-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from sts2885/step_1_make_vpc
Step 1 make vpc -> project1_dev로 merge를 승인합니다.
- Loading branch information
Showing
11 changed files
with
486 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| .terraform | ||
| *.tfstate | ||
| *.tfstate.backup | ||
| .terraform.lock.hcl | ||
| provider.tf | ||
| key_file.tf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,98 @@ | ||
|
|
||
| resource "aws_subnet" "private_subnet_app_a" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
| cidr_block = "10.1.0.128/27" | ||
|
|
||
| availability_zone = "us-east-1a" | ||
|
|
||
| tags = { | ||
| Name = "private_subnet_app_a" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_subnet" "private_subnet_app_c" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
| cidr_block = "10.1.0.160/27" | ||
|
|
||
| tags = { | ||
| Name = "private_subnet_app_c" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_subnet" "private_subnet_db_a" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
| cidr_block = "10.1.0.192/27" | ||
|
|
||
| tags = { | ||
| Name = "private_subnet_db_a" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_subnet" "private_subnet_db_c" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
| cidr_block = "10.1.0.224/27" | ||
|
|
||
| tags = { | ||
| Name = "private_subnet_db_c" | ||
| } | ||
| } | ||
|
|
||
| #eip 달고 natgateway 설정 | ||
| resource "aws_eip" "nat_ip" { | ||
| vpc = true | ||
|
|
||
| #lifecycle여기도 나오네 | ||
| #책을 읽고 하길 잘함. | ||
| #이거 apply로 변경되면 | ||
| #변경이 아니라 삭제 -> 재생성이라서 | ||
| #재생성되는 도중 서비스 멈추면 안되니까 | ||
| #생성을 먼저 하고 삭제하라는 명령어임. | ||
| lifecycle { | ||
| create_before_destroy = true | ||
| } | ||
| } | ||
|
|
||
| resource "aws_nat_gateway" "nat_gateway" { | ||
| allocation_id = aws_eip.nat_ip.id | ||
|
|
||
| subnet_id = aws_subnet.public_subnet_a.id | ||
|
|
||
| tags = { | ||
| Name = "NAT_gateway" | ||
| } | ||
| } | ||
|
|
||
| #private route table 생성 | ||
| resource "aws_route_table" "private_rt" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
|
|
||
| tags = { | ||
| Name = "private_rt" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_route_table_association" "private_rt_association_app_a" { | ||
| subnet_id = aws_subnet.private_subnet_app_a.id | ||
| route_table_id = aws_route_table.private_rt.id | ||
| } | ||
|
|
||
| resource "aws_route_table_association" "private_rt_association_app_c" { | ||
| subnet_id = aws_subnet.private_subnet_app_c.id | ||
| route_table_id = aws_route_table.private_rt.id | ||
| } | ||
|
|
||
| resource "aws_route_table_association" "private_rt_association_db_a" { | ||
| subnet_id = aws_subnet.private_subnet_db_a.id | ||
| route_table_id = aws_route_table.private_rt.id | ||
| } | ||
|
|
||
| resource "aws_route_table_association" "private_rt_association_db_c" { | ||
| subnet_id = aws_subnet.private_subnet_db_c.id | ||
| route_table_id = aws_route_table.private_rt.id | ||
| } | ||
|
|
||
| resource "aws_route" "private_rt_nat" { | ||
| route_table_id = aws_route_table.private_rt.id | ||
| destination_cidr_block = "0.0.0.0/0" | ||
| nat_gateway_id = aws_nat_gateway.nat_gateway.id | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,65 @@ | ||
|
|
||
| #subnet 생성 | ||
| resource "aws_subnet" "public_subnet_a" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
| cidr_block = "10.1.0.0/26" | ||
|
|
||
| availability_zone = "us-east-1a" | ||
|
|
||
| tags = { | ||
| Name = "public_subnet_a" | ||
| } | ||
| } | ||
|
|
||
