Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
Tags
- reversing.kr
- IAM Federation
- terraform
- operating system
- 침입 차단 시스템(IPS)
- programmers
- TryHackMe
- 프로그래머스
- 운영체제
- AWS 보안 사고 사례 모음
- 드림핵
- 네트워크
- dreamhack
- C
- AWS 사고 사례 분석
- AWS 인프라 아키텍처
- AWS
- network
- AWS 침해사고 사례 분석
- AWS IAM Role
- AWS 3 Tier Architecture
- python
- AWS 인프라 분석
- AWS 아키텍처 분석
- AWS 보안 아키텍처 분석
- AWS Active Directory
- Amazon S3
- 리버싱
- reversing
- AWS 침해 사고 사례 분석
Archives
- Today
- Total
lhywk 님의 블로그
AWS 3-Tier 및 Data Pipeline 구축 With Terraform (6) 본문
Terraform 기본구성
Terraform은 파일의 구분이 따로 있지 않지만 다음과 같은 기본 구성을 가지고 있습니다.
1. main.tf
모듈의 주요 리소스와 구성을 정의하는 파일
2. variable.tf
모듈이 사용하는 변수를 정의하는 파일
3. terraform.tfvars
정의한 변수에 값을 주입하기 위한 파일
4. outputs.tf
모듈에서 생성된 리소스의 출력 값을 정의하는 파일
지금까지 모든 Terraform 코드는 main.tf에 넣었고 변수 선언과 값도 직접 넣었습니다.
가독성과 유지보수성 향상을 위해 기능 별로 전부 나눠 보겠습니다.
해당 소스 코드들은 전부 github에 올라와 있습니다.
https://github.com/lhywk/AWS_3Tier_Infra_Data_Pipeline
main.tf
/*
main.tf has been split into multiple focused files:
- providers.tf
- vpc.tf
- security_groups.tf
- iam.tf
- alb.tf
- ec2.tf
- rds.tf
- outputs.tf
- variables.tf
- terraform.tfvars
- .gitignore
- scripts/web_userdata.sh
- scripts/user_data.sh
These files contain the same resources previously defined here. Keep this file as a pointer only.
*/
// See the created files in the repository root and the scripts/ directory.
vpc.tf
resource "aws_vpc" "vpc" {
cidr_block = var.vpc-cidr
enable_dns_support = true
# Amazon의 DNS 서버가 VPC 내부에서 DNS 쿼리를 해석할 수 있도록 함
enable_dns_hostnames = true
# VPC에서 인스턴스에 대해 DNS 호스트 이름을 할당할 수 있는지 여부를 결정
tags = {
Name = var.vpc-name
}
}
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.vpc.id # igw를 해당 vpc에 attach
tags = {
Name = var.igw-name
}
}
resource "aws_eip" "eip1" {
domain = "vpc" # 해당 EIP가 VPC 내에서만 사용 가능하도록 설정
}
resource "aws_eip" "eip2" {
domain = "vpc"
}
resource "aws_nat_gateway" "nat-gw1" {
allocation_id = aws_eip.eip1.id # EIP 할당
connectivity_type = "public"
subnet_id = aws_subnet.pub-sub1.id # NATGW를 생성할 서브넷
tags = {
Name = var.nat-gw1-name
}
depends_on = [aws_internet_gateway.igw]
# 리소스 간 생성 순서 보장(IGW 생성 후 NATGW 생성)
}
resource "aws_nat_gateway" "nat-gw2" {
allocation_id = aws_eip.eip2.id # EIP 할당
connectivity_type = "public"
subnet_id = aws_subnet.pub-sub2.id # NATGW를 생성할 서브넷
tags = {
Name = var.nat-gw2-name
}
depends_on = [aws_internet_gateway.igw]
# 리소스 간 생성 순서 보장(IGW 생성 후 NATGW 생성)
}
# Public Subnet, Pbulic Rounting Table
resource "aws_subnet" "pub-sub1" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.pub-sub1-cidr
availability_zone = var.az-a
map_public_ip_on_launch = true # 퍼블릭 IP 주소 자동 할당
tags = {
Name = var.pub-sub1-name
}
}
resource "aws_subnet" "pub-sub2" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.pub-sub2-cidr
availability_zone = var.az-c
map_public_ip_on_launch = true
tags = {
Name = var.pub-sub2-name
}
}
resource "aws_route_table" "pub-rt" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id # 모든 트래픽은 IGW로
}
tags = {
Name = var.pub-rt-name
}
}
resource "aws_route_table_association" "pub-rt-asso1" {
# public subnet들을 public rt에 연결
subnet_id = aws_subnet.pub-sub1.id
route_table_id = aws_route_table.pub-rt.id
}
resource "aws_route_table_association" "pub-rt-asso2" {
subnet_id = aws_subnet.pub-sub2.id
route_table_id = aws_route_table.pub-rt.id
}
