- variable.tf 파일 수정
bastion key name을 생성할 것이다.
default 값은
앞서 aws에서 생성한 key pair 의 key 이름과 일치해야 한다.
그리하여
bastion ec2 인스턴스가 launch될 때,
variabe.tf에 선언한 key name과 일치하는 value를
AWS ssh 키 페어에서 불러온다.
(생략)
variable "bastion_key_name" {
default = "recipe-app-api-devops-bastion"
}- bastion.tf
data "aws_ami" "amazon_linux" {
most_recent = true
filter {
name = "name"
values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
}
owners = ["amazon"]
}
resource "aws_iam_role" "bastion" {
name = "${local.prefix}-bastion"
assume_role_policy = file("./templates/bastion/instance-profile-policy.json")
tags = local.common_tags
}
resource "aws_iam_role_policy_attachment" "bastion_attach_policy" {
role = aws_iam_role.bastion.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
}
resource "aws_iam_instance_profile" "bastion" {
name = "${local.prefix}-bastion-instance-profile"
role = aws_iam_role.bastion.name
}
resource "aws_instance" "bastion" {
ami = data.aws_ami.amazon_linux.id
user_data = file("./templates/bastion/user-data.sh")
instance_type = "t2.micro"
iam_instance_profile = aws_iam_instance_profile.bastion.name
key_name = var.bastion_key_name
subnet_id = aws_subnet.public_a.id
tags = merge(
local.common_tags,
map("Name", "${local.prefix}-bastion")
)
}