init

README.md

@@ -1,2 +1,8 @@
 # assingment01
+- 과제 1 진행을 위한 테라폼 코드 입니다.
+- [참고 코드_링크](https://github.com/Seong-dong/team_prj_terraform)
+    - 본인이 약 3년전 terraform 학습을 위해 작성했던 코드 참고.
+    - ChatGPT에 대하여 인지하 못하던 시기에 생성한 자료 입니다.
 
+- 백엔드로는 테라폼클라우드 백엔드가 적용되어 있습니다.
+    - terraform state pull > terraform.tfstate

assignments.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+set -e
+
+# Update and install docker
+apt update -y
+apt install -y docker.io
+
+# Enable & start Docker
+systemctl enable docker
+systemctl start docker
+
+# Wait for docker daemon to be ready
+tries=0
+while ! docker info >/dev/null 2>&1; do
+    tries=$((tries+1))
+    echo "Waiting for Docker... ($tries)"
+    sleep 30
+done
+
+# Run the helloworld container
+docker run -d --name hello -p 80:8080 testcontainers/helloworld:1.2.0

main.tf

@@ -0,0 +1,368 @@
+/* 
+  Provider Information
+  Used default accounts
+*/
+provider "aws" {
+ region = "ap-northeast-2" # 리전별 프로바이더 설정 필요.
+}
+
+// Local Vaiables
+locals {
+  region = "ap-northeast-2"
+  common_tags = {
+    project = "icurfer-demo"
+    owner   = "icurfer"
+  }
+  cidr = {
+    vpc            = "10.3.0.0/16"
+    zone_a         = "10.3.1.0/24"
+    zone_c         = "10.3.3.0/24"
+    zone_a_private = "10.3.2.0/24"
+    zone_c_private = "10.3.4.0/24"
+  }
+  udp_port = {
+    dns_port = 53
+  }
+  any_protocol  = "-1"
+  tcp_protocol  = "tcp"
+  icmp_protocol = "icmp"
+  all_ips       = ["0.0.0.0/0"]
+  admin_ip      = ["140.245.71.192/32"]
+
+  node_group_scaling_config = {
+    desired_size = 2
+    max_size     = 4
+    min_size     = 1
+  }
+
+}
+
+// GET 계정정보
+data "aws_caller_identity" "this" {}
+
+##################################
+###   Create Infra - Network   ###
+##################################
+
+// vpc 생성
+module "vpc" {
+  source = "./modules/vpc"
+  tag_name   = "${local.common_tags.project}"
+  cidr_block = "10.3.0.0/16"
+
+}
+
+// Ingernet gateway
+module "igw" {
+  source = "./modules/igw"
+
+  vpc_id = module.vpc.vpc_id
+
+  tag_name = "${local.common_tags.project}"
+
+  depends_on = [
+    module.vpc
+  ]
+}
+
+// Create Public Subnet
+module "subnet_ext" {
+  source = "./modules/vpc-subnet"
+  
+  // set variables, ./modules/vpc-subnet/valiables.tf
+  vpc_id = module.vpc.vpc_id
+  subnet-az-list = {
+    "zone-a" = {
+      name = "${local.region}a"
+      cidr = local.cidr.zone_a
+    }
+    "zone-c" = {
+      name = "${local.region}c"
+      cidr = local.cidr.zone_c
+    }
+  }
+  public_ip_on = true
+  
+  tag_name = "${local.common_tags.project}"
+
+  depends_on = [
+    module.vpc
+  ]
+}
+
+// Create private외부통신을 위한 nat
+module "ngw" {
+  source    = "./modules/nat-gateway"
+  subnet_id = module.subnet_ext.subnet.zone-a.id
+  # subnet_id = module.subnet_public.subnet.zone-a.id
+
+  tag_name = "${local.common_tags.project}"
+
+  depends_on = [
+    module.subnet_ext
+  ]
+}
+
+// Create public route
+module "route_public" {
+  source   = "./modules/route-table"
+  vpc_id   = module.vpc.vpc_id
+  tag_name = "${local.common_tags.project}-ext"
+
+}
+
+# // 라우팅 테이블에 룰 추가
+module "route_add" {
+  source   = "./modules/route-add"
+  route_id = module.route_public.route_id
+  igw_id   = module.igw.igw_id
+  gw_type  = "igw"
+  destination_cidr = "0.0.0.0/0"
+}
+
+# //서브넷 - 라우팅테이블
+module "route_association" {
+  source         = "./modules/route-association"
+  route_table_id = module.route_public.route_id
+
+  association_count = 2
+  subnet_ids        = [module.subnet_ext.subnet.zone-a.id, module.subnet_ext.subnet.zone-c.id]
+}
+
+// Create Private Subnet
+module "subnet_int" {
+  source = "./modules/vpc-subnet"
+  
+  // set variables, ./modules/vpc-subnet/valiables.tf
+  vpc_id = module.vpc.vpc_id
+  subnet-az-list = {
+    "zone-a" = {
+      name = "${local.region}a"
+      cidr = local.cidr.zone_a_private
+    }
+    "zone-c" = {
+      name = "${local.region}c"
+      cidr = local.cidr.zone_c_private
+    }
+  }
+  public_ip_on = false
+  
+  tag_name = "${local.common_tags.project}"
+
+  depends_on = [
+    module.vpc
+  ]
+}
+
+// Create private route
+module "route_private" {
+  source   = "./modules/route-table"
+  tag_name = "${local.common_tags.project}-int"
+  vpc_id   = module.vpc.vpc_id
+
+}
+module "route_add_nat" {
+  source   = "./modules/route-add"
+  route_id = module.route_private.route_id
+  nat_id   = module.ngw.nat_id
+  gw_type  = "nat"
+  destination_cidr = "0.0.0.0/0"
+}
+
+module "route_association_nat" {
+  source         = "./modules/route-association"
+  route_table_id = module.route_private.route_id
+