# Private Subnet, Private Routing Table
resource "aws_subnet" "web-sub1" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.web-sub1-cidr
availability_zone = var.az-a
map_public_ip_on_launch = false
tags = {
Name = var.web-sub1-name
}
}
resource "aws_subnet" "web-sub2" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.web-sub2-cidr
availability_zone = var.az-c
map_public_ip_on_launch = false
tags = {
Name = var.web-sub2-name
}
}
resource "aws_subnet" "was-sub1" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.was-sub1-cidr
availability_zone = var.az-a
map_public_ip_on_launch = false
tags = {
Name = var.was-sub1-name
}
}
resource "aws_subnet" "was-sub2" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.was-sub2-cidr
availability_zone = var.az-c
map_public_ip_on_launch = false
tags = {
Name = var.was-sub2-name
}
}
resource "aws_subnet" "db-sub1" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.db-sub1-cidr
availability_zone = var.az-a
map_public_ip_on_launch = false
tags = {
Name = var.db-sub1-name
}
}
resource "aws_subnet" "db-sub2" {
vpc_id = aws_vpc.vpc.id
cidr_block = var.db-sub2-cidr
availability_zone = var.az-c
map_public_ip_on_launch = false
tags = {
Name = var.db-sub2-name
}
}
resource "aws_route_table" "pri-rt1" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.nat-gw1.id
}
tags = {
Name = var.pri-rt1-name
}
}
resource "aws_route_table" "pri-rt2" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.nat-gw2.id
}
tags = {
Name = var.pri-rt2-name
}
}
# WEB
resource "aws_route_table_association" "pri-rt-asso1" {
subnet_id = aws_subnet.web-sub1.id
route_table_id = aws_route_table.pri-rt1.id
}
resource "aws_route_table_association" "pri-rt-asso2" {
subnet_id = aws_subnet.web-sub2.id
route_table_id = aws_route_table.pri-rt2.id
}
# WAS
resource "aws_route_table_association" "pri-rt-asso3" {
subnet_id = aws_subnet.was-sub1.id
route_table_id = aws_route_table.pri-rt1.id
}
resource "aws_route_table_association" "pri-rt-asso4" {
subnet_id = aws_subnet.was-sub2.id
route_table_id = aws_route_table.pri-rt2.id
}
# DB
resource "aws_route_table_association" "pri-rt-asso5" {
subnet_id = aws_subnet.db-sub1.id
route_table_id = aws_route_table.pri-rt1.id
}
resource "aws_route_table_association" "pri-rt-asso6" {
subnet_id = aws_subnet.db-sub2.id
route_table_id = aws_route_table.pri-rt2.id
}
alb.tf
# ALB
resource "aws_lb" "alb-web" {
name = var.alb-web-name
internal = false
load_balancer_type = "application" # Application Load Balancer
security_groups = [aws_security_group.alb-sg-web.id]
subnets = [aws_subnet.pub-sub1.id, aws_subnet.pub-sub2.id]
}
resource "aws_lb" "alb-was" {
name = var.alb-was-name
internal = true
load_balancer_type = "application"
security_groups = [aws_security_group.alb-sg-was.id]
subnets = [aws_subnet.was-sub1.id, aws_subnet.was-sub2.id]
}
# TG-Web
resource "aws_lb_target_group" "tg-web" {
name = var.tg-web-name
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.vpc.id
health_check {
path = "/"
matcher = "200-299"
# health check 위해 기대되는 http 응답 코드 범위(200~299: 성공 응답)
interval = 5 # 5초마다 health check 수행
timeout = 3 # 3초 내에 반환하지 않으면 실패로 간주
healthy_threshold = 3
# 성공적인 health check 횟수(연속적으로 건강한 것으로 간주되기 위함)
unhealthy_threshold = 5
# 실패한 health check 횟수(연속적으로 비건강한 것으로 간주되기 위함)
}
}
resource "aws_lb_listener" "myhttp" {
load_balancer_arn = aws_lb.alb-web.arn
port = 80
protocol = "HTTP"
