sa_8001/dsk-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Terraform - EC2 추가

Browse Source
This commit is contained in:
dsk-minchulahn
2023-12-19 14:14:29 +09:00
parent 949f4404ee
commit 79bdefaaec
5 changed files with 204 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
terraform/ec2/monitoring/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,44 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/archive" {
version = "1.3.0"
constraints = "~> 1.3"
hashes = [
"h1:T3DszgOa/75SiiONgEDRujpN5rSqIw9TvFZXHjpqMB4=",
"zh:115aa6bc7825402a8d4e2e954378a9f48e4fdbeabe081ffd04e0a2f6786159bb",
"zh:21f731ffac20a67615c64a7a8a96949c971ee28ffd5807d8c299faba73b5e273",
"zh:2e81b58e141b175cbf801ade5e87c5db4cb28933216b0547ef32c95500385904",
"zh:3acbb96fd142b4d193dc18861340281249301368029169e346d15410d0572492",
"zh:4346edee0dfe97154b6f28d9ef0fa762131db92b78bbd1b3207945201cb59818",
"zh:93916a84cc6ff6778456dd170a657326c4dd3a86b4434e424a66a87c2535b888",
"zh:ade675c3ac8b9ec91131bac5881fbd4efad46a3683f2fea2efb9493a2c1b9ffb",
"zh:b0a0cb13fc850903aa7a057ae7e06366939b8f347926dce1137cd47b9123ad93",
"zh:d6d838cceffb7f3ff27fb9b51d78fccdef15bd32408f33a726556bfe66315bd3",
"zh:ddc4ac6aea6537f8096ffeb8ff3bca355f0972793184e0f6df120aa6460b4446",
"zh:e0d1213625d40d124bd9570f0d92907416f8d61bc8c389c776e72c0a97020cce",
"zh:eb707b69f9093b97d98e2dece9822852a27849dd1627d35302e8d6b9801407ef",
]
}
provider "registry.terraform.io/hashicorp/aws" {
version = "4.65.0"
hashes = [
"h1:fbSgoS5GLuwKAZlovFvGoYl4B0Bi5T7+MmFiVZL0uOo=",
"zh:0461b8dfc14e94971bfd12783cbd5a5574b9fcfc3694b6afaa8836f90b61c1f9",
"zh:24a27e7b1f6eb33e9da6f2ffaaa6bc48e933a24224c6572d6e588994e5c7130b",
"zh:2ca189d04573414bef4876c17ccb2b76f6e721e0450f6ab3700d94d7c04bec64",
"zh:3fb0654a527677231dab2140e9a55df3b90dba478b3db50001e21a045437a47a",
"zh:4918173d9c7d2735908622c17efd01746a046f0a571690afa7dd0866f22045f7",
"zh:491d259b15166f751076d2bdc443928ca63f6c0a83b02ea75fff8b4224662207",
"zh:4ff8e178f0656f04f88558c295a1d246b1bdcf5ad81d8b3b9ccceaeca2eb7fa8",
"zh:5e4eaf2855a740124f4bbe34ac4bd22c7f320aa3e91d9cef64396ad0a1571544",
"zh:65762c60c4bac2e0d55ed8c2877e455e84465cb12f0c885363a1b561cd4f5f07",
"zh:7c5e4f85eb5f70e6da2d64701dd5551f2bc334dbb9add76bfc6a2bea6acf4483",
"zh:90d32b238113528319d7a5fade97bd8ac9a8b654482fc9056478a43d2e297886",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:e6ed3299516a8fb2292af7e7e123d09817dfd8e039aaf35ad5a276f739668e88",
"zh:eb84fa96c63d836b3b4689835cb7c4487808dfd1ba7ddacf4d8c4c6ff65cdbef",
"zh:ff97d1498193c99c9c35afd9bfcdce011abf460ec041721727d6e542f7a3bedd",
]
}

109
terraform/ec2/monitoring/ec2.tf Normal file
View File

@@ -0,0 +1,109 @@
resource "aws_security_group" "grafana-allow-security" {
name = "grafana-allow-security-new"
description = "Allow inbound traffic"
vpc_id = var.VPC_ID
ingress {
description = "Allow SSH traffic"
from_port = 2222
to_port = 2222
protocol = "tcp"
cidr_blocks = ["39.115.183.236/32"]
}
# ingress {
# description = "Allow HTTP traffic"
# from_port = 80
# to_port = 80
# protocol = "tcp"
# cidr_blocks = ["118.223.123.161/32"]
# }
ingress {
description = "Allow HTTPS traffic"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["118.223.123.161/32", "39.115.183.138/32", "39.115.183.236/32"]
}
# ingress {
# description = ""
# from_port = 443
# to_port = 443
# protocol = "tcp"
# cidr_blocks = ["0.0.0.0/0"]
# }
# ingress {
# description = "TLS from teleport"
# from_port = 30168
# to_port = 30168
# protocol = "tcp"
# cidr_blocks = ["0.0.0.0/0"]
# }
# ingress {
# description = ""
# from_port = 32084
# to_port = 32084
# protocol = "tcp"
# cidr_blocks = ["172.0.0.0/8"]
# }
# ingress {
# description = "loki"
# from_port = 31768
# to_port = 31768
# protocol = "tcp"
# cidr_blocks = ["172.24.0.0/16"]
# }
ingress {
description = ""
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["172.31.0.0/16"]
}
ingress {
description = "nlb-securitygroup"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = []
security_groups = ["sg-0c46bbbbc5ecc2786"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "monitoring-allow-security"
}
}
resource "aws_instance" "grafana" {
ami = "ami-0409b7ddbc59e3222"
instance_type = "m5.large"
key_name = "kp-jay-bastion-datasaker"
vpc_security_group_ids = [aws_security_group.grafana-allow-security.id]
availability_zone = "ap-northeast-2c"
subnet_id = var.Public_Subnet_ID_3
root_block_device {
delete_on_termination = true
volume_size = 30
}
tags = {
Name = "monitoring.kr.datasaker.io"
}
}

10
terraform/ec2/monitoring/main.tf Normal file
View File

@@ -0,0 +1,10 @@
provider "aws" {
region = "ap-northeast-2"
}
terraform {
required_providers {
archive = "~> 1.3"
}
}

35
terraform/ec2/monitoring/variables.tf Normal file
View File

@@ -0,0 +1,35 @@
#---------------------------------------------------------------#
# Network ID
variable "VPC_ID" {
default = "vpc-00ba2b0e9ad59f0ed"
}
variable "Network_CIDR" {
default = "172.24.0.0/19"
}
variable "Private_Subnet_ID_1" {
default = "subnet-024f0deda82039fa4"
}
variable "Private_Subnet_ID_2" {
default = "subnet-050d942fa1c46540a"
}
variable "Private_Subnet_ID_3" {
default = "subnet-0946eb806af7377be"
}
variable "Public_Subnet_ID_1" {
default = "subnet-00c363356f133411d"
}
variable "Public_Subnet_ID_2" {
default = "subnet-07aa5e879a262014d"
}
variable "Public_Subnet_ID_3" {
default = "subnet-0073a61bc56a68a3e"
}