From c96cac92b9d04647c4f015d6708c0f3721dfcd7c Mon Sep 17 00:00:00 2001
From: Seong-dong <darkquiz@naver.com>
Date: Wed, 11 Jan 2023 01:31:56 +0900
Subject: [PATCH] cowork
---
icurfer-hq-network/.terraform.lock.hcl | 24 +++++
icurfer-hq-network/main.tf | 142 +++++++++++++++++++++++++
icurfer-hq-network/outputs.tf | 16 +++
icurfer-hq-network/terraform.tf | 10 ++
icurfer-hq-network/valiables.tf | 45 ++++++++
modules/ec2/main.tf | 30 +++++-
modules/ec2/outputs.tf | 13 +++
modules/ec2/vailables.tf | 36 +++++++
modules/eip/main.tf | 4 +
modules/eip/outputs.tf | 0
modules/eip/variables.tf | 0
modules/nat-gateway/main.tf | 24 +++++
modules/nat-gateway/outputs.tf | 4 +
modules/nat-gateway/variables.tf | 5 +
modules/route-add/main.tf | 15 ++-
modules/route-add/variables.tf | 12 ++-
modules/route-table/main.tf | 2 +-
modules/route-table/outputs.tf | 4 +-
modules/vpc-subnet/main.tf | 4 +-
modules/vpc-subnet/valiables.tf | 1 +
pord_hq-ecr/main.tf | 50 ++-------
pord_hq-ecr/terraform.tf | 4 +-
prod-hq-bastion/.terraform.lock.hcl | 10 ++
prod-hq-bastion/main.tf | 99 +++++++++++++++++
prod-hq-bastion/outputs.tf | 8 ++
prod-hq-bastion/terraform.tf | 10 ++
prod-hq-bastion/vailables.tf | 3 +
prod-hq-efs/.terraform.lock.hcl | 15 ---
prod-hq-efs/main.tf | 23 ++--
prod-hq-efs/terraform.tf | 4 +-
prod-hq-eks/main.tf | 26 +++--
prod-hq-eks/terraform.tf | 4 +-
prod-hq-idc-network/main.tf | 63 ++++++-----
prod-hq-idc-network/terraform.tf | 2 +-
prod-hq-idc-network/valiables.tf | 28 ++---
prod-hq-network/.terraform.lock.hcl | 20 +---
prod-hq-network/main.tf | 118 +++++++++++++++-----
prod-hq-network/outputs.tf | 13 ++-
prod-hq-network/terraform.tf | 4 +-
prod-hq-network/valiables.tf | 62 ++++++-----
test/.terraform.lock.hcl | 24 -----
test/main.tf | 30 ------
42 files changed, 746 insertions(+), 265 deletions(-)
create mode 100644 icurfer-hq-network/.terraform.lock.hcl
create mode 100644 icurfer-hq-network/main.tf
create mode 100644 icurfer-hq-network/outputs.tf
create mode 100644 icurfer-hq-network/terraform.tf
create mode 100644 icurfer-hq-network/valiables.tf
create mode 100644 modules/ec2/outputs.tf
create mode 100644 modules/ec2/vailables.tf
create mode 100644 modules/eip/main.tf
create mode 100644 modules/eip/outputs.tf
create mode 100644 modules/eip/variables.tf
create mode 100644 modules/nat-gateway/main.tf
create mode 100644 modules/nat-gateway/outputs.tf
create mode 100644 modules/nat-gateway/variables.tf
create mode 100644 prod-hq-bastion/.terraform.lock.hcl
create mode 100644 prod-hq-bastion/main.tf
create mode 100644 prod-hq-bastion/outputs.tf
create mode 100644 prod-hq-bastion/terraform.tf
create mode 100644 prod-hq-bastion/vailables.tf
delete mode 100644 test/.terraform.lock.hcl
delete mode 100644 test/main.tf
diff --git a/icurfer-hq-network/.terraform.lock.hcl b/icurfer-hq-network/.terraform.lock.hcl
new file mode 100644
index 0000000..bb18485
--- /dev/null
+++ b/icurfer-hq-network/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "2.70.4"
+ constraints = "~> 2.0"
+ hashes = [
+ "h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=",
+ "zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2",
+ "zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e",
+ "zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36",
+ "zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640",
+ "zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f",
+ "zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc",
+ "zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796",
+ "zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574",
+ "zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc",
+ "zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89",
+ "zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16",
+ "zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f",
+ "zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a",
+ "zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16",
+ ]
+}
diff --git a/icurfer-hq-network/main.tf b/icurfer-hq-network/main.tf
new file mode 100644
index 0000000..ea280be
--- /dev/null
+++ b/icurfer-hq-network/main.tf
@@ -0,0 +1,142 @@
+// prod - main
+provider "aws" {
+ region = "ap-northeast-2"
+
+ #2.x버전의 AWS공급자 허용
+ version = "~> 2.0"
+
+}
+
+locals {
+ common_tags = {
+ project = "22shop"
+ owner = "icurfer"
+
+ }
+ tcp_port = {
+ any_port = 0
+ http_port = 80
+ https_port = 443
+ ssh_port = 22
+ dns_port = 53
+ django_port = 8000
+ mysql_port = 3306
+ }
+ udp_port = {
+ dns_port = 53
+ }
+ any_protocol = "-1"
+ tcp_protocol = "tcp"
+ icmp_protocol = "icmp"
+ all_ips = ["0.0.0.0/0"]
+
+ node_group_scaling_config = {
+ desired_size = 2
+ max_size = 4
+ min_size = 1
+ }
+
+ eks_ingress_type = {
+ public = "kubernetes.io/role/elb"
+ private = "kubernetes.io/role/internal-elb=1"
+ }
+}
+
+// GET 계정정보
+data "aws_caller_identity" "this" {}
+
+// eks를 위한 iam역할 생성 데이터 조회
+data "aws_iam_policy_document" "eks-assume-role-policy" {
+ statement {
+ actions = ["sts:AssumeRole"]
+
+ principals {
+ type = "Service"
+ identifiers = ["eks.amazonaws.com"]
+ }
+ }
+}
+data "aws_iam_policy_document" "eks_node_group_role" {
+ statement {
+ actions = ["sts:AssumeRole"]
+
+ principals {
+ type = "Service"
+ identifiers = ["ec2.amazonaws.com"]
+ }
+ }
+}
+
+# module "vpc_hq" {
+module "vpc_hq" {
+ source = "../modules/vpc"
+ # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc"
+ tag_name = "${local.common_tags.project}-vpc"
+ cidr_block = "10.3.0.0/16"
+
+}
+
+module "vpc_igw" {
+ source = "../modules/igw"
+
+ vpc_id = module.vpc_hq.vpc_hq_id
+
+ tag_name = "${local.common_tags.project}-vpc_igw"
+
+ depends_on = [
+ module.vpc_hq
+ ]
+}
+
+module "subnet_public" {
+ source = "../modules/vpc-subnet"
+
+ vpc_id = module.vpc_hq.vpc_hq_id
+ subnet-az-list = var.subnet-az-public
+ public_ip_on = true
+ # vpc_name = "${local.common_tags.project}-public"
+ #alb-ingress 생성을 위해 지정
+ k8s_ingress = true
+ vpc_name = local.eks_ingress_type.public
+}
+
+// public route
+module "route_public" {
+ source = "../modules/route-table"
+ tag_name = "${local.common_tags.project}-route_table"
+ vpc_id = module.vpc_hq.vpc_hq_id
+
+}
+
+module "route_add" {
+ source = "../modules/route-add"
+ route_public_id = module.route_public.route_public_id
+ igw_id = module.vpc_igw.igw_id
+}
+
+module "route_association" {
+ source = "../modules/route-association"
+ route_table_id = module.route_public.route_public_id
+
+ association_count = 2
+ subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id]
+}
+
+# // private subnet
+# module "subnet_private" {
+# source = "../modules/vpc-subnet"
+
+# vpc_id = module.vpc_hq.vpc_hq_id
+# subnet-az-list = var.subnet-az-private
+# public_ip_on = false
+# k8s_ingress = false
+# #alb-ingress 생성을 위해 지정
+# vpc_name = local.eks_ingress_type.public
+# }
+
+# module "route_private" {
+# source = "../modules/route-table"
+# tag_name = "${local.common_tags.project}-private_route_table"
+# vpc_id = module.vpc_hq.vpc_hq_id
+
+# }
diff --git a/icurfer-hq-network/outputs.tf b/icurfer-hq-network/outputs.tf
new file mode 100644
index 0000000..6174a0a
--- /dev/null
+++ b/icurfer-hq-network/outputs.tf
@@ -0,0 +1,16 @@
+//main-outputs
+output "aws_id" {
+ description = "The AWS Account ID."
