greate

dangtong76 · Nov 9, 2024 · ac2f490 · ac2f490
1 parent e8ffe26
commit ac2f490
Show file tree

Hide file tree

Showing 7 changed files with 332 additions and 0 deletions.
diff --git a/xinfra/ec2-greate-single/.gitignore b/xinfra/ec2-greate-single/.gitignore
@@ -0,0 +1,5 @@
+.terraform
+.terraform.lock.hcl
+terraform.tfstate
+.DS_Store
+terraform.tfstate.backup
diff --git a/xinfra/ec2-greate-single/00.provider.tf b/xinfra/ec2-greate-single/00.provider.tf
@@ -0,0 +1,3 @@
+provider "aws" {
+  region = "ap-northeast-2" # 사용할 AWS 리전
+}
diff --git a/xinfra/ec2-greate-single/10.vpc.tf b/xinfra/ec2-greate-single/10.vpc.tf
@@ -0,0 +1,64 @@
+# VPC 생성
+resource "aws_vpc" "dangtong-vpc" {
+  cidr_block           = "10.0.0.0/16"
+  enable_dns_hostnames = true
+  enable_dns_support   = true
+
+  tags = {
+    Name = "dangtong-vpc"
+  }
+}
+# 퍼블릭 서브넷 생성
+resource "aws_subnet" "dangtong-vpc-public-subnet" {
+  for_each = {
+    a = { cidr = "10.0.1.0/24", az = "ap-northeast-2a" }
+    b = { cidr = "10.0.2.0/24", az = "ap-northeast-2b" }
+    c = { cidr = "10.0.3.0/24", az = "ap-northeast-2c" }
+    d = { cidr = "10.0.4.0/24", az = "ap-northeast-2d" }
+  }
+
+  vpc_id                  = aws_vpc.dangtong-vpc.id
+  cidr_block              = each.value.cidr
+  availability_zone       = each.value.az
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "dangtong-vpc-public-subnet-${each.key}"
+  }
+}
+
+# 인터넷 게이트웨이 생성
+resource "aws_internet_gateway" "dangtong-igw" {
+  vpc_id = aws_vpc.dangtong-vpc.id
+
+  tags = {
+    Name = "dangtong-igw"
+  }
+}
+
+# 라우팅 테이블 생성
+resource "aws_route_table" "dangtong-vpc-public-rt" {
+  vpc_id = aws_vpc.dangtong-vpc.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.dangtong-igw.id
+  }
+
+  tags = {
+    Name = "dangtong-vpc-public-rt"
+
+  }
+}
+
+resource "aws_route_table_association" "dangtong-vpc-public-rt" {
+  for_each = {
+    a = aws_subnet.dangtong-vpc-public-subnet["a"].id
+    b = aws_subnet.dangtong-vpc-public-subnet["b"].id
+    c = aws_subnet.dangtong-vpc-public-subnet["c"].id
+    d = aws_subnet.dangtong-vpc-public-subnet["d"].id
+  }
+
+  subnet_id      = each.value
+  route_table_id = aws_route_table.dangtong-vpc-public-rt.id
+}
diff --git a/xinfra/ec2-greate-single/20.security-group.tf b/xinfra/ec2-greate-single/20.security-group.tf
@@ -0,0 +1,27 @@
+resource "aws_security_group" "nginx_sg" {
+  name_prefix = "nginx-sg"
+  vpc_id      = aws_vpc.dangtong-vpc.id 
+
+  ingress {
+    description = "Allow SSH"
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  ingress {
+    description = "Allow HTTP"
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
diff --git a/xinfra/ec2-greate-single/30.ec2.tf b/xinfra/ec2-greate-single/30.ec2.tf
@@ -0,0 +1,61 @@
+# TLS 프라이빗 키 생성 (공개 키 포함)
+resource "tls_private_key" "ec2_private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# AWS에서 키 페어 생성
+resource "aws_key_pair" "ec2_key_pair" {
+  key_name   = "ec2-key_pair" # AWS에서 사용할 키 페어 이름
+  public_key = tls_private_key.ec2_private_key.public_key_openssh
+}
+
+resource "aws_instance" "nginx_instance" {
+  subnet_id = aws_subnet.dangtong-vpc-public-subnet["a"].id
+  ami             = "ami-08b09b6acd8d62254" # Amazon Linux 2 AMI (리전별로 AMI ID가 다를 수 있음)
+  instance_type   = "t2.micro"
+  key_name        = aws_key_pair.ec2_key_pair.key_name # AWS에서 생성한 SSH 키 적용
+  vpc_security_group_ids = [aws_security_group.nginx_sg.id]
+  iam_instance_profile   = aws_iam_instance_profile.ec2_profile.name
+
+  # EC2 시작 시 Nginx 설치 및 실행을 위한 User Data
+  user_data = <<-EOF
+                #!/bin/bash
+                yum update -y
+
+                # Ruby 설치
+                yum install -y ruby wget
+
+                # CodeDeploy Agent 설치
+                cd /home/ec2-user
+                wget https://aws-codedeploy-ap-northeast-2.s3.ap-northeast-2.amazonaws.com/latest/install
+                chmod +x ./install
+                ./install auto
+
+                # CodeDeploy Agent 서비스 시작
+                systemctl start codedeploy-agent
+                systemctl enable codedeploy-agent
+
+                # nginx 설치
+                amazon-linux-extras install nginx1 -y
+                systemctl start nginx
+                systemctl enable nginx
+                EOF
+  tags = {
+    Name        = "nginx-server"
+    Environment = "Production"
+  }
+}
+
