앞서 작성했던 테라폼에서 variable을 사용하여 aws의 네트워크 서비스인 vpc를 생성해보자
AWS VPC 구성요소
Vpc, Subnet, Route table, Internet gateway, Nat gateway
생성할 테라폼 구조이고 아래는 각 파일들의 역할이다.
provider "aws" {
region = "ap-northeast-2"
shared_credentials_files = ["~/.aws/credentials"]
profile = "[profile]"
}
terraform {
backend "s3" {
bucket = "[bucket name]"
key = "vpc.tfstate"
region = "ap-northeast-2"
profile = "[profile]"
}
}
provider 구문에서 AWS ACCESS KEY와 SECRET KEY를 설정해도 되지만 보안상 좋지 않으니 로컬에 시스템 변수로 설정해두는게 좋다.
# vpc
resource "aws_vpc" "vpc" {
cidr_block = var.vpc_cidr
tags = {
Name = "${var.tags}-vpc"
}
}
# public subnet
resource "aws_subnet" "pub_sub" {
count = length(var.aws_az)
vpc_id = aws_vpc.vpc.id
cidr_block = "${var.public_subnet[count.index]}"
availability_zone = "${var.aws_az[count.index]}"
tags = {
Name = "${var.tags}-pub-sub-${var.aws_az_des[count.index]}"
}
}
# private subnet
resource "aws_subnet" "priv_sub" {
count = length(var.aws_az)
vpc_id = aws_vpc.vpc.id
cidr_block = "${var.private_subnet[count.index]}"
availability_zone = "${var.aws_az[count.index]}"
tags = {
Name = "${var.tags}-priv-sub-${var.aws_az_des[count.index]}"
}
}
# internet gateway
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "${var.tags}-igw"
}
}
# public routing table
resource "aws_route_table" "pub_rt" {
vpc_id = aws_vpc.vpc.id
depends_on = [aws_internet_gateway.igw]
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
tags = {
Name = "${var.tags}-pub-rt"
}
}
# public rt association
resource "aws_route_table_association" "pub_rt_association" {
count = length(aws_route_table.pub_rt)
subnet_id = "${element(aws_subnet.pub_sub.*.id, count.index)}"
route_table_id = "${aws_route_table.pub_rt.id}"
}
# NAT EIP
resource "aws_eip" "nat_eip" {
count = length(var.aws_az)
vpc = true
lifecycle {
create_before_destroy = true
}
tags = {
Name = "${var.tags}-nat-${var.aws_az_des[count.index]}-eip"
}
}
# nat gateway
resource "aws_nat_gateway" "nat_gw" {
count = length(var.aws_az)
allocation_id = "${aws_eip.nat_eip[count.index].id}"
subnet_id = "${aws_subnet.pub_sub[count.index].id}"
tags = {
Name = "${var.tags}-nat-${var.aws_az_des[count.index]}"
}
}
resource "aws_route_table" "priv_rt" {
count = length(var.aws_az)
vpc_id = aws_vpc.vpc.id
depends_on = [aws_nat_gateway.nat_gw]
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = "${aws_nat_gateway.nat_gw[count.index].id}"
}
tags = {
Name = "${var.tags}-priv-rt-${var.aws_az_des[count.index]}"
}
}
resource "aws_route_table_association" "priv_rt_association" {
count = length(var.aws_az_des)
subnet_id = "${aws_subnet.priv_sub[count.index].id}"
route_table_id = "${aws_route_table.priv_rt[count.index].id}"
}
resource : aws_vpc
resource : aws_subnet
resource : aws_internet_gateway
resource : aws_route_table
resource : aws_route_table_association
resource : aws_eip
resource : aws_nat_gateway
variable "tags" {
type = string
default = "hb"
description = "Additinal your company and name tags"
}
variable "aws_az" {
type = list
default = ["ap-northeast-2a", "ap-northeast-2c"]
}
variable "aws_az_des" {
type = list
default = ["2a", "2c"]
}
variable "vpc_cidr" {
type = string
default = "10.172.0.0/16"
description = "aws vpc cidr"
}
variable "public_subnet" {
type = list
default = ["10.172.10.0/24", "10.172.20.0/24"]
description = "aws public subnet cidr"
}
variable "private_subnet" {
type = list
default = ["10.172.30.0/24", "10.172.40.0/24"]
description = "aws private subnet cidr"
}
반복하여 사용하는 값들을 변수로 관리하여 사용하자
output "vpc_id" {
description = "The ID of the VPC"
value = aws_vpc.vpc.id
}
output "subnet_id" {
description = "The ID of the SUBNET"
value = aws_subnet.pub_sub.*.id # pub_sub_2a id
}
output "tags" {
description = "The NAME of the TAGS"
value = var.tags
}
해당 파일은 vpc를 구성하는데 필수적이진 않지만 다른 aws 리소스에서 자주 참조하는 값이므로 output으로 설정하여 관리하도록 하자
이제 terraform plan → terraform apply를 하면 VPC 리소스가 생성된다. aws 콘솔에서 vpc resource map을 확인해보면 생성한 리소스들간의 관계를 볼 수 있다.
테라폼 코드에서 사용한 count, length, count.index 등은 추후에 자세하게 알아 볼 예정이다.