2024.11.09. Today I Learned

polar·2024년 11월 9일
TILterraform

2024년 11월 TIL

목록 보기
7/28
post-thumbnail

배운점

금일은 VPC를 생성하는 코드를 개선해 보았다.

VPC를 생성하는 코드는 178줄로 작성되었는데, 오늘 작업을 통해 51줄로 줄이면서 코드의 가독성을 크게 향상시킬 수 있었다.

이번 작업을 통해 Terraform module에 대해 배웠고, Terraform init 명령어를 실행한 후에 Terraform module 코드를 작성할 수 있다는 점도 깨닫게 되었다.

느낀점

또한, Terraform module을 사용하여 코드를 작성하기 전에 VPC 화면을 참고하여 작성했음에도 불구하고, 기본 security group과 같은 일부 사항이 누락된 것을 발견했다.

이번 경험을 통해 가능하면 Terraform module을 사용하여 인프라를 구축하는 것이 바람직하다는 것을 깨닫게 된 하루였다.

참고

AWS VPC Terraform module

[AWS] Terraform VPC Module 사용

Terraform으로 EKS 배포하기 2. AWS VPC 셋업 추가 작업

참고 - 코드

리팩토링 이후 코드 
module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  # VPC 이름
  name = "${var.project}-vpc"

  # VPC CIDR 블럭
  cidr = var.vpc_cidr_block

  # Availability Zone
  azs = ["ap-northeast-2a", "ap-northeast-2b", "ap-northeast-2c"]

  # Public Subnet
  public_subnets = [var.prod_public_subnet1_cidr_block, var.prod_public_subnet2_cidr_block, var.stage_public_subnet_cidr_block]
  public_subnet_names = ["${var.project}-prod-public-subnet1", "${var.project}-prod-public-subnet2", "${var.project}-stage-public-subnet"]

  # Private Subnet
  private_subnets = [var.prod_private_subnet1_cidr_block, var.prod_private_subnet2_cidr_block]
  private_subnet_names = ["${var.project}-prod-private-subnet1", "${var.project}-prod-private-subnet2"]

  # Internet Gateway
  igw_tags = {
    Name = "${var.project}-igw"
  }

  # NAT Gateway - 한 개의 NAT Gateway를 사용
  enable_nat_gateway     = true
  single_nat_gateway     = true
  one_nat_gateway_per_az = false
  nat_gateway_tags = {
    Name = "${var.project}-nat-gateway"
  }

  # VPN Gateway
  enable_vpn_gateway = false

  # Tags
  tags = {
    "TerraformManaged" = "true"
  }
}

# S3 Endpoint
resource "aws_vpc_endpoint" "s3" {
  vpc_id       = module.vpc.vpc_id
  route_table_ids = module.vpc.private_route_table_ids
  service_name = "com.amazonaws.ap-northeast-2.s3"
  tags = {
    Name = "${var.project}-s3-endpoint"
  }
}
리팩토링 이전 코드 
# VPC
resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr_block
  tags = {
    Name = "${var.project}-vpc"
  }
}

################################################################################
# Prod Subnet
################################################################################

# Prod public subnet 생성 (ap-northeast-2a)
resource "aws_subnet" "prod_public_subnet1" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.prod_public_subnet1_cidr_block
  availability_zone = "ap-northeast-2a"
  tags = {
    Name = "${var.project}-prod-subnet-public1"
  }
}

# Prod public subnet 생성 (ap-northeast-2b)
resource "aws_subnet" "prod_public_subnet2" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.prod_public_subnet2_cidr_block
  availability_zone = "ap-northeast-2b"
  tags = {
    Name = "${var.project}-prod-subnet-public2"
  }
}

# Prod private subnet 생성 (ap-northeast-2a)
resource "aws_subnet" "prod_private_subnet1" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.prod_private_subnet1_cidr_block
  availability_zone = "ap-northeast-2a"
  tags = {
    Name = "${var.project}-prod-subnet-private1"
  }
}

# Prod private subnet 생성 (ap-northeast-2b)
resource "aws_subnet" "prod_private_subnet2" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.prod_private_subnet2_cidr_block
  availability_zone = "ap-northeast-2b"
  tags = {
    Name = "${var.project}-prod-subnet-private2"
  }
}

################################################################################
# Stage Subnet
################################################################################

# Stage public subnet 생성 (ap-northeast-2c)
resource "aws_subnet" "stage_public_subnet1" {
  vpc_id            = aws_vpc.main.id
  cidr_block        = var.stage_public_subnet_cidr_block
  availability_zone = "ap-northeast-2c"
  tags = {
    Name = "${var.project}-stage-subnet"
  }
}

################################################################################
# Gateway
################################################################################

# Internet Gateway 생성
resource "aws_internet_gateway" "main" {
  vpc_id = aws_vpc.main.id
  tags = {
    Name = "${var.project}-igw"
  }
}

# NAT Gateway
# Public IP 생성
resource "aws_eip" "nat_gateway" {
  lifecycle {
    create_before_destroy = true
  }
}

# NAT Gateway 생성 (시간당 USD 0.059)
resource "aws_nat_gateway" "main" {
  allocation_id = aws_eip.nat_gateway.id
  subnet_id     = aws_subnet.prod_public_subnet1.id
  tags = {
    Name = "${var.project}-nat-gateway"
  }
}

################################################################################
# Route Table
################################################################################

# Public Subnet Route Table 생성
resource "aws_route_table" "public" {
  vpc_id = aws_vpc.main.id

  # Internet Gateway 연결
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.main.id
  }

  tags = {
    Name = "${var.project}-public-route-table"
  }
}

# Private Subnet Route Table 생성
resource "aws_route_table" "private" {
  vpc_id = aws_vpc.main.id

  # NAT Gateway 연결
  route {
    cidr_block     = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.main.id
  }

  tags = {
    Name = "${var.project}-private-route-table"
  }
}

################################################################################
# VPC Endpoint
################################################################################

# S3 Endpoint 생성
resource "aws_vpc_endpoint" "s3" {
  vpc_id       = aws_vpc.main.id
  service_name = "com.amazonaws.ap-northeast-2.s3"
  tags = {
    Name = "${var.project}-s3-endpoint"
  }
}

# S3 Endpoint Route Table 연결
resource "aws_vpc_endpoint_route_table_association" "s3" {
  vpc_endpoint_id = aws_vpc_endpoint.s3.id
  route_table_id  = aws_route_table.private.id
}

################################################################################
# Subnet Route Table Association
################################################################################

# Public Subnet Route Table 연결
resource "aws_route_table_association" "public1" {
  subnet_id      = aws_subnet.prod_public_subnet1.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route_table_association" "public2" {
  subnet_id      = aws_subnet.prod_public_subnet2.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route_table_association" "stage" {
  subnet_id      = aws_subnet.stage_public_subnet1.id
  route_table_id = aws_route_table.public.id
}

# Private Subnet Route Table 연결
resource "aws_route_table_association" "private1" {
  subnet_id      = aws_subnet.prod_private_subnet1.id
  route_table_id = aws_route_table.private.id
}

resource "aws_route_table_association" "private2" {
  subnet_id      = aws_subnet.prod_private_subnet2.id
  route_table_id = aws_route_table.private.id
}
profile
polar
이전 포스트

2024.11.08. Today I Learned

다음 포스트

2024.11.10. Today I Learned

0개의 댓글