Closed guswl0701 closed 3 months ago
추가하려는 기능에 대해 간결하게 설명해주세요
provider "aws" { region = "ap-northeast-2" # 한국 리전으로 설정합니다. }
resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" }
resource "aws_internet_gateway" "main" { vpc_id = aws_vpc.main.id }
resource "aws_route_table" "main" { vpc_id = aws_vpc.main.id
route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.main.id } }
resource "aws_subnet" "subnet_a" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = "ap-northeast-2a" }
resource "aws_subnet" "subnet_b" { vpc_id = aws_vpc.main.id cidr_block = "10.0.3.0/24" availability_zone = "ap-northeast-2c" }
resource "aws_route_table_association" "a" { subnet_id = aws_subnet.subnet_a.id route_table_id = aws_route_table.main.id }
resource "aws_route_table_association" "b" { subnet_id = aws_subnet.subnet_b.id route_table_id = aws_route_table.main.id }
resource "aws_security_group" "web_sg" { vpc_id = aws_vpc.main.id
ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }
ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }
egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }
resource "aws_s3_bucket" "static_files" { bucket = "unique-bucket-name-1234567" # 고유한 S3 버킷 이름으로 변경합니다. }
resource "aws_launch_template" "web_template" { name_prefix = "web-template-" image_id = "ami-0a10b2721688ce9d2" # 한국 리전의 최신 Amazon Linux 2 AMI ID로 변경합니다. instance_type = "c5.xlarge"
network_interfaces { security_groups = [aws_security_group.web_sg.id] subnet_id = aws_subnet.subnet_a.id }
user_data = base64encode(<<-EOF
sudo amazon-linux-extras install -y nginx1 sudo systemctl start nginx sudo systemctl enable nginx EOF
) }
resource "aws_autoscaling_group" "web_asg" { desired_capacity = 5 max_size = 10 min_size = 5 vpc_zone_identifier = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] launch_template { id = aws_launch_template.web_template.id version = "$Latest" }
tag { key = "Name" value = "web-server" propagate_at_launch = true } }
resource "aws_autoscaling_policy" "scale_up" { name = "scale-up" scaling_adjustment = 2 adjustment_type = "ChangeInCapacity" cooldown = 300 autoscaling_group_name = aws_autoscaling_group.web_asg.name }
resource "aws_autoscaling_policy" "scale_down" { name = "scale-down" scaling_adjustment = -2 adjustment_type = "ChangeInCapacity" cooldown = 300 autoscaling_group_name = aws_autoscaling_group.web_asg.name }
resource "aws_lb" "web_lb" { name = "web-lb" internal = false load_balancer_type = "application" security_groups = [aws_security_group.web_sg.id] subnets = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] }
resource "aws_lb_target_group" "web_tg" { name = "web-tg" port = 80 protocol = "HTTP" vpc_id = aws_vpc.main.id }
resource "aws_lb_listener" "web_listener" { load_balancer_arn = aws_lb.web_lb.arn port = "80" protocol = "HTTP"
default_action { type = "forward" target_group_arn = aws_lb_target_group.web_tg.arn } }
resource "aws_autoscaling_attachment" "asg_attachment" { autoscaling_group_name = aws_autoscaling_group.web_asg.id lb_target_group_arn = aws_lb_target_group.web_tg.arn }
resource "aws_dynamodb_table" "ticket_table" { name = "ticket-table" billing_mode = "PAY_PER_REQUEST" hash_key = "id" attribute { name = "id" type = "S" } }
resource "aws_db_subnet_group" "aurora_subnet_group" { name = "aurora-subnet-group" subnet_ids = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] }
resource "aws_rds_cluster" "aurora_cluster" { cluster_identifier = "aurora-cluster" engine = "aurora-mysql" master_username = "admin" # 사용자명 설정 master_password = "password" # 비밀번호 설정 skip_final_snapshot = true db_subnet_group_name = aws_db_subnet_group.aurora_subnet_group.name }