+ value = data.aws_caller_identity.this.account_id
+}
+
+output "subnet" {
+ description = "The name of vpc hq id"
+ value = module.subnet_public.subnet
+}
+
+output "vpc_id" {
+ description = "vpc_id"
+ value = module.vpc_hq.vpc_hq_id
+
+}
\ No newline at end of file
diff --git a/icurfer-hq-network/terraform.tf b/icurfer-hq-network/terraform.tf
new file mode 100644
index 0000000..fceb229
--- /dev/null
+++ b/icurfer-hq-network/terraform.tf
@@ -0,0 +1,10 @@
+terraform {
+ backend "remote"{
+ hostname = "app.terraform.io"
+ organization = "22shop"
+
+ workspaces {
+ name = "tf-cloud-network"
+ }
+ }
+}
\ No newline at end of file
diff --git a/icurfer-hq-network/valiables.tf b/icurfer-hq-network/valiables.tf
new file mode 100644
index 0000000..3414430
--- /dev/null
+++ b/icurfer-hq-network/valiables.tf
@@ -0,0 +1,45 @@
+# variable "cidr_block" {
+# type = string
+# default = "10.3.0.0/16"
+
+# }
+
+variable "prod_name" {
+ description = "value"
+ type = string
+ default = "22shop"
+}
+
+# variable "igw_id" {
+# description = "value"
+# type = string
+# }
+
+variable "subnet-az-public" {
+ description = "Subnet available zone & cidr"
+ type = map(map(string))
+ default = {
+ "zone-a" = {
+ name = "ap-northeast-2a"
+ cidr = "10.3.1.0/24"
+ }
+ "zone-c" = {
+ name = "ap-northeast-2c"
+ cidr = "10.3.3.0/24"
+ }
+ }
+}
+variable "subnet-az-private" {
+ description = "Subnet available zone & cidr"
+ type = map(map(string))
+ default = {
+ "zone-b" = {
+ name = "ap-northeast-2b"
+ cidr = "10.3.2.0/24"
+ }
+ "zone-d" = {
+ name = "ap-northeast-2d"
+ cidr = "10.3.4.0/24"
+ }
+ }
+}
\ No newline at end of file
diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf
index 5a83932..7d34b83 100644
--- a/modules/ec2/main.tf
+++ b/modules/ec2/main.tf
@@ -1,8 +1,30 @@
+resource "aws_network_interface" "eni" {
+ subnet_id = var.public_ip_associate ? var.public_subnet : var.private_subnet
+ # private_ips = ["172.16.10.100"]
+ security_groups = var.sg_list
+ tags = {
+ Name = "primary_network_interface"
+ }
+}
+
resource "aws_instance" "ubuntu" {
- ami = "ami-0ab04b3ccbadfae1f"
- instance_type = "t2.micro"
+ ami = var.ami_name
+ # "ami-0ab04b3ccbadfae1f"
+ instance_type = var.instance_type
+ # "t2.micro"
tags = {
- Name = "tf-ubuntu"
+ Name = "${var.tag_name}"
}
-}
\ No newline at end of file
+
+ network_interface {
+ network_interface_id = aws_network_interface.eni.id
+ device_index = 0
+ # delete_on_termination = true
+
+ # security_groups = var.sg_list
+
+ }
+
+ key_name = var.key_name
+}
diff --git a/modules/ec2/outputs.tf b/modules/ec2/outputs.tf
new file mode 100644
index 0000000..85283ce
--- /dev/null
+++ b/modules/ec2/outputs.tf
@@ -0,0 +1,13 @@
+output "ec2_id" {
+ value = aws_instance.ubuntu.id
+
+}
+
+output "public_ip_associate" {
+ value = aws_instance.ubuntu.associate_public_ip_address
+
+}
+
+output "sg_id" {
+ value = aws_network_interface.eni.security_groups
+}
\ No newline at end of file
diff --git a/modules/ec2/vailables.tf b/modules/ec2/vailables.tf
new file mode 100644
index 0000000..28c69c7
--- /dev/null
+++ b/modules/ec2/vailables.tf
@@ -0,0 +1,36 @@
+variable "ami_name" {
+ description = "ami name"
+ type = string
+}
+
+variable "instance_type" {
+ type = string
+}
+
+variable "tag_name" {
+ type = string
+}
+
+variable "public_ip_associate" {
+ type = bool
+}
+variable "key_name" {
+ type = string
+}
+# variable "subnet_id" {
+# type = string
+# }
+
+variable "public_subnet" {
+ type = string
+}
+
+variable "private_subnet" {
+ type = string
+}
+
+variable "sg_list" {
+ description = "sg list"
+ type = list(string)
+
+}
\ No newline at end of file
diff --git a/modules/eip/main.tf b/modules/eip/main.tf
new file mode 100644
index 0000000..8d050f5
--- /dev/null
+++ b/modules/eip/main.tf
@@ -0,0 +1,4 @@
+resource "aws_eip" "lb" {
+ instance = aws_instance.web.id
+ vpc = true
+}
\ No newline at end of file
diff --git a/modules/eip/outputs.tf b/modules/eip/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/eip/variables.tf b/modules/eip/variables.tf
new file mode 100644
index 0000000..e69de29
diff --git a/modules/nat-gateway/main.tf b/modules/nat-gateway/main.tf
new file mode 100644
index 0000000..5cb4752
--- /dev/null
+++ b/modules/nat-gateway/main.tf
@@ -0,0 +1,24 @@
+resource "aws_eip" "nat-eip" {
+ vpc = true
+
+ lifecycle {
+ create_before_destroy = true
+ }
+}
+
+resource "aws_nat_gateway" "example" {
+ allocation_id = aws_eip.nat-eip.id
+ subnet_id = var.subnet_id
+
+ tags = {
+ Name = "gw NAT"
+ }
+
+ # To ensure proper ordering, it is recommended to add an explicit dependency
+ # on the Internet Gateway for the VPC.
