assignment01/main.tf

/* 
  Provider Information
  Used default accounts
*/
provider "aws" {
 region = "ap-northeast-2" # 리전별 프로바이더 설정 필요.
}

// Local Vaiables
locals {
  region = "ap-northeast-2"
  common_tags = {
    project = "icurfer-demo"
    owner   = "icurfer"
  }
  cidr = {
    vpc            = "10.3.0.0/16"
    zone_a         = "10.3.1.0/24"
    zone_c         = "10.3.3.0/24"
    zone_a_private = "10.3.2.0/24"
    zone_c_private = "10.3.4.0/24"
  }
  udp_port = {
    dns_port = 53
  }
  any_protocol  = "-1"
  tcp_protocol  = "tcp"
  icmp_protocol = "icmp"
  all_ips       = ["0.0.0.0/0"]
  admin_ip      = ["140.245.71.192/32"]

  node_group_scaling_config = {
    desired_size = 2
    max_size     = 4
    min_size     = 1
  }

}

// GET 계정정보
data "aws_caller_identity" "this" {}

##################################
###   Create Infra - Network   ###
##################################

// vpc 생성
module "vpc" {
  source = "./modules/vpc"
  tag_name   = "${local.common_tags.project}"
  cidr_block = "10.3.0.0/16"

}

// Ingernet gateway
module "igw" {
  source = "./modules/igw"

  vpc_id = module.vpc.vpc_id

  tag_name = "${local.common_tags.project}"

  depends_on = [
    module.vpc
  ]
}

// Create Public Subnet
module "subnet_ext" {
  source = "./modules/vpc-subnet"
  
  // set variables, ./modules/vpc-subnet/valiables.tf
  vpc_id = module.vpc.vpc_id
  subnet-az-list = {
    "zone-a" = {
      name = "${local.region}a"
      cidr = local.cidr.zone_a
    }
    "zone-c" = {
      name = "${local.region}c"
      cidr = local.cidr.zone_c
    }
  }
  public_ip_on = true
  
  tag_name = "${local.common_tags.project}"

  depends_on = [
    module.vpc
  ]
}

// Create private외부통신을 위한 nat
module "ngw" {
  source    = "./modules/nat-gateway"
  subnet_id = module.subnet_ext.subnet.zone-a.id
  # subnet_id = module.subnet_public.subnet.zone-a.id

  tag_name = "${local.common_tags.project}"

  depends_on = [
    module.subnet_ext
  ]
}

// Create public route
module "route_public" {
  source   = "./modules/route-table"
  vpc_id   = module.vpc.vpc_id
  tag_name = "${local.common_tags.project}-ext"

}

# // 라우팅 테이블에 룰 추가
module "route_add" {
  source   = "./modules/route-add"
  route_id = module.route_public.route_id
  igw_id   = module.igw.igw_id
  gw_type  = "igw"
  destination_cidr = "0.0.0.0/0"
}

# //서브넷 - 라우팅테이블
module "route_association" {
  source         = "./modules/route-association"
  route_table_id = module.route_public.route_id

  association_count = 2
  subnet_ids        = [module.subnet_ext.subnet.zone-a.id, module.subnet_ext.subnet.zone-c.id]
}

// Create Private Subnet
module "subnet_int" {
  source = "./modules/vpc-subnet"
  
  // set variables, ./modules/vpc-subnet/valiables.tf
  vpc_id = module.vpc.vpc_id
  subnet-az-list = {
    "zone-a" = {
      name = "${local.region}a"
      cidr = local.cidr.zone_a_private
    }
    "zone-c" = {
      name = "${local.region}c"
      cidr = local.cidr.zone_c_private
    }
  }
  public_ip_on = false
  
  tag_name = "${local.common_tags.project}"

  depends_on = [
    module.vpc
  ]
}

// Create private route
module "route_private" {
  source   = "./modules/route-table"
  tag_name = "${local.common_tags.project}-int"
  vpc_id   = module.vpc.vpc_id

}
module "route_add_nat" {
  source   = "./modules/route-add"
  route_id = module.route_private.route_id
  nat_id   = module.ngw.nat_id
  gw_type  = "nat"
  destination_cidr = "0.0.0.0/0"
}

module "route_association_nat" {
  source         = "./modules/route-association"
  route_table_id = module.route_private.route_id

  association_count = 2
  subnet_ids        = [module.subnet_int.subnet.zone-a.id, module.subnet_int.subnet.zone-c.id]
}

