Merge pull request #11 from CloudProