[Terraform] 2. Spring Project AWS Terraform으로 띄우기 - (VPC)

기본적인 Configure, Provider, IAM을 만들고 나서는 이제 기본적인 EC2를 띄워볼것입니다.
EC2를 만들기 전에는 이제 기본적인 VPC구성요소들을 채워야합니다

data "aws_availability_zones" "available" {
  state = "available"
}

=> allows access to the list of AWS Availability Zones which can be accessed by an AWS account within the region configured in the provider.

=> state - (Optional) Allows to filter list of Availability Zones based on their current state. Can be either "available", "information", "impaired" or "unavailable". By default the list includes a complete set of Availability Zones to which the underlying AWS account has access, regardless of their state.

resource "aws_vpc" "side_effect" {
  cidr_block           = "10.10.0.0/16"
  enable_dns_hostnames = true
  enable_dns_support   = true
  instance_tenancy     = "default"
  tags = {
      Name = "side-effect-vpc"
  }
}

=> 먼저 기본적인 VPC를 만들어준다

cidr_block - (Optional) The IPv4 CIDR block for the VPC. CIDR can be explicitly set or it can be derived from IPAM using ipv4netmask_length.
instance_tenancy - (Optional) A tenancy option for instances launched into the VPC.
Default is **_default, which ensures that EC2 instances launched in this VPC use the EC2 instance tenancy attribute specified when the EC2 instance is launched.
_dedicated**_, which ensures that EC2 instances launched in this VPC are run on dedicated tenancy instances regardless of the tenancy attribute specified at launch.

[Default tenancy is shared. You and other customers all have VM's on the same hypervisor, and the separation is programmatic.]

Dedicated tenancy means you're the only customer running anything on that host. Which is more expensive.

(IPAM can give network admins a real-time inventory of both used and unassigned IP addresses)

enable_dns_support - (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults to true.

enable_dns_hostnames - (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.

resource "aws_route_table" "new_public_rtb" {
  vpc_id = aws_vpc.side_effect.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.side_effect_igw.id
  }
  tags = {
    Name = "NEW-PUBLIC-RTB"
  }
}

gateway_id - (Optional) ID of an Internet Gateway or Virtual Private Gateway which is connected to the Route Table (not exported if not passed as a parameter).
vpc_id - (Optional) ID of the VPC that the desired Route Table belongs to.

resource "aws_subnet" "side_effect_public_subnet1" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.1.0/24"
  map_public_ip_on_launch = true
  availability_zone = data.aws_availability_zones.available.names[0]
  tags = {
    Name = "public-az-1"
  }
}

availability_zone - (Optional) Availability zone where the subnet must reside.
availability_zone_id - (Optional) ID of the Availability Zone for the subnet. This argument is not supported in all regions or partitions. If necessary, use availability_zone instead.
cidr_block - (Optional) CIDR block of the desired subnet.
vpc_id - (Optional) ID of the VPC that the desired subnet belongs to
map_public_ip_on_launch - Whether public IP addresses are assigned on instance launch.

물론 저는 public subnet을 두개 그리고 private subnet은 4개를 만들어서 구성을 하였습니다. 두개는 db를 위해 빼놓고, 나머지 두개는 elasticache나 다른 서비스들을 위해 열어놨습니다.

resource "aws_internet_gateway" "side_effect_igw" {
  vpc_id = aws_vpc.side_effect.id
  tags = {
    Name = "internet-gateway-terraform"
  }
}

이렇게 internet gateway 를 만들어준다

// route to internet
resource "aws_route" "side_effect_internet_access" {
route_table_id = aws_vpc.side_effect.main_route_table_id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.side_effect_igw.id
}
=> Provides a resource to create a routing table entry (a route) in a VPC routing table.

route_table_id - (Required) The ID of the routing table.
destination_cidr_block - (Optional) The destination CIDR block.
gateway_id - (Optional) Identifier of a VPC internet gateway or a virtual private gateway. Specify local when updating a previously imported local route.
nat_gateway_id - (Optional) Identifier of a VPC NAT gateway.

• 이 명령어를 이용해서 route table에 한줄을 추가한다

resource "aws_eip" "side_effect_nat_eip" {
  domain = vpc
  depends_on = ["aws_internet_gateway.side_effect_igw"]
}

• elastic ip를 NAT에 달아준다
• domain - Indicates if this EIP is for use in VPC (vpc).
• instance - (Optional) EC2 instance ID.
• network_interface - (Optional) Network interface ID to associate with.

resource "aws_nat_gateway" "side_effect_nat" {
  allocation_id = aws_eip.side_effect_nat_eip.id
  subnet_id = aws_subnet.side_effect_public_subnet1.id
  depends_on = ["aws_internet_gateway.side_effect_igw"]
}

• allocation_id - (Optional) The Allocation ID of the Elastic IP address for the NAT Gateway. Required for connectivity_type of public.
• subnet_id - (Required) The Subnet ID of the subnet in which to place the NAT Gateway.

