.0/20)" type = string default = "10.0.16.0/20" } provider "aws" { region = var.aws_region } data "aws_availability_zones" "available" { state = "available" } ############################ # 공통 태그 ############################ locals { common_tags = { Project = var.name_prefix Managed = "terraform" } subnet_blocks = cidrsubnets(var.vpc_cidr, 4, 4, 2, 2, 4, 4) # 0: public-a (/24) # 1: public-b (/24) # 2: app-a (/22) # 3: app-b (/22) # 4: db-a (/24) # 5: db-b (/24) } ############################ # VPC ############################ resource "aws_vpc" "main" { cidr_block = var.vpc_cidr enable_dns_support = true enable_dns_hostnames = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-vpc" }) } resource "aws_internet_gateway" "igw" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-igw" }) } ############################ # Subnets ############################ resource "aws_subnet" "public_a" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[0] availability_zone = data.aws_availability_zones.available.names[0] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-pub-a" Tier = "public" "kubernetes.io/role/elb" = "1" }) } resource "aws_subnet" "public_b" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[1] availability_zone = data.aws_availability_zones.available.names[1] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-pub-b" Tier = "public" "kubernetes.io/role/elb" = "1" }) } resource "aws_subnet" "app_a" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[2] availability_zone = data.aws_availability_zones.available.names[0] tags = merge(local.common_tags, { Name = "${var.name_prefix}-app-a" Tier = "app" "kubernetes.io/role/internal-elb" = "1" }) } resource "aws_subnet" "app_b" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[3] availability_zone = data.aws_availability_zones.available.names[1] tags = merge(local.common_tags, { Name = "${var.name_prefix}-app-b" Tier = "app" "kubernetes.io/role/internal-elb" = "1" }) } resource "aws_subnet" "db_a" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[4] availability_zone = data.aws_availability_zones.available.names[0] tags = merge(local.common_tags, { Name = "${var.name_prefix}-db-a" Tier = "db" }) } resource "aws_subnet" "db_b" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[5] availability_zone = data.aws_availability_zones.available.names[1] tags = merge(local.common_tags, { Name = "${var.name_prefix}-db-b" Tier = "db" }) } ############################ # NAT Gateway ############################ resource "aws_eip" "nat_a" { domain = "vpc" tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-eip-a" }) } resource "aws_nat_gateway" "nat_a" { allocation_id = aws_eip.nat_a.id subnet_id = aws_subnet.public_a.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-a" }) depends_on = [aws_internet_gateway.igw] } resource "aws_eip" "nat_b" { domain = "vpc" tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-eip-b" }) } resource "aws_nat_gateway" "nat_b" { allocation_id = aws_eip.nat_b.id subnet_id = aws_subnet.public_b.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-b" }) depends_on = [aws_internet_gateway.igw] } ############################ # Route Tables ############################ resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-public" }) } resource "aws_route" "public_default" { route_table_id = aws_route_table.public.id destination_cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } resource "aws_route_table" "app_a" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-app-a" }) } resource "aws_route" "app_a_default" { route_table_id = aws_route_table.app_a.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_a.id } resource "aws_route_table" "app_b" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-app-b" }) } resource "aws_route" "app_b_default" { route_table_id = aws_route_table.app_b.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_b.id } resource "aws_route_table" "db" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-db" }) } ############################ # Associations ############################ resource "aws_route_table_association" "public_a" { subnet_id = aws_subnet.public_a.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "public_b" { subnet_id = aws_subnet.public_b.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "app_a" { subnet_id = aws_subnet.app_a.id route_table_id = aws_route_table.app_a.id } resource "aws_route_table_association" "app_b" { subnet_id = aws_subnet.app_b.id route_table_id = aws_route_table.app_b.id } resource "aws_route_table_association" "db_a" { subnet_id = aws_subnet.db_a.id route_table_id = aws_route_table.db.id } resource "aws_route_table_association" "db_b" { subnet_id = aws_subnet.db_b.id route_table_id = aws_route_table.db.id } ############################ # 출력 ############################ output "vpc_id" { value = aws_vpc.main.id } output "public_subnet_ids" { value = [aws_subnet.public_a.id, aws_subnet.public_b.id] } output "app_subnet_ids" { value = [aws_subnet.app_a.id, aws_subnet.app_b.id] } output "db_subnet_ids" { value = [aws_subnet.db_a.id, aws_subnet.db_b.id] } EOF ---------- 4 # 디폴트 이름은 data # 디폴트 vpc는 10.0.16.0/20 이다. terraform init terraform apply -auto-approve # 디폴트 삭제 terraform destroy -auto-approve 5 # 입력값을 바꾸고 싶을때 terraform apply -auto-approve \ -var="name_prefix=newdata" \ -var="vpc_cidr=10.0.32.0/20" terraform init terraform apply -auto-approve 6 # 삭제 terraform destroy -auto-approve 7 # 참고 # 초기에 프롬프트로 입력값 받는 코드 cat <<'EOF' > main.tf terraform { required_version = ">= 1.5.0" required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } } } provider "aws" { region = var.aws_region } data "aws_availability_zones" "available" { state = "available" } ############################ # 변수 ############################ variable "aws_region" { default = "ap-northeast-2" } variable "name_prefix" { description = "리소스 이름 Prefix" type = string default = "ha" } ############################ # 공통 태그 ############################ locals { common_tags = { Project = var.name_prefix Managed = "terraform" } } ############################ # VPC ############################ resource "aws_vpc" "main" { cidr_block = "10.0.0.0/20" enable_dns_support = true enable_dns_hostnames = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-vpc" }) } resource "aws_internet_gateway" "igw" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-igw" }) } ############################ # Subnets ############################ resource "aws_subnet" "public_a" { vpc_id = aws_vpc.main.id cidr_block = "10.0.0.0/24" availability_zone = data.aws_availability_zones.available.names[0] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-pub-a" Tier = "public" "kubernetes.io/role/elb" = "1" }) } resource "aws_subnet" "public_b" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = data.aws_availability_zones.available.names[1] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-pub-b" Tier = "public" "kubernetes.io/role/elb" = "1" }) } resource "aws_subnet" "app_a" { vpc_id = aws_vpc.main.id cidr_block = "10.0.4.0/22" availability_zone = data.aws_availability_zones.available.names[0] tags = merge(local.common_tags, { Name = "${var.name_prefix}-app-a" Tier = "app" "kubernetes.io/role/internal-elb" = "1" }) } resource "aws_subnet" "app_b" { vpc_id = aws_vpc.main.id cidr_block = "10.0.8.0/22" availability_zone = data.aws_availability_zones.available.names[1] tags = merge(local.common_tags, { Name = "${var.name_prefix}-app-b" Tier = "app" "kubernetes.io/role/internal-elb" = "1" }) } resource "aws_subnet" "db_a" { vpc_id = aws_vpc.main.id cidr_block = "10.0.12.0/24" availability_zone = data.aws_availability_zones.available.names[0] tags = merge(local.common_tags, { Name = "${var.name_prefix}-db-a" Tier = "db" }) } resource "aws_subnet" "db_b" { vpc_id = aws_vpc.main.id cidr_block = "10.0.13.0/24" availability_zone = data.aws_availability_zones.available.names[1] tags = merge(local.common_tags, { Name = "${var.name_prefix}-db-b" Tier = "db" }) } ############################ # NAT Gateway ############################ resource "aws_eip" "nat_a" { domain = "vpc" tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-eip-a" }) } resource "aws_nat_gateway" "nat_a" { allocation_id = aws_eip.nat_a.id subnet_id = aws_subnet.public_a.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-a" }) depends_on = [aws_internet_gateway.igw] } resource "aws_eip" "nat_b" { domain = "vpc" tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-eip-b" }) } resource "aws_nat_gateway" "nat_b" { allocation_id = aws_eip.nat_b.id subnet_id = aws_subnet.public_b.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-b" }) depends_on = [aws_internet_gateway.igw] } ############################ # Route Tables ############################ resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-public" }) } resource "aws_route" "public" { route_table_id = aws_route_table.public.id destination_cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } resource "aws_route_table" "app_a" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-app-a" }) } resource "aws_route" "app_a" { route_table_id = aws_route_table.app_a.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_a.id } resource "aws_route_table" "app_b" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-app-b" }) } resource "aws_route" "app_b" { route_table_id = aws_route_table.app_b.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_b.id } resource "aws_route_table" "db" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-db" }) } ############################ # Associations ############################ resource "aws_route_table_association" "public_a" { subnet_id = aws_subnet.public_a.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "public_b" { subnet_id = aws_subnet.public_b.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "app_a" { subnet_id = aws_subnet.app_a.id route_table_id = aws_route_table.app_a.id } resource "aws_route_table_association" "app_b" { subnet_id = aws_subnet.app_b.id route_table_id = aws_route_table.app_b.id } resource "aws_route_table_association" "db_a" { subnet_id = aws_subnet.db_a.id route_table_id = aws_route_table.db.id } resource "aws_route_table_association" "db_b" { subnet_id = aws_subnet.db_b.id route_table_id = aws_route_table.db.id } ############################ # 출력 ############################ output "vpc_id" { value = aws_vpc.main.id } output "public_subnets" { value = [aws_subnet.public_a.id, aws_subnet.public_b.id] } EOF terraform init terraform apply -auto-approve ------------ terraform destroy -auto-approve <2> 테라폼으로 실무 사용 네트워크 만들기 name_prefix 와 aws_vpc의 cidr_block을 