+ # depends_on = [aws_internet_gateway.example]
+}
+# resource "aws_nat_gateway" "example" {
+# connectivity_type = "private"
+# subnet_id = aws_subnet.example.id
+# }
diff --git a/modules/nat-gateway/outputs.tf b/modules/nat-gateway/outputs.tf
new file mode 100644
index 0000000..f2bd299
--- /dev/null
+++ b/modules/nat-gateway/outputs.tf
@@ -0,0 +1,4 @@
+output "nat_id" {
+ value = aws_nat_gateway.example.id
+
+}
\ No newline at end of file
diff --git a/modules/nat-gateway/variables.tf b/modules/nat-gateway/variables.tf
new file mode 100644
index 0000000..3019e6c
--- /dev/null
+++ b/modules/nat-gateway/variables.tf
@@ -0,0 +1,5 @@
+variable "subnet_id" {
+ description = "subnet id"
+ type = string
+
+}
diff --git a/modules/route-add/main.tf b/modules/route-add/main.tf
index c312568..c5c84b7 100644
--- a/modules/route-add/main.tf
+++ b/modules/route-add/main.tf
@@ -1,7 +1,16 @@
-resource "aws_route" "route-add" {
- route_table_id = var.route_public_id
+resource "aws_route" "route-igw-add" {
+ count = format("%.1s", var.gw_type) == "i" ? 1 : 0
+ route_table_id = var.route_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = var.igw_id
- depends_on = [var.route_public_id]
+ depends_on = [var.route_id]
+# depends_on = [aws_route_table.testing]
+}
+resource "aws_route" "route-nat-add" {
+ count = format("%.1s", var.gw_type) == "i" ? 0 : 1
+ route_table_id = var.route_id
+ destination_cidr_block = "0.0.0.0/0"
+ nat_gateway_id = var.nat_id
+ depends_on = [var.route_id]
# depends_on = [aws_route_table.testing]
}
\ No newline at end of file
diff --git a/modules/route-add/variables.tf b/modules/route-add/variables.tf
index 7dfddfd..f5b5f0f 100644
--- a/modules/route-add/variables.tf
+++ b/modules/route-add/variables.tf
@@ -1,9 +1,19 @@
-variable "route_public_id" {
+variable "route_id" {
description = "value"
type = string
}
+variable "gw_type" {
+ description = "gateway type. nat or igw"
+ type = string
+}
variable "igw_id" {
description = "value"
type = string
+ default = "null"
+}
+variable "nat_id" {
+ description = "value"
+ type = string
+ default = "null"
}
\ No newline at end of file
diff --git a/modules/route-table/main.tf b/modules/route-table/main.tf
index cbf23eb..81243a0 100644
--- a/modules/route-table/main.tf
+++ b/modules/route-table/main.tf
@@ -4,7 +4,7 @@
*/
//public
-resource "aws_route_table" "public-table" {
+resource "aws_route_table" "rt-tbl" {
vpc_id = var.vpc_id
tags = {
Name = "${var.tag_name}-route-public"
diff --git a/modules/route-table/outputs.tf b/modules/route-table/outputs.tf
index 805a9ad..c1713fe 100644
--- a/modules/route-table/outputs.tf
+++ b/modules/route-table/outputs.tf
@@ -1,5 +1,5 @@
-output "route_public_id" {
+output "route_id" {
description = "get route_public_id"
- value = aws_route_table.public-table.id
+ value = aws_route_table.rt-tbl.id
}
\ No newline at end of file
diff --git a/modules/vpc-subnet/main.tf b/modules/vpc-subnet/main.tf
index 00fa9ad..8417cb6 100644
--- a/modules/vpc-subnet/main.tf
+++ b/modules/vpc-subnet/main.tf
@@ -9,8 +9,8 @@ resource "aws_subnet" "subnets" {
map_public_ip_on_launch = var.public_ip_on ? true : false
tags = {
- Name = var.vpc_name
+ Name = "${var.public_ip_on ? "22shop-eks-public" : "22shop-eks-private"}"
"kubernetes.io/role/elb" = "${var.k8s_ingress ? 1 : 0}"
- # Name = module.vpc_hq.vpcHq.id
+ "kubernetes.io/role/internal-elb" = "${var.k8s_ingress ? 0 : 1}"
}
}
\ No newline at end of file
diff --git a/modules/vpc-subnet/valiables.tf b/modules/vpc-subnet/valiables.tf
index 2eb3bc0..b9f9937 100644
--- a/modules/vpc-subnet/valiables.tf
+++ b/modules/vpc-subnet/valiables.tf
@@ -31,6 +31,7 @@ variable "subnet-az-list" {
# }
}
+
variable "public_ip_on" {
type = bool
}
diff --git a/pord_hq-ecr/main.tf b/pord_hq-ecr/main.tf
index 259aae2..d8be152 100644
--- a/pord_hq-ecr/main.tf
+++ b/pord_hq-ecr/main.tf
@@ -1,55 +1,19 @@
// prod - dev
provider "aws" {
- region = "ap-northeast-2"
-
+ region = "ap-northeast-2"
+ profile = "22shop"
+ shared_credentials_file = "C:/Users/aa/.aws/credentials"
#4.x버전의 AWS공급자 허용
version = "~> 4.0"
}
-locals {
- common_tags = {
- project = "22shop_dev"
- owner = "icurfer"
-
- }
- tcp_port = {
- any_port = 0
- http_port = 80
- https_port = 443
- ssh_port = 22
- dns_port = 53
- django_port = 8000
- mysql_port = 3306
- }
- udp_port = {
- dns_port = 53
- }
- any_protocol = "-1"
- tcp_protocol = "tcp"
- icmp_protocol = "icmp"
- all_ips = ["0.0.0.0/0"]
-}
-
// GET 계정정보
data "aws_caller_identity" "this" {}
-// cloud9를 위한 iam역할 생성 데이터 조회
-data "aws_iam_policy_document" "cloud9_role" {
- statement {
- actions = ["sts:AssumeRole"]
-
- principals {
- type = "Service"
- identifiers = ["ec2.amazonaws.com"]
- }
- }
-}
-
-# EKS테스트 할때 활성
module "ecr" {
- source = "../modules/ecr"
+ source = "../modules/ecr"
- names_list = ["app"]