+  association_count = 2
+  subnet_ids        = [module.subnet_int.subnet.zone-a.id, module.subnet_int.subnet.zone-c.id]
+}
+
+##################################
+###   Create Infra - Bastion   ###
+##################################
+module "bastion" {
+  source = "./modules/ec2"
+  ami_name = "ami-010be25c3775061c9" //ubuntu 22.04 LTS
+  instance_type = "t2.micro"
+  tag_name = "bastion"
+  public_ip_associate = true
+  key_name = "icurfer-demo"
+  public_subnet = module.subnet_ext.subnet.zone-a.id
+  private_subnet  = module.subnet_int.subnet.zone-a.id
+  sg_list = [module.bastion_sg.sg_id]
+  user_data_file = null
+  # user_data_file = "${path.module}/assignments.sh"
+
+  depends_on = [
+    module.bastion_sg
+  ]
+}
+
+module "bastion_sg" {
+  source  = "./modules/sg"
+  sg_name = "${local.common_tags.project}-bastion-sg"
+  vpc_id = module.vpc.vpc_id
+
+}
+module "bastion_sg_ingress" {
+  source            = "./modules/sg-rule-add"
+  type              = "ingress"
+  rules = {
+    "ssh" = {
+      from_port = "22"
+      to_port = "22"
+      protocol = "tcp"
+      cidr_blocks = "140.245.71.192/32"
+    }
+  }
+
+  security_group_id = module.bastion_sg.sg_id
+
+  tag_name = "${local.common_tags.project}"
+}
+
+module "bastion_sg_egress" {
+  source            = "./modules/sg-rule-add"
+  type              = "egress"
+  rules = {
+    "ssh" = {
+      from_port = "-1"
+      to_port = "-1"
+      protocol = "-1"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  }
+  
+  security_group_id = module.bastion_sg.sg_id
+
+  tag_name = "${local.common_tags.project}"
+}
+##################################
+###   Create Infra - Web_Svr   ###
+##################################
+module "web_svr" {
+  source = "./modules/ec2"
+  ami_name = "ami-010be25c3775061c9" //ubuntu 22.04 LTS
+  instance_type = "t2.micro"
+  tag_name = "web"
+  public_ip_associate = false
+  key_name = "icurfer-demo"
+  public_subnet = module.subnet_ext.subnet.zone-a.id
+  private_subnet  = module.subnet_int.subnet.zone-a.id
+  sg_list = [module.web_sg.sg_id]
+  # user_data_file = null
+  user_data_file = "${path.module}/assignments.sh"
+
+  depends_on = [
+    module.web_sg,
+    module.ngw.nat_id
+  ]
+}
+
+module "web_sg" {
+  source  = "./modules/sg"
+  sg_name = "${local.common_tags.project}-web-sg"
+  vpc_id = module.vpc.vpc_id
+
+}
+module "web_sg_ingress" {
+  source            = "./modules/sg-rule-add"
+  type              = "ingress"
+  rules = {
+    "ssh" = {
+      from_port = "22"
+      to_port = "22"
+      protocol = "tcp"
+      cidr_blocks = "${module.bastion.private_ip}/32"
+    }
+    "http" = {
+      from_port = "80"
+      to_port = "80"
+      protocol = "tcp"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  }
+
+  security_group_id = module.web_sg.sg_id
+
+  tag_name = "${local.common_tags.project}"
+}
+
+module "web_sg_egress" {
+  source            = "./modules/sg-rule-add"
+  type              = "egress"
+  rules = {
+    "ssh" = {
+      from_port = "-1"
+      to_port = "-1"
+      protocol = "-1"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  }
+  
+  security_group_id = module.web_sg.sg_id
+
+  tag_name = "${local.common_tags.project}"
+}
+
+###################################################
+###   Create Infra - Application LoadBalancer   ###
+###################################################
+
+// ALB 보안그룹 생성
+module "alb_sg" {
+  source  = "./modules/sg"
+  sg_name = "${local.common_tags.project}-alb-sg"
+  vpc_id = module.vpc.vpc_id
+
+}
+
+module "alb_sg_ingress" {
+  source            = "./modules/sg-rule-add"
+  type              = "ingress"
+  rules = {
+    "http" = {
+      from_port = "80"
+      to_port = "80"
+      protocol = "tcp"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  }
+
+  security_group_id = module.alb_sg.sg_id
+
+  tag_name = "${local.common_tags.project}"
+}
+
+module "alb_sg_egress" {
+  source            = "./modules/sg-rule-add"
+  type              = "egress"
+  rules = {
+    "ssh" = {
+      from_port = "-1"
+      to_port = "-1"
+      protocol = "-1"
+      cidr_blocks = "0.0.0.0/0"
+    }
+  }
+  
+  security_group_id = module.alb_sg.sg_id
+
+  tag_name = "${local.common_tags.project}"
+}
+
+// ALB
+module "alb" {
+  source       = "./modules/alb"
+  name = "${local.common_tags.project}"
+  
+  vpc_id       = module.vpc.vpc_id
+  subnet_ids   = [module.subnet_ext.subnet.zone-a.id, module.subnet_ext.subnet.zone-c.id]
+
+  instance_id = module.web_svr.ec2_id
+  sg_ids       = [module.alb_sg.sg_id]
+
+  depends_on = [
+    module.alb_sg
+  ]
+}