resource "aws_rds_cluster_instance" "aurora_instance" { identifier = "aurora-instance" cluster_identifier = aws_rds_cluster.aurora_cluster.id instance_class = "db.r5.large" engine = aws_rds_cluster.aurora_cluster.engine }
resource "aws_elasticache_subnet_group" "cache_subnet_group" { name = "cache-subnet-group" subnet_ids = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] }
resource "aws_elasticache_cluster" "cache" { cluster_id = "cache" engine = "redis" node_type = "cache.t3.micro" num_cache_nodes = 1 parameter_group_name = "default.redis7" subnet_group_name = aws_elasticache_subnet_group.cache_subnet_group.name }
resource "aws_sqs_queue" "ticket_queue" { name = "ticket-queue" }
resource "aws_iam_role" "ec2_role" { name = "ec2-role"
assume_role_policy = jsonencode({ Version = "2012-10-17", Statement = [ { Action = "sts:AssumeRole", Effect = "Allow", Principal = { Service = "ec2.amazonaws.com" } } ] }) }
resource "aws_iam_role_policy_attachment" "ec2_policy_attachment" { role = aws_iam_role.ec2_role.name policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" }
resource "aws_instance" "web_instance" { ami = "ami-0a10b2721688ce9d2" # 한국 리전의 최신 Amazon Linux 2 AMI ID로 변경합니다. instance_type = "c5.large" iam_instance_profile = aws_iam_instance_profile.web_instance_profile.name vpc_security_group_ids = [aws_security_group.web_sg.id] subnet_id = aws_subnet.subnet_a.id
tags = { Name = "web-server-instance" } }
resource "aws_iam_instance_profile" "web_instance_profile" { name = "web-instance-profile" role = aws_iam_role.ec2_role.name }
c5.large ver
guswl0701
commented
3 months ago guswl0701
commented
3 months ago
어떤 기능인가요?
작업 상세 내용
참고할만한 자료(선택)
provider "aws" { region = "ap-northeast-2" # 한국 리전으로 설정합니다. }
VPC
resource "aws_vpc" "main" { cidr_block = "10.0.0.0/16" }
Internet Gateway
resource "aws_internet_gateway" "main" { vpc_id = aws_vpc.main.id }
Route Table
resource "aws_route_table" "main" { vpc_id = aws_vpc.main.id
route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.main.id } }
Subnets
resource "aws_subnet" "subnet_a" { vpc_id = aws_vpc.main.id cidr_block = "10.0.1.0/24" availability_zone = "ap-northeast-2a" }
resource "aws_subnet" "subnet_b" { vpc_id = aws_vpc.main.id cidr_block = "10.0.3.0/24" availability_zone = "ap-northeast-2c" }
Route Table Associations
resource "aws_route_table_association" "a" { subnet_id = aws_subnet.subnet_a.id route_table_id = aws_route_table.main.id }
resource "aws_route_table_association" "b" { subnet_id = aws_subnet.subnet_b.id route_table_id = aws_route_table.main.id }
Security Group
resource "aws_security_group" "web_sg" { vpc_id = aws_vpc.main.id
ingress { from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }
ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] }
egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }
S3
resource "aws_s3_bucket" "static_files" { bucket = "unique-bucket-name-1234567" # 고유한 S3 버킷 이름으로 변경합니다. }
Launch Template
resource "aws_launch_template" "web_template" { name_prefix = "web-template-" image_id = "ami-0a10b2721688ce9d2" # 한국 리전의 최신 Amazon Linux 2 AMI ID로 변경합니다. instance_type = "c5.xlarge"
network_interfaces { security_groups = [aws_security_group.web_sg.id] subnet_id = aws_subnet.subnet_a.id }
user_data = base64encode(<<-EOF
!/bin/bash
) }
Auto Scaling Group
