From 1645a5061c71b9607d0ce2856a4d6d6aca9a38ee Mon Sep 17 00:00:00 2001 From: dsk-minchulahn Date: Thu, 23 Nov 2023 14:19:27 +0900 Subject: [PATCH] =?UTF-8?q?terraform=20-=20monitoring=20=EC=B5=9C=EC=8B=A0?= =?UTF-8?q?=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- terraform/aws_instance/monitoring/ec2.tf | 76 ++++++------- .../aws_instance/monitoring/terraform.tfstate | 62 +---------- .../monitoring/terraform.tfstate.backup | 100 ++++++++++++------ 3 files changed, 113 insertions(+), 125 deletions(-) diff --git a/terraform/aws_instance/monitoring/ec2.tf b/terraform/aws_instance/monitoring/ec2.tf index 41d2d8b..491e7e7 100644 --- a/terraform/aws_instance/monitoring/ec2.tf +++ b/terraform/aws_instance/monitoring/ec2.tf @@ -4,7 +4,7 @@ resource "aws_security_group" "grafana-allow-security" { vpc_id = var.VPC_ID ingress { - description = "SSH" + description = "Allow SSH traffic" from_port = 22 to_port = 22 protocol = "tcp" @@ -12,52 +12,52 @@ resource "aws_security_group" "grafana-allow-security" { } ingress { - description = "TLS from grafana" + description = "Allow HTTP traffic" + from_port = 80 + to_port = 80 + protocol = "tcp" + cidr_blocks = ["118.223.123.161/32"] + } + + ingress { + description = "Allow TLS traffic" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["118.223.123.161/32"] } - ingress { - description = "" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } + # ingress { + # description = "" + # from_port = 443 + # to_port = 443 + # protocol = "tcp" + # cidr_blocks = ["0.0.0.0/0"] + # } - ingress { - description = "" - from_port = 80 - to_port = 80 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } + # ingress { + # description = "TLS from teleport" + # from_port = 30168 + # to_port = 30168 + # protocol = "tcp" + # cidr_blocks = ["0.0.0.0/0"] + # } - ingress { - description = "TLS from teleport" - from_port = 30168 - to_port = 30168 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] - } + # ingress { + # description = "" + # from_port = 32084 + # to_port = 32084 + # protocol = "tcp" + # cidr_blocks = ["172.0.0.0/8"] + # } - ingress { - description = "" - from_port = 32084 - to_port = 32084 - protocol = "tcp" - cidr_blocks = ["172.0.0.0/8"] - } - - ingress { - description = "loki" - from_port = 31768 - to_port = 31768 - protocol = "tcp" - cidr_blocks = ["172.24.0.0/16"] - } + # ingress { + # description = "loki" + # from_port = 31768 + # to_port = 31768 + # protocol = "tcp" + # cidr_blocks = ["172.24.0.0/16"] + # } ingress { description = "" diff --git a/terraform/aws_instance/monitoring/terraform.tfstate b/terraform/aws_instance/monitoring/terraform.tfstate index c3425d1..8e6a7fb 100644 --- a/terraform/aws_instance/monitoring/terraform.tfstate +++ b/terraform/aws_instance/monitoring/terraform.tfstate @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.5.7", - "serial": 8, + "serial": 16, "lineage": "816258a5-69eb-6967-f105-8709f7e2588d", "outputs": {}, "resources": [ @@ -173,22 +173,9 @@ "ingress": [ { "cidr_blocks": [ - "0.0.0.0/0" + "118.223.123.161/32" ], - "description": "", - "from_port": 443, - "ipv6_cidr_blocks": [], - "prefix_list_ids": [], - "protocol": "tcp", - "security_groups": [], - "self": false, - "to_port": 443 - }, - { - "cidr_blocks": [ - "0.0.0.0/0" - ], - "description": "", + "description": "Allow HTTP traffic", "from_port": 80, "ipv6_cidr_blocks": [], "prefix_list_ids": [], @@ -197,24 +184,11 @@ "self": false, "to_port": 80 }, - { - "cidr_blocks": [ - "0.0.0.0/0" - ], - "description": "TLS from teleport", - "from_port": 30168, - "ipv6_cidr_blocks": [], - "prefix_list_ids": [], - "protocol": "tcp", - "security_groups": [], - "self": false, - "to_port": 30168 - }, { "cidr_blocks": [ "118.223.123.161/32" ], - "description": "SSH", + "description": "Allow SSH traffic", "from_port": 22, "ipv6_cidr_blocks": [], "prefix_list_ids": [], @@ -227,7 +201,7 @@ "cidr_blocks": [ "118.223.123.161/32" ], - "description": "TLS from grafana", + "description": "Allow TLS traffic", "from_port": 443, "ipv6_cidr_blocks": [], "prefix_list_ids": [], @@ -236,32 +210,6 @@ "self": false, "to_port": 443 }, - { - "cidr_blocks": [ - "172.0.0.0/8" - ], - "description": "", - "from_port": 32084, - "ipv6_cidr_blocks": [], - "prefix_list_ids": [], - "protocol": "tcp", - "security_groups": [], - "self": false, - "to_port": 32084 - }, - { - "cidr_blocks": [ - "172.24.0.0/16" - ], - "description": "loki", - "from_port": 