modules/alb/main.tf

@@ -0,0 +1,55 @@
+#로드밸런서
+resource "aws_lb" "alb" {
+    name = "${var.name}-alb" 
+    load_balancer_type = "application"
+    subnets = var.subnet_ids
+    security_groups = var.sg_ids
+}
+# ALB LISTENER
+resource "aws_lb_listener" "http" {
+    load_balancer_arn = aws_lb.alb.arn
+    port = "80"
+    protocol = "HTTP"
+
+    default_action {
+        type             = "forward"
+        target_group_arn = aws_lb_target_group.instance.arn
+    }
+}
+# ALB Listener rule
+resource "aws_lb_listener_rule" "alb-lsn-rule" {
+  listener_arn = aws_lb_listener.http.arn
+  priority     = 100
+
+  condition {
+    path_pattern {
+      values = ["*"]
+    }
+    # field = "path-pattern"
+    # values = ["*"]
+  }
+
+  action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.instance.arn
+  }
+  depends_on = [
+    aws_lb_listener.http
+  ]
+}
+
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group
+# ALB TARGET GROUP
+resource "aws_lb_target_group" "instance" {
+  name     = "web-tg"
+  port     = 80
+  protocol = "HTTP"
+  vpc_id   = var.vpc_id
+}
+
+# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment
+resource "aws_lb_target_group_attachment" "instance" {
+  target_group_arn = aws_lb_target_group.instance.arn
+  target_id        = var.instance_id
+  port             = 80
+}