- //names_list = ["web", "nginx", "mariadb"]
-}
\ No newline at end of file
+ names_list = ["app"]
+ //names_list = ["web", "nginx", "mariadb"]
+}
diff --git a/pord_hq-ecr/terraform.tf b/pord_hq-ecr/terraform.tf
index 0011172..91a083f 100644
--- a/pord_hq-ecr/terraform.tf
+++ b/pord_hq-ecr/terraform.tf
@@ -1,10 +1,10 @@
terraform {
backend "remote"{
hostname = "app.terraform.io"
- organization = "icurfer"
+ organization = "22shop"
workspaces {
- name = "tf-cloud-ecr"
+ name = "hq-ecr"
}
}
}
\ No newline at end of file
diff --git a/prod-hq-bastion/.terraform.lock.hcl b/prod-hq-bastion/.terraform.lock.hcl
new file mode 100644
index 0000000..c4e33ee
--- /dev/null
+++ b/prod-hq-bastion/.terraform.lock.hcl
@@ -0,0 +1,10 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/aws" {
+ version = "4.49.0"
+ constraints = "~> 4.0"
+ hashes = [
+ "h1:HxPUxrHpAJey832OwVk3J2T7lHpRzMavqjXDzaFyM6I=",
+ ]
+}
diff --git a/prod-hq-bastion/main.tf b/prod-hq-bastion/main.tf
new file mode 100644
index 0000000..9c685e7
--- /dev/null
+++ b/prod-hq-bastion/main.tf
@@ -0,0 +1,99 @@
+// prod - dev
+provider "aws" {
+ region = "ap-northeast-2"
+ profile = "22shop"
+ shared_credentials_file = "C:/Users/aa/.aws/credentials"
+ #4.x버전의 AWS공급자 허용
+ version = "~> 4.0"
+
+}
+
+
+// GET 계정정보
+data "aws_caller_identity" "this" {}
+// 테라폼클라우드
+data "terraform_remote_state" "hq_vpc_id" {
+ backend = "remote"
+
+ config = {
+ organization = "22shop"
+
+ workspaces = {
+ name = "hq-network"
+ }
+ }
+}
+locals {
+ account_id = data.aws_caller_identity.this.account_id
+ vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id
+ subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet
+ common_tags = {
+ project = "22shop"
+ owner = "icurfer"
+
+ }
+ tcp_port = {
+ # any_port = 0
+ http_port = 80
+ https_port = 443
+ ssh_port = 22
+ # dns_port = 53
+ # django_port = 8000
+ mysql_port = 3306
+ }
+ udp_port = {
+ dns_port = 53
+ }
+ any_protocol = "-1"
+ tcp_protocol = "tcp"
+ icmp_protocol = "icmp"
+ all_ips = ["0.0.0.0/0"]
+
+ node_group_scaling_config = {
+ desired_size = 2
+ max_size = 4
+ min_size = 1
+ }
+}
+module "ec2_bastion" {
+ source = "../modules/ec2"
+ ami_name = "ami-035233c9da2fabf52" //amazon linux
+ instance_type = "t2.micro"
+ tag_name = "bastion"
+ public_ip_associate = true
+ key_name = "default-shop"
+ private_subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet.zone-a.id
+ public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.public_subnet.zone-a.id
+ sg_list = [module.ec2_sg.sg_id]
+}
+
+module "ec2_sg" {
+ source = "../modules/sg"
+ sg_name = "${local.common_tags.project}-bastion-sg"
+ vpc_id = local.vpc_id
+
+}
+module "ec2_sg_ingress_http" {
+ for_each = local.tcp_port
+ source = "../modules/sg-rule-add"
+ type = "ingress"
+ from_port = each.value
+ to_port = each.value
+ protocol = local.tcp_protocol
+ cidr_blocks = local.all_ips
+ security_group_id = module.ec2_sg.sg_id
+
+ tag_name = each.key
+}
+
+module "ec2_sg_egress_all" {
+ source = "../modules/sg-rule-add"
+ type = "egress"
+ from_port = local.any_protocol
+ to_port = local.any_protocol
+ protocol = local.any_protocol
+ cidr_blocks = local.all_ips
+ security_group_id = module.ec2_sg.sg_id
+
+ tag_name = "egress-all"
+}
\ No newline at end of file
diff --git a/prod-hq-bastion/outputs.tf b/prod-hq-bastion/outputs.tf
new file mode 100644
index 0000000..b99a919
--- /dev/null
+++ b/prod-hq-bastion/outputs.tf
@@ -0,0 +1,8 @@
+output "public_ip_associate" {
+ value = module.ec2_bastion.public_ip_associate
+
+}
+output "sg_id" {
+ value = module.ec2_bastion.sg_id
+
+}
\ No newline at end of file
diff --git a/prod-hq-bastion/terraform.tf b/prod-hq-bastion/terraform.tf
new file mode 100644
index 0000000..790c52c
--- /dev/null
+++ b/prod-hq-bastion/terraform.tf
@@ -0,0 +1,10 @@
+terraform {
+ backend "remote"{
+ hostname = "app.terraform.io"
+ organization = "22shop"
+
+ workspaces {
+ name = "hq-bastion"
+ }
+ }
+}
\ No newline at end of file
diff --git a/prod-hq-bastion/vailables.tf b/prod-hq-bastion/vailables.tf
new file mode 100644
index 0000000..1a57c13
--- /dev/null
+++ b/prod-hq-bastion/vailables.tf
@@ -0,0 +1,3 @@
+# variable "subnet_id" {
+# type = string
+# }
\ No newline at end of file
diff --git a/prod-hq-efs/.terraform.lock.hcl b/prod-hq-efs/.terraform.lock.hcl
index c8939b1..0928293 100644
--- a/prod-hq-efs/.terraform.lock.hcl
+++ b/prod-hq-efs/.terraform.lock.hcl
@@ -6,20 +6,5 @@ provider "registry.terraform.io/hashicorp/aws" {
constraints = "~> 3.0"
hashes = [
"h1:UOk/iZppUGLh2zjmKJKKWCD6e79GsQokO2xfzOcKjxo=",
- "zh:1cf933104a641ffdb64d71a76806f4df35d19101b47e0eb02c9c36bd64bfdd2d",
- "zh:273afaf908775ade6c9d32462938e7739ee8b00a0de2ef3cdddc5bc115bb1d4f",
- "zh:2bc24ae989e38f575de034083082c69b41c54b8df69d35728853257c400ce0f4",
