diff --git a/icurfer-hq-network/.terraform.lock.hcl b/icurfer-hq-network/.terraform.lock.hcl new file mode 100644 index 0000000..bb18485 --- /dev/null +++ b/icurfer-hq-network/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "2.70.4" + constraints = "~> 2.0" + hashes = [ + "h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=", + "zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2", + "zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e", + "zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36", + "zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640", + "zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f", + "zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc", + "zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796", + "zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574", + "zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc", + "zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89", + "zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16", + "zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f", + "zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a", + "zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16", + ] +} diff --git a/icurfer-hq-network/main.tf b/icurfer-hq-network/main.tf new file mode 100644 index 0000000..ea280be --- /dev/null +++ b/icurfer-hq-network/main.tf @@ -0,0 +1,142 @@ +// prod - main +provider "aws" { + region = "ap-northeast-2" + + #2.x버전의 AWS공급자 허용 + version = "~> 2.0" + +} + +locals { + common_tags = { + project = "22shop" + owner = "icurfer" + + } + tcp_port = { + any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + django_port = 8000 + mysql_port = 3306 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] + + node_group_scaling_config = { + desired_size = 2 + max_size = 4 + min_size = 1 + } + + eks_ingress_type = { + public = "kubernetes.io/role/elb" + private = "kubernetes.io/role/internal-elb=1" + } +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// eks를 위한 iam역할 생성 데이터 조회 +data "aws_iam_policy_document" "eks-assume-role-policy" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["eks.amazonaws.com"] + } + } +} +data "aws_iam_policy_document" "eks_node_group_role" { + statement { + actions = ["sts:AssumeRole"] + + principals { + type = "Service" + identifiers = ["ec2.amazonaws.com"] + } + } +} + +# module "vpc_hq" { +module "vpc_hq" { + source = "../modules/vpc" + # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" + tag_name = "${local.common_tags.project}-vpc" + cidr_block = "10.3.0.0/16" + +} + +module "vpc_igw" { + source = "../modules/igw" + + vpc_id = module.vpc_hq.vpc_hq_id + + tag_name = "${local.common_tags.project}-vpc_igw" + + depends_on = [ + module.vpc_hq + ] +} + +module "subnet_public" { + source = "../modules/vpc-subnet" + + vpc_id = module.vpc_hq.vpc_hq_id + subnet-az-list = var.subnet-az-public + public_ip_on = true + # vpc_name = "${local.common_tags.project}-public" + #alb-ingress 생성을 위해 지정 + k8s_ingress = true + vpc_name = local.eks_ingress_type.public +} + +// public route +module "route_public" { + source = "../modules/route-table" + tag_name = "${local.common_tags.project}-route_table" + vpc_id = module.vpc_hq.vpc_hq_id + +} + +module "route_add" { + source = "../modules/route-add" + route_public_id = module.route_public.route_public_id + igw_id = module.vpc_igw.igw_id +} + +module "route_association" { + source = "../modules/route-association" + route_table_id = module.route_public.route_public_id + + association_count = 2 + subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] +} + +# // private subnet +# module "subnet_private" { +# source = "../modules/vpc-subnet" + +# vpc_id = module.vpc_hq.vpc_hq_id +# subnet-az-list = var.subnet-az-private +# public_ip_on = false +# k8s_ingress = false +# #alb-ingress 생성을 위해 지정 +# vpc_name = local.eks_ingress_type.public +# } + +# module "route_private" { +# source = "../modules/route-table" +# tag_name = "${local.common_tags.project}-private_route_table" +# vpc_id = module.vpc_hq.vpc_hq_id + +# } diff --git a/icurfer-hq-network/outputs.tf b/icurfer-hq-network/outputs.tf new file mode 100644 index 0000000..6174a0a --- /dev/null +++ b/icurfer-hq-network/outputs.tf @@ -0,0 +1,16 @@ +//main-outputs +output "aws_id" { + description = "The AWS Account ID." + value = data.aws_caller_identity.this.account_id +} + +output "subnet" { + description = "The name of vpc hq id" + value = module.subnet_public.subnet +} + +output "vpc_id" { + description = "vpc_id" + value = module.vpc_hq.vpc_hq_id + +} \ No newline at end of file diff --git a/icurfer-hq-network/terraform.tf b/icurfer-hq-network/terraform.tf new file mode 100644 index 0000000..fceb229 --- /dev/null +++ b/icurfer-hq-network/terraform.