modules/alb/outputs.tf

@@ -0,0 +1,3 @@
+output "alb_tg_arn" {
+    value = aws_lb_target_group.instance.arn
+}

modules/alb/variables.tf

@@ -0,0 +1,15 @@
+variable "name" {
+    type = string
+}
+variable "subnet_ids" {
+    type = list(string)
+}
+variable "sg_ids" {
+    type = list(string)
+}
+variable "vpc_id" {
+    type = string
+}
+variable "instance_id" {
+    type = string
+}

modules/ec2/eks-host.sh

@@ -0,0 +1,11 @@
+curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
+unzip awscliv2.zip
+sudo ./aws/install
+export PATH=/usr/local/bin:$PATH
+source ~/.bash_profile
+curl -o /usr/local/bin/kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.23.13/2022-10-31/bin/linux/amd64/kubectl
+chmod +x /usr/local/bin/kubectl
+yum install -y jq
+yum install -y bash-completion
+curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
+mv -v /tmp/eksctl /usr/local/bin

modules/ec2/main.tf

@@ -0,0 +1,33 @@
+resource "aws_network_interface" "eni" {
+  # public subnet 여부에 따라 동작방식이 달라짐.
+  subnet_id = var.public_ip_associate ? var.public_subnet : var.private_subnet
+  # private_ips = ["172.16.10.100"]
+  security_groups = var.sg_list
+  tags = {
+    Name = "primary_network_interface"
+  }
+}
+
+resource "aws_instance" "ec2" {
+  ami = var.ami_name
+  # "ami-0ab04b3ccbadfae1f"
+  instance_type = var.instance_type
+  # "t2.micro"
+  
+  user_data = var.user_data_file != null ? file(var.user_data_file) : null
+
+  tags = {
+    Name = "${var.tag_name}"
+  }
+
+  primary_network_interface {
+    network_interface_id = aws_network_interface.eni.id
+    # device_index         = 0
+    # delete_on_termination = true
+    
+    # security_groups = var.sg_list
+    
+  }
+  
+  key_name = var.key_name
+}

modules/ec2/mariadb.sh

@@ -0,0 +1,9 @@
+cat <<EOF>> /etc/yum.repos.d/MariaDB.repo
+[mariadb]
+name = MariaDB
+baseurl = http://yum.mariadb.org/10.3/centos7-amd64
+gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
+gpgcheck = 1
+EOF
+yum install mariadb-server -y
+systemctl enable --now mariadb

modules/ec2/nginx.sh

@@ -0,0 +1,3 @@
+yum update -y
+amazon-linux-extras install -y nginx1
+systemctl enable --now nginx

modules/ec2/outputs.tf

@@ -0,0 +1,16 @@
+output "ec2_id" {
+    value = aws_instance.ec2.id
+  
+}
+
+output "public_ip_associate" {
+    value = aws_instance.ec2.associate_public_ip_address
+  
+}
+
+output "sg_id" {
+    value = aws_network_interface.eni.security_groups
+}
+output "private_ip" {
+    value = aws_instance.ec2.private_ip
+}

modules/ec2/vailables.tf

@@ -0,0 +1,46 @@
+variable "ami_name" {
+  description = "ami name"
+  type        = string
+}
+
+variable "instance_type" {
+  type = string
+}
+
+variable "tag_name" {
+  type = string
+}
+
+variable "public_ip_associate" {
+  type = bool
+}
+variable "key_name" {
+  type = string
+}
+# variable "subnet_id" {
+#   type = string
+# }
+
+variable "public_subnet" {
+  type = string
+}
+
+variable "private_subnet" {
+  type = string
+}
+
+variable "sg_list" {
+  description = "sg list"
+  type = list(string)
+  
+}
+
+variable "user_data_file" {
+  type = string
+  default = null
+}
+
+# variable "user_data" {
+#   type = string
+#   default = null
+# }

