AWS - ALB

1. VPC 생성 vpc01
2. 퍼블릭 서브넷 1개 2a 10.0.1.0/24
3. 프라이빗 서브넷 1개 2a 10.0.100.0/24
4. 퍼블릭 서브넷 1개 2c 10.0.2.0/24
5. 프라이빗 서브넷 1개 2c 10.0.200.0/24
6. ALB 생성
7. 인스턴스 - 프라이빗에만 배치 MyWeb1,2

오타 
cidr_block(s)

❌ 현재 코드 (오류 발생)
hcl
코드 복사
subnets = [aws_subnet.publicsubnet1, aws_subnet.publicsubnet2]
aws_subnet.publicsubnet1 등은 서브넷 리소스 객체이므로, Terraform은 "string"을 기대하는 이곳에 객체가 들어가 있어 에러가 납니다.

✅ 수정 방법: .id 속성 사용
hcl
코드 복사
subnets = [aws_subnet.publicsubnet1.id, aws_subnet.publicsubnet2.id]
Terraform에서는 서브넷의 ID(문자열) 를 명시해야 하므로 .id를 꼭 붙여야 합니다.

provider "aws" {
  region = "ap-northeast-2"
}

# Key Pair
resource "aws_key_pair" "tf_keypair" {
  key_name   = "tf_keypair"
  public_key = file("C:/ssh/tf_keypair.pub")
  tags = {
    Description = "TF-KeyPair"
  }
}

# AMI
data "aws_ami" "RecentAMI" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "owner-alias"
    values = ["amazon"]
  }
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-gp2"]
  }
}

###################################
VPC1 
###################################
resource "aws_vpc" "MyVPC1" {
  cidr_blocks           = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = { Name = "MyVPC1" }
}

###################################
Public Private subnet
###################################

resource "aws_subnet" "publicsubnet1" {
  vpc_id= aws_vpc.MyVPC1.id
  cidr_blocks= "10.0.1.0/24"
  map_public_ip_on_launch= true
  availability_zone = "ap-northeast-2a"
}

resource "aws_subnet" "privatesubnet1" {
  vpc_id = aws_vpc.MyVPC1.id
  cidr_blocks= "10.0.100.0/24"
  map_public_ip_on_launch = false
  availability_zone = "ap-northeast-2a"
}

resource "aws_subnet" "publicsubnet2" {
  vpc_id= aws_vpc.MyVPC1.id
  cidr_blocks= "10.0.2.0/24"
  map_public_ip_on_launch= true
  availability_zone = "ap-northeast-2c"
}

resource "aws_subnet" "privatesubnet2" {
  vpc_id = aws_vpc.MyVPC1.id
  cidr_blocks= "10.0.200.0/24"
  map_public_ip_on_launch = false
  availability_zone = "ap-northeast-2c"
}

###################################
IGW + NAT + Routing + Association
###################################

resource "aws_internet_gateway" "IGW" {
  vpc_id = aws_vpc.MyVPC1.id
  tags = { Name = "IGW" }
}

resource "aws_eip" "EIP" {
  domain = "vpc"
  tags = { Name = "EIP" }
}

resource "aws_nat_gateway" "NAT" {
  allocation_id = aws_eip.EIP.id
  subnet_id= aws_subnet.publicsubnet1.id 
  tags = { Name = "NAT"}

}

resource "aws_route_table" "publicrouting" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_blocks = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.IGW.id
  }
  tags = { Name = "Publicrouting"}
}

resource "aws_route_table_association" "publiclink" {
  subnet_id= aws_subnet.publicsubnet1.id
  route_table_id = aws_route_table.publicroutiong.id  
}

resource "aws_route_table" "publicrouting2" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_blocks = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.IGW.id
  }
  tags = { Name = "Publicrouting2"}
}

resource "aws_route_table_association" "publiclink2" {
  subnet_id= aws_subnet.publicsubnet2.id
  route_table_id = aws_route_table.publicroutiong2.id  
}

