1개 의 VPC 하나의 IGW
하나의 NAT 공유 불가
- 키페어 및 이미지 설정
- VPC 생성
- 서브넷 생성
- 서브넷 VPC 연결
- IGW/NAT 생성
- EIP 할당
- 라우팅 테이블 기본 경로 설정
- 라우팅 테이블 연결
- 보안 그룹 설정
provider "aws" {
region = "ap-northeast-2"
}
# Key Pair
resource "aws_key_pair" "tf_keypair" {
key_name = "tf_keypair"
public_key = file("C:/ssh/tf_keypair.pub")
tags = {
Description = "TF-KeyPair"
}
}
# AMI
data "aws_ami" "RecentAMI" {
most_recent = true
owners = ["amazon"]
filter {
name = "owner-alias"
values = ["amazon"]
}
filter {
name = "name"
values = ["amzn2-ami-hvm-*-x86_64-gp2"]
}
}
###################################
# VPC1 & VPC2
###################################
resource "aws_vpc" "MyVPC1" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = { Name = "MyVPC1" }
}
resource "aws_vpc" "MyVPC2" {
cidr_block = "172.16.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = { Name = "MyVPC2" }
}
###################################
# Subnets
###################################
resource "aws_subnet" "MyPublicSubnet" {
vpc_id = aws_vpc.MyVPC1.id
cidr_block = "10.0.1.0/24"
availability_zone = "ap-northeast-2a"
map_public_ip_on_launch = true
tags = { Name = "MyPublicSubnet" }
}
resource "aws_subnet" "MyPrivateSubnet" {
vpc_id = aws_vpc.MyVPC1.id
cidr_block = "10.0.2.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = false
tags = { Name = "MyPrivateSubnet" }
}
resource "aws_subnet" "MyPublicSubnet2" {
vpc_id = aws_vpc.MyVPC2.id
cidr_block = "172.16.3.0/24"
availability_zone = "ap-northeast-2a"
map_public_ip_on_launch = true
tags = { Name = "MyPublicSubnet2" }
}
resource "aws_subnet" "MyPrivateSubnet2" {
vpc_id = aws_vpc.MyVPC2.id
cidr_block = "172.16.4.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = false
tags = { Name = "MyPrivateSubnet2" }
}
###################################
# IGW + NAT Gateway + Routing
###################################
resource "aws_internet_gateway" "MyIGW" {
vpc_id = aws_vpc.MyVPC1.id
tags = { Name = "MyIGW" }
}
resource "aws_internet_gateway" "MyIGW2" {
vpc_id = aws_vpc.MyVPC2.id
tags = { Name = "MyIGW2" }
}
resource "aws_eip" "MyEIP" {
domain = "vpc"
tags = { Name = "MyEIP" }
}
resource "aws_nat_gateway" "MyNAT" {
allocation_id = aws_eip.MyEIP.id
subnet_id = aws_subnet.MyPublicSubnet.id
tags = { Name = "MyNAT" }
}
resource "aws_eip" "MyEIP2" {
domain = "vpc"
tags = { Name = "MyEIP2" }
}
resource "aws_nat_gateway" "MyNAT2" {
allocation_id = aws_eip.MyEIP2.id
subnet_id = aws_subnet.MyPublicSubnet2.id
tags = { Name = "MyNAT2" }
}
# Route Tables
resource "aws_route_table" "MyPublicRouting" {
vpc_id = aws_vpc.MyVPC1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.MyIGW.id
}
tags = { Name = "MyPublicRouting" }
}
resource "aws_route_table_association" "MyPublicSubnetRoutingAssociation" {
subnet_id = aws_subnet.MyPublicSubnet.id
route_table_id = aws_route_table.MyPublicRouting.id
}
resource "aws_route_table" "MyPrivateRouting" {
vpc_id = aws_vpc.MyVPC1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.MyNAT.id
}
tags = { Name = "MyPrivateRouting" }
}
resource "aws_route_table_association" "MyPrivateSubnetRoutingAssociation" {
subnet_id = aws_subnet.MyPrivateSubnet.id
route_table_id = aws_route_table.MyPrivateRouting.id
}
resource "aws_route_table" "MyPublicRouting2" {
vpc_id = aws_vpc.MyVPC2.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.MyIGW2.id
}
tags = { Name = "MyPublicRouting2" }
}
resource "aws_route_table_association" "MyPublicSubnetRoutingAssociation2" {
subnet_id = aws_subnet.MyPublicSubnet2.id
route_table_id = aws_route_table.MyPublicRouting2.id