modules/eip/main.tf

@@ -0,0 +1,4 @@
+resource "aws_eip" "lb" {
+  instance = aws_instance.web.id
+  vpc      = true
+}

modules/igw/main.tf

@@ -0,0 +1,7 @@
+resource "aws_internet_gateway" "main" {
+  vpc_id = var.vpc_id
+
+  tags = {
+    Name = "${var.tag_name}-igw"
+  }
+}

modules/igw/outputs.tf

@@ -0,0 +1,5 @@
+//modules-igw-output
+output "igw_id" {
+  description = "The name of hq-igw id"
+  value = aws_internet_gateway.main.id
+}

modules/igw/valiables.tf

@@ -0,0 +1,9 @@
+variable "vpc_id" {
+    description = "set vpc id"
+    type = string
+}
+
+variable "tag_name" {
+    description = "value"
+    type = string
+}

modules/nat-gateway/main.tf

@@ -0,0 +1,22 @@
+resource "aws_eip" "nat-eip" {
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_nat_gateway" "main" {
+  allocation_id = aws_eip.nat-eip.id
+  subnet_id     = var.subnet_id
+
+  tags = {
+    Name = "${var.tag_name}-ngw"
+  }
+
+  # To ensure proper ordering, it is recommended to add an explicit dependency
+  # on the Internet Gateway for the VPC.
+  # depends_on = [aws_internet_gateway.example]
+}
+# resource "aws_nat_gateway" "example" {
+#   connectivity_type = "private"
+#   subnet_id         = aws_subnet.example.id
+# }

modules/nat-gateway/outputs.tf

@@ -0,0 +1,4 @@
+output "nat_id" {
+    value = aws_nat_gateway.main.id
+  
+}

modules/nat-gateway/variables.tf

@@ -0,0 +1,10 @@
+variable "subnet_id" {
+  description = "subnet id"
+  type        = string
+
+}
+
+variable "tag_name" {
+    description = "value"
+    type = string
+}

modules/route-add/main.tf

@@ -0,0 +1,26 @@
+resource "aws_route" "route-igw-add" {
+  count = format("%.1s", var.gw_type) == "i" ? 1 : 0
+  route_table_id            = var.route_id
+  destination_cidr_block    = var.destination_cidr
+  gateway_id = var.igw_id
+  depends_on                = [var.route_id]
+#   depends_on                = [aws_route_table.testing]
+}
+resource "aws_route" "route-nat-add" {
+  count = format("%.1s", var.gw_type) == "n" ? 1 : 0
+  route_table_id            = var.route_id
+  destination_cidr_block    = var.destination_cidr
+  nat_gateway_id = var.nat_id
+  depends_on                = [var.route_id]
+#   depends_on                = [aws_route_table.testing]
+}
+
+# transit_gateway_id -
+resource "aws_route" "route-tgw-add" {
+  count = format("%.1s", var.gw_type) == "t" ? 1 : 0
+  route_table_id            = var.route_id
+  destination_cidr_block    = var.destination_cidr
+  # "10.0.0.0/8"
+  transit_gateway_id = var.tgw_id
+  depends_on                = [var.route_id]
+}

modules/route-add/variables.tf

@@ -0,0 +1,30 @@
+variable "destination_cidr" {
+    description = "destination cidr"
+    type = string
+  
+}
+variable "route_id" {
+    description = "value"
+    type = string
+}
+
+variable "gw_type" {
+    description = "gateway type. nat or igw"
+    type = string
+}
+variable "igw_id" {
+    description = "value"
+    type = string
+    default = "null"
+}
+variable "nat_id" {
+    description = "value"
+    type = string
+    default = "null"
+}
+
+variable "tgw_id" {
+    description = "value"
+    type = string
+    default = "null"
+}