| resource "aws_subnet" "public_subnet_c" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
| cidr_block = "10.1.0.64/26" | ||
|
|
||
| availability_zone = "us-east-1c" | ||
|
|
||
| tags = { | ||
| Name = "public_subnet_c" | ||
| } | ||
| } | ||
|
|
||
| #igw 생성 | ||
| resource "aws_internet_gateway" "project1_igw" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
|
|
||
| tags = { | ||
| Name = "project1_igw" | ||
| } | ||
| } | ||
|
|
||
| #route table 생성 | ||
| resource "aws_route_table" "public_rt" { | ||
| vpc_id = aws_vpc.project1_vpc.id | ||
|
|
||
| tags = { | ||
| Name = "public_rt" | ||
| } | ||
| } | ||
|
|
||
| #서브넷을 route table에 연결 | ||
| resource "aws_route_table_association" "public_rt_association_a" { | ||
| subnet_id = aws_subnet.public_subnet_a.id | ||
| route_table_id = aws_route_table.public_rt.id | ||
| } | ||
|
|
||
| resource "aws_route_table_association" "public_rt_associatiion_c" { | ||
| subnet_id = aws_subnet.public_subnet_c.id | ||
| route_table_id = aws_route_table.public_rt.id | ||
| } | ||
|
|
||
| #따라치면서 느낀거지만, 아무리 봐도 igw를 route rule에 포함시키는 코드가 없음 | ||
|
|
||
| #다른 블로그를 보면 분명히 있는데, 일단 이대로 실행시켜보고 | ||
| #인스턴스 하나 켜서 인터넷 안되는거 확인 한 다음에 적용시켜보자 | ||
|
|
||
| #인스턴스 켜서 안되는거 확인함. 손으로 연결하면 바로 되는데 일단 테라폼 코드를 짜보자 | ||
|
|
||
| resource "aws_route" "public_rt_igw" { | ||
| route_table_id = aws_route_table.public_rt.id | ||
| destination_cidr_block = "0.0.0.0/0" | ||
| gateway_id = aws_internet_gateway.project1_igw.id | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
|
|
||
| #vpc 생성 | ||
| resource "aws_vpc" "project1_vpc" { | ||
| cidr_block = "10.1.0.0/16" | ||
|
|
||
| tags = { | ||
| Name = "project1_vpc" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,30 @@ | ||
| #키를 이렇게 코드에 추가하기 싫으면 | ||
| #리눅스 기반 시스템에서는 | ||
| #export AWS_ACCESS_KEY_ID="keykeykey" | ||
| #export AWS_SECRET_ACCESS_KEY="KEYKEYKEY" | ||
| #터미널에서 입력해 두면 된다. | ||
| #나는 윈도우라 provider.tf에 넣고, 해당파일은 | ||
| # .gitignore에 넣었다. | ||
|
|
||
| /* | ||
| provider "aws" { | ||
| region = "us-east-1" | ||
| profile = "iam_user_name" | ||
| access_key = "your_access_key" | ||
| secret_key = "your_secret_key" | ||
| default_tags{ | ||
| tags = local.common_tags | ||
| } | ||
| } | ||
| terraform { | ||
| required_providers { | ||
| aws = { | ||
| source = "hashicorp/aws" | ||
| version = "~> 4.0" | ||
| } | ||
| } | ||
| } | ||
| */ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| 현황 : | ||
| 1. 테라폼 책보고 따라 만들어서 ALB에 ASG도 있지만, default vpc에서 만들었으며, 1티어다. | ||
|
|
||
| 2. 블로그 하나를 보니까 vpc를 나눴지만 2티어며 ALB와 ASG가 없다. | ||
|
|
||
| 3. AWS 강의 들은 곳에서는 3tier로 서비스를 만들었는데 테라폼으로는 아직이다. | ||
|
|
||
| 그래서 이거 3개를 다 합쳐볼 생각이다. | ||
|
|
||
|
|
||
| # step 1 blog 따라 만들기 | ||
|
|
||
| 참고 블로그 | ||
| https://bosungtea9416.tistory.com/11 | ||
|
|
||
|
|
||
| ## provider.tf는 계정정보를 담고 있기에 push 하지 않음 | ||
|
|
||
|
|
||
| #따라치다가 느낀거지만, 아무리 봐도 igw를 route rule에 포함시키는 코드가 없음 | ||
|
|
||
| #다른 블로그를 보면 분명히 있는데, 일단 이대로 실행시켜보고 | ||
|
|
||
| #인스턴스 하나 켜서 인터넷 안되는거 확인 한 다음에 적용시켜보자 | ||
|
|
||
|
|
||
| terraform 공식 document에 설명이 되어 잇음 | ||
|
|
||
| https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route.html | ||
|
|
||
| aws_route 리소스에 gateway_id에 igw의 id를 넣으면 됨 | ||
|
|
||
|
|
||
| 다 실행해서 정상작동 확인하고 destroy했는데 vpc만 안없어짐. 4분 넘게 | ||
| 기다려도 안되고 에러 뜸 | ||
| => 손으로 지우면 지워질 거 같은데? | ||
|
|
||
| 손으로 지워지니 지워짐 | ||
|
|
||
| https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/373 | ||
|
|
||
| unable to destroy vpc | ||
|
|
||
| 다른사람들도 비슷한듯 | ||
|
|
||
| 근데 뭐 이것뿐이면 굳이 안지워 져도 상관없긴 함 |
Oops, something went wrong.