default_action {
# 'redirect'를 'forward'로 바꿔서 바로 Web 서버로 보냄.
type = "forward"
target_group_arn = aws_lb_target_group.tg-web.arn
}
}
# TG-WAS
resource "aws_lb_target_group" "tg-was" {
name = var.tg-was-name
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.vpc.id
health_check {
path = "/"
matcher = "200-299"
interval = 5
timeout = 3
healthy_threshold = 3
unhealthy_threshold = 5
}
}
resource "aws_lb_listener" "alb_listener-was" {
load_balancer_arn = aws_lb.alb-was.arn
port = 80
protocol = "HTTP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.tg-was.arn
}
}
security_groups.tf
# ALB SG
resource "aws_security_group" "alb-sg-web" { # Web ALB SG
name = var.alb-sg-web-name
description = "ALB Security Group"
vpc_id = aws_vpc.vpc.id
ingress {
description = "HTTP from Web Tier"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTPS from web Tier"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = var.alb-sg-web-name
}
}
resource "aws_security_group" "alb-sg-was" { # Was ALB SG
name = var.alb-sg-was-name
description = "ALB Security Group"
vpc_id = aws_vpc.vpc.id
ingress {
description = "HTTP from Internet"
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.asg-sg-web.id]
# asg-security-group-web이라는 SG에 속한 인스턴스만이 이 포트를 통해 ALB에 접근할수 있도록 제한
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = var.alb-sg-was-name
}
}
# ASG-Web-SG
resource "aws_security_group" "asg-sg-web" {
name = var.asg-sg-web-name
description = "ASG Security Group"
vpc_id = aws_vpc.vpc.id
ingress {
description = "HTTP from ALB"
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.alb-sg-web.id]
}
ingress {
description = "SSH From Anywhere or Your-IP"
# 원격으로 서버 접속해 SW 업데이트, 구성 변경 등
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = var.asg-sg-web-name
}
}
# ASG-WAS-SG
resource "aws_security_group" "asg-sg-was" {
name = "ho-asg-sg-was"
description = "ASG Security Group"
vpc_id = aws_vpc.vpc.id
ingress {
description = "HTTP from ALB"
from_port = 80
to_port = 80
protocol = "tcp"
security_groups = [aws_security_group.alb-sg-was.id]
}
ingress {
description = "SSH from Web Tier"
from_port = 22
to_port = 22
protocol = "tcp"
# Web 서버 보안 그룹을 가진 인스턴스만 WAS로 SSH 접속 가능하도록 제한
security_groups = [aws_security_group.asg-sg-web.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = var.asg-sg-was-name
}
}
# DB-SG
resource "aws_security_group" "db-sg" {
name = var.db-sg-name
description = "DB Security Group"
vpc_id = aws_vpc.vpc.id
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [aws_security_group.asg-sg-was.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "ho-db-sg"
}
}
ec2.tf
resource "aws_launch_template" "template-web" {
name = var.launch-template-web-name
image_id = var.image-id # Amazon Linux 2023 등 최신 AMI 확인 필요
instance_type = var.instance-type
# IMDSv2 설정: 인스턴스 메타데이터 탈취 공격 방어
metadata_options {
http_endpoint = "enabled"
http_tokens = "required" # 토큰 없는 요청 거부 (보안 강화)
http_put_response_hop_limit = 1 # 외부에서의 비정상 접근 방지
instance_metadata_tags = "enabled"
}
# 네트워크 및 보안 그룹 설정
network_interfaces {
device_index = 0
security_groups = [aws_security_group.asg-sg-web.id]
}
# 이전 단계에서 만든 '신분증 케이스' 전달
iam_instance_profile {
name = aws_iam_instance_profile.ec2_ssm_instance_profile.name
}
# 실행 시 WAS ALB의 주소를 주입 (Web -> WAS 통신용)
user_data = base64encode(templatefile("scripts/web-user-data.sh", {
alb_dns = "${aws_lb.alb-was.dns_name}"
}))
depends_on = [aws_lb.alb-web]
tag_specifications {