modules/route-association/main.tf

@@ -0,0 +1,10 @@
+//라우팅 테이블 서브넷 연결
+resource "aws_route_table_association" "route-association" {
+    # for_each = toset(var.subnet_ids)
+    # subnet_id      = each.value
+    count = var.association_count
+    subnet_id = var.subnet_ids[count.index]
+    route_table_id = var.route_table_id
+    
+    
+}

modules/route-association/variables.tf

@@ -0,0 +1,14 @@
+variable "subnet_ids" {
+  description = "Subnet id"
+  type        = list(any)
+}
+
+variable "route_table_id" {
+  description = "Subnet id"
+  type        = string
+}
+
+variable "association_count" {
+  description = "Subnet count"
+  type        = number
+}

modules/route-table/main.tf

@@ -0,0 +1,24 @@
+/*
+라우팅 테이블에 서브넷을 연결.
+라우팅에서 경로 설정.
+*/
+
+//public
+resource "aws_route_table" "main" {
+  vpc_id = var.vpc_id
+  tags = {
+    Name = "${var.tag_name}-rt"
+  }
+
+#   route {
+#     cidr_block = "10.0.1.0/24"
+#     gateway_id = aws_internet_gateway.example.id
+#   }
+
+#   route {
+#     ipv6_cidr_block        = "::/0"
+#     egress_only_gateway_id = aws_egress_only_internet_gateway.example.id
+#   }
+}
+
+//private

modules/route-table/outputs.tf

@@ -0,0 +1,5 @@
+output "route_id" {
+    description = "get route_public_id"
+    value = aws_route_table.main.id
+
+}

modules/route-table/variables.tf

@@ -0,0 +1,8 @@
+variable "tag_name" {
+    description = "value"
+    type = string
+}
+variable "vpc_id" {
+    description = "set vpc id"
+    type = string
+}

modules/sg-rule-add/main.tf

@@ -0,0 +1,16 @@
+resource "aws_security_group_rule" "sg-rule-add" {
+  # description = "Security groups rule add"
+
+  type              = var.type
+  // rules
+  for_each = var.rules
+  from_port         = each.value.from_port
+  to_port           = each.value.to_port
+  protocol          = each.value.protocol
+  cidr_blocks       = [each.value.cidr_blocks]
+
+  security_group_id = var.security_group_id
+
+  description = "${var.tag_name}-sg-rule"
+
+}

modules/sg-rule-add/variables.tf

@@ -0,0 +1,34 @@
+variable "type" {
+  description = "security rule type"
+  type  = string
+}
+# variable "from_port" {
+#   description = "from port"
+#   type = number
+# }
+# variable "to_port" {
+#   description = "to_port"
+#   type = number
+# }
+# variable "protocol" {
+#   description = "protocol"
+#   type = string
+# }
+# variable "cidr_blocks" {
+#   description = "cidr_blocks"
+#   type = list(string)
+# }
+
+variable "rules" {
+  description = "sg rules"
+  type = map(map(string))
+
+}
+
+variable "security_group_id" {
+  
+}
+variable "tag_name" {
+  description = "tag_name"
+  type  = string
+}

modules/sg/main.tf

@@ -0,0 +1,6 @@
+resource "aws_security_group" "sg" {
+  description = "Security groups"
+  name        = var.sg_name
+  vpc_id = var.vpc_id
+
+}

modules/sg/outputs.tf

@@ -0,0 +1,5 @@
+//sg-output
+output "sg_id" {
+  description = "sg id outputs"
+  value       = aws_security_group.sg.id
+}

modules/sg/variables.tf

@@ -0,0 +1,9 @@
+variable "sg_name" {
+  description = "security group name"
+  type        = string
+}
+variable "vpc_id" {
+  description = "vpc_id"
+  type        = string
+
+}

modules/vpc-subnet/main.tf

@@ -0,0 +1,14 @@
+resource "aws_subnet" "main" {
+    vpc_id     = var.vpc_id
+    
+    for_each = var.subnet-az-list
+    availability_zone = each.value.name
+    cidr_block = each.value.cidr
+
+    map_public_ip_on_launch = var.public_ip_on ? true : false
+
+    tags = {
+        Name = "${var.tag_name}-subnet"
+    }
+    
+}