- "zh:53ba88dbdaf9f818d35001c3d519a787f457283d9341f562dc3d0af51fd9606e",
- "zh:5cdac7afea68bbd89d3bdb345d99470226482eff41f375f220fe338d2e5808da",
- "zh:63127808890ac4be6cff6554985510b15ac715df698d550a3e722722dc56523c",
- "zh:97a1237791f15373743189b078a0e0f2fa4dd7d7474077423376cd186312dc55",
- "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
- "zh:a4f625e97e5f25073c08080e4a619f959bc0149fc853a6b1b49ab41d58b59665",
- "zh:b56cca54019237941f7614e8d2712586a6ab3092e8e9492c70f06563259171e9",
- "zh:d4bc33bfd6ac78fb61e6d48a61c179907dfdbdf149b89fb97272c663989a7fcd",
- "zh:e0089d73fa56d128c574601305634a774eebacf4a84babba71da10040cecf99a",
- "zh:e957531f1d92a6474c9b02bd9200da91b99ba07a0ab761c8e3176400dd41721c",
- "zh:eceb85818d57d8270db4df7564cf4ed51b5c650a361aaa017c42227158e1946b",
- "zh:f565e5caa1b349ec404c6d03d01c68b02233f5485ed038d0aab810dd4023a880",
]
}
diff --git a/prod-hq-efs/main.tf b/prod-hq-efs/main.tf
index 0654bcf..c737cd6 100644
--- a/prod-hq-efs/main.tf
+++ b/prod-hq-efs/main.tf
@@ -1,16 +1,17 @@
// prod-hq-efs - main
provider "aws" {
- region = "ap-northeast-2"
-
- #2.x버전의 AWS공급자 허용
+ region = "ap-northeast-2"
+ profile = "22shop"
+ shared_credentials_file = "C:/Users/aa/.aws/credentials"
+ #3.x버전의 AWS공급자 허용
version = "~> 3.0"
-
}
locals {
// 초기 설정값
vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id
- public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet
+ # subnet = data.terraform_remote_state.hq_vpc_id.outputs.public_subnet
+ subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet
common_tags = {
project = "22shop-efs"
owner = "icurfer"
@@ -46,10 +47,10 @@ data "terraform_remote_state" "hq_vpc_id" {
backend = "remote"
config = {
- organization = "icurfer" // 초기 설정값
+ organization = "22shop"
workspaces = {
- name = "tf-cloud-network"
+ name = "hq-network"
}
}
}
@@ -92,10 +93,10 @@ module "efs_fs" {
}
-module "efs-mnt_tg" {
+module "efs-mnt_tg1" {
source = "../modules/efs-mnt-tg"
fs_id = module.efs_fs.efs_fs_id
- subnet_id = "${local.public_subnet.zone-a.id}"
+ subnet_id = "${local.subnet.zone-a.id}"
sg_list = [module.efs_sg.sg_id]
depends_on = [
@@ -103,10 +104,10 @@ module "efs-mnt_tg" {
]
}
-module "efs-mnt_t2" {
+module "efs-mnt_tg2" {
source = "../modules/efs-mnt-tg"
fs_id = module.efs_fs.efs_fs_id
- subnet_id = "${local.public_subnet.zone-c.id}"
+ subnet_id = "${local.subnet.zone-c.id}"
sg_list = [module.efs_sg.sg_id]
depends_on = [
diff --git a/prod-hq-efs/terraform.tf b/prod-hq-efs/terraform.tf
index c7f6170..92aca09 100644
--- a/prod-hq-efs/terraform.tf
+++ b/prod-hq-efs/terraform.tf
@@ -1,10 +1,10 @@
terraform {
backend "remote"{
hostname = "app.terraform.io"
- organization = "icurfer"
+ organization = "22shop"
workspaces {
- name = "tf-cloud-efs"
+ name = "hq-efs"
}
}
}
\ No newline at end of file
diff --git a/prod-hq-eks/main.tf b/prod-hq-eks/main.tf
index c2dae59..ed70a9b 100644
--- a/prod-hq-eks/main.tf
+++ b/prod-hq-eks/main.tf
@@ -1,15 +1,18 @@
// prod - main
provider "aws" {
- region = "ap-northeast-2"
-
- #2.x버전의 AWS공급자 허용
+ region = "ap-northeast-2"
+ profile = "22shop"
+ shared_credentials_file = "C:/Users/aa/.aws/credentials"
+ #3.x버전의 AWS공급자 허용
version = "~> 3.0"
}
locals {
+ account_id = data.aws_caller_identity.this.account_id
vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id
- public_subnet = data.terraform_remote_state.hq_vpc_id.outputs.subnet
+ subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet
+ # subnet = data.terraform_remote_state.hq_vpc_id.outputs.public_subnet
common_tags = {
project = "22shop"
owner = "icurfer"
@@ -69,10 +72,10 @@ data "terraform_remote_state" "hq_vpc_id" {
backend = "remote"
config = {
- organization = "icurfer"
+ organization = "22shop"
workspaces = {
- name = "tf-cloud-network"
+ name = "hq-network"
}
}
}
@@ -107,6 +110,9 @@ module "eks_cluster_iam_att2" {
]
}
+//ec2 Bastion Host
+
+
// eks 노드그룹 역할 생성 및 추가
module "eks_nodegroup_iam" {
source = "../modules/iam"
@@ -145,7 +151,7 @@ module "eks_nodegroup_iam_att_3" {
]
}
-// 보안그룹 생성
+// 보안그룹 생성(추가 보안그룹)
module "eks_sg" {
source = "../modules/sg"
sg_name = "${local.common_tags.project}-sg"
@@ -185,7 +191,7 @@ module "eks_cluster" {
iam_role_arn = module.eks_cluster_iam.iam_arn
sg_list = [module.eks_sg.sg_id]
# subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음.
- subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id]
+ subnet_list = [local.subnet.zone-a.id, local.subnet.zone-c.id]
depends_on = [
module.eks_cluster_iam,
@@ -201,9 +207,9 @@ module "eks_node_group" {
node_group_name = "${local.common_tags.project}-ng"
cluster_name = module.eks_cluster.cluster_name
# iam_role_arn = module.eks_nodegroup_iam.iam_arn
- iam_role_arn = "arn:aws:iam::448559955338:role/eks-nodegroup-test"
+ iam_role_arn = "arn:aws:iam::${local.account_id}:role/eks-nodegroup-test"
