EKS 가상 클러스터 프로비저닝 자동화 (IaC) 코드로 작성해줘 1 # pub2 , pri2 , nat 2 -> pub2, pri2, pridb2, nat2 mkdir -p 11 cd 11 # 1. 변수 선언 파일 (variables.tf) 생성 cat <<'EOF' > variables.tf variable "vpc_name" { description = "VPC 및 하위 리소스들의 이름 접두사" type = string } variable "vpc_cidr" { description = "VPC의 기본 CIDR 블록" type = string } EOF # 2. 변수 값 정의 파일 (terraform.tfvars) 생성 cat <<'EOF' > terraform.tfvars vpc_name = "terraform-101" vpc_cidr = "10.0.0.0/20" EOF # 3. 메인 인프라 구성 파일 (main.tf) 생성 cat <<'EOF' > main.tf terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } } provider "aws" { region = "ap-northeast-2" } resource "aws_vpc" "main" { cidr_block = var.vpc_cidr tags = { Name = var.vpc_name } } resource "aws_subnet" "pri1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.0.0/22" availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-private-1" } } resource "aws_subnet" "pri2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.4.0/22" availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-private-2" } } resource "aws_subnet" "pub1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.8.0/24" availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-public-1" } } resource "aws_subnet" "pub2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.9.0/24" availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-public-2" } } resource "aws_internet_gateway" "igw" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-igw" } } # default route resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } tags = { Name = "${var.vpc_name}-rt-public" } } resource "aws_route_table_association" "public_association_1" { subnet_id = aws_subnet.pub1.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "public_association_2" { subnet_id = aws_subnet.pub2.id route_table_id = aws_route_table.public.id } resource "aws_subnet" "pri-db1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.10.0/24" availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-pri-db1" } } resource "aws_subnet" "pri-db2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.11.0/24" availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-pri-db2" } } # nat resource "aws_eip" "nat_1" { domain = "vpc" lifecycle { create_before_destroy = true } tags = { Name = "${var.vpc_name}-eip-nat1" } } resource "aws_eip" "nat_2" { domain = "vpc" lifecycle { create_before_destroy = true } tags = { Name = "${var.vpc_name}-eip-nat2" } } resource "aws_nat_gateway" "nat_gateway_1" { allocation_id = aws_eip.nat_1.id subnet_id = aws_subnet.pub1.id tags = { Name = "${var.vpc_name}-nat-1" } } resource "aws_nat_gateway" "nat_gateway_2" { allocation_id = aws_eip.nat_2.id subnet_id = aws_subnet.pub2.id tags = { Name = "${var.vpc_name}-nat-2" } } # private route table add resource "aws_route_table" "public_private_1" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-1" } } resource "aws_route_table" "public_private_2" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-2" } } resource "aws_route_table_association" "public_association_private_1" { subnet_id = aws_subnet.pri1.id route_table_id = aws_route_table.public_private_1.id } resource "aws_route_table_association" "public_association_private_2" { subnet_id = aws_subnet.pri2.id route_table_id = aws_route_table.public_private_2.id } resource "aws_route" "private_nat_1" { route_table_id = aws_route_table.public_private_1.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_gateway_1.id } resource "aws_route" "private_nat_2" { route_table_id = aws_route_table.public_private_2.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_gateway_2.id } # pri-db1,2 private route table add resource "aws_route_table" "public_private_db1" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-db1" } } resource "aws_route_table" "public_private_db2" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-db2" } } resource "aws_route_table_association" "public_association_private_db1" { subnet_id = aws_subnet.pri-db1.id route_table_id = aws_route_table.public_private_db1.id } resource "aws_route_table_association" "public_association_private_db2" { subnet_id = aws_subnet.pri-db2.id route_table_id = aws_route_table.public_private_db2.id } EOF terraform init terraform plan terraform apply -auto-approve # 인프라 삭제 시 아래 명령어 사용 # terraform destroy -auto-approve terraform destroy -auto-approve ---------------- 2 # pub2 , pri2 , nat 2 -> pub2, pri2, pridb2, nat2 mkdir -p 11 cd 11 # 1. 변수 선언 파일 (variables.tf) 생성 cat <<'EOF' > variables.tf variable "vpc_name" { description = "VPC 및 하위 리소스들의 이름 접두사" type = string } variable "vpc_cidr" { description = "VPC의 기본 CIDR 블록" type = string } EOF # 2. 변수 값 정의 파일 (terraform.tfvars) 생성 cat <<'EOF' > terraform.tfvars vpc_name = "terraform-101" vpc_cidr = "10.0.0.0/20" EOF # 3. 메인 인프라 구성 파일 (main.tf) 생성 cat <<'EOF' > main.tf terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } } provider "aws" { region = "ap-northeast-2" } resource "aws_vpc" "main" { cidr_block = var.vpc_cidr tags = { Name = var.vpc_name } } resource "aws_subnet" "pri1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.0.0/22" availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-private-1" } } resource "aws_subnet" "pri2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.4.0/22" availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-private-2" } } resource "aws_subnet" "pub1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.8.0/24" availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-public-1" } } resource "aws_subnet" "pub2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.9.0/24" availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-public-2" } } resource "aws_internet_gateway" "igw" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-igw" } } # default route resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } tags = { Name = "${var.vpc_name}-rt-public" } } resource "aws_route_table_association" "public_association_1" { subnet_id = aws_subnet.pub1.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "public_association_2" { subnet_id = aws_subnet.pub2.id route_table_id = aws_route_table.public.id } resource "aws_subnet" "pri-db1" { vpc_id = aws_vpc.main.id cidr_block = "10.0.10.0/24" availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-pri-db1" } } resource "aws_subnet" "pri-db2" { vpc_id = aws_vpc.main.id cidr_block = "10.0.11.0/24" availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-pri-db2" } } # nat resource "aws_eip" "nat_1" { domain = "vpc" lifecycle { create_before_destroy = true } tags = { Name = "${var.vpc_name}-eip-nat1" } } resource "aws_eip" "nat_2" { domain = "vpc" lifecycle { create_before_destroy = true } tags = { Name = "${var.vpc_name}-eip-nat2" } } resource "aws_nat_gateway" "nat_gateway_1" { allocation_id = aws_eip.nat_1.id subnet_id = aws_subnet.pub1.id tags = { Name = "${var.vpc_name}-nat-1" } } resource "aws_nat_gateway" "nat_gateway_2" { allocation_id = aws_eip.nat_2.id subnet_id = aws_subnet.pub2.id tags = { Name = "${var.vpc_name}-nat-2" } } # private route table add resource "aws_route_table" "public_private_1" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-1" } } resource "aws_route_table" "public_private_2" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-2" } } resource "aws_route_table_association" "public_association_private_1" { subnet_id = aws_subnet.pri1.id route_table_id = aws_route_table.public_private_1.id } resource "aws_route_table_association" "public_association_private_2" { subnet_id = aws_subnet.pri2.id route_table_id = aws_route_table.public_private_2.id } resource "aws_route" "private_nat_1" { route_table_id = aws_route_table.public_private_1.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_gateway_1.id } resource "aws_route" "private_nat_2" { route_table_id = aws_route_table.public_private_2.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_gateway_2.id } # pri-db1,2 private route table add resource "aws_route_table" "public_private_db1" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-db1" } } resource "aws_route_table" "public_private_db2" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-db2" } } resource "aws_route_table_association" "public_association_private_db1" { subnet_id = aws_subnet.pri-db1.id route_table_id = aws_route_table.public_private_db1.id } resource "aws_route_table_association" "public_association_private_db2" { subnet_id = aws_subnet.pri-db2.id route_table_id = aws_route_table.public_private_db2.id } EOF vi terraform.tfvars vpc_name = "agame-dev" vpc_cidr = "10.0.0.0/20" 3 terraform init terraform plan terraform apply -auto-approve 4 # terraform destroy -auto-approve <2> 변수 처리 1 서브넷 변수로 변경 # pub2 , pri2 , nat 2 -> pub2, pri2, pridb2, nat2 cd mkdir -p 22 cd 22 # 1. 변수 선언 파일 (variables.tf) cat <<'EOF' > variables.tf variable "vpc_name" { description = "VPC 및 하위 리소스들의 이름 접두사" type = string } variable "vpc_cidr" { description = "VPC의 기본 CIDR 블록" type = string } EOF # 2. 변수 값 정의 파일 (terraform.tfvars) # 이 파일에서 vpc_cidr 값을 "172.16.0.0/16" 등으로 변경하면 하위 서브넷도 모두 자동으로 변경됩니다. cat <<'EOF' > terraform.tfvars vpc_name = "terraform-101" vpc_cidr = "10.0.0.0/20" EOF # 3. 메인 인프라 구성 파일 (main.tf) cat <<'EOF' > main.tf terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 5.0" } } } provider "aws" { region = "ap-northeast-2" } resource "aws_vpc" "main" { cidr_block = var.vpc_cidr tags = { Name = var.vpc_name } } # 기존 10.0.0.0/22 (vpc_cidr /20 기준 +2비트, 0번째 네트워크) resource "aws_subnet" "pri1" { vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.vpc_cidr, 2, 0) availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-private-1" } } # 기존 10.0.4.0/22 (vpc_cidr /20 기준 +2비트, 1번째 네트워크) resource "aws_subnet" "pri2" { vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.vpc_cidr, 2, 1) availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-private-2" } } # 기존 10.0.8.0/24 (vpc_cidr /20 기준 +4비트, 8번째 네트워크) resource "aws_subnet" "pub1" { vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.vpc_cidr, 4, 8) availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-public-1" } } # 기존 10.0.9.0/24 (vpc_cidr /20 기준 +4비트, 9번째 네트워크) resource "aws_subnet" "pub2" { vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.vpc_cidr, 4, 9) availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-public-2" } } # 기존 10.0.10.0/24 (vpc_cidr /20 기준 +4비트, 10번째 네트워크) resource "aws_subnet" "pri-db1" { vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.vpc_cidr, 4, 10) availability_zone = "ap-northeast-2a" tags = { Name = "${var.vpc_name}-subnet-pri-db1" } } # 기존 10.0.11.0/24 (vpc_cidr /20 기준 +4비트, 11번째 네트워크) resource "aws_subnet" "pri-db2" { vpc_id = aws_vpc.main.id cidr_block = cidrsubnet(var.vpc_cidr, 4, 11) availability_zone = "ap-northeast-2c" tags = { Name = "${var.vpc_name}-subnet-pri-db2" } } resource "aws_internet_gateway" "igw" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-igw" } } # default route resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.igw.id } tags = { Name = "${var.vpc_name}-rt-public" } } resource "aws_route_table_association" "public_association_1" { subnet_id = aws_subnet.pub1.id route_table_id = aws_route_table.public.id } resource "aws_route_table_association" "public_association_2" { subnet_id = aws_subnet.pub2.id route_table_id = aws_route_table.public.id } # nat resource "aws_eip" "nat_1" { domain = "vpc" lifecycle { create_before_destroy = true } tags = { Name = "${var.vpc_name}-eip-nat1" } } resource "aws_eip" "nat_2" { domain = "vpc" lifecycle { create_before_destroy = true } tags = { Name = "${var.vpc_name}-eip-nat2" } } resource "aws_nat_gateway" "nat_gateway_1" { allocation_id = aws_eip.nat_1.id subnet_id = aws_subnet.pub1.id tags = { Name = "${var.vpc_name}-nat-1" } } resource "aws_nat_gateway" "nat_gateway_2" { allocation_id = aws_eip.nat_2.id subnet_id = aws_subnet.pub2.id tags = { Name = "${var.vpc_name}-nat-2" } } # private route table add resource "aws_route_table" "public_private_1" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-1" } } resource "aws_route_table" "public_private_2" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-2" } } resource "aws_route_table_association" "public_association_private_1" { subnet_id = aws_subnet.pri1.id route_table_id = aws_route_table.public_private_1.id } resource "aws_route_table_association" "public_association_private_2" { subnet_id = aws_subnet.pri2.id route_table_id = aws_route_table.public_private_2.id } resource "aws_route" "private_nat_1" { route_table_id = aws_route_table.public_private_1.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_gateway_1.id } resource "aws_route" "private_nat_2" { route_table_id = aws_route_table.public_private_2.id destination_cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.nat_gateway_2.id } # pri-db1,2 private route table add resource "aws_route_table" "public_private_db1" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-db1" } } resource "aws_route_table" "public_private_db2" { vpc_id = aws_vpc.main.id tags = { Name = "${var.vpc_name}-rt-private-db2" } } resource "aws_route_table_association" "public_association_private_db1" { subnet_id = aws_subnet.pri-db1.id route_table_id = aws_route_table.public_private_db1.id } resource "aws_route_table_association" "public_association_private_db2" { subnet_id = aws_subnet.pri-db2.id route_table_id = aws_route_table.public_private_db2.id } EOF vi terraform.tfvars vpc_name = "agame-prd" vpc_cidr = "10.8.0.0/20" terraform init terraform plan terraform apply -auto-approve