resource_type = "instance"
tags = { Name = var.web-instance-name }
}
}
# 2. WAS 시작 템플릿 선언문
resource "aws_launch_template" "template-was" {
name = var.launch-template-was-name
image_id = var.image-id
instance_type = var.instance-type
network_interfaces {
device_index = 0
security_groups = [aws_security_group.asg-sg-was.id]
}
iam_instance_profile {
name = aws_iam_instance_profile.ec2_ssm_instance_profile.name
}
metadata_options {
http_endpoint = "enabled"
http_tokens = "required"
http_put_response_hop_limit = 1
instance_metadata_tags = "enabled"
}
# DB 접속 정보를 스크립트에 주입
user_data = base64encode(templatefile("scripts/app-user-data.sh", {
host = "${local.host}"
rds_endpoint = "${aws_db_instance.rds-db.endpoint}" # data 소스 대신 직접 참조 권장
username = "ho_admin"
password = "ho_password123!" # 실제 운영시에는 Secret Manager 사용 권장
db = "hodb"
}))
depends_on = [aws_db_instance.rds-db]
tag_specifications {
resource_type = "instance"
tags = { Name = var.was-instance-name }
}
}
# ASG-Web
resource "aws_autoscaling_group" "asg-web" {
name = var.asg-sg-web-name
desired_capacity = 2 # 항상 유지하고 싶은 목표 서버 대수
max_size = 4 # 트래픽이 폭주할 때 늘어날 수 있는 최대치
min_size = 2 # 아무리 트래픽이 없어도 유지할 최소치
target_group_arns = [aws_lb_target_group.tg-web.arn]
health_check_type = "EC2"
vpc_zone_identifier = [aws_subnet.web-sub1.id, aws_subnet.web-sub2.id]
tag {
key = "asg-web-key"
value = "asg-web-value"
propagate_at_launch = true
# ASG에서 생성된 EC2 인스턴스에 태그를 자동으로 적용할지에 대한 여부 지정
}
launch_template {
id = aws_launch_template.template-web.id
version = aws_launch_template.template-web.latest_version
}
instance_refresh {
strategy = "Rolling"
preferences {
min_healthy_percentage = 50
}
triggers = ["tag"]
# Terraform은 기본적으로 리소스의 설정이 바뀔 때만 변경 작업을 함.
# 그런데 외부 환경이나 코드 외의 조건에 따라 강제로 실행하고 싶을때가 있음.
# 이때 triggers를 써서 "이 값이 바뀌면 무조건 다시 실행하라"고 알려줌
}
}
# ASG-WAS
resource "aws_autoscaling_group" "asg-was" {
name = var.asg-was-name
desired_capacity = 2
max_size = 4
min_size = 2
target_group_arns = [aws_lb_target_group.tg-was.arn]
health_check_type = "EC2"
vpc_zone_identifier = [aws_subnet.was-sub1.id, aws_subnet.was-sub2.id]
tag {
key = "asg-app-key"
value = "asg-app-value"
propagate_at_launch = true
# ASG에서 생성된 EC2 인스턴스에 태그를 자동으로 적용할지에 대한 여부 지정
}
launch_template {
id = aws_launch_template.template-was.id
version = aws_launch_template.template-was.latest_version
}
instance_refresh {
strategy = "Rolling"
preferences {
min_healthy_percentage = 50
}
triggers = ["tag"]
}
}
rds.tf
# DB-Subnet-Group
resource "aws_db_subnet_group" "db-sub-grp" {
name = var.db-sub-grp-name
subnet_ids = [aws_subnet.db-sub1.id, aws_subnet.db-sub2.id]
tags = {
Name = var.db-sub-grp-name
}
}
# RDS 파라미터 그룹
resource "aws_db_parameter_group" "mk-par-grp" {
name = "ho-par-grp"
family = "mysql8.0"
description = "Example parameter group for mysql8.0"
parameter {
name = "character_set_server"
value = "utf8mb4"
}
# MySQL 서버의 기본 문자셋을 utf8mb4로 설정
# (4바이트 UTF-8: 이모지 등도 저장 가능)
parameter {
name = "collation_server"
value = "utf8mb4_unicode_ci"
# 기본 collation (문자 정렬 방식)을 utf8mb4_unicode_ci로 설정
# (문자 비교시 대소문자 구분 없이 유니코드 기준으로 정렬)
}
}
# RDS
data "aws_db_instance" "my_rds" {
db_instance_identifier = aws_db_instance.rds-db.identifier
}
resource "aws_db_instance" "rds-db" {
allocated_storage = 20
db_name = var.db-name
engine = "mysql"
engine_version = "8.0"
storage_type = "gp3" // General Purpose SSD (gp3)
instance_class = var.alb-sg-web-name
username = var.db-username