+# 출력: EC2 인스턴스의 퍼블릭 IP 주소
+output "nginx_instance_public_ip" {
+  value       = aws_instance.nginx_instance.public_ip
+  description = "Public IP of the Nginx EC2 instance"
+}
+
+# 출력: SSH 접속에 사용할 Private Key
+output "ssh_private_key_pem" {
+  value       = tls_private_key.ec2_private_key.private_key_pem
+  description = "Private key for SSH access"
+  sensitive   = true
+}
diff --git a/xinfra/ec2-greate-single/40.iam.tf b/xinfra/ec2-greate-single/40.iam.tf
@@ -0,0 +1,108 @@
+ # GitHub Actions용 IAM 역할 생성
+resource "aws_iam_role" "github_actions_role" {
+  name = "GithubActionsRole"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
+        }
+      }
+    ]
+  })
+
+  tags = {
+    Name = "github-actions-role"
+  }
+}
+
+# CodeDeploy를 위한 EC2 IAM 역할
+resource "aws_iam_role" "ec2_codedeploy_role" {
+  name = "EC2CodeDeployRole"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      }
+    ]
+  })
+
+  tags = {
+    Name = "ec2-codedeploy-role"
+  }
+}
+
+# CodeDeploy 서비스 역할
+resource "aws_iam_role" "codedeploy_service_role" {
+  name = "CodeDeployServiceRole"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "codedeploy.amazonaws.com"
+        }
+      }
+    ]
+  })
+
+  tags = {
+    Name = "codedeploy-service-role"
+  }
+}
+
+# GitHub Actions 역할에 정책 연결
+resource "aws_iam_role_policy_attachment" "github_actions_s3" {
+  role       = aws_iam_role.github_actions_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "github_actions_codedeploy" {
+  role       = aws_iam_role.github_actions_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess"
+}
+
+# EC2 인스턴스 역할에 정책 연결
+resource "aws_iam_role_policy_attachment" "ec2_codedeploy_s3" {
+  role       = aws_iam_role.ec2_codedeploy_role.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
+}
+
+resource "aws_iam_role_policy_attachment" "ec2_codedeploy" {
+  role       = aws_iam_role.ec2_codedeploy_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
+}
+
+# CodeDeploy 서비스 역할에 정책 연결
+resource "aws_iam_role_policy_attachment" "codedeploy_service" {
+  role       = aws_iam_role.codedeploy_service_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
+}
+
+# EC2 인스턴스 프로파일 생성
+resource "aws_iam_instance_profile" "ec2_profile" {
+  name = "EC2CodeDeployProfile"
+  role = aws_iam_role.ec2_codedeploy_role.name
+}
+
+# 현재 AWS 계정 ID를 가져오기 위한 데이터 소스
+data "aws_caller_identity" "current" {}
+
+# 출력: GitHub Actions 역할 ARN
+output "github_actions_role_arn" {
+  value       = aws_iam_role.github_actions_role.arn
+  description = "ARN of the GitHub Actions IAM Role"
+}
diff --git a/xinfra/ec2-greate-single/50.codedeploy.tf b/xinfra/ec2-greate-single/50.codedeploy.tf
@@ -0,0 +1,64 @@
+# S3 버킷 생성
+resource "aws_s3_bucket" "deploy_bucket" {
+  bucket = "simple-web-deploy-bucket-${data.aws_caller_identity.current.account_id}"  # 고유한 버킷 이름 필요
+}
+
+# S3 버킷 버전 관리 설정
+resource "aws_s3_bucket_versioning" "deploy_bucket_versioning" {
+  bucket = aws_s3_bucket.deploy_bucket.id
+  versioning_configuration {
+    status = "Enabled"
+  }
+}
+
+# CodeDeploy 애플리케이션 생성
+resource "aws_codedeploy_app" "web_app" {
+  name = "simple-web-content"
+}
+
+# CodeDeploy 배포 그룹 생성
+resource "aws_codedeploy_deployment_group" "web_deploy_group" {
+  app_name               = aws_codedeploy_app.web_app.name
+  deployment_group_name  = "simple-web-deploy-group"
+  service_role_arn      = aws_iam_role.codedeploy_service_role.arn
+
+  deployment_style {
+    deployment_option = "WITHOUT_TRAFFIC_CONTROL"
+    deployment_type   = "IN_PLACE"
+  }
+
+  ec2_tag_set {
+    ec2_tag_filter {
+      key   = "Environment"
+      type  = "KEY_AND_VALUE"
+      value = "Production"
+    }
+  }
+
+  auto_rollback_configuration {
+    enabled = true
+    events  = ["DEPLOYMENT_FAILURE"]
+  }
+
+  alarm_configuration {
+    enabled = false
+  }
+}
+
+# S3 버킷 이름 출력
+output "deploy_bucket_name" {
+  value       = aws_s3_bucket.deploy_bucket.id
+  description = "Name of the S3 bucket for deployments"
+}
+
+# CodeDeploy 애플리케이션 이름 출력
+output "codedeploy_app_name" {
+  value       = aws_codedeploy_app.web_app.name
+  description = "Name of the CodeDeploy application"
+}
+
+# CodeDeploy 배포 그룹 이름 출력
+output "codedeploy_deployment_group_name" {
+  value       = aws_codedeploy_deployment_group.web_deploy_group.deployment_group_name
+  description = "Name of the CodeDeploy deployment group"
+}