# subnet_list = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] #변경해야될수있음.
- subnet_list = [local.public_subnet.zone-a.id, local.public_subnet.zone-c.id]
+ subnet_list = [local.subnet.zone-a.id, local.subnet.zone-c.id]
desired_size = local.node_group_scaling_config.desired_size
max_size = local.node_group_scaling_config.max_size
diff --git a/prod-hq-eks/terraform.tf b/prod-hq-eks/terraform.tf
index d6c4a83..830dbe0 100644
--- a/prod-hq-eks/terraform.tf
+++ b/prod-hq-eks/terraform.tf
@@ -1,10 +1,10 @@
terraform {
backend "remote"{
hostname = "app.terraform.io"
- organization = "icurfer"
+ organization = "22shop"
workspaces {
- name = "tf-cloud-eks"
+ name = "hq-eks"
}
}
}
\ No newline at end of file
diff --git a/prod-hq-idc-network/main.tf b/prod-hq-idc-network/main.tf
index 9d9ea12..86e94bd 100644
--- a/prod-hq-idc-network/main.tf
+++ b/prod-hq-idc-network/main.tf
@@ -1,8 +1,9 @@
// prod - main
provider "aws" {
- region = "ap-northeast-2"
-
- #2.x버전의 AWS공급자 허용
+ region = "ap-northeast-2"
+ profile = "22shop"
+ shared_credentials_file = "C:/Users/aa/.aws/credentials"
+ #3.x버전의 AWS공급자 허용
version = "~> 3.0"
}
@@ -14,9 +15,11 @@ locals {
owner = "icurfer"
}
cidr = {
- vpc = "10.4.0.0/16"
- zone_a = "10.4.1.0/24"
- zone_c = "10.4.3.0/24"
+ vpc = "10.3.0.0/16"
+ zone_a = "10.3.1.0/24"
+ zone_c = "10.3.3.0/24"
+ zone_b = "10.3.2.0/24"
+ zone_d = "10.3.4.0/24"
}
tcp_port = {
any_port = 0
@@ -26,7 +29,7 @@ locals {
dns_port = 53
django_port = 8000
mysql_port = 3306
- nfs_port = 2049
+ nfs_port = 2049
}
udp_port = {
dns_port = 53
@@ -40,23 +43,11 @@ locals {
// GET 계정정보
data "aws_caller_identity" "this" {}
-// eks를 위한 iam역할 생성 데이터 조회
-# data "aws_iam_policy_document" "eks-assume-role-policy" {
-# statement {
-# actions = ["sts:AssumeRole"]
-
-# principals {
-# type = "Service"
-# identifiers = ["eks.amazonaws.com"]
-# }
-# }
-# }
-
# module "vpc_hq" {
module "vpc_hq" {
source = "../modules/vpc"
# source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc"
- tag_name = "${local.common_tags.project}-vpc"
+ tag_name = "${local.common_tags.project}-hq-vpc"
cidr_block = local.cidr.vpc
}
@@ -66,7 +57,7 @@ module "vpc_igw" {
vpc_id = module.vpc_hq.vpc_hq_id
- tag_name = "${local.common_tags.project}-vpc_igw"
+ tag_name = "${local.common_tags.project}-hq-igw"
depends_on = [
module.vpc_hq
@@ -76,7 +67,7 @@ module "vpc_igw" {
module "subnet_public" {
source = "../modules/vpc-subnet"
- vpc_id = module.vpc_hq.vpc_hq_id
+ vpc_id = module.vpc_hq.vpc_hq_id
# subnet-az-list = var.subnet-az-public
subnet-az-list = {
"zone-a" = {
@@ -88,16 +79,16 @@ module "subnet_public" {
cidr = local.cidr.zone_c
}
}
- public_ip_on = true
+ public_ip_on = true
# vpc_name = "${local.common_tags.project}-public"
#alb-ingress 생성을 위해 지정
- vpc_name = "${local.common_tags.project}-vpc"
+ vpc_name = "${local.common_tags.project}-public"
}
// public route
module "route_public" {
source = "../modules/route-table"
- tag_name = "${local.common_tags.project}-route_table"
+ tag_name = "${local.common_tags.project}-hq-rt-tbl"
vpc_id = module.vpc_hq.vpc_hq_id
}
@@ -114,4 +105,26 @@ module "route_association" {
association_count = 2
subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id]
+}
+
+
+module "subnet_private" {
+ source = "../modules/vpc-subnet"
+
+ vpc_id = module.vpc_hq.vpc_hq_id
+ # subnet-az-list = var.subnet-az-public
+ subnet-az-list = {
+ "zone-b" = {
+ name = "${local.region}b"
+ cidr = local.cidr.zone_b
+ }
+ "zone-d" = {
+ name = "${local.region}d"
+ cidr = local.cidr.zone_d
+ }
+ }
+ public_ip_on = false
+ # vpc_name = "${local.common_tags.project}-public"
+ #alb-ingress 생성을 위해 지정
+ vpc_name = "${local.common_tags.project}-hq-private"
}
\ No newline at end of file
diff --git a/prod-hq-idc-network/terraform.tf b/prod-hq-idc-network/terraform.tf
index a18fd37..c5b4ce0 100644
--- a/prod-hq-idc-network/terraform.tf
+++ b/prod-hq-idc-network/terraform.tf
@@ -4,7 +4,7 @@ terraform {
organization = "22shop"
workspaces {
- name = "tf-22shop-idc-network"
+ name = "idc-network"
}
}
}
\ No newline at end of file
diff --git a/prod-hq-idc-network/valiables.tf b/prod-hq-idc-network/valiables.tf
index 271fd80..10143a0 100644
--- a/prod-hq-idc-network/valiables.tf
+++ b/prod-hq-idc-network/valiables.tf
@@ -29,17 +29,17 @@ variable "prod_name" {
# }
# }
# }
-variable "subnet-az-private" {
- description = "Subnet available zone & cidr"
- type = map(map(string))
- default = {
- "zone-b" = {
- name = "ap-northeast-2b"
- cidr = "10.3.2.0/24"
- }
- "zone-d" = {
- name = "ap-northeast-2d"
- cidr = "10.3.4.0/24"
- }
- }
-}
\ No newline at end of file
+# variable "subnet-az-private" {
+# description = "Subnet available zone & cidr"
+# type = map(map(string))
+ # default = {
+ # "zone-b" = {
+ # name = "ap-northeast-2b"
+ # cidr = "10.3.2.0/24"
+ # }
+ # "zone-d" = {
+ # name = "ap-northeast-2d"
+ # cidr = "10.3.4.0/24"
+ # }
+ # }
+# }
\ No newline at end of file
diff --git a/prod-hq-network/.terraform.lock.hcl b/prod-hq-network/.terraform.lock.hcl
index bb18485..0928293 100644
--- a/prod-hq-network/.terraform.lock.hcl
+++ b/prod-hq-network/.terraform.lock.hcl
@@ -2,23 +2,9 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