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote"{ + hostname = "app.terraform.io" + organization = "22shop" + + workspaces { + name = "tf-cloud-network" + } + } +} \ No newline at end of file diff --git a/icurfer-hq-network/valiables.tf b/icurfer-hq-network/valiables.tf new file mode 100644 index 0000000..3414430 --- /dev/null +++ b/icurfer-hq-network/valiables.tf @@ -0,0 +1,45 @@ +# variable "cidr_block" { +# type = string +# default = "10.3.0.0/16" + +# } + +variable "prod_name" { + description = "value" + type = string + default = "22shop" +} + +# variable "igw_id" { +# description = "value" +# type = string +# } + +variable "subnet-az-public" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-a" = { + name = "ap-northeast-2a" + cidr = "10.3.1.0/24" + } + "zone-c" = { + name = "ap-northeast-2c" + cidr = "10.3.3.0/24" + } + } +} +variable "subnet-az-private" { + description = "Subnet available zone & cidr" + type = map(map(string)) + default = { + "zone-b" = { + name = "ap-northeast-2b" + cidr = "10.3.2.0/24" + } + "zone-d" = { + name = "ap-northeast-2d" + cidr = "10.3.4.0/24" + } + } +} \ No newline at end of file diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf index 5a83932..7d34b83 100644 --- a/modules/ec2/main.tf +++ b/modules/ec2/main.tf @@ -1,8 +1,30 @@ +resource "aws_network_interface" "eni" { + subnet_id = var.public_ip_associate ? var.public_subnet : var.private_subnet + # private_ips = ["172.16.10.100"] + security_groups = var.sg_list + tags = { + Name = "primary_network_interface" + } +} + resource "aws_instance" "ubuntu" { - ami = "ami-0ab04b3ccbadfae1f" - instance_type = "t2.micro" + ami = var.ami_name + # "ami-0ab04b3ccbadfae1f" + instance_type = var.instance_type + # "t2.micro" tags = { - Name = "tf-ubuntu" + Name = "${var.tag_name}" } -} \ No newline at end of file + + network_interface { + network_interface_id = aws_network_interface.eni.id + device_index = 0 + # delete_on_termination = true + + # security_groups = var.sg_list + + } + + key_name = var.key_name +} diff --git a/modules/ec2/outputs.tf b/modules/ec2/outputs.tf new file mode 100644 index 0000000..85283ce --- /dev/null +++ b/modules/ec2/outputs.tf @@ -0,0 +1,13 @@ +output "ec2_id" { + value = aws_instance.ubuntu.id + +} + +output "public_ip_associate" { + value = aws_instance.ubuntu.associate_public_ip_address + +} + +output "sg_id" { + value = aws_network_interface.eni.security_groups +} \ No newline at end of file diff --git a/modules/ec2/vailables.tf b/modules/ec2/vailables.tf new file mode 100644 index 0000000..28c69c7 --- /dev/null +++ b/modules/ec2/vailables.tf @@ -0,0 +1,36 @@ +variable "ami_name" { + description = "ami name" + type = string +} + +variable "instance_type" { + type = string +} + +variable "tag_name" { + type = string +} + +variable "public_ip_associate" { + type = bool +} +variable "key_name" { + type = string +} +# variable "subnet_id" { +# type = string +# } + +variable "public_subnet" { + type = string +} + +variable "private_subnet" { + type = string +} + +variable "sg_list" { + description = "sg list" + type = list(string) + +} \ No newline at end of file diff --git a/modules/eip/main.tf b/modules/eip/main.tf new file mode 100644 index 0000000..8d050f5 --- /dev/null +++ b/modules/eip/main.tf @@ -0,0 +1,4 @@ +resource "aws_eip" "lb" { + instance = aws_instance.web.id + vpc = true +} \ No newline at end of file diff --git a/modules/eip/outputs.tf b/modules/eip/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/eip/variables.tf b/modules/eip/variables.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/nat-gateway/main.tf b/modules/nat-gateway/main.tf new file mode 100644 index 0000000..5cb4752 --- /dev/null +++ b/modules/nat-gateway/main.tf @@ -0,0 +1,24 @@ +resource "aws_eip" "nat-eip" { + vpc = true + + lifecycle { + create_before_destroy = true + } +} + +resource "aws_nat_gateway" "example" { + allocation_id = aws_eip.nat-eip.id + subnet_id = var.subnet_id + + tags = { + Name = "gw NAT" + } + + # To ensure proper ordering, it is recommended to add an explicit dependency + # on the Internet Gateway for the VPC. + # depends_on = [aws_internet_gateway.example] +} +# resource "aws_nat_gateway" "example" { +# connectivity_type = "private" +# subnet_id = aws_subnet.example.id +# } diff --git a/modules/nat-gateway/outputs.tf b/modules/nat-gateway/outputs.tf new file mode 100644 index 0000000..f2bd299 --- /dev/null +++ b/modules/nat-gateway/outputs.tf @@ -0,0 +1,4 @@ +output "nat_id" { + value = aws_nat_gateway.example.id + +} \ No newline at end of file diff --git a/modules/nat-gateway/variables.tf b/modules/nat-gateway/variables.tf new file mode 100644 index 0000000..3019e6c --- /dev/null +++ b/modules/nat-gateway/variables.tf @@ -0,0 +1,5 @@ +variable "subnet_id" { + description = "subnet id" + type = string + +} diff --git a/modules/route-add/main.tf b/modules/route-add/main.tf index c312568..c5c84b7 100644 --- a/modules/route-add/main.tf +++ b/modules/route-add/main.tf @@ -1,7 +1,16 @@ -resource "aws_route" "route-add" { - route_table_id = var.route_public_id +resource "aws_route" "route-igw-add" { + count = format("%.1s", var.gw_type) == "i" ? 