서로 다른파일에서 의존성을 가지고 있으므로 모두 선언해줘야 한다.
terraform(테라폼으로) key pair 선언하기
vi keypair.tf
#ec2 keypair
resource "tls_private_key" "ec2_key" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "ec2_key" {
key_name = "ec2_key.pem"
public_key = tls_private_key.ec2_key.public_key_openssh
}
resource "local_file" "private_key" {
content = tls_private_key.ec2_key.private_key_pem
filename = "C:/Users/Desktop/ec2_key.pem"
file_permission = "0600"
}
terraform(테라폼으로) Security Group 선언하기
vi sg.tf
#security group for the bastion
#create the aws security group
resource "aws_security_group" "seg-amcamp-bastion" {
name = "seg-amcamp-bastion"
description = "Security group for Bastion"
vpc_id = aws_vpc.main.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["27.122.140.10/32"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
#security group for the Jenkins
#create the aws security group
resource "aws_security_group" "seg-amcamp-jenkins" {
name = "seg-amcamp-jenkins"
description = "Security group for Jenkins"
vpc_id = aws_vpc.main.id
ingress {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# bastion만 접속 가능하도록
resource "aws_security_group_rule" "seg-amcamp-bastion-to-jenkins" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
source_security_group_id = aws_security_group.seg-amcamp-bastion.id
security_group_id = aws_security_group.seg-amcamp-jenkins.id
}
#security group for the Gitlab
#create the aws security group
resource "aws_security_group" "seg-amcamp-gitlab" {
name = "seg-amcamp-gitlab"
description = "Security group for Gitlab"
vpc_id = aws_vpc.main.id
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# bastion만 접속 가능하도록
resource "aws_security_group_rule" "seg-amcamp-bastion-to-gitlab" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
source_security_group_id = aws_security_group.seg-amcamp-bastion.id
security_group_id = aws_security_group.seg-amcamp-gitlab.id
}
terraform (테라폼으로) ec2 생성하기
vi ec2.tf #아래 파일에서 진행
#bastion Instance Id EC2
#create the bastion EC2
#EC2's OS is Amazon Linux 2
resource "aws_instance" "amcamp-bastion" {
ami = "ami-0edc5427d49d09d2a"
instance_type = "t3.medium"
availability_zone = "ap-northeast-2a"
subnet_id = aws_subnet.sbn-amcamp-public-resource-az2a.id
security_groups = [aws_security_group.seg-amcamp-bastion.id]
root_block_device {
volume_size = 50
}
lifecycle {
ignore_changes = [
security_groups
]
}
#key pair enroll "ec2_key"
key_name = aws_key_pair.ec2_key.key_name
#User Data
user_data = <<-EOF
#!/bin/bash
echo 'ec2-user:root' | chpasswd
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
cd /etc/cloud
sudo sed -i 's/ssh_pwauth: false/ssh_pwauth: true/' cloud.cfg
systemctl restart sshd
EOF
tags = {
Name = "amcamp-bastion"
}
}
# create the EIP
resource "aws_eip" "amcamp-bastion" {
domain = "vpc"
tags = {
Name = "amcamp-bastion"
}
}
# associate EIP with the bastion
resource "aws_eip_association" "amcamp-bastion" {
instance_id = aws_instance.amcamp-bastion.id
allocation_id = aws_eip.amcamp-bastion.id
}
#amcamp-jenkins Instance Id EC2
#create the jenkins EC2
#EC2's OS is Amazon Linux 2
resource "aws_instance" "amcamp-jenkins" {
ami = "ami-0edc5427d49d09d2a"
instance_type = "t3.medium"
availability_zone = "ap-northeast-2a"
subnet_id = aws_subnet.sbn-amcamp-private-resource-az2a.id
security_groups = [aws_security_group.seg-amcamp-jenkins.id]
private_ip = "172.31.190.71"
root_block_device {
volume_size = 50
}
lifecycle {
ignore_changes = [
security_groups
]
}
#key pair enroll "ec2_key"
key_name = aws_key_pair.ec2_key.key_name
#User Data
user_data = <<-EOF
#!/bin/bash
echo 'ec2-user:root' | chpasswd
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
cd /etc/cloud
sudo sed -i 's/ssh_pwauth: false/ssh_pwauth: true/' cloud.cfg
systemctl restart sshd
EOF
tags = {
Name = "amcamp-jenkins"
}
}
#amcamp-gitlab Instance Id EC2
#create the gitlab EC2
#EC2's OS is Amazon Linux 2
resource "aws_instance" "amcamp-gitlab" {
ami = "ami-0edc5427d49d09d2a"
instance_type = "t3.medium"
availability_zone = "ap-northeast-2a"
subnet_id = aws_subnet.sbn-amcamp-private-resource-az2a.id
security_groups = [aws_security_group.seg-amcamp-gitlab.id]
private_ip = "172.31.190.72"
root_block_device {
volume_size = 50
}
#key pair enroll "ec2_key"
key_name = aws_key_pair.ec2_key.key_name
lifecycle {
ignore_changes = [
security_groups
]
}
#User Data
user_data = <<-EOF
#!/bin/bash
echo 'ec2-user:root' | chpasswd
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
cd /etc/cloud
sudo sed -i 's/ssh_pwauth: false/ssh_pwauth: true/' cloud.cfg
systemctl restart sshd
EOF
tags = {
Name = "amcamp-gitlab"
}
}
'Cloud Infra Architecture (AWS) > AWS 자동배포' 카테고리의 다른 글
AWS Linux2023에 Jenkins 설치하기 (0) | 2024.07.17 |
---|---|
AWS Amazon Linux(EC2)에서 gitlab 설치하기 (0) | 2024.07.17 |
terraform 기본 인프라 생성하기 (vpc, igw, nat, subnet, routing table) (0) | 2024.06.24 |
VSCode에 AWS CodeWhisperer과 Terraform 연동하기 (0) | 2024.06.23 |