- version = "2.70.4"
- constraints = "~> 2.0"
+ version = "3.76.1"
+ constraints = "~> 3.0"
hashes = [
- "h1:0ALZ1dGL41uYi6Ooc0mT52FAcYMEvozpFNx8AQKvatY=",
- "zh:45f528103c5580623b15e7ac3986b72baa5d33cabc66c902594d666c7607a8f2",
- "zh:538793ad294171370cc0c280c98cb5c8eb77669d0917c2ab727090016ec2626e",
- "zh:631d5aea6ec7b13d8973f13fc70dc36ecc5e5614793c5141ccd254773bc4ec36",
- "zh:7861c5e12c322717ff9684ac658be590d12906a9549204b6337f3f8d55bf0640",
- "zh:8adfe014d0a0552a9a6b358cc0d7e3d0c660bc15aa5524e771525b0e5d14b20f",
- "zh:9d81089842c0990d410bffc5702dec719145951c3f5cbc85c3bf8968985d50cc",
- "zh:a4b0922e0fddccbb84958d4909896e8009c57885a41cc2e1c37dcdc56e2da796",
- "zh:a6dcd0292e807d8d5b8a922d2e0cc3c6949461e18603cb48005c967329abe574",
- "zh:ae07e0dae4e700c1f6623bd0b66ab4153d0b498ffd5f6681117101d2020815bc",
- "zh:bd07ba17501b8b57d4455329770f4f520e709d12f8b0c364821f39d1b2df1a89",
- "zh:ddbf1a0b63ac84462da002b44b249f86180804670f1070109785d00a19f88e16",
- "zh:e2291e9efbd0100c555d3bae8f2b2af4d416f80105c250747cb5fd8f0b17062f",
- "zh:e5d8e0ad489547118fd76f300d1cb6dd516997cf919dc0bbaedaacb5c91e697a",
- "zh:eae90e616cec391546bf4ecf294e8a3ae56ce7c90ac0e1d45ebf2907957b9f16",
+ "h1:UOk/iZppUGLh2zjmKJKKWCD6e79GsQokO2xfzOcKjxo=",
]
}
diff --git a/prod-hq-network/main.tf b/prod-hq-network/main.tf
index ea280be..0b44885 100644
--- a/prod-hq-network/main.tf
+++ b/prod-hq-network/main.tf
@@ -1,17 +1,25 @@
// prod - main
provider "aws" {
- region = "ap-northeast-2"
-
+ region = "ap-northeast-2"
+ profile = "22shop"
+ shared_credentials_file = "C:/Users/aa/.aws/credentials"
#2.x버전의 AWS공급자 허용
- version = "~> 2.0"
+ version = "~> 3.0"
}
locals {
+ region = "ap-northeast-2"
common_tags = {
- project = "22shop"
+ project = "22shop-eks"
owner = "icurfer"
-
+ }
+ cidr = {
+ vpc = "10.3.0.0/16"
+ zone_a = "10.3.1.0/24"
+ zone_c = "10.3.3.0/24"
+ zone_a_private = "10.3.2.0/24"
+ zone_c_private = "10.3.4.0/24"
}
tcp_port = {
any_port = 0
@@ -45,6 +53,19 @@ locals {
// GET 계정정보
data "aws_caller_identity" "this" {}
+// 테라폼클라우드
+# data "terraform_remote_state" "hq_vpc_id" {
+# backend = "remote"
+
+# config = {
+# organization = "22shop"
+
+# workspaces = {
+# name = "hq-network"
+# }
+# }
+# }
+
// eks를 위한 iam역할 생성 데이터 조회
data "aws_iam_policy_document" "eks-assume-role-policy" {
statement {
@@ -67,7 +88,7 @@ data "aws_iam_policy_document" "eks_node_group_role" {
}
}
-# module "vpc_hq" {
+//vpc 생성
module "vpc_hq" {
source = "../modules/vpc"
# source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc"
@@ -76,6 +97,7 @@ module "vpc_hq" {
}
+//외부통신 gateway
module "vpc_igw" {
source = "../modules/igw"
@@ -88,16 +110,36 @@ module "vpc_igw" {
]
}
+// public 서브넷 생성
module "subnet_public" {
source = "../modules/vpc-subnet"
vpc_id = module.vpc_hq.vpc_hq_id
- subnet-az-list = var.subnet-az-public
+ subnet-az-list = {
+ "zone-a" = {
+ name = "${local.region}a"
+ cidr = local.cidr.zone_a
+ }
+ "zone-c" = {
+ name = "${local.region}c"
+ cidr = local.cidr.zone_c
+ }
+ }
public_ip_on = true
# vpc_name = "${local.common_tags.project}-public"
#alb-ingress 생성을 위해 지정
k8s_ingress = true
- vpc_name = local.eks_ingress_type.public
+ # vpc_name = local.eks_ingress_type.public
+ vpc_name = local.eks_ingress_type.private
+}
+// private외부통신을 위한 nat
+module "nat_gw" {
+ source = "../modules/nat-gateway"
+ subnet_id = module.subnet_public.subnet.zone-a.id
+
+ depends_on = [
+ module.vpc_igw
+ ]
}
// public route
@@ -110,33 +152,59 @@ module "route_public" {
module "route_add" {
source = "../modules/route-add"
- route_public_id = module.route_public.route_public_id
+ route_id = module.route_public.route_id
igw_id = module.vpc_igw.igw_id
+ gw_type = "igw"
}
module "route_association" {
source = "../modules/route-association"
- route_table_id = module.route_public.route_public_id
+ route_table_id = module.route_public.route_id
association_count = 2
subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id]
}
+#----------------------------------------------------------------------------------------------------#
+######################################################################################################
+#----------------------------------------------------------------------------------------------------#
+module "subnet_private" {
+ source = "../modules/vpc-subnet"
-# // private subnet
-# module "subnet_private" {
-# source = "../modules/vpc-subnet"
+ vpc_id = module.vpc_hq.vpc_hq_id
+ subnet-az-list = {
+ "zone-a" = {
+ name = "${local.region}a"
+ cidr = local.cidr.zone_a_private
+ }
+ "zone-c" = {
+ name = "${local.region}c"
+ cidr = local.cidr.zone_c_private
+ }
+ }
+ public_ip_on = false
+ # vpc_name = "${local.common_tags.project}-public"
+ #alb-ingress 생성을 위해 지정
+ k8s_ingress = false
+ vpc_name = "null"
+}
-# vpc_id = module.vpc_hq.vpc_hq_id
-# subnet-az-list = var.subnet-az-private
-# public_ip_on = false
-# k8s_ingress = false
-# #alb-ingress 생성을 위해 지정
-# vpc_name = local.eks_ingress_type.public
-# }
+// private route
+module "route_private" {
+ source = "../modules/route-table"
+ tag_name = "${local.common_tags.project}-private_tbl"
+ vpc_id = module.vpc_hq.vpc_hq_id
-# module "route_private" {
-# source = "../modules/route-table"