modules/vpc-subnet/outputs.tf

@@ -0,0 +1,5 @@
+//modules-subnet-outputs
+output "subnet" {
+  description = "Subnets info"
+  value = aws_subnet.main
+}

modules/vpc-subnet/valiables.tf

@@ -0,0 +1,20 @@
+variable "vpc_id" {
+    description = "set vpc id"
+    type = string
+}
+
+// reference | https://github.com/davidcsi/terraform/blob/master/healthchecks/main.tf
+variable "subnet-az-list" {
+    description = "Subnet available zone & cidr"
+    type = map(map(string))
+}
+
+
+variable "public_ip_on" {
+  type = bool
+}
+
+variable "tag_name" {
+    description = "value"
+    type = string
+}

modules/vpc/main.tf

@@ -0,0 +1,14 @@
+resource "aws_vpc" "main" {
+    # cidr_block       = "10.3.0.0/16"
+    cidr_block       = var.cidr_block
+    // instance_tenancy = "default"
+
+    # 인스턴스에 public DNS가 표시되도록 하는 속성
+    enable_dns_hostnames = true
+    enable_dns_support   = true
+
+
+    tags = {
+        Name = "${var.tag_name}-vpc"
+    }
+}

modules/vpc/outputs.tf

@@ -0,0 +1,10 @@
+//modules-vpc-output
+output "vpc_id" {
+  description = "The name of vpc hq id"
+  value = aws_vpc.main.id
+}
+
+output "vpc_name" {
+  value = var.tag_name
+}
+

modules/vpc/valiables.tf

@@ -0,0 +1,8 @@
+variable "cidr_block" {
+    description = "value"
+    type = string
+}
+variable "tag_name" {
+    description = "value"
+    type = string
+}

modules/vpn_conn/main.tf

@@ -0,0 +1,17 @@
+resource "aws_vpn_connection" "example" {
+  customer_gateway_id = var.cgw_id
+  
+  transit_gateway_id = var.tgw_id
+  
+  type = "ipsec.1"
+
+  tunnel1_preshared_key = var.preshared_key
+  tunnel2_preshared_key = var.preshared_key
+
+  static_routes_only = true
+  tags = {
+    Name = "terraform_ipsec_vpn_example"
+  }
+}
+#   outside_ip_address_type                 = "PrivateIpv4"
+#   transport_transit_gateway_attachment_id = data.aws_ec2_transit_gateway_dx_gateway_attachment.example.id

modules/vpn_conn/outputs.tf

@@ -0,0 +1,10 @@
+output "vpn_conn_tunnel-1_ip" {
+  value = aws_vpn_connection.example.tunnel1_address
+}
+output "vpn_conn_tunnel-2_ip" {
+  value = aws_vpn_connection.example.tunnel2_address
+}
+output "attach_id" {
+  value = aws_vpn_connection.example.transit_gateway_attachment_id
+  
+}

modules/vpn_conn/variables.tf

@@ -0,0 +1,13 @@
+variable "cgw_id" {
+    type = string
+  
+}
+
+variable "tgw_id" {
+    type = string
+  
+}
+variable "preshared_key" {
+    type = string
+  
+}

outputs.tf

@@ -0,0 +1,35 @@
+//main-outputs
+output "aws_id" {
+  description = "The AWS Account ID."
+  value       = data.aws_caller_identity.this.account_id
+}
+
+output "info_vpc" {
+  description = "vpc_id & vpc_name"
+  value = module.vpc
+}
+
+output "info_igw" {
+  description = "igw info"
+  value = module.igw
+}
+
+output "info_subnet_ext" {
+  description = "public subnet info"
+  value = module.subnet_ext
+}
+
+output "info_ngw" {
+  description = "ngw_id"
+  value = module.ngw.nat_id
+}
+
+output "bastion" {
+  description = "bastion"
+  value = module.bastion
+}
+
+output "web" {
+  description = "web"
+  value = module.web_svr
+}

terraform.tf

@@ -0,0 +1,11 @@
+// Terraform Backend
+terraform {
+  cloud {
+
+    organization = "icurfer-demo"
+
+    workspaces {
+      name = "tf-cloud-backend"
+    }
+  }
+}