password = var.db-password
parameter_group_name = aws_db_parameter_group.mk-par-grp.name
multi_az = false
db_subnet_group_name = aws_db_subnet_group.db-sub-grp.name
vpc_security_group_ids = [aws_security_group.db-sg.id]
skip_final_snapshot = true
identifier = "ho-rds-instance" // RDS 인스턴스의 이름 지정
}
locals {
host = replace(aws_db_instance.rds-db.endpoint, ":3306", "")
}
iam.tf
resource "aws_iam_role" "ec2_ssm_role" {
name = "ho-EC2SSM"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
}]
})
}
# IAM 역할 정책 연결
resource "aws_iam_role_policy_attachment" "ec2_ssm_policy_attachment" {
for_each = toset([
"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess",
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
])
role = aws_iam_role.ec2_ssm_role.name
policy_arn = each.key
}
# EC2 인스턴스 프로파일 생성
# EC2 인스턴스를 구분하고 그 인스턴스에 권한을 주기 위한 개념
# 인스턴스 프로파일이 지정된 EC2는 시작 시 역할 정보를 받아오고 해당 역할로 필요한 권한들을 얻게 됨
resource "aws_iam_instance_profile" "ec2_ssm_instance_profile" {
name = "ho-EC2SSM-Instance-Profile"
role = aws_iam_role.ec2_ssm_role.name
}
providers.tf
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "6.35.1"
}
}
}
provider "aws" {
region = "ap-northeast-2"
}
outputs.tf
output "web-alb-dns" {
value = aws_lb.alb-web.dns_name
}
output "rds-endpoint" {
value = data.aws_db_instance.my_rds.endpoint
}
variables.tf
variable "vpc-cidr" {
description = "CIDR Block for VPC"
}
variable "vpc-name" {
description = "Name for Virtual Private Cloud"
}
variable "az-a" {
description = "Availabity Zone a"
}
variable "az-c" {
description = "Availabity Zone c"
}
# Public Subnet
variable "pub-sub1-cidr" {
description = "CIDR Block for Public Subnet 1"
}
variable "pub-sub1-name" {
description = "Name for Public Subnet 1"
}
variable "pub-sub2-cidr" {
description = "CIDR Block for Public Subnet 2"
}
variable "pub-sub2-name" {
description = "Name for Public Subnet 2"
}
# IGW
variable "igw-name" {
description = "Name for Internet Gateway"
}
# NAT GW
variable "nat-gw1-name" {
description = "Name for NAT Gateway 1"
}
variable "nat-gw2-name" {
description = "Name for NAT Gateway 2"
}
# Web
variable "web-sub1-cidr" {
description = "CIDR Block for Web Subnet 1"
}
variable "web-sub1-name" {
description = "Name for Web Subnet 1"
}
variable "web-sub2-cidr" {
description = "CIDR Block for Web Subnet 2"
}
variable "web-sub2-name" {
description = "Name for Web Subnet 2"
}
variable "web-instance-name" {
description = "Value for Web Instances"
}
# WAS
variable "was-sub1-cidr" {
description = "CIDR Block for WAS Subnet 1"
}
variable "was-sub1-name" {
description = "Name for WAS Subnet 1"
}
variable "was-sub2-cidr" {
description = "CIDR Block for WAS Subnet 2"
}
variable "was-sub2-name" {
description = "Name for WAS Subnet 2"
}
variable "was-instance-name" {
description = "Value for App Instances"
}
# DB
variable "db-sub1-cidr" {
description = "CIDR Block for DB Subnet 1"
}
variable "db-sub1-name" {
description = "Name for DB Subnet 1"
}
variable "db-sub2-cidr" {
description = "CIDR Block for DB Subnet 2"
}
variable "db-sub2-name" {
description = "Name for DB Subnet 2"
}
variable "db-username" {
description = "Username for db instance"
}
variable "db-password" {
description = "Password for db instance"
}
variable "db-name" {
description = "Name for Database"
}
variable "db-sub-grp-name" {
description = "Name for DB Subnet Group"
}
variable "db-sg-name" {
description = "Name for DB Security group"