}
resource "aws_route_table" "MyPrivateRouting2" {
vpc_id = aws_vpc.MyVPC2.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.MyNAT2.id
}
tags = { Name = "MyPrivateRouting2" }
}
resource "aws_route_table_association" "MyPrivateSubnetRoutingAssociation2" {
subnet_id = aws_subnet.MyPrivateSubnet2.id
route_table_id = aws_route_table.MyPrivateRouting2.id
}
###################################
# Security Group
###################################
resource "aws_security_group" "MySecGroup" {
name = "MySecGroup"
description = "Permit http ssh"
vpc_id = aws_vpc.MyVPC1.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = { Name = "MySecGroup" }
}
resource "aws_security_group" "MySecGroup2" {
name = "MySecGroup2"
description = "Permit http ssh"
vpc_id = aws_vpc.MyVPC2.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = { Name = "MySecGroup2" }
}
###################################
# EC2 Instances
###################################
locals {
user_data_script = <<-EOF
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
echo "<h1>Hello from AWS Web Server</h1>" > /var/www/html/index.html
systemctl enable --now httpd
EOF
}
# MyVPC1
resource "aws_instance" "MyWeb" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPublicSubnet.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup.id]
user_data = local.user_data_script
tags = { Name = "MyWeb" }
}
resource "aws_instance" "MyWeb2" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPrivateSubnet.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup.id]
user_data = local.user_data_script
tags = { Name = "MyWeb2" }
}
# MyVPC2 - Private Web Instances
resource "aws_instance" "MyWeb3" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPrivateSubnet2.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup2.id]
user_data = local.user_data_script
tags = { Name = "MyWeb3" }
}
resource "aws_instance" "MyWeb4" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPrivateSubnet2.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup2.id]
user_data = local.user_data_script
tags = { Name = "MyWeb4" }
}
###################################
# NLB for VPC2
###################################
resource "aws_lb" "MyNLB" {
depends_on = [aws_lb_target_group.MyNLBtarget]
name = "MyNLB"
internal = false
load_balancer_type = "network"
subnets = [aws_subnet.MyPrivateSubnet2.id]
tags = { Name = "MyNLB" }
}
resource "aws_lb_target_group" "MyNLBtarget" {
depends_on = [aws_instance.MyWeb3,aws_instance.MyWeb4]
name = "MyNLBtarget"
port = 80
protocol = "TCP"
target_type = "instance"
vpc_id = aws_vpc.MyVPC2.id
}
resource "aws_lb_target_group_attachment" "tg_attach1" {
target_group_arn = aws_lb_target_group.MyNLBtarget.arn
target_id = aws_instance.MyWeb3.id
port = 80
}
resource "aws_lb_target_group_attachment" "tg_attach2" {
target_group_arn = aws_lb_target_group.MyNLBtarget.arn
target_id = aws_instance.MyWeb4.id
port = 80
}
resource "aws_lb_listener" "NLBlistener" {
depends_on=[aws_lb_target_group.MyNLBtarget, aws_lb.MyNLB]
load_balancer_arn = aws_lb.MyNLB.arn
port = 80
protocol = "TCP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.MyNLBtarget.arn
}
}
provider "aws" {
region = "ap-northeast-2"
}
# Key Pair
resource "aws_key_pair" "tf_keypair" {
key_name = "tf_keypair"
public_key = file("C:/ssh/tf_keypair.pub")
tags = {
Description = "TF-KeyPair"
}
}
# AMI
data "aws_ami" "RecentAMI" {
most_recent = true
owners = ["amazon"]
filter {
name = "owner-alias"
values = ["amazon"]
}
filter {
name = "name"
values = ["amzn2-ami-hvm-*-x86_64-gp2"]