31768, - "ipv6_cidr_blocks": [], - "prefix_list_ids": [], - "protocol": "tcp", - "security_groups": [], - "self": false, - "to_port": 31768 - }, { "cidr_blocks": [ "172.31.0.0/16" diff --git a/terraform/aws_instance/monitoring/terraform.tfstate.backup b/terraform/aws_instance/monitoring/terraform.tfstate.backup index b00949d..3c864f6 100644 --- a/terraform/aws_instance/monitoring/terraform.tfstate.backup +++ b/terraform/aws_instance/monitoring/terraform.tfstate.backup @@ -1,7 +1,7 @@ { "version": 4, "terraform_version": "1.5.7", - "serial": 6, + "serial": 14, "lineage": "816258a5-69eb-6967-f105-8709f7e2588d", "outputs": {}, "resources": [ @@ -16,7 +16,7 @@ "attributes": { "ami": "ami-0409b7ddbc59e3222", "arn": "arn:aws:ec2:ap-northeast-2:508259851457:instance/i-08af287265bd05022", - "associate_public_ip_address": false, + "associate_public_ip_address": true, "availability_zone": "ap-northeast-2c", "capacity_reservation_specification": [ { @@ -32,9 +32,23 @@ } ], "disable_api_stop": false, - "disable_api_termination": false, - "ebs_block_device": [], - "ebs_optimized": false, + "disable_api_termination": true, + "ebs_block_device": [ + { + "delete_on_termination": false, + "device_name": "/dev/sdf", + "encrypted": false, + "iops": 600, + "kms_key_id": "", + "snapshot_id": "", + "tags": {}, + "throughput": 0, + "volume_id": "vol-0a2e83f6a2d3d12b3", + "volume_size": 200, + "volume_type": "gp2" + } + ], + "ebs_optimized": true, "enclave_options": [ { "enabled": false @@ -45,11 +59,11 @@ "hibernation": false, "host_id": "", "host_resource_group_arn": null, - "iam_instance_profile": "", + "iam_instance_profile": "AmazonSSMRoleForInstancesQuickSetup", "id": "i-08af287265bd05022", "instance_initiated_shutdown_behavior": "stop", "instance_state": "running", - "instance_type": "t3.small", + "instance_type": "m5.large", "ipv6_address_count": 0, "ipv6_addresses": [], "key_name": "kp-jay-bastion-datasaker", @@ -63,7 +77,7 @@ { "http_endpoint": "enabled", "http_put_response_hop_limit": 1, - "http_tokens": "optional", + "http_tokens": "required", "instance_metadata_tags": "disabled" } ], @@ -83,8 +97,8 @@ } ], "private_ip": "172.24.2.212", - "public_dns": "", - "public_ip": "", + "public_dns": "ec2-3-38-1-96.ap-northeast-2.compute.amazonaws.com", + "public_ip": "3.38.1.96", "root_block_device": [ { "delete_on_termination": true, @@ -92,7 +106,7 @@ "encrypted": false, "iops": 100, "kms_key_id": "", - "tags": null, + "tags": {}, "throughput": 0, "volume_id": "vol-0153e1bed3b29f8b2", "volume_size": 30, @@ -104,10 +118,10 @@ "source_dest_check": true, "subnet_id": "subnet-0073a61bc56a68a3e", "tags": { - "Name": "grafana" + "Name": "monitoring.kr.datasaker.io" }, "tags_all": { - "Name": "grafana" + "Name": "monitoring.kr.datasaker.io" }, "tenancy": "default", "timeouts": null, @@ -161,20 +175,7 @@ "cidr_blocks": [ "118.223.123.161/32" ], - "description": "SSH", - "from_port": 22, - "ipv6_cidr_blocks": [], - "prefix_list_ids": [], - "protocol": "tcp", - "security_groups": [], - "self": false, - "to_port": 22 - }, - { - "cidr_blocks": [ - "118.223.123.161/32" - ], - "description": "TLS from grafana", + "description": "", "from_port": 443, "ipv6_cidr_blocks": [], "prefix_list_ids": [], @@ -187,7 +188,7 @@ "cidr_blocks": [ "118.223.123.161/32" ], - "description": "http fron grafana", + "description": "", "from_port": 80, "ipv6_cidr_blocks": [], "prefix_list_ids": [], @@ -195,6 +196,45 @@ "security_groups": [], "self": false, "to_port": 80 + }, + { + "cidr_blocks": [ + "118.223.123.161/32" + ], + "description": "Allow SSH traffic", + "from_port": 22, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "tcp", + "security_groups": [], + "self": false, + "to_port": 22 + }, + { + "cidr_blocks": [ + "172.31.0.0/16" + ], + "description": "", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [], + "self": false, + "to_port": 0 + }, + { + "cidr_blocks": [], + "description": "nlb-securitygroup", + "from_port": 0, + "ipv6_cidr_blocks": [], + "prefix_list_ids": [], + "protocol": "-1", + "security_groups": [ + "sg-0c46bbbbc5ecc2786" + ], + "self": false, + "to_port": 0 } ], "name": "grafana-allow-security-new", @@ -202,10 +242,10 @@ "owner_id": "508259851457", "revoke_rules_on_delete": false, "tags": { - "Name": "grafana-allow-security" + "Name": "monitoring-allow-security" }, "tags_all": { - "Name": "grafana-allow-security" + "Name": "monitoring-allow-security" }, "timeouts": null, "vpc_id": "vpc-00ba2b0e9ad59f0ed"