sg, eks, iam 모듈추가

2022-12-28 22:15:11 +09:00
parent 878bae5c65
commit 0b1946ecb3
25 changed files with 342 additions and 41 deletions
--- a/modules/eks/main.tf
+++ b/modules/eks/main.tf
@ -0,0 +1,16 @@
+resource "aws_eks_cluster" "demo" {
+  name     = var.cluster-name
+  role_arn = aws_iam_role.demo-cluster.arn
+
+  enabled_cluster_log_types = ["api", "audit", "authenticator", "controllerManager", "scheduler"]
+
+  vpc_config {
+    security_group_ids = [aws_security_group.demo-cluster.id]
+    subnet_ids = [
+      aws_subnet.VPC_HQ_public_1a.id,
+      aws_subnet.VPC_HQ_public_1c.id
+    ]
+    endpoint_private_access = true
+    endpoint_public_access  = true
+  }
+}
--- a/modules/eks/outputs.tf
+++ b/modules/eks/outputs.tf
--- a/modules/eks/valiables.tf
+++ b/modules/eks/valiables.tf
--- a/modules/iam-policy-attach/main.tf
+++ b/modules/iam-policy-attach/main.tf
@ -0,0 +1,5 @@
+resource "aws_iam_policy_attachment" "test-attach" {
+  name       = "${var.iam_name}-att"
+  roles      = ["${var.role_name}"]
+  policy_arn = "${var.arn}"
+}
--- a/modules/iam-policy-attach/outputs.tf
+++ b/modules/iam-policy-attach/outputs.tf
--- a/modules/iam-policy-attach/variables.tf
+++ b/modules/iam-policy-attach/variables.tf
@ -0,0 +1,14 @@
+variable "iam_name" {
+    description = "value"
+    type = string
+}
+
+variable "role_name" {
+    description = "value"
+    type = string
+}
+
+variable "arn" {
+    description = "value"
+    type = string
+}
--- a/modules/iam/eks-cluster.json.tftpl
+++ b/modules/iam/eks-cluster.json.tftpl
@ -0,0 +1,14 @@
+{
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : [
+            "eks.amazonaws.com"
+          ]
+        },
+        "Action" : "sts:AssumeRole"
+      }
+    ]
+  }
--- a/modules/iam/main.tf
+++ b/modules/iam/main.tf
@ -0,0 +1,23 @@
+resource "aws_iam_role" "iam-role" {
+  name               = var.iam_name
+  assume_role_policy = var.policy
+
+  tags = {
+    tag-key = var.tag_name
+  }
+}
+
+# {
+#     "Version" : "2012-10-17",
+#     "Statement" : [
+#       {
+#         "Effect" : "Allow",
+#         "Principal" : {
+#           "Service" : [
+#             "eks.amazonaws.com"
+#           ]
+#         },
+#         "Action" : "sts:AssumeRole"
+#       }
+#     ]
+#   }
--- a/modules/iam/outputs.tf
+++ b/modules/iam/outputs.tf
@ -0,0 +1,4 @@
+output "iam_name" {
+    value = aws_iam_role.iam-role.name
+  
+}
--- a/modules/iam/variables.tf
+++ b/modules/iam/variables.tf
@ -0,0 +1,14 @@
+variable "iam_name" {
+    description = "value"
+    type = string
+}
+
+variable "policy" {
+    description = "value"
+    type = string
+}
+
+variable "tag_name" {
+    description = "value"
+    type = string
+}
--- a/modules/route-table/variables.tf
+++ b/modules/route-table/variables.tf
@ -1,9 +1,8 @@
-variable "vpc_id" {
-    description = "set vpc id"
-    type = string
-}
-
 variable "tag_name" {
    description = "value"
    type = string
+}
+variable "vpc_id" {
+    description = "set vpc id"
+    type = string
 }
--- a/modules/sg-rule-add/main.tf
+++ b/modules/sg-rule-add/main.tf
@ -0,0 +1,11 @@
+resource "aws_security_group_rule" "sg-rule-add" {
+  description       = "Security groups rule add"
+
+  type              = var.type
+  from_port         = var.set_ports.http
+  to_port           = var.set_ports.http
+  protocol          = var.set_ports.protocol_tcp #tcp
+  cidr_blocks       = var.cidr_blocks
+  security_group_id = var.sg_id
+
+}
--- a/modules/sg-rule-add/outputs.tf
+++ b/modules/sg-rule-add/outputs.tf
@ -0,0 +1,10 @@
+//sg-output
+output "vpc_hq_id" {
+  description = "The name of vpc hq id"
+  value       = aws_vpc.vpc-hq.id
+}
+
+output "vpc_name" {
+  value = var.tag_name
+}
+
--- a/modules/sg-rule-add/variables.tf
+++ b/modules/sg-rule-add/variables.tf
@ -0,0 +1,8 @@
+variable "type" {
+  description = "security rule type"
+  type  = string
+}
+variable "from_port" {
+  description = "from port"
+  type = number
+}
--- a/modules/sg/main.tf
+++ b/modules/sg/main.tf
@ -0,0 +1,5 @@
+resource "aws_security_group" "sg" {
+  description = "Security groups"
+  name        = var.sg_name
+
+}
--- a/modules/sg/outputs.tf
+++ b/modules/sg/outputs.tf
@ -0,0 +1,5 @@
+//sg-output
+output "sg_id" {
+  description = "sg id outputs"
+  value       = aws_security_group.sg.id
+}
--- a/modules/sg/variables.tf
+++ b/modules/sg/variables.tf
@ -0,0 +1,4 @@
+variable "sg_name" {
+  description = "security group name"
+  type        = string
+}
--- a/modules/templates/main.tf
+++ b/modules/templates/main.tf
@ -0,0 +1,24 @@
+resource "aws_iam_role" "eks-cluster" {
+  name = "iam role eks-cluster"
+
+  # Terraform's "jsonencode" function converts a
+  # Terraform expression result to valid JSON syntax.
+  assume_role_policy = jsonencode({
+    "Version" : "2012-10-17",
+    "Statement" : [
+      {
+        "Effect" : "Allow",
+        "Principal" : {
+          "Service" : [
+            "eks.amazonaws.com"
+          ]
+        },
+        "Action" : "sts:AssumeRole"
+      }
+    ]
+  })
+
+  tags = {
+    tag-key = "eks-cluster-rule"
+  }
+}
--- a/modules/vpc-subnet/terraform.tf
+++ b/modules/vpc-subnet/terraform.tf
@ -0,0 +1,10 @@
+terraform {
+  backend "remote"{
+    hostname = "app.terraform.io"
+    organization = "22shop"
+
+    workspaces {
+      name = "tf-cloud-backend"
+    }
+  }
+}