resource "aws_autoscaling_group" "web_asg" { desired_capacity = 5 max_size = 10 min_size = 5 vpc_zone_identifier = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] launch_template { id = aws_launch_template.web_template.id version = "$Latest" }
tag { key = "Name" value = "web-server" propagate_at_launch = true } }
resource "aws_autoscaling_policy" "scale_up" { name = "scale-up" scaling_adjustment = 2 adjustment_type = "ChangeInCapacity" cooldown = 300 autoscaling_group_name = aws_autoscaling_group.web_asg.name }
resource "aws_autoscaling_policy" "scale_down" { name = "scale-down" scaling_adjustment = -2 adjustment_type = "ChangeInCapacity" cooldown = 300 autoscaling_group_name = aws_autoscaling_group.web_asg.name }
Load Balancer
resource "aws_lb" "web_lb" { name = "web-lb" internal = false load_balancer_type = "application" security_groups = [aws_security_group.web_sg.id] subnets = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] }
resource "aws_lb_target_group" "web_tg" { name = "web-tg" port = 80 protocol = "HTTP" vpc_id = aws_vpc.main.id }
resource "aws_lb_listener" "web_listener" { load_balancer_arn = aws_lb.web_lb.arn port = "80" protocol = "HTTP"
default_action { type = "forward" target_group_arn = aws_lb_target_group.web_tg.arn } }
resource "aws_autoscaling_attachment" "asg_attachment" { autoscaling_group_name = aws_autoscaling_group.web_asg.id lb_target_group_arn = aws_lb_target_group.web_tg.arn }
DynamoDB
resource "aws_dynamodb_table" "ticket_table" { name = "ticket-table" billing_mode = "PAY_PER_REQUEST" hash_key = "id" attribute { name = "id" type = "S" } }
RDS (Aurora)
resource "aws_db_subnet_group" "aurora_subnet_group" { name = "aurora-subnet-group" subnet_ids = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] }
resource "aws_rds_cluster" "aurora_cluster" { cluster_identifier = "aurora-cluster" engine = "aurora-mysql" master_username = "admin" # 사용자명 설정 master_password = "password" # 비밀번호 설정 skip_final_snapshot = true db_subnet_group_name = aws_db_subnet_group.aurora_subnet_group.name }
resource "aws_rds_cluster_instance" "aurora_instance" { identifier = "aurora-instance" cluster_identifier = aws_rds_cluster.aurora_cluster.id instance_class = "db.r5.large" engine = aws_rds_cluster.aurora_cluster.engine }
ElastiCache
resource "aws_elasticache_subnet_group" "cache_subnet_group" { name = "cache-subnet-group" subnet_ids = [aws_subnet.subnet_a.id, aws_subnet.subnet_b.id] }
resource "aws_elasticache_cluster" "cache" { cluster_id = "cache" engine = "redis" node_type = "cache.t3.micro" num_cache_nodes = 1 parameter_group_name = "default.redis7" subnet_group_name = aws_elasticache_subnet_group.cache_subnet_group.name }
SQS
resource "aws_sqs_queue" "ticket_queue" { name = "ticket-queue" }
IAM Role (Example for EC2)
resource "aws_iam_role" "ec2_role" { name = "ec2-role"
assume_role_policy = jsonencode({ Version = "2012-10-17", Statement = [ { Action = "sts:AssumeRole", Effect = "Allow", Principal = { Service = "ec2.amazonaws.com" } } ] }) }
resource "aws_iam_role_policy_attachment" "ec2_policy_attachment" { role = aws_iam_role.ec2_role.name policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" }
resource "aws_instance" "web_instance" { ami = "ami-0a10b2721688ce9d2" # 한국 리전의 최신 Amazon Linux 2 AMI ID로 변경합니다. instance_type = "c5.large" iam_instance_profile = aws_iam_instance_profile.web_instance_profile.name vpc_security_group_ids = [aws_security_group.web_sg.id] subnet_id = aws_subnet.subnet_a.id
tags = { Name = "web-server-instance" } }
resource "aws_iam_instance_profile" "web_instance_profile" { name = "web-instance-profile" role = aws_iam_role.ec2_role.name }