}
}
###################################
# VPC1 & VPC2
###################################
resource "aws_vpc" "MyVPC1" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = { Name = "MyVPC1" }
}
resource "aws_vpc" "MyVPC2" {
cidr_block = "172.16.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = { Name = "MyVPC2" }
}
###################################
# Subnets
###################################
resource "aws_subnet" "MyPublicSubnet" {
vpc_id = aws_vpc.MyVPC1.id
cidr_block = "10.0.1.0/24"
availability_zone = "ap-northeast-2a"
map_public_ip_on_launch = true
tags = { Name = "MyPublicSubnet" }
}
resource "aws_subnet" "MyPrivateSubnet" {
vpc_id = aws_vpc.MyVPC1.id
cidr_block = "10.0.2.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = false
tags = { Name = "MyPrivateSubnet" }
}
resource "aws_subnet" "MyPublicSubnet2" {
vpc_id = aws_vpc.MyVPC2.id
cidr_block = "172.16.3.0/24"
availability_zone = "ap-northeast-2a"
map_public_ip_on_launch = true
tags = { Name = "MyPublicSubnet2" }
}
resource "aws_subnet" "MyPrivateSubnet2" {
vpc_id = aws_vpc.MyVPC2.id
cidr_block = "172.16.4.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = false
tags = { Name = "MyPrivateSubnet2" }
}
###################################
# IGW + NAT Gateway + Routing
###################################
resource "aws_internet_gateway" "MyIGW" {
vpc_id = aws_vpc.MyVPC1.id
tags = { Name = "MyIGW" }
}
resource "aws_internet_gateway" "MyIGW2" {
vpc_id = aws_vpc.MyVPC2.id
tags = { Name = "MyIGW2" }
}
resource "aws_eip" "MyEIP" {
domain = "vpc"
tags = { Name = "MyEIP" }
}
resource "aws_nat_gateway" "MyNAT" {
allocation_id = aws_eip.MyEIP.id
subnet_id = aws_subnet.MyPublicSubnet.id
tags = { Name = "MyNAT" }
}
resource "aws_eip" "MyEIP2" {
domain = "vpc"
tags = { Name = "MyEIP2" }
}
resource "aws_nat_gateway" "MyNAT2" {
allocation_id = aws_eip.MyEIP2.id
subnet_id = aws_subnet.MyPublicSubnet2.id
tags = { Name = "MyNAT2" }
}
# Route Tables
resource "aws_route_table" "MyPublicRouting" {
vpc_id = aws_vpc.MyVPC1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.MyIGW.id
}
tags = { Name = "MyPublicRouting" }
}
resource "aws_route_table_association" "MyPublicSubnetRoutingAssociation" {
subnet_id = aws_subnet.MyPublicSubnet.id
route_table_id = aws_route_table.MyPublicRouting.id
}
resource "aws_route_table" "MyPrivateRouting" {
vpc_id = aws_vpc.MyVPC1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.MyNAT.id
}
tags = { Name = "MyPrivateRouting" }
}
resource "aws_route_table_association" "MyPrivateSubnetRoutingAssociation" {
subnet_id = aws_subnet.MyPrivateSubnet.id
route_table_id = aws_route_table.MyPrivateRouting.id
}
resource "aws_route_table" "MyPublicRouting2" {
vpc_id = aws_vpc.MyVPC2.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.MyIGW2.id
}
tags = { Name = "MyPublicRouting2" }
}
resource "aws_route_table_association" "MyPublicSubnetRoutingAssociation2" {
subnet_id = aws_subnet.MyPublicSubnet2.id
route_table_id = aws_route_table.MyPublicRouting2.id
}
resource "aws_route_table" "MyPrivateRouting2" {
vpc_id = aws_vpc.MyVPC2.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.MyNAT2.id
}
tags = { Name = "MyPrivateRouting2" }
}
resource "aws_route_table_association" "MyPrivateSubnetRoutingAssociation2" {
subnet_id = aws_subnet.MyPrivateSubnet2.id
route_table_id = aws_route_table.MyPrivateRouting2.id
}
###################################
# Security Group
###################################
resource "aws_security_group" "MySecGroup" {
name = "MySecGroup"