##################################
###   Create Infra - Bastion   ###
##################################
module "bastion" {
  source = "./modules/ec2"
  ami_name = "ami-010be25c3775061c9" //ubuntu 22.04 LTS
  instance_type = "t2.micro"
  tag_name = "bastion"
  public_ip_associate = true
  key_name = "icurfer-demo"
  public_subnet = module.subnet_ext.subnet.zone-a.id
  private_subnet  = module.subnet_int.subnet.zone-a.id
  sg_list = [module.bastion_sg.sg_id]
  user_data_file = null
  # user_data_file = "${path.module}/assignments.sh"

  depends_on = [
    module.bastion_sg
  ]
}

module "bastion_sg" {
  source  = "./modules/sg"
  sg_name = "${local.common_tags.project}-bastion-sg"
  vpc_id = module.vpc.vpc_id

}
module "bastion_sg_ingress" {
  source            = "./modules/sg-rule-add"
  type              = "ingress"
  rules = {
    "ssh" = {
      from_port = "22"
      to_port = "22"
      protocol = "tcp"
      cidr_blocks = "140.245.71.192/32"
    }
  }

  security_group_id = module.bastion_sg.sg_id

  tag_name = "${local.common_tags.project}"
}

module "bastion_sg_egress" {
  source            = "./modules/sg-rule-add"
  type              = "egress"
  rules = {
    "ssh" = {
      from_port = "-1"
      to_port = "-1"
      protocol = "-1"
      cidr_blocks = "0.0.0.0/0"
    }
  }
  
  security_group_id = module.bastion_sg.sg_id

  tag_name = "${local.common_tags.project}"
}
##################################
###   Create Infra - Web_Svr   ###
##################################
module "web_svr" {
  source = "./modules/ec2"
  ami_name = "ami-010be25c3775061c9" //ubuntu 22.04 LTS
  instance_type = "t2.micro"
  tag_name = "web"
  public_ip_associate = false
  key_name = "icurfer-demo"
  public_subnet = module.subnet_ext.subnet.zone-a.id
  private_subnet  = module.subnet_int.subnet.zone-a.id
  sg_list = [module.web_sg.sg_id]
  # user_data_file = null
  user_data_file = "${path.module}/assignments.sh"

  depends_on = [
    module.web_sg,
    module.ngw.nat_id
  ]
}

module "web_sg" {
  source  = "./modules/sg"
  sg_name = "${local.common_tags.project}-web-sg"
  vpc_id = module.vpc.vpc_id

}
module "web_sg_ingress" {
  source            = "./modules/sg-rule-add"
  type              = "ingress"
  rules = {
    "ssh" = {
      from_port = "22"
      to_port = "22"
      protocol = "tcp"
      cidr_blocks = "${module.bastion.private_ip}/32"
    }
    "http" = {
      from_port = "80"
      to_port = "80"
      protocol = "tcp"
      cidr_blocks = "0.0.0.0/0"
    }
  }

  security_group_id = module.web_sg.sg_id

  tag_name = "${local.common_tags.project}"
}

module "web_sg_egress" {
  source            = "./modules/sg-rule-add"
  type              = "egress"
  rules = {
    "ssh" = {
      from_port = "-1"
      to_port = "-1"
      protocol = "-1"
      cidr_blocks = "0.0.0.0/0"
    }
  }
  
  security_group_id = module.web_sg.sg_id

  tag_name = "${local.common_tags.project}"
}

###################################################
###   Create Infra - Application LoadBalancer   ###
###################################################

// ALB 보안그룹 생성
module "alb_sg" {
  source  = "./modules/sg"
  sg_name = "${local.common_tags.project}-alb-sg"
  vpc_id = module.vpc.vpc_id

}

module "alb_sg_ingress" {
  source            = "./modules/sg-rule-add"
  type              = "ingress"
  rules = {
    "http" = {
      from_port = "80"
      to_port = "80"
      protocol = "tcp"
      cidr_blocks = "0.0.0.0/0"
    }
  }

  security_group_id = module.alb_sg.sg_id

  tag_name = "${local.common_tags.project}"
}

module "alb_sg_egress" {
  source            = "./modules/sg-rule-add"
  type              = "egress"
  rules = {
    "ssh" = {
      from_port = "-1"
      to_port = "-1"
      protocol = "-1"
      cidr_blocks = "0.0.0.0/0"
    }
  }
  
  security_group_id = module.alb_sg.sg_id

  tag_name = "${local.common_tags.project}"
}

// ALB
module "alb" {
  source       = "./modules/alb"
  name = "${local.common_tags.project}"
  
  vpc_id       = module.vpc.vpc_id
  subnet_ids   = [module.subnet_ext.subnet.zone-a.id, module.subnet_ext.subnet.zone-c.id]

  instance_id = module.web_svr.ec2_id
  sg_ids       = [module.alb_sg.sg_id]

  depends_on = [
    module.alb_sg
  ]
}