이런식으로 하나하나 aws console에서 만드는 것처럼 만들어주시면 됩니다

전체코드

data "aws_availability_zones" "available" {
  state = "available"
}

resource "aws_vpc" "side_effect" {
  cidr_block           = "10.10.0.0/16"
  enable_dns_hostnames = true
  enable_dns_support   = true
  instance_tenancy     = "default"
  tags = {
      Name = "side-effect-vpc"
  }
}

resource "aws_route_table" "new_public_rtb" {
  vpc_id = aws_vpc.side_effect.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.side_effect_igw.id
  }
  tags = {
    Name = "NEW-PUBLIC-RTB"
  }
}

// public subnets
resource "aws_subnet" "side_effect_public_subnet1" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.1.0/24"
  map_public_ip_on_launch = true
  availability_zone = data.aws_availability_zones.available.names[0]
  tags = {
    Name = "public-az-1"
  }
}

resource "aws_subnet" "side_effect_public_subnet2" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.2.0/24"
  map_public_ip_on_launch = true
  availability_zone = data.aws_availability_zones.available.names[2]
  tags = {
    Name = "public-az-3"
  }
}

// private subnets
resource "aws_subnet" "side_effect_private_subnet1" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.10.0/24"
  availability_zone = data.aws_availability_zones.available.names[0]
  tags = {
    Name = "private-az-1"
  }
}

resource "aws_subnet" "side_effect_private_subnet2" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.11.0/24"
  availability_zone = data.aws_availability_zones.available.names[2]
  tags = {
    Name = "private-az-3"
  }
}

resource "aws_subnet" "db_private_subnet1" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.12.0/24"
  availability_zone = data.aws_availability_zones.available.names[0]
  tags = {
    Name = "private-db-az-1"
  }
}

resource "aws_subnet" "db_private_subnet2" {
  vpc_id = aws_vpc.side_effect.id
  cidr_block = "10.10.13.0/24"
  availability_zone = data.aws_availability_zones.available.names[2]
  tags = {
    Name = "private-db-az-3"
  }
}

resource "aws_internet_gateway" "side_effect_igw" {
  vpc_id = aws_vpc.side_effect.id
  tags = {
    Name = "internet-gateway-terraform"
  }
}

// route to internet
resource "aws_route" "side_effect_internet_access" {
  route_table_id = aws_vpc.side_effect.main_route_table_id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id = aws_internet_gateway.side_effect_igw.id
}

// elastic ip address for NAT
resource "aws_eip" "side_effect_nat_eip" {
  domain = vpc
  depends_on = ["aws_internet_gateway.side_effect_igw"]
}

// NAT gateway
resource "aws_nat_gateway" "side_effect_nat" {
  allocation_id = aws_eip.side_effect_nat_eip.id
  subnet_id = aws_subnet.side_effect_public_subnet1.id
  depends_on = ["aws_internet_gateway.side_effect_igw"]
}

// private route table
resource "aws_route_table" "side_effect_private_route_table" {
    vpc_id = aws_vpc.side_effect.id
  tags = {
    Name = "private route table by terraform"
  }
}

resource "aws_route" "private_route" {
  route_table_id = aws_route_table.side_effect_private_route_table.id
  destination_cidr_block = "0.0.0.0/0"
  nat_gateway_id = aws_nat_gateway.side_effect_nat.id
}

// associate subnets to route tables
resource "aws_route_table_association" "side_effect_public_subnet1_association" {
  subnet_id = aws_subnet.side_effect_public_subnet1.id
  route_table_id = aws_vpc.side_effect.main_route_table_id
}

resource "aws_route_table_association" "side_effect_public_subnet2_association" {
  subnet_id = aws_subnet.side_effect_public_subnet2.id
  route_table_id = aws_vpc.side_effect.main_route_table_id
}

resource "aws_route_table_association" "side_effect_private_subnet1_association" {
  subnet_id = aws_subnet.side_effect_private_subnet1.id
  route_table_id = aws_route_table.side_effect_private_route_table.id
}

resource "aws_route_table_association" "side_effect_private_subnet2_association" {
  subnet_id = aws_subnet.side_effect_private_subnet2.id
  route_table_id = aws_route_table.side_effect_private_route_table.id
}