description = "Permit http ssh"
vpc_id = aws_vpc.MyVPC1.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = { Name = "MySecGroup" }
}
resource "aws_security_group" "MySecGroup2" {
name = "MySecGroup2"
description = "Permit http ssh"
vpc_id = aws_vpc.MyVPC2.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = { Name = "MySecGroup2" }
}
###################################
# EC2 Instances
###################################
# MyVPC1
resource "aws_instance" "MyWeb1" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPublicSubnet.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup.id]
user_data = <<-EOF
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
echo "<h1>Hello from AWS Web Server 01</h1>" > /var/www/html/index.html
systemctl enable --now httpd
EOF
user_data_replace_on_change = true
tags = { Name = "MyWeb" }
}
resource "aws_instance" "MyWeb2" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPrivateSubnet.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup.id]
user_data = <<-EOF
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
echo "<h1>Hello from AWS Web Server 02</h1>" > /var/www/html/index.html
systemctl enable --now httpd
EOF
user_data_replace_on_change = true
tags = { Name = "MyWeb2" }
}
resource "aws_instance" "MyWeb3" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPrivateSubnet2.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup2.id]
user_data = <<-EOF
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
echo "<h1>Hello from AWS Web Server 03</h1>" > /var/www/html/index.html
systemctl enable --now httpd
EOF
user_data_replace_on_change = true
tags = { Name = "MyWeb3" }
}
resource "aws_instance" "MyWeb4" {
ami = data.aws_ami.RecentAMI.id
instance_type = "t3.micro"
subnet_id = aws_subnet.MyPrivateSubnet2.id
key_name = aws_key_pair.tf_keypair.key_name
vpc_security_group_ids = [aws_security_group.MySecGroup2.id]
user_data = <<-EOF
#!/bin/bash
echo "root:aws1234!" | chpasswd
sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
systemctl restart sshd
yum update -y
yum -y install httpd
echo "<h1>Hello from AWS Web Server 04 </h1>" > /var/www/html/index.html
systemctl enable --now httpd
EOF
user_data_replace_on_change = true
tags = { Name = "MyWeb4" }
}
###################################
# NLB for VPC2
###################################
resource "aws_lb" "MyNLB" {
depends_on = [aws_lb_target_group.MyNLBtarget]
name = "MyNLB"
internal = false
load_balancer_type = "network"
subnets = [aws_subnet.MyPublicSubnet2.id]
tags = { Name = "MyNLB" }
}
resource "aws_lb_target_group" "MyNLBtarget" {
depends_on = [aws_instance.MyWeb3,aws_instance.MyWeb4]
name = "MyNLBtarget"
port = 80
protocol = "TCP"
target_type = "instance"
vpc_id = aws_vpc.MyVPC2.id
}
resource "aws_lb_target_group_attachment" "tg_attach1" {
target_group_arn = aws_lb_target_group.MyNLBtarget.arn
target_id = aws_instance.MyWeb3.id
port = 80
}
resource "aws_lb_target_group_attachment" "tg_attach2" {
target_group_arn = aws_lb_target_group.MyNLBtarget.arn
target_id = aws_instance.MyWeb4.id
port = 80
}
resource "aws_lb_listener" "NLBlistener" {
depends_on=[aws_lb_target_group.MyNLBtarget, aws_lb.MyNLB]
load_balancer_arn = aws_lb.MyNLB.arn
port = 80
protocol = "TCP"
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.MyNLBtarget.arn
}
}
'IT 엔지니어 > CLOUD' 카테고리의 다른 글
| AWS - ALB (0) | 2025.06.13 |
|---|---|
| AWS - troubleshooting (0) | 2025.06.12 |
| AWS - terraform -2 (0) | 2025.06.10 |
| AWS - NLB (0) | 2025.06.10 |
| AWS - CloudFormation (0) | 2025.06.10 |
