diff --git a/modules/route-add/main.tf b/modules/route-add/main.tf index c5c84b7..e22b27e 100644 --- a/modules/route-add/main.tf +++ b/modules/route-add/main.tf @@ -1,16 +1,26 @@ resource "aws_route" "route-igw-add" { count = format("%.1s", var.gw_type) == "i" ? 1 : 0 route_table_id = var.route_id - destination_cidr_block = "0.0.0.0/0" + destination_cidr_block = var.destination_cidr gateway_id = var.igw_id depends_on = [var.route_id] # depends_on = [aws_route_table.testing] } resource "aws_route" "route-nat-add" { - count = format("%.1s", var.gw_type) == "i" ? 0 : 1 + count = format("%.1s", var.gw_type) == "n" ? 1 : 0 route_table_id = var.route_id - destination_cidr_block = "0.0.0.0/0" + destination_cidr_block = var.destination_cidr nat_gateway_id = var.nat_id depends_on = [var.route_id] # depends_on = [aws_route_table.testing] +} + +# transit_gateway_id - +resource "aws_route" "route-tgw-add" { + count = format("%.1s", var.gw_type) == "t" ? 1 : 0 + route_table_id = var.route_id + destination_cidr_block = var.destination_cidr + # "10.0.0.0/8" + transit_gateway_id = var.tgw_id + depends_on = [var.route_id] } \ No newline at end of file diff --git a/modules/route-add/variables.tf b/modules/route-add/variables.tf index f5b5f0f..7f4d370 100644 --- a/modules/route-add/variables.tf +++ b/modules/route-add/variables.tf @@ -1,3 +1,8 @@ +variable "destination_cidr" { + description = "destination cidr" + type = string + +} variable "route_id" { description = "value" type = string @@ -16,4 +21,10 @@ variable "nat_id" { description = "value" type = string default = "null" +} + +variable "tgw_id" { + description = "value" + type = string + default = "null" } \ No newline at end of file diff --git a/modules/route-table/main.tf b/modules/route-table/main.tf index 81243a0..293fafc 100644 --- a/modules/route-table/main.tf +++ b/modules/route-table/main.tf @@ -7,7 +7,7 @@ resource "aws_route_table" "rt-tbl" { vpc_id = var.vpc_id tags = { - Name = "${var.tag_name}-route-public" + Name = "${var.tag_name}" } # route { diff --git a/modules/transit-gateway/main.tf b/modules/transit-gateway/main.tf new file mode 100644 index 0000000..5b4d574 --- /dev/null +++ b/modules/transit-gateway/main.tf @@ -0,0 +1,6 @@ +resource "aws_ec2_transit_gateway" "tgw" { + description = "tgw" + tags = { + Name = "${var.tag_name}" + } +} \ No newline at end of file diff --git a/modules/transit-gateway/outputs.tf b/modules/transit-gateway/outputs.tf new file mode 100644 index 0000000..37519a0 --- /dev/null +++ b/modules/transit-gateway/outputs.tf @@ -0,0 +1,3 @@ +output "tgw_id" { + value = aws_ec2_transit_gateway.tgw.id +} \ No newline at end of file diff --git a/modules/transit-gateway/variables.tf b/modules/transit-gateway/variables.tf new file mode 100644 index 0000000..ee1bd8a --- /dev/null +++ b/modules/transit-gateway/variables.tf @@ -0,0 +1,5 @@ +variable "tag_name" { + description = "tag_name" + type = string + +} diff --git a/modules/transit-gw-vpc-attatch/main.tf b/modules/transit-gw-vpc-attatch/main.tf new file mode 100644 index 0000000..c26acb0 --- /dev/null +++ b/modules/transit-gw-vpc-attatch/main.tf @@ -0,0 +1,5 @@ +resource "aws_ec2_transit_gateway_vpc_attachment" "tgw-vpc-attatch" { + subnet_ids = var.subnet_id_list + transit_gateway_id = var.tgw_id + vpc_id = var.vpc_id +} diff --git a/modules/transit-gw-vpc-attatch/outputs.tf b/modules/transit-gw-vpc-attatch/outputs.tf new file mode 100644 index 0000000..e69de29 diff --git a/modules/transit-gw-vpc-attatch/variables.tf b/modules/transit-gw-vpc-attatch/variables.tf new file mode 100644 index 0000000..b43fb60 --- /dev/null +++ b/modules/transit-gw-vpc-attatch/variables.tf @@ -0,0 +1,14 @@ +variable "subnet_id_list" { + description = "subnet_id_list" + type = list(string) +} + +variable "tgw_id" { + description = "tgw_id" + type = string +} + +variable "vpc_id" { + description = "vpc_id" + type = string +} diff --git a/prod-hq-dns/main.tf b/prod-hq-dns/main.tf index 3432e94..827904a 100644 --- a/prod-hq-dns/main.tf +++ b/prod-hq-dns/main.tf @@ -70,8 +70,8 @@ resource "aws_route53_record" "www" { type = "A" alias { - name = "k8s-22shopekscluster-42f56c4a0b-158144463.ap-northeast-2.elb.amazonaws.com" - zone_id = "ZWKZPGTI48KDX" + name = "k8s-22shopekscluster-42f56c4a0b-271383680.ap-northeast-2.elb.amazonaws.com" + zone_id = "ZWKZPGTI48KDX" //rt53이아니고 로드밸런서 호스팅영역 evaluate_target_health = true } } \ No newline at end of file diff --git a/prod-hq-idc-network/main.tf b/prod-hq-idc-network/main.tf deleted file mode 100644 index 86e94bd..0000000 --- a/prod-hq-idc-network/main.tf +++ /dev/null @@ -1,130 +0,0 @@ -// prod - main -provider "aws" { - region = "ap-northeast-2" - profile = "22shop" - shared_credentials_file = "C:/Users/aa/.aws/credentials" - #3.x버전의 AWS공급자 허용 - version = "~> 3.0" - -} - -locals { - region = "ap-northeast-2" - common_tags = { - project = "22shop-hq-idc" - owner = "icurfer" - } - cidr = { - vpc = "10.3.0.0/16" - zone_a = "10.3.1.0/24" - zone_c = "10.3.3.0/24" - zone_b = "10.3.2.0/24" - zone_d = "10.3.4.0/24" - } - tcp_port = { - any_port = 0 - http_port = 80 - https_port = 443 - ssh_port = 22 - dns_port = 53 - django_port = 8000 - mysql_port = 3306 - nfs_port = 2049 - } - udp_port = { - dns_port = 53 - } - any_protocol = "-1" - tcp_protocol = "tcp" - icmp_protocol = "icmp" - all_ips = ["0.0.0.0/0"] -} - -// GET 계정정보 -data "aws_caller_identity" "this" {} - -# module "vpc_hq" { -module "vpc_hq" { - source = "../modules/vpc" - # source = "github.com/Seong-dong/team_prj/tree/main/modules/vpc" - tag_name = "${local.common_tags.project}-hq-vpc" - cidr_block = local.cidr.vpc - -} - -module "vpc_igw" { - source = "../modules/igw" - - vpc_id = module.vpc_hq.vpc_hq_id - - tag_name = "${local.common_tags.project}-hq-igw" - - depends_on = [ - module.vpc_hq - ] -} - -module "subnet_public" { - source = "../modules/vpc-subnet" - - vpc_id = module.vpc_hq.vpc_hq_id - # subnet-az-list = var.subnet-az-public - subnet-az-list = { - "zone-a" = { - name = "${local.region}a" - cidr = local.cidr.zone_a - } - "zone-c" = { - name = "${local.region}c" - cidr = local.cidr.zone_c - } - } - public_ip_on = true - # vpc_name = "${local.common_tags.project}-public" - #alb-ingress 생성을 위해 지정 - vpc_name = "${local.common_tags.project}-public" -} - -// public route -module "route_public" { - source = "../modules/route-table" - tag_name = "${local.common_tags.project}-hq-rt-tbl" - vpc_id = module.vpc_hq.vpc_hq_id - -} - -module "route_add" { - source = "../modules/route-add" - route_public_id = module.route_public.route_public_id - igw_id = module.vpc_igw.igw_id -} - -module "route_association" { - source = "../modules/route-association" - route_table_id = module.route_public.route_public_id - - association_count = 2 - subnet_ids = [module.subnet_public.subnet.zone-a.id, module.subnet_public.subnet.zone-c.id] -} - - -module "subnet_private" { - source = "../modules/vpc-subnet" - - vpc_id = module.vpc_hq.vpc_hq_id - # subnet-az-list = var.subnet-az-public - subnet-az-list = { - "zone-b" = { - name = "${local.region}b" - cidr = local.cidr.zone_b - } - "zone-d" = { - name = "${local.region}d" - cidr = local.cidr.zone_d - } - } - public_ip_on = false - # vpc_name = "${local.common_tags.project}-public" - #alb-ingress 생성을 위해 지정 - vpc_name = "${local.common_tags.project}-hq-private" -} \ No newline at end of file diff --git a/prod-hq-idc-network/outputs.tf b/prod-hq-idc-network/outputs.tf deleted file mode 100644 index 6174a0a..0000000 --- a/prod-hq-idc-network/outputs.tf +++ /dev/null @@ -1,16 +0,0 @@ -//main-outputs -output "aws_id" { - description = "The AWS Account ID." - value = data.aws_caller_identity.this.account_id -} - -output "subnet" { - description = "The name of vpc hq id" - value = module.subnet_public.subnet -} - -output "vpc_id" { - description = "vpc_id" - value = module.vpc_hq.vpc_hq_id - -} \ No newline at end of file diff --git a/prod-hq-idc-network/valiables.tf b/prod-hq-idc-network/valiables.tf deleted file mode 100644 index 10143a0..0000000 --- a/prod-hq-idc-network/valiables.tf +++ /dev/null @@ -1,45 +0,0 @@ -# variable "cidr_block" { -# type = string -# default = "10.3.0.0/16" - -# } - -variable "prod_name" { - description = "value" - type = string - default = "22shop" -} - -# variable "igw_id" { -# description = "value" -# type = string -# } - -# variable "subnet-az-public" { -# description = "Subnet available zone & cidr" -# type = map(map(string)) -# default = { -# "zone-a" = { -# name = "ap-northeast-2a" -# cidr = "10.3.1.0/24" -# } -# "zone-c" = { -# name = "ap-northeast-2c" -# cidr = "10.3.3.0/24" -# } -# } -# } -# variable "subnet-az-private" { -# description = "Subnet available zone & cidr" -# type = map(map(string)) - # default = { - # "zone-b" = { - # name = "ap-northeast-2b" - # cidr = "10.3.2.0/24" - # } - # "zone-d" = { - # name = "ap-northeast-2d" - # cidr = "10.3.4.0/24" - # } - # } -# } \ No newline at end of file diff --git a/prod-hq-network-tg/.terraform.lock.hcl b/prod-hq-network-tg/.terraform.lock.hcl new file mode 100644 index 0000000..0928293 --- /dev/null +++ b/prod-hq-network-tg/.terraform.lock.hcl @@ -0,0 +1,10 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "3.76.1" + constraints = "~> 3.0" + hashes = [ + "h1:UOk/iZppUGLh2zjmKJKKWCD6e79GsQokO2xfzOcKjxo=", + ] +} diff --git a/prod-hq-network-tg/main.tf b/prod-hq-network-tg/main.tf new file mode 100644 index 0000000..bd9d190 --- /dev/null +++ b/prod-hq-network-tg/main.tf @@ -0,0 +1,179 @@ +// prod - main +provider "aws" { + region = "ap-northeast-2" + profile = "22shop" + shared_credentials_file = "C:/Users/aa/.aws/credentials" + #3.x버전의 AWS공급자 허용 + version = "~> 3.0" + +} + +locals { + region = "ap-northeast-2" + common_tags = { + project = "22shop-hq-idc" + owner = "icurfer" + } + cidr = { + vpc = "10.3.0.0/16" + zone_a = "10.3.1.0/24" + zone_c = "10.3.3.0/24" + zone_b = "10.3.2.0/24" + zone_d = "10.3.4.0/24" + } + tcp_port = { + any_port = 0 + http_port = 80 + https_port = 443 + ssh_port = 22 + dns_port = 53 + django_port = 8000 + mysql_port = 3306 + nfs_port = 2049 + } + udp_port = { + dns_port = 53 + } + any_protocol = "-1" + tcp_protocol = "tcp" + icmp_protocol = "icmp" + all_ips = ["0.0.0.0/0"] +} + +// GET 계정정보 +data "aws_caller_identity" "this" {} + +// 테라폼클라우드 +// web-network +data "terraform_remote_state" "hq_vpc_id" { + backend = "remote" + + config = { + organization = "22shop" + + workspaces = { + name = "web-network-sdjo" + } + } +} +// hq-network +data "terraform_remote_state" "web_vpc_id" { + backend = "remote" + + config = { + organization = "22shop" + + workspaces = { + name = "hq-network" + } + } +} +// hidc-network +data "terraform_remote_state" "hidc_vpc_id" { + backend = "remote" + + config = { + organization = "22shop" + + workspaces = { + name = "hidc-network-bkkim" + } + } +} +locals { + account_id = data.aws_caller_identity.this.account_id + + hq_vpc_id = data.terraform_remote_state.hq_vpc_id.outputs.vpc_id + web_vpc_id = data.terraform_remote_state.web_vpc_id.outputs.vpc_id + hidc_vpc_id = data.terraform_remote_state.hidc_vpc_id.outputs.vpc_id + + hq_subnet = data.terraform_remote_state.hq_vpc_id.outputs.private_subnet_tgw + web_subnet = data.terraform_remote_state.web_vpc_id.outputs.private_subnet_tgw + hidc_subnet = data.terraform_remote_state.hidc_vpc_id.outputs.private_subnet + +} + +// tg 생성 +module "tgw" { + source = "../modules/transit-gateway" + tag_name = "22shop-tgw" +} +// tg 연결 +module "tgw-hq_vpc-attatch" { + source = "../modules/transit-gw-vpc-attatch" + tgw_id = module.tgw.tgw_id + vpc_id = local.hq_vpc_id + subnet_id_list = [local.hq_subnet.zone-a.id, local.hq_subnet.zone-c.id] + + depends_on = [ + module.tgw + ] +} +module "tgw-web_vpc-attatch" { + source = "../modules/transit-gw-vpc-attatch" + tgw_id = module.tgw.tgw_id + vpc_id = local.web_vpc_id + subnet_id_list = [local.web_subnet.zone-a.id, local.web_subnet.zone-c.id] + + depends_on = [ + module.tgw + ] +} +module "tgw-hidc_vpc-attatch" { + source = "../modules/transit-gw-vpc-attatch" + tgw_id = module.tgw.tgw_id + vpc_id = local.hidc_vpc_id + subnet_id_list = [local.hidc_subnet.zone-a.id, local.hidc_subnet.zone-c.id] + + depends_on = [ + module.tgw + ] +} +// route table에 경로 추가. +module "route_add_hq_public" { + source = "../modules/route-add" + route_id = data.terraform_remote_state.hq_vpc_id.outputs.route_public_id + tgw_id = module.tgw.tgw_id + gw_type = "tgw" + destination_cidr = "10.0.0.0/8" + + depends_on = [ + module.tgw + ] +} + +module "route_add_hq_private" { + source = "../modules/route-add" + route_id = data.terraform_remote_state.hq_vpc_id.outputs.route_private_id + tgw_id = module.tgw.tgw_id + gw_type = "tgw" + destination_cidr = "10.0.0.0/8" + + depends_on = [ + module.tgw + ] +} + +module "route_add_web_public" { + source = "../modules/route-add" + route_id = data.terraform_remote_state.web_vpc_id.outputs.route_public_id + tgw_id = module.tgw.tgw_id + gw_type = "tgw" + destination_cidr = "10.0.0.0/8" + + depends_on = [ + module.tgw + ] +} + +module "route_add_web_private" { + source = "../modules/route-add" + route_id = data.terraform_remote_state.web_vpc_id.outputs.route_private_id + tgw_id = module.tgw.tgw_id + gw_type = "tgw" + destination_cidr = "10.0.0.0/8" + + depends_on = [ + module.tgw + ] +} diff --git a/prod-hq-network-tg/outputs.tf b/prod-hq-network-tg/outputs.tf new file mode 100644 index 0000000..14d8d1b --- /dev/null +++ b/prod-hq-network-tg/outputs.tf @@ -0,0 +1 @@ +//main-outputs \ No newline at end of file diff --git a/prod-hq-idc-network/terraform.tf b/prod-hq-network-tg/terraform.tf similarity index 79% rename from prod-hq-idc-network/terraform.tf rename to prod-hq-network-tg/terraform.tf index c5b4ce0..4b9b3ff 100644 --- a/prod-hq-idc-network/terraform.tf +++ b/prod-hq-network-tg/terraform.tf @@ -4,7 +4,7 @@ terraform { organization = "22shop" workspaces { - name = "idc-network" + name = "common-tgw-sdjo" } } } \ No newline at end of file diff --git a/prod-hq-network-tg/valiables.tf b/prod-hq-network-tg/valiables.tf new file mode 100644 index 0000000..e69de29 diff --git a/prod-hq-network/main.tf b/prod-hq-network/main.tf index f025d04..64d5218 100644 --- a/prod-hq-network/main.tf +++ b/prod-hq-network/main.tf @@ -147,7 +147,7 @@ module "nat_gw" { // public route module "route_public" { source = "../modules/route-table" - tag_name = "${local.common_tags.project}-route_table" + tag_name = "${local.common_tags.project}-public_tbl-sdjo" vpc_id = module.vpc_hq.vpc_hq_id } @@ -157,6 +157,7 @@ module "route_add" { route_id = module.route_public.route_id igw_id = module.vpc_igw.igw_id gw_type = "igw" + destination_cidr = "0.0.0.0/0" } module "route_association" { @@ -193,7 +194,7 @@ module "subnet_private" { // private route module "route_private" { source = "../modules/route-table" - tag_name = "${local.common_tags.project}-private_tbl" + tag_name = "${local.common_tags.project}-private_tbl-sdjo" vpc_id = module.vpc_hq.vpc_hq_id } @@ -202,6 +203,7 @@ module "route_add_nat" { route_id = module.route_private.route_id nat_id = module.nat_gw.nat_id gw_type = "nat" + destination_cidr = "0.0.0.0/0" } module "route_association_nat" { source = "../modules/route-association" @@ -237,7 +239,7 @@ module "subnet_private_tgw" { // private route module "route_private_tgw" { source = "../modules/route-table" - tag_name = "${local.common_tags.project}-private_tbl_tgw" + tag_name = "${local.common_tags.project}-private_tbl_tgw-sdjo" vpc_id = module.vpc_hq.vpc_hq_id } diff --git a/prod-hq-network/outputs.tf b/prod-hq-network/outputs.tf index aba1c33..e5e21a2 100644 --- a/prod-hq-network/outputs.tf +++ b/prod-hq-network/outputs.tf @@ -14,6 +14,11 @@ output "private_subnet" { value = module.subnet_private.subnet } +output "private_subnet_tgw" { + description = "The name of vpc hq id" + value = module.subnet_private_tgw.subnet +} + output "vpc_id" { description = "vpc_id" value = module.vpc_hq.vpc_hq_id @@ -24,4 +29,17 @@ output "nat_gw_id" { description = "vpc_id" value = module.nat_gw.nat_id +} + +output "route_public_id" { + description = "get private route id" + value = module.route_public.route_id +} +output "route_private_id" { + description = "get private route id" + value = module.route_private.route_id +} +output "route_private_tgw_id" { + description = "get private route id" + value = module.route_private_tgw.route_id } \ No newline at end of file