}
variable "instance-class" {
description = "Value for DB instance class"
}
# RT
variable "pub-rt-name" {
description = "Name for Public Route table"
}
variable "pri-rt1-name" {
description = "Name for Private Route table 1"
}
variable "pri-rt2-name" {
description = "Name for Private Route table 2"
}
# ALB
variable "alb-web-name" {
description = "Application Load Balancer's name for the Web instance"
}
variable "alb-sg-web-name" {
description = "Name for alb security group 1"
}
variable "alb-was-name" {
description = "Application Load Balancer's name for the WAS instance"
}
variable "alb-sg-was-name" {
description = "Name for alb security group 1"
}
# ASG
variable "asg-web-name" {
description = "Name the Auto Scaling group in Web Tier"
}
variable "asg-sg-web-name" {
description = "Name for asg security group 1"
}
variable "asg-was-name" {
description = "Name the Auto Scaling group in was Tier"
}
variable "asg-sg-was-name" {
description = "Name for asg security group 1"
}
# tg
variable "tg-web-name" {
description = "Name for Target group web"
}
variable "tg-was-name" {
description = "Name for Target group was"
}
# launch template
variable "launch-template-web-name" {
description = "Name for Launch-template-1"
}
variable "image-id" {
description = "Value for Image-id"
}
variable "instance-type" {
description = "Value for Instance type"
}
variable "launch-template-was-name" {
description = "Name for Launch-template-1"
}
terraform.tfvars
# 네트워크
vpc-cidr = "10.0.0.0/16"
vpc-name = "ho-vpc"
igw-name = "ho-igw"
nat-gw1-name = "ho-nat-gw1"
nat-gw2-name = "ho-nat-gw2"
az-a = "ap-northeast-1a"
az-c = "ap-northeast-1c"
pub-sub1-cidr = "10.0.1.0/24"
pub-sub1-name = "ho-pub-sub1"
pub-sub2-cidr = "10.0.2.0/24"
pub-sub2-name = "ho-pub-sub2"
pub-rt-name = "ho-pub-rt"
pri-rt1-name = "ho-pri-rt1"
pri-rt2-name = "ho-pri-rt2"
# Web
web-sub1-cidr = "10.0.4.0/22"
web-sub1-name = "ho-Web-sub1"
web-sub2-cidr = "10.0.8.0/22"
web-sub2-name = "ho-Web-sub2"
web-instance-name = "ho-web-instances"
# WAS
was-sub1-cidr = "10.0.12.0/22"
was-sub1-name = "ho-WAS-sub1"
was-sub2-cidr = "10.0.16.0/22"
was-sub2-name = "ho-WAS-sub2"
was-instance-name = "ho-was-instances"
# DB
db-sub1-cidr = "10.0.20.0/22"
db-sub1-name = "ho-DB-sub1"
db-sub2-cidr = "10.0.24.0/22"
db-sub2-name = "ho-DB-sub2"
db-username = "DB아이디"
db-password = "DB패스워드"
db-name = "DB이름"
db-sub-grp-name = "ho-db-sub-grp"
db-sg-name = "ho-db-sg"
instance-class = "db.t3.micro"
# ALB
alb-web-name = "ho-alb-web"
alb-sg-web-name = "ho-alb-sg-web"
alb-was-name = "ho-alb-was"
alb-sg-was-name = "ho-alb-sg-was"
# ASG
asg-web-name = "ho-asg-web"
asg-sg-web-name = "ho-asg-sg-web"
asg-was-name = "ho-asg-was"
asg-sg-was-name = "ho-asg-sg-was"
# TG
tg-web-name = "ho-tg-web"
tg-was-name = "ho-tg-was"
# launch template
launch-template-web-name = "ho-launch-template-web"
image-id = "ami-0ecfdfd1c8ae01aec" # 최신 amazon linux2 ami-id
instance-type = "t3.micro"
launch-template-was-name = "ho-launch-template-was"
app-user-data.sh, web-user-data.sh는 scripts 디렉터리 생성 뒤 하위에 넣어주세요.
'AWS' 카테고리의 다른 글
| Capital One 사고 사례 분석 (0) | 2026.03.17 |
|---|---|
| Drizly (2020) 사고 사례 분석 (0) | 2026.03.16 |
| AWS 3-Tier 및 Data Pipeline 구축 With Terraform (5) (0) | 2026.03.14 |
| AWS 3-Tier 및 Data Pipeline 구축 With Terraform (4) (0) | 2026.03.14 |
| AWS 3-Tier 및 Data Pipeline 구축 With Terraform (3) (1) | 2026.03.13 |
'AWS' Related Articles
more