-# tag_name = "${local.common_tags.project}-private_route_table"
-# vpc_id = module.vpc_hq.vpc_hq_id
+}
+module "route_add_nat" {
+ source = "../modules/route-add"
+ route_id = module.route_private.route_id
+ nat_id = module.nat_gw.nat_id
+ gw_type = "nat"
+}
+module "route_association_nat" {
+ source = "../modules/route-association"
+ route_table_id = module.route_private.route_id
-# }
+ association_count = 2
+ subnet_ids = [module.subnet_private.subnet.zone-a.id, module.subnet_private.subnet.zone-c.id]
+}
diff --git a/prod-hq-network/outputs.tf b/prod-hq-network/outputs.tf
index 6174a0a..aba1c33 100644
--- a/prod-hq-network/outputs.tf
+++ b/prod-hq-network/outputs.tf
@@ -4,13 +4,24 @@ output "aws_id" {
value = data.aws_caller_identity.this.account_id
}
-output "subnet" {
+output "public_subnet" {
description = "The name of vpc hq id"
value = module.subnet_public.subnet
}
+output "private_subnet" {
+ description = "The name of vpc hq id"
+ value = module.subnet_private.subnet
+}
+
output "vpc_id" {
description = "vpc_id"
value = module.vpc_hq.vpc_hq_id
+}
+
+output "nat_gw_id" {
+ description = "vpc_id"
+ value = module.nat_gw.nat_id
+
}
\ No newline at end of file
diff --git a/prod-hq-network/terraform.tf b/prod-hq-network/terraform.tf
index 528cf0c..35b1c5f 100644
--- a/prod-hq-network/terraform.tf
+++ b/prod-hq-network/terraform.tf
@@ -1,10 +1,10 @@
terraform {
backend "remote"{
hostname = "app.terraform.io"
- organization = "icurfer"
+ organization = "22shop"
workspaces {
- name = "tf-cloud-network"
+ name = "hq-network"
}
}
}
\ No newline at end of file
diff --git a/prod-hq-network/valiables.tf b/prod-hq-network/valiables.tf
index 3414430..0b88d60 100644
--- a/prod-hq-network/valiables.tf
+++ b/prod-hq-network/valiables.tf
@@ -10,36 +10,42 @@ variable "prod_name" {
default = "22shop"
}
+# variable "nat_id" {
+# description = "nat id value"
+# type = string
+# default = "insert_id"
+
+# }
# variable "igw_id" {
# description = "value"
# type = string
# }
-variable "subnet-az-public" {
- description = "Subnet available zone & cidr"
- type = map(map(string))
- default = {
- "zone-a" = {
- name = "ap-northeast-2a"
- cidr = "10.3.1.0/24"
- }
- "zone-c" = {
- name = "ap-northeast-2c"
- cidr = "10.3.3.0/24"
- }
- }
-}
-variable "subnet-az-private" {
- description = "Subnet available zone & cidr"
- type = map(map(string))
- default = {
- "zone-b" = {
- name = "ap-northeast-2b"
- cidr = "10.3.2.0/24"
- }
- "zone-d" = {
- name = "ap-northeast-2d"
- cidr = "10.3.4.0/24"
- }
- }
-}
\ No newline at end of file
+# variable "subnet-az-public" {
+# description = "Subnet available zone & cidr"
+# type = map(map(string))
+# default = {
+# "zone-a" = {
+# name = "ap-northeast-2a"
+# cidr = "10.3.1.0/24"
+# }
+# "zone-c" = {
+# name = "ap-northeast-2c"
+# cidr = "10.3.3.0/24"
+# }
+# }
+# }
+# variable "subnet-az-private" {
+# description = "Subnet available zone & cidr"
+# type = map(map(string))
+# default = {
+# "zone-b" = {
+# name = "ap-northeast-2b"
+# cidr = "10.3.2.0/24"
+# }
+# "zone-d" = {
+# name = "ap-northeast-2d"
+# cidr = "10.3.4.0/24"
+# }
+# }
+# }
\ No newline at end of file
diff --git a/test/.terraform.lock.hcl b/test/.terraform.lock.hcl
deleted file mode 100644
index bfeb2a0..0000000
--- a/test/.terraform.lock.hcl
+++ /dev/null
@@ -1,24 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/aws" {
- version = "4.48.0"
- hashes = [
- "h1:8xLCA04IhQUzGI8/t3ySKNFMyjgGCWiXRUWhWEsYvew=",
- "zh:08f5e3c5256a4fbd5c988863d10e5279172b2470fec6d4fb13c372663e7f7cac",
- "zh:2a04376b7fa84681bd2938973c7d0822c8c0f0656a4e7661a2f50ac4d852d4a3",
- "zh:30d6cdf321aaba874934cbde505333d89d172d8d5ffcf40b6e66626c57bc6ab2",
- "zh:364639ee19cf4cfaa65de84a2a71d32725d5b728b71dd88d01ccb639c006c1cf",
- "zh:4e02252cd88b6f59f556f49c5ce46a358046c98f069230358ac15f4030ae1e76",
- "zh:611717320f20b3512ceb90abddd5198a85e1093965ce59e3ef8183188c84f8c3",
- "zh:630be3b9ba5b3a95ecb2ce2f3523714ab37cd8bcd7479c879a769e6a446ab5ed",
- "zh:6701f9d3ae1ffadb3ebefbe75c9d82668cc5495b8f826e498adb8530e202b652",
- "zh:6dc6fdfa7469c9de7b405c68b2f6a09a3438db1ef09d348e49c7ceff4300b01a",
- "zh:84c8140d8af6965fa9cd80e52eb2ee3d273e3ab7762719a8d1af665c08fab748",
- "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
- "zh:9b6b4f7d4cea37ba7a42a47d506115498858bcd6440ad97dfb214c13a688ba90",
- "zh:a7f876af20f5c5dae8e333ec0dfc901e26aa801137e7df65fb365565637bbfe2",
- "zh:ad107b8e11dd0609b856584ce70ae6621aa4f1f946da51f7c792f1259e3f9c27",
- "zh:d5dc1683693a5fe2652952f50dbbeccd02716799c26c6d1a1378b226cf845e9b",
- ]
-}
diff --git a/test/main.tf b/test/main.tf
deleted file mode 100644
index dc565be..0000000
--- a/test/main.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-provider "aws" {
- region = "ap-northeast-2"
-}
-
-
-
-resource "aws_iam_role" "iam-role" {
- name = "eks-cluster-test"
-
- # Terraform's "jsonencode" function converts a
- # Terraform expression result to valid JSON syntax.
- assume_role_policy = jsonencode({
- "Version" : "2012-10-17",
- "Statement" : [
- {
- "Effect" : "Allow",
- "Principal" : {
- "Service" : [
- "eks.amazonaws.com"
- ]
- },
- "Action" : "sts:AssumeRole"
- }
- ]
- })
-
- tags = {
- tag-key = "eks-cluster-rule"
- }
-}