resource "aws_route_table" "privaterouting" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_blocks = "0.0.0.0/0"
    gateway_id = aws_nat_gateway.NAT.id
  }
  tags = { Name = "privaterouting"}
}

resource "aws_route_table_association" "privatelink" {
  subnet_id= aws_subnet.privatesubnet.id
  route_table_id = aws_route_table.privateroutiong.id  
}

resource "aws_route_table" "privaterouting2" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_nat_gateway.NAT.id
  }
  tags = { Name = "privaterouting2"}
}

resource "aws_route_table_association" "privatelink2" {
  subnet_id= aws_subnet.privatesubnet2.id
  route_table_id = aws_route_table.privateroutiong2.id  
}

########### secu

resource "aws_securitu_group" "websecu" {
  name = "websecu"
  vpc_id= aws_vpc.MyVPC1.id
  description = "allow http https ssh"

  ingress {
    from_port= 80
    to_port = 80
    protocol = "tcp"
    cidr_block = ["0.0.0.0/0"]
  }

  egress {
    from_port = 80
    to_port = 80
    protocol = "-1"
    cidr_block = ["0.0.0.0/0"]
  }
}

######### instance

resource "aws_instance" "Myweb1" {
  ami = data.aws_ami.amzn2.id
  instance_type= "t3.micro"
  subnet_id= aws_subnet.privatesubnet.id
  vpc_security_group-ids= [aws_security_group.websecu.id]
  key_name= aws_key_pair.tf_keypair.key_name
  user_data = <<-EOF
    #!/bin/bash
    echo "root:aws1234!" | chpasswd
    sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
    sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    systemctl restart sshd
    yum update -y
    yum -y install httpd
    echo "<h1>Hello from AWS Web Server 001 </h1>" > /var/www/html/index.html
    systemctl enable --now httpd
  EOF
  user_data_replace_on_change = true
  tags = { Name = "MyWeb1" }
}

resource "aws_instance" "Myweb2" {
  ami = data.aws_ami.amzn2.id
  instance_type= "t3.micro"
  subnet_id= aws_subnet.privatesubnet2.id
  vpc_security_group-ids= [aws_security_group.websecu.id]
  key_name= aws_key_pair.tf_keypair.key_name
  user_data = <<-EOF
    #!/bin/bash
    echo "root:aws1234!" | chpasswd
    sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
    sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    systemctl restart sshd
    yum update -y
    yum -y install httpd
    echo "<h1>Hello from AWS Web Server 002 </h1>" > /var/www/html/index.html
    systemctl enable --now httpd
  EOF
  user_data_replace_on_change = true
  tags = { Name = "MyWeb2" }
}

########### target + ALB + Listener 

resource "aws_lb_target_group" "tg" {
  name = "tg"
  port = 80
  protocol = "HTTP"
  vpc_id = aws_vpc.MyVPC1.id
  target_instance= "instance"
}

resource "aws_lb" "alb" {
  depends_on = [aws_target_group.tg.id]
  name = "alb"
  internal = false
  load_balancer_type= "application"
  subnets = [aws_subnet.publicsubnet.id,aws_subnet.publicsubnet2.id]
  security_groups= [aws_security_group.websecu.id]
  tags = { Name = "alb"}
}

resource "aws_lb_listener" "listen" {
  depens_on = [aws_lb_target_group.tg, aws_lb.alb]
  load_balancer_arn = aws_lb.alb.arn
  port = 80
  protocol = "HTTP"
  default_action {
    type = "forward"
    target_group_arn= aws_lb_target_group.tg.arn
  }

}

provider "aws" {
  region = "ap-northeast-2"
}

# Key Pair
resource "aws_key_pair" "tf_keypair" {
  key_name   = "tf_keypair"
  public_key = file("C:/ssh/tf_keypair.pub")
  tags = {
    Description = "TF-KeyPair"
  }
}