1 : 0 + route_table_id = var.route_id destination_cidr_block = "0.0.0.0/0" gateway_id = var.igw_id - depends_on = [var.route_public_id] + depends_on = [var.route_id] +# depends_on = [aws_route_table.testing] +} +resource "aws_route" "route-nat-add" { + count = format("%.1s", var.gw_type) == "i" ? 0 : 1 + route_table_id = var.route_id + destination_cidr_block = "0.0.0.0/0" + nat_gateway_id = var.nat_id + depends_on = [var.route_id] # depends_on = [aws_route_table.testing] } \ No newline at end of file diff --git a/modules/route-add/variables.tf b/modules/route-add/variables.tf index 7dfddfd..f5b5f0f 100644 --- a/modules/route-add/variables.tf +++ b/modules/route-add/variables.tf @@ -1,9 +1,19 @@ -variable "route_public_id" { +variable "route_id" { description = "value" type = string } +variable "gw_type" { + description = "gateway type. nat or igw" + type = string +} variable "igw_id" { description = "value" type = string + default = "null" +} +variable "nat_id" { + description = "value" + type = string + default = "null" } \ No newline at end of file diff --git a/modules/route-table/main.tf b/modules/route-table/main.tf index cbf23eb..81243a0 100644 --- a/modules/route-table/main.tf +++ b/modules/route-table/main.tf @@ -4,7 +4,7 @@ */ //public -resource "aws_route_table" "public-table" { +resource "aws_route_table" "rt-tbl" { vpc_id = var.vpc_id tags = { Name = "${var.tag_name}-route-public" diff --git a/modules/route-table/outputs.tf b/modules/route-table/outputs.tf index 805a9ad..c1713fe 100644 --- a/modules/route-table/outputs.tf +++ b/modules/route-table/outputs.tf @@ -1,5 +1,5 @@ -output "route_public_id" { +output "route_id" { description = "get route_public_id" - value = aws_route_table.public-table.id + value = aws_route_table.rt-tbl.id } \ No newline at end of file diff --git a/modules/vpc-subnet/main.tf b/modules/vpc-subnet/main.tf index 00fa9ad..8417cb6 100644 --- a/modules/vpc-subnet/main.tf +++ b/modules/vpc-subnet/main.tf @@ -9,8 +9,8 @@ resource "aws_subnet" "subnets" { map_public_ip_on_launch = var.public_ip_on ? true : false tags = { - Name = var.vpc_name + Name = "${var.public_ip_on ? "22shop-eks-public" : "22shop-eks-private"}" "kubernetes.io/role/elb" = "${var.k8s_ingress ? 1 : 0}" - # Name = module.vpc_hq.vpcHq.id + "kubernetes.io/role/internal-elb" = "${var.k8s_ingress ? 0 : 1}" } } \ No newline at end of file diff --git a/modules/vpc-subnet/valiables.tf b/modules/vpc-subnet/valiables.tf index 2eb3bc0..b9f9937 100644 --- a/modules/vpc-subnet/valiables.tf +++ b/modules/vpc-subnet/valiables.tf @@ -31,6 +31,7 @@ variable "subnet-az-list" { # } } + variable "public_ip_on" { type = bool } diff --git a/pord_hq-ecr/main.tf b/pord_hq-ecr/main.tf index 259aae2..d8be152 100644 --- a/pord_hq-ecr/main.tf +++ b/pord_hq-ecr/main.tf @@ -1,55 +1,19 @@ // prod - dev provider "aws" { - region = "ap-northeast-2" - + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" #4.x버전의 AWS공급자 허용 version = "~> 4.0" } -locals { - common_tags = { - project = "22shop_dev" - owner = "icurfer" - - } - tcp_port = { - any_port = 0 - http_port = 80 - https_port = 443 - ssh_port = 22 - dns_port = 53 - django_port = 8000 - mysql_port = 3306 - } - udp_port = { - dns_port = 53 - } - any_protocol = "-1" - tcp_protocol = "tcp" - icmp_protocol = "icmp" - all_ips = ["0.0.0.0/0"] -} - // GET 계정정보 data "aws_caller_identity" "this" {} -// cloud9를 위한 iam역할 생성 데이터 조회 -data "aws_iam_policy_document" "cloud9_role" { - statement { - actions = ["sts:AssumeRole"] - - principals { - type = "Service" - identifiers = ["ec2.amazonaws.com"] - } - } -} - -# EKS테스트 할때 활성 module "ecr" { - source = "../modules/ecr" + source = "../modules/ecr" - names_list = ["app"] - //names_list = ["web", "nginx", "mariadb"] -} \ No newline at end of file + names_list = ["app"] + //names_list = ["web", "nginx", "mariadb"] +} diff --git a/pord_hq-ecr/terraform.tf b/pord_hq-ecr/terraform.tf index 0011172..91a083f 100644 --- a/pord_hq-ecr/terraform.tf +++ b/pord_hq-ecr/terraform.tf @@ -1,10 +1,10 @@ terraform { backend "remote"{ hostname = "app.terraform.io" - organization = "icurfer" + organization = "22shop" workspaces { - name = "tf-cloud-ecr" + name = "hq-ecr" } } } \ No newline at end of file diff --git a/prod-hq-bastion/.terraform.lock.hcl b/prod-hq-bastion/.terraform.lock.hcl new file mode 100644 index 0000000..c4e33ee --- /dev/null +++ b/prod-hq-bastion/.terraform.lock.hcl @@ -0,0 +1,10 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.49.0" + constraints = "~> 4.0" + hashes = [ + "h1:HxPUxrHpAJey832OwVk3J2T7lHpRzMavqjXDzaFyM6I=", + ] +} diff --git a/prod-hq-bastion/main.tf b/prod-hq-bastion/main.tf new file mode 100644 index 0000000..9c685e7 --- /dev/null +++ b/prod-hq-bastion/main.tf @@ -0,0 +1,99 @@ +// prod - dev +provider "aws" { + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" + #4.x버전의 AWS공급자 허용 + version = "~> 4.0" + +} + + +// GET 계정정보 +data "aws_caller_identity" "this" {} +// 테라폼클라우드 +data "terraform_remote_state" "hq_vpc_id" { + backend = "remote" + + config = { + organization = "22shop" + + workspaces = { + name = "hq-network" + } + } +} +locals { + account_id = data.aws_caller_identity.this.account_id + vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id + subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet + common_tags = { + project = "22shop" + owner = "icurfer" + + } + tcp_port = { + # any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + # dns_port = 53 + # django_port = 8000 + mysql_port = 3306 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] + + node_group_scaling_config = { + desired_size = 2 + max_size = 4 + min_size = 1 + } +} +module "ec2_bastion" { + source = "../modules/ec2" + ami_name = "ami-035233c9da2fabf52" //amazon linux + instance_type = "t2.micro" + tag_name = "bastion" + public_ip_associate = true + key_name = "default-shop" + private_subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet.zone-a.id + public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.public_subnet.zone-a.id + sg_list = [module.ec2_sg.sg_id] +} + +module "ec2_sg" { + source = "../modules/sg" + sg_name = "${local.common_tags.project}-bastion-sg" + vpc_id = local.vpc_id + +} +module "ec2_sg_ingress_http" { + for_each = local.tcp_port + source = "../modules/sg-rule-add" + type = "ingress" + from_port = each.value + to_port = each.value + protocol = local.tcp_protocol + cidr_blocks = local.all_ips + security_group_id = module.ec2_sg.sg_id + + tag_name = each.key +} + +module "ec2_sg_egress_all" { + source = "../modules/sg-rule-add" + type = "egress" + from_port = local.any_protocol + to_port = local.any_protocol + protocol = local.any_protocol + cidr_blocks = local.all_ips + security_group_id = module.ec2_sg.sg_id + + tag_name = "egress-all" +} \ No newline at end of file diff --git a/prod-hq-bastion/outputs.tf b/prod-hq-bastion/outputs.tf new file mode 100644 index 0000000..b99a919 --- /dev/null +++ b/prod-hq-bastion/outputs.tf @@ -0,0 +1,8 @@ +output "public_ip_associate" { + value = module.ec2_bastion.public_ip_associate + +} +output "sg_id" { + value = module.ec2_bastion.sg_id + +} \ No newline at end of file diff --git a/prod-hq-bastion/terraform.tf b/prod-hq-bastion/terraform.tf new file mode 100644 index 0000000..790c52c --- /dev/null +++ b/prod-hq-bastion/terraform.tf @@ -0,0 +1,10 @@ +terraform { + backend "remote"{ + hostname = "app.terraform.io" + organization = "22shop" + + workspaces { + name = "hq-bastion" + } + } +} \ No newline at end of file diff --git a/prod-hq-bastion/vailables.tf b/prod-hq-bastion/vailables.tf new file mode 100644 index 0000000..1a57c13 --- /dev/null +++ b/prod-hq-bastion/vailables.tf @@ -0,0 +1,3 @@ +# variable "subnet_id" { +# type = string +# } \ No newline at end of file diff --git a/prod-hq-efs/.terraform.lock.hcl b/prod-hq-efs/.terraform.lock.hcl index c8939b1..0928293 100644 --- a/prod-hq-efs/.terraform.lock.hcl +++ b/prod-hq-efs/.terraform.lock.hcl @@ -6,20 +6,5 @@ provider "registry.terraform.io/hashicorp/aws" { constraints = "~> 3.0" hashes = [ "h1:UOk/iZppUGLh2zjmKJKKWCD6e79GsQokO2xfzOcKjxo=", - "zh:1cf933104a641ffdb64d71a76806f4df35d19101b47e0eb02c9c36bd64bfdd2d", - "zh:273afaf908775ade6c9d32462938e7739ee8b00a0de2ef3cdddc5bc115bb1d4f", - "zh:2bc24ae989e38f575de034083082c69b41c54b8df69d35728853257c400ce0f4", - "zh:53ba88dbdaf9f818d35001c3d519a787f457283d9341f562dc3d0af51fd9606e", - "zh:5cdac7afea68bbd89d3bdb345d99470226482eff41f375f220fe338d2e5808da", - "zh:63127808890ac4be6cff6554985510b15ac715df698d550a3e722722dc56523c", - "zh:97a1237791f15373743189b078a0e0f2fa4dd7d7474077423376cd186312dc55", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:a4f625e97e5f25073c08080e4a619f959bc0149fc853a6b1b49ab41d58b59665", - "zh:b56cca54019237941f7614e8d2712586a6ab3092e8e9492c70f06563259171e9", - "zh:d4bc33bfd6ac78fb61e6d48a61c179907dfdbdf149b89fb97272c663989a7fcd", - "zh:e0089d73fa56d128c574601305634a774eebacf4a84babba71da10040cecf99a", - "zh:e957531f1d92a6474c9b02bd9200da91b99ba07a0ab761c8e3176400dd41721c", - "zh:eceb85818d57d8270db4df7564cf4ed51b5c650a361aaa017c42227158e1946b", - "zh:f565e5caa1b349ec404c6d03d01c68b02233f5485ed038d0aab810dd4023a880", ] } diff --git a/prod-hq-efs/main.tf b/prod-hq-efs/main.tf index 0654bcf..c737cd6 100644 --- a/prod-hq-efs/main.tf +++ b/prod-hq-efs/main.tf @@ -1,16 +1,17 @@ // prod-hq-efs - main provider "aws" { - region = "ap-northeast-2" - - #2.x버전의 AWS공급자 허용 + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" + #3.x버전의 AWS공급자 허용 version = "~> 3.0" - } locals { // 초기 설정값 vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id - public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet + # subnet = data.terraform_remote_state.hq_vpc_id.outputs.public_subnet + subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet common_tags = { project = "22shop-efs" owner = "icurfer" @@ -46,10 +47,10 @@ data "terraform_remote_state" "hq_vpc_id" { backend = "remote" config = { - organization = "icurfer" // 초기 설정값 + organization = "22shop" workspaces = { - name = "tf-cloud-network" + name = "hq-network" } } } @@ -92,10 +93,10 @@ module "efs_fs" { } -module "efs-mnt_tg" { +module "efs-mnt_tg1" { source = "../modules/efs-mnt-tg" fs_id = module.efs_fs.efs_fs_id - subnet_id = "${local.public_subnet.zone-a.id}" + subnet_id = "${local.subnet.zone-a.id}" sg_list = [module.efs_sg.sg_id] depends_on = [ @@ -103,10 +104,10 @@ module "efs-mnt_tg" { ] } -module "efs-mnt_t2" { +module "efs-mnt_tg2" { source = "../modules/efs-mnt-tg" fs_id = module.efs_fs.efs_fs_id - subnet_id = "${local.public_subnet.zone-c.id}" + subnet_id = "${local.subnet.zone-c.id}" sg_list = [module.efs_sg.sg_id] depends_on = [ diff --git a/prod-hq-efs/terraform.tf b/prod-hq-efs/terraform.tf index c7f6170..92aca09 100644 --- a/prod-hq-efs/terraform.tf +++ b/prod-hq-efs/terraform.tf @@ -1,10 +1,10 @@ terraform { backend "remote"{ hostname = "app.terraform.io" - organization = "icurfer" + organization = "22shop" workspaces { - name = "tf-cloud-efs" + name = "hq-efs" } } } \ No newline at end of file diff --git a/prod-hq-eks/main.tf b/prod-hq-eks/main.tf index c2dae59..ed70a9b 100644 --- a/prod-hq-eks/main.tf +++ b/prod-hq-eks/main.tf @@ -1,15 +1,18 @@ // prod - main provider "aws" { - region = "ap-northeast-2" - - #2.x버전의 AWS공급자 허용 + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" + #3.x버전의 AWS공급자 허용 version = "~> 3.0" } locals { + account_id = data.aws_caller_identity.this.account_id vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id - public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet + subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet + # subnet = data.terraform_remote_state.hq_vpc_id.outputs.public_subnet common_tags = { project = "22shop" owner = "icurfer" @@ -69,10 +72,10 @@ data "terraform_remote_state" "hq_vpc_id" { backend = "remote" config = { - organization = "icurfer" + organization = "22shop" workspaces = { - name = "tf-cloud-network" + name = "hq-network" } } } @@ -107,6 +110,9 @@ module "eks_cluster_iam_att2" { ] } +//ec2 Bastion Host + + // eks 노드그룹 역할 생성 및 추가 module "eks_nodegroup_iam" { source = "../modules/iam" @@ -145,7 +151,7 @@ module "eks_nodegroup_iam_att_3" { ] } -// 보안그룹 생성 +// 보안그룹 생성(추가 보안그룹) module "eks_sg" { source = "../modules/sg" sg_name = "${local.common_tags.project}-sg" @@ -185,7 +191,7 @@ module "eks_cluster" { iam_role_arn = module.eks_cluster_iam.iam_arn sg_list = [module.eks_sg.sg_id] # subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. - subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] + subnet_list = [local.subnet.zone-a.id, local.subnet.zone-c.id] depends_on = [ module.eks_cluster_iam, @@ -201,9 +207,9 @@ module "eks_node_group" { node_group_name = "${local.common_tags.project}-ng" cluster_name = module.eks_cluster.cluster_name # iam_role_arn = module.eks_nodegroup_iam.iam_arn - iam_role_arn = "arn:aws:iam::448559955338:role/eks-nodegroup-test" + iam_role_arn = "arn:aws:iam::${local.account_id}:role/eks-nodegroup-test" # subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음. - subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id] + subnet_list = [local.subnet.zone-a.id, local.subnet.zone-c.id] desired_size = local.node_group_scaling_config.desired_size max_size = local.node_group_scaling_config.max_size diff --git a/prod-hq-eks/terraform.tf b/prod-hq-eks/terraform.tf index d6c4a83..830dbe0 100644 --- a/prod-hq-eks/terraform.tf +++ b/prod-hq-eks/terraform.tf @@ -1,10 +1,10 @@ terraform { backend "remote"{ hostname = "app.terraform.io" - organization = "icurfer" + organization = "22shop" workspaces { - name = "tf-cloud-eks" + name = "hq-eks" } } } \ No newline at end of file diff --git a/prod-hq-idc-network/main.tf b/prod-hq-idc-network/main.tf index 9d9ea12..86e94bd 100644 --- a/prod-hq-idc-network/main.tf +++ b/prod-hq-idc-network/main.tf @@ -1,8 +1,9 @@ // prod - main provider "aws" { - region = "ap-northeast-2" - - #2.x버전의 