입력 받도록 수정해줘 ------------------------------- cat <<'EOF' > main.tf terraform { required_version = ">= 1.5.0" required_providers { aws = { source = "hashicorp/aws" version = ">= 5.0" } } } ############################ # 변수 ############################ variable "aws_region" { description = "AWS Region" type = string default = "ap-northeast-2" } variable "name_prefix" { description = "리소스 이름 Prefix" type = string } variable "vpc_cidr" { description = "VPC CIDR (예: 10.0.0.0/20)" type = string } provider "aws" { region = var.aws_region } data "aws_availability_zones" "available" { state = "available" } ############################ # 공통 태그 ############################ locals { common_tags = { Project = var.name_prefix Managed = "terraform" } } ############################ # VPC ############################ resource "aws_vpc" "main" { cidr_block = var.vpc_cidr enable_dns_support = true enable_dns_hostnames = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-vpc" }) } resource "aws_internet_gateway" "igw" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-igw" }) } ############################ # Subnets (자동 계산) ############################ locals { subnet_blocks = cidrsubnets(var.vpc_cidr, 4, 4, 2, 2, 4, 4) # 결과: # 0: public-a (/24) # 1: public-b (/24) # 2: app-a (/22) # 3: app-b (/22) # 4: db-a (/24) # 5: db-b (/24) } resource "aws_subnet" "public_a" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[0] availability_zone = data.aws_availability_zones.available.names[0] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-pub-a" "kubernetes.io/role/elb" = "1" }) } resource "aws_subnet" "public_b" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[1] availability_zone = data.aws_availability_zones.available.names[1] map_public_ip_on_launch = true tags = merge(local.common_tags, { Name = "${var.name_prefix}-pub-b" "kubernetes.io/role/elb" = "1" }) } resource "aws_subnet" "app_a" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[2] availability_zone = data.aws_availability_zones.available.names[0] tags = merge(local.common_tags, { Name = "${var.name_prefix}-app-a" "kubernetes.io/role/internal-elb" = "1" }) } resource "aws_subnet" "app_b" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[3] availability_zone = data.aws_availability_zones.available.names[1] tags = merge(local.common_tags, { Name = "${var.name_prefix}-app-b" "kubernetes.io/role/internal-elb" = "1" }) } resource "aws_subnet" "db_a" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[4] availability_zone = data.aws_availability_zones.available.names[0] tags = merge(local.common_tags, { Name = "${var.name_prefix}-db-a" }) } resource "aws_subnet" "db_b" { vpc_id = aws_vpc.main.id cidr_block = local.subnet_blocks[5] availability_zone = data.aws_availability_zones.available.names[1] tags = merge(local.common_tags, { Name = "${var.name_prefix}-db-b" }) } ############################ # NAT Gateway ############################ resource "aws_eip" "nat_a" { domain = "vpc" tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-eip-a" }) } resource "aws_nat_gateway" "nat_a" { allocation_id = aws_eip.nat_a.id subnet_id = aws_subnet.public_a.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-a" }) depends_on = [aws_internet_gateway.igw] } resource "aws_eip" "nat_b" { domain = "vpc" tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-eip-b" }) } resource "aws_nat_gateway" "nat_b" { allocation_id = aws_eip.nat_b.id subnet_id = aws_subnet.public_b.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-nat-b" }) depends_on = [aws_internet_gateway.igw] } ############################ # Route Tables ############################ resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-public" }) } resource "aws_route" "public" { route_table_id = aws_route_table.public.id destination_cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } resource "aws_route_table" "app_a" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-app-a" }) } resource "aws_route" "app_a" { route_table_id = aws_route_table.app_a.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_a.id } resource "aws_route_table" "app_b" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-app-b" }) } resource "aws_route" "app_b" { route_table_id = aws_route_table.app_b.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_b.id } resource "aws_route_table" "db" { vpc_id = aws_vpc.main.id tags = merge(local.common_tags, { Name = "${var.name_prefix}-rtb-db" }) } ############################ # Associations ############################ resource "aws_route_table_association" "public_a" { subnet_id = aws_subnet.public_a.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "public_b" { subnet_id = aws_subnet.public_b.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "app_a" { subnet_id = aws_subnet.app_a.id route_table_id = aws_route_table.app_a.id } resource "aws_route_table_association" "app_b" { subnet_id = aws_subnet.app_b.id route_table_id = aws_route_table.app_b.id } resource "aws_route_table_association" "db_a" { subnet_id = aws_subnet.db_a.id route_table_id = aws_route_table.db.id } resource "aws_route_table_association" "db_b" { subnet_id = aws_subnet.db_b.id route_table_id = aws_route_table.db.id } ############################ # 출력 ############################ output "vpc_id" { value = aws_vpc.main.id } EOF