# AMI
data "aws_ami" "RecentAMI" {
  most_recent = true
  owners      = ["amazon"]
  filter {
    name   = "owner-alias"
    values = ["amazon"]
  }
  filter {
    name   = "name"
    values = ["amzn2-ami-hvm-*-x86_64-ebs"]
  }
}

resource "aws_vpc" "MyVPC1" {
  cidr_block           = "10.0.0.0/16"
  enable_dns_support   = true
  enable_dns_hostnames = true
  tags = { Name = "MyVPC1" }
}

resource "aws_subnet" "publicsubnet1" {
  vpc_id= aws_vpc.MyVPC1.id
  cidr_block = "10.0.1.0/24"
  map_public_ip_on_launch= true
  availability_zone = "ap-northeast-2a"
}

resource "aws_subnet" "privatesubnet1" {
  vpc_id = aws_vpc.MyVPC1.id
  cidr_block = "10.0.100.0/24"
  map_public_ip_on_launch = false
  availability_zone = "ap-northeast-2a"
}

resource "aws_subnet" "publicsubnet2" {
  vpc_id= aws_vpc.MyVPC1.id
  cidr_block = "10.0.2.0/24"
  map_public_ip_on_launch= true
  availability_zone = "ap-northeast-2c"
}

resource "aws_subnet" "privatesubnet2" {
  vpc_id = aws_vpc.MyVPC1.id
  cidr_block = "10.0.200.0/24"
  map_public_ip_on_launch = false
  availability_zone = "ap-northeast-2c"
}

resource "aws_internet_gateway" "IGW" {
  vpc_id = aws_vpc.MyVPC1.id
  tags = { Name = "IGW" }
}

resource "aws_eip" "EIP" {
  domain = "vpc"
  tags = { Name = "EIP" }
}

resource "aws_nat_gateway" "NAT" {
  allocation_id = aws_eip.EIP.id
  subnet_id= aws_subnet.publicsubnet1.id 
  tags = { Name = "NAT"}

}

resource "aws_route_table" "publicrouting" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.IGW.id
  }
  tags = { Name = "Publicrouting"}
}

resource "aws_route_table_association" "publiclink" {
  subnet_id= aws_subnet.publicsubnet1.id
  route_table_id = aws_route_table.publicrouting.id  
}

resource "aws_route_table" "publicrouting2" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.IGW.id
  }
  tags = { Name = "Publicrouting2"}
}

resource "aws_route_table_association" "publiclink2" {
  subnet_id= aws_subnet.publicsubnet2.id
  route_table_id = aws_route_table.publicrouting2.id  
}

resource "aws_route_table" "privaterouting" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_nat_gateway.NAT.id
  }
  tags = { Name = "privaterouting"}
}

resource "aws_route_table_association" "privatelink" {
  subnet_id= aws_subnet.privatesubnet1.id
  route_table_id = aws_route_table.privaterouting.id  
}

resource "aws_route_table" "privaterouting2" {
  vpc_id= aws_vpc.MyVPC1.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_nat_gateway.NAT.id
  }
  tags = { Name = "privaterouting2"}
}

resource "aws_route_table_association" "privatelink2" {
  subnet_id= aws_subnet.privatesubnet2.id
  route_table_id = aws_route_table.privaterouting2.id  
}

resource "aws_security_group" "websecu" {
  name = "websecu"
  vpc_id= aws_vpc.MyVPC1.id
  description = "allow http https ssh"

  ingress {
    from_port= 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_instance" "Myweb1" {
  ami = data.aws_ami.RecentAMI.id
  instance_type= "t3.micro"
  subnet_id= aws_subnet.privatesubnet1.id
  vpc_security_group_ids= [aws_security_group.websecu.id]
  key_name= aws_key_pair.tf_keypair.key_name
  user_data = <<-EOF
    #!/bin/bash
    echo "root:aws1234!" | chpasswd
    sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
    sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    systemctl restart sshd
    yum update -y
    yum -y install httpd
    echo "<h1>Hello from AWS Web Server 001 </h1>" > /var/www/html/index.html
    systemctl enable --now httpd
  EOF
  user_data_replace_on_change = true
  tags = { Name = "MyWeb1" }
}