AWS공급자 허용 + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" + #3.x버전의 AWS공급자 허용 version = "~> 3.0" } @@ -14,9 +15,11 @@ locals { owner = "icurfer" } cidr = { - vpc = "10.4.0.0/16" - zone_a = "10.4.1.0/24" - zone_c = "10.4.3.0/24" + vpc = "10.3.0.0/16" + zone_a = "10.3.1.0/24" + zone_c = "10.3.3.0/24" + zone_b = "10.3.2.0/24" + zone_d = "10.3.4.0/24" } tcp_port = { any_port = 0 @@ -26,7 +29,7 @@ locals { dns_port = 53 django_port = 8000 mysql_port = 3306 - nfs_port = 2049 + nfs_port = 2049 } udp_port = { dns_port = 53 @@ -40,23 +43,11 @@ locals { // GET 계정정보 data "aws_caller_identity" "this" {} -// eks를 위한 iam역할 생성 데이터 조회 -# data "aws_iam_policy_document" "eks-assume-role-policy" { -# statement { -# actions = ["sts:AssumeRole"] - -# principals { -# type = "Service" -# identifiers = ["eks.amazonaws.com"] -# } -# } -# } - # module "vpc_hq" { module "vpc_hq" { source = "../modules/vpc" # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" - tag_name = "${local.common_tags.project}-vpc" + tag_name = "${local.common_tags.project}-hq-vpc" cidr_block = local.cidr.vpc } @@ -66,7 +57,7 @@ module "vpc_igw" { vpc_id = module.vpc_hq.vpc_hq_id - tag_name = "${local.common_tags.project}-vpc_igw" + tag_name = "${local.common_tags.project}-hq-igw" depends_on = [ module.vpc_hq @@ -76,7 +67,7 @@ module "vpc_igw" { module "subnet_public" { source = "../modules/vpc-subnet" - vpc_id = module.vpc_hq.vpc_hq_id + vpc_id = module.vpc_hq.vpc_hq_id # subnet-az-list = var.subnet-az-public subnet-az-list = { "zone-a" = { @@ -88,16 +79,16 @@ module "subnet_public" { cidr = local.cidr.zone_c } } - public_ip_on = true + public_ip_on = true # vpc_name = "${local.common_tags.project}-public" #alb-ingress 생성을 위해 지정 - vpc_name = "${local.common_tags.project}-vpc" + vpc_name = "${local.common_tags.project}-public" } // public route module "route_public" { source = "../modules/route-table" - tag_name = "${local.common_tags.project}-route_table" + tag_name = "${local.common_tags.project}-hq-rt-tbl" vpc_id = module.vpc_hq.vpc_hq_id } @@ -114,4 +105,26 @@ module "route_association" { association_count = 2 subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] +} + + +module "subnet_private" { + source = "../modules/vpc-subnet" + + vpc_id = module.vpc_hq.vpc_hq_id + # subnet-az-list = var.subnet-az-public + subnet-az-list = { + "zone-b" = { + name = "${local.region}b" + cidr = local.cidr.zone_b + } + "zone-d" = { + name = "${local.region}d" + cidr = local.cidr.zone_d + } + } + public_ip_on = false + # vpc_name = "${local.common_tags.project}-public" + #alb-ingress 생성을 위해 지정 + vpc_name = "${local.common_tags.project}-hq-private" } \ No newline at end of file diff --git a/prod-hq-idc-network/terraform.tf b/prod-hq-idc-network/terraform.tf index a18fd37..c5b4ce0 100644 --- a/prod-hq-idc-network/terraform.tf +++ b/prod-hq-idc-network/terraform.tf @@ -4,7 +4,7 @@ terraform { organization = "22shop" workspaces { - name = "tf-22shop-idc-network" + name = "idc-network" } } } \ No newline at end of file diff --git a/prod-hq-idc-network/valiables.tf b/prod-hq-idc-network/valiables.tf index 271fd80..10143a0 100644 --- a/prod-hq-idc-network/valiables.tf +++ b/prod-hq-idc-network/valiables.tf @@ -29,17 +29,17 @@ variable "prod_name" { # } # } # } -variable "subnet-az-private" { - description = "Subnet available zone & cidr" - type = map(map(string)) - default = { - "zone-b" = { - name = "ap-northeast-2b" - cidr = "10.3.2.0/24" - } - "zone-d" = { - name = "ap-northeast-2d" - cidr = "10.3.4.0/24" - } - } -} \ No newline at end of file +# variable "subnet-az-private" { +# description = "Subnet available zone & cidr" +# type = map(map(string)) + # default = { + # "zone-b" = { + # name = "ap-northeast-2b" + # cidr = "10.3.2.0/24" + # } + # "zone-d" = { + # name = "ap-northeast-2d" + # cidr = "10.3.4.0/24" + # } + # } +# } \ No newline at end of file diff --git a/prod-hq-network/.terraform.lock.hcl b/prod-hq-network/.terraform.lock.hcl index bb18485..0928293 100644 --- a/prod-hq-network/.terraform.lock.hcl +++ b/prod-hq-network/.terraform.lock.hcl @@ -2,23 +2,9 @@ # Manual edits may be lost in future updates. provider "registry.terraform.io/hashicorp/aws" { - version = "2.70.4" - constraints = "~> 2.0" + version = "3.76.1" + constraints = "~> 3.0" hashes = [ - "h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=", - "zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2", - "zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e", - "zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36", - "zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640", - "zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f", - "zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc", - "zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796", - "zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574", - "zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc", - "zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89", - "zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16", - "zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f", - "zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a", - "zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16", + "h1:UOk/iZppUGLh2zjmKJKKWCD6e79GsQokO2xfzOcKjxo=", ] } diff --git a/prod-hq-network/main.tf b/prod-hq-network/main.tf index ea280be..0b44885 100644 --- a/prod-hq-network/main.tf +++ b/prod-hq-network/main.tf @@ -1,17 +1,25 @@ // prod - main provider "aws" { - region = "ap-northeast-2" - + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" #2.x버전의 AWS공급자 허용 - version = "~> 2.0" + version = "~> 3.0" } locals { + region = "ap-northeast-2" common_tags = { - project = "22shop" + project = "22shop-eks" owner = "icurfer" - + } + cidr = { + vpc = "10.3.0.0/16" + zone_a = "10.3.1.0/24" + zone_c = "10.3.3.0/24" + zone_a_private = "10.3.2.0/24" + zone_c_private = "10.3.4.0/24" } tcp_port = { any_port = 0 @@ -45,6 +53,19 @@ locals { // GET 계정정보 data "aws_caller_identity" "this" {} +// 테라폼클라우드 +# data "terraform_remote_state" "hq_vpc_id" { +# backend = "remote" + +# config = { +# organization = "22shop" + +# workspaces = { +# name = "hq-network" +# } +# } +# } + // eks를 위한 iam역할 생성 데이터 조회 data "aws_iam_policy_document" "eks-assume-role-policy" { statement { @@ -67,7 +88,7 @@ data "aws_iam_policy_document" "eks_node_group_role" { } } -# module "vpc_hq" { +//vpc 생성 module "vpc_hq" { source = "../modules/vpc" # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" @@ -76,6 +97,7 @@ module "vpc_hq" { } +//외부통신 gateway module "vpc_igw" { source = "../modules/igw" @@ -88,16 +110,36 @@ module "vpc_igw" { ] } +// public 서브넷 생성 module "subnet_public" { source = "../modules/vpc-subnet" vpc_id = module.vpc_hq.vpc_hq_id - subnet-az-list = var.subnet-az-public + subnet-az-list = { + "zone-a" = { + name = "${local.region}a" + cidr = local.cidr.zone_a + } + "zone-c" = { + name = "${local.region}c" + cidr = local.cidr.zone_c + } + } public_ip_on = true # vpc_name = "${local.common_tags.project}-public" #alb-ingress 생성을 위해 지정 k8s_ingress = true - vpc_name = local.eks_ingress_type.public + # vpc_name = local.eks_ingress_type.public + vpc_name = local.eks_ingress_type.private +} +// private외부통신을 위한 nat +module "nat_gw" { + source = "../modules/nat-gateway" + subnet_id = module.subnet_public.subnet.zone-a.id + + depends_on = [ + module.vpc_igw + ] } // public route @@ -110,33 +152,59 @@ module "route_public" { module "route_add" { source = "../modules/route-add" - route_public_id = module.route_public.route_public_id + route_id = module.route_public.route_id igw_id = module.vpc_igw.igw_id + gw_type = "igw" } module "route_association" { source = "../modules/route-association" - route_table_id = module.route_public.route_public_id + route_table_id = module.route_public.route_id association_count = 2 subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] } +#----------------------------------------------------------------------------------------------------# +###################################################################################################### +#----------------------------------------------------------------------------------------------------# +module "subnet_private" { + source = "../modules/vpc-subnet" -# // private subnet -# module "subnet_private" { -# source = "../modules/vpc-subnet" + vpc_id = module.vpc_hq.vpc_hq_id + subnet-az-list = { + "zone-a" = { + name = "${local.region}a" + cidr = local.cidr.zone_a_private + } + "zone-c" = { + name = "${local.region}c" + cidr = local.cidr.zone_c_private + } + } + public_ip_on = false + # vpc_name = "${local.common_tags.project}-public" + #alb-ingress 생성을 위해 지정 + k8s_ingress = false + vpc_name = "null" +} -# vpc_id = module.vpc_hq.vpc_hq_id -# subnet-az-list = var.subnet-az-private -# public_ip_on = false -# k8s_ingress = false -# #alb-ingress 생성을 위해 지정 -# vpc_name = local.eks_ingress_type.public -# } +// private route +module "route_private" { + source = "../modules/route-table" + tag_name = "${local.common_tags.project}-private_tbl" + vpc_id = module.vpc_hq.vpc_hq_id -# module "route_private" { -# source = "../modules/route-table" -# tag_name = "${local.common_tags.project}-private_route_table" -# vpc_id = module.vpc_hq.vpc_hq_id +} +module "route_add_nat" { + source = "../modules/route-add" + route_id = module.route_private.route_id + nat_id = module.nat_gw.nat_id + gw_type = "nat" +} +module "route_association_nat" { + source = "../modules/route-association" + route_table_id = module.route_private.route_id -# } + association_count = 2 + subnet_ids = [module.subnet_private.subnet.zone-a.id, module.subnet_private.subnet.zone-c.id] +} diff --git a/prod-hq-network/outputs.tf b/prod-hq-network/outputs.tf index 6174a0a..aba1c33 100644 --- a/prod-hq-network/outputs.tf +++ b/prod-hq-network/outputs.tf @@ -4,13 +4,24 @@ output "aws_id" { value = data.aws_caller_identity.this.account_id } -output "subnet" { +output "public_subnet" { description = "The name of vpc hq id" value = module.subnet_public.subnet } +output "private_subnet" { + description = "The name of vpc hq id" + value = module.subnet_private.subnet +} + output "vpc_id" { description = "vpc_id" value = module.vpc_hq.vpc_hq_id +} + +output "nat_gw_id" { + description = "vpc_id" + value = module.nat_gw.nat_id + } \ No newline at end of file diff --git a/prod-hq-network/terraform.tf b/prod-hq-network/terraform.tf index 528cf0c..35b1c5f 100644 --- a/prod-hq-network/terraform.tf +++ b/prod-hq-network/terraform.tf @@ -1,10 +1,10 @@ terraform { backend "remote"{ hostname = "app.terraform.io" - organization = "icurfer" + organization = "22shop" workspaces { - name = "tf-cloud-network" + name = "hq-network" } } } \ No newline at end of file diff --git a/prod-hq-network/valiables.tf b/prod-hq-network/valiables.tf index 3414430..0b88d60 100644 --- a/prod-hq-network/valiables.tf +++ b/prod-hq-network/valiables.tf @@ -10,36 +10,42 @@ variable "prod_name" { default = "22shop" } +# variable "nat_id" { +# description = "nat id value" +# type = string +# default = "insert_id" + +# } # variable "igw_id" { # description = "value" # type = string # } -variable "subnet-az-public" { - description = "Subnet available zone & cidr" - type = map(map(string)) - default = { - "zone-a" = { - name = "ap-northeast-2a" - cidr = "10.3.1.0/24" - } - "zone-c" = { - name = "ap-northeast-2c" - cidr = "10.3.3.0/24" - } - } -} -variable "subnet-az-private" { - description = "Subnet available zone & cidr" - type = map(map(string)) - default = { - "zone-b" = { - name = "ap-northeast-2b" - cidr = "10.3.2.0/24" - } - "zone-d" = { - name = "ap-northeast-2d" - cidr = "10.3.4.0/24" - } - } -} \ No newline at end of file +# variable "subnet-az-public" { +# description = "Subnet available zone & cidr" +# type = map(map(string)) +# default = { +# "zone-a" = { +# name = "ap-northeast-2a" +# cidr = "10.3.1.0/24" +# } +# "zone-c" = { +# name = "ap-northeast-2c" +# cidr = "10.3.3.0/24" +# } +# } +# } +# variable "subnet-az-private" { +# description = "Subnet available zone & cidr" +# type = map(map(string)) +# default = { +# "zone-b" = { +# name = "ap-northeast-2b" +# cidr = "10.3.2.0/24" +# } +# "zone-d" = { +# name = "ap-northeast-2d" +# cidr = "10.3.4.0/24" +# } +# } +# } \ No newline at end of file diff --git a/test/.terraform.lock.hcl b/test/.terraform.lock.hcl deleted file mode 100644 index bfeb2a0..0000000 --- a/test/.terraform.lock.hcl +++ /dev/null @@ -1,24 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "4.48.0" - hashes = [ - "h1:8xLCA04IhQUzGI8/t3ySKNFMyjgGCWiXRUWhWEsYvew=", - "zh:08f5e3c5256a4fbd5c988863d10e5279172b2470fec6d4fb13c372663e7f7cac", - "zh:2a04376b7fa84681bd2938973c7d0822c8c0f0656a4e7661a2f50ac4d852d4a3", - "zh:30d6cdf321aaba874934cbde505333d89d172d8d5ffcf40b6e66626c57bc6ab2", - "zh:364639ee19cf4cfaa65de84a2a71d32725d5b728b71dd88d01ccb639c006c1cf", - "zh:4e02252cd88b6f59f556f49c5ce46a358046c98f069230358ac15f4030ae1e76", - "zh:611717320f20b3512ceb90abddd5198a85e1093965ce59e3ef8183188c84f8c3", - "zh:630be3b9ba5b3a95ecb2ce2f3523714ab37cd8bcd7479c879a769e6a446ab5ed", - "zh:6701f9d3ae1ffadb3ebefbe75c9d82668cc5495b8f826e498adb8530e202b652", - "zh:6dc6fdfa7469c9de7b405c68b2f6a09a3438db1ef09d348e49c7ceff4300b01a", - "zh:84c8140d8af6965fa9cd80e52eb2ee3d273e3ab7762719a8d1af665c08fab748", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9b6b4f7d4cea37ba7a42a47d506115498858bcd6440ad97dfb214c13a688ba90", - "zh:a7f876af20f5c5dae8e333ec0dfc901e26aa801137e7df65fb365565637bbfe2", - "zh:ad107b8e11dd0609b856584ce70ae6621aa4f1f946da51f7c792f1259e3f9c27", - "zh:d5dc1683693a5fe2652952f50dbbeccd02716799c26c6d1a1378b226cf845e9b", - ] -} diff --git a/test/main.tf b/test/main.tf deleted file mode 100644 index dc565be..0000000 --- a/test/main.tf +++ /dev/null @@ -1,30 +0,0 @@ -provider "aws" { - region = "ap-northeast-2" -} - - - -resource "aws_iam_role" "iam-role" { - name = "eks-cluster-test" - - # Terraform's "jsonencode" function converts a - # Terraform expression result to valid JSON syntax. - assume_role_policy = jsonencode({ - "Version" : "2012-10-17", - "Statement" : [ - { - "Effect" : "Allow", - "Principal" : { - "Service" : [ - "eks.amazonaws.com" - ] - }, - "Action" : "sts:AssumeRole" - } - ] - }) - - tags = { - tag-key = "eks-cluster-rule" - } -}