resource "aws_instance" "Myweb2" {
  ami = data.aws_ami.RecentAMI.id
  instance_type= "t3.micro"
  subnet_id= aws_subnet.privatesubnet2.id
  vpc_security_group_ids= [aws_security_group.websecu.id]
  key_name= aws_key_pair.tf_keypair.key_name
  user_data = <<-EOF
    #!/bin/bash
    echo "root:aws1234!" | chpasswd
    sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
    sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
    systemctl restart sshd
    yum update -y
    yum -y install httpd
    echo "<h1>Hello from AWS Web Server 002 </h1>" > /var/www/html/index.html
    systemctl enable --now httpd
  EOF
  user_data_replace_on_change = true
  tags = { Name = "MyWeb2" }
}

resource "aws_lb_target_group_attachment" "web1_attach" {
    target_group_arn = aws_lb_target_group.tg.arn
    target_id        = aws_instance.Myweb1.id
    port             = 80
  }
  
  resource "aws_lb_target_group_attachment" "web2_attach" {
    target_group_arn = aws_lb_target_group.tg.arn
    target_id        = aws_instance.Myweb2.id
    port             = 80
  }
  

resource "aws_lb_target_group" "tg" {
  name = "tg"
  port = 80
  protocol = "HTTP"
  vpc_id = aws_vpc.MyVPC1.id
  }

resource "aws_lb" "alb" {
  depends_on = [aws_lb_target_group.tg]
  name = "alb"
  internal = false
  load_balancer_type= "application"
  subnets = [aws_subnet.publicsubnet1.id,aws_subnet.publicsubnet2.id]
  security_groups= [aws_security_group.websecu.id]
  tags = { Name = "alb"}
}

resource "aws_lb_listener" "listen" {
  depends_on = [aws_lb_target_group.tg, aws_lb.alb]
  load_balancer_arn = aws_lb.alb.arn
  port = 80
  protocol = "HTTP"
  default_action {
    type = "forward"
    target_group_arn= aws_lb_target_group.tg.arn
  }

}

 

 

 

 

 

 

 

aws_lb_target_group

target_type = "instance" - DEFUALT

 

[Health CHek]

provider "aws" {
  region = "ap-northeast-2"
}

# 기존 VPC, Subnet, EC2, Security Group, Key Pair 등은 동일하게 유지

# ALB 보안 그룹 (필수)
resource "aws_security_group" "alb_sg" {
  vpc_id = aws_vpc.main.id

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

# ALB 생성
resource "aws_lb" "alb" {
  name               = "my-alb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.alb_sg.id]
  subnets            = [aws_subnet.public.id]
}

# Target Group (HTTP 기반)
resource "aws_lb_target_group" "alb_tg" {
  name     = "alb-tg"
  port     = 80
  protocol = "HTTP"
  vpc_id   = aws_vpc.main.id

  health_check {
    protocol            = "HTTP"
    path                = "/"
    matcher             = "200"
    interval            = 30
    timeout             = 5
    healthy_threshold   = 2
    unhealthy_threshold = 2
  }
}

# Target Group Attachments
resource "aws_lb_target_group_attachment" "web1" {
  target_group_arn = aws_lb_target_group.alb_tg.arn
  target_id        = aws_instance.web1.id
  port             = 80
}

resource "aws_lb_target_group_attachment" "web2" {
  target_group_arn = aws_lb_target_group.alb_tg.arn
  target_id        = aws_instance.web2.id
  port             = 80
}

# ALB Listener
resource "aws_lb_listener" "alb_listener" {
  load_balancer_arn = aws_lb.alb.arn
  port              = 80
  protocol          = "HTTP"

  default_action {
    type             = "forward"
    target_group_arn = aws_lb_target_group.alb_tg.arn
  }
}

# 출력
output "alb_dns" {
  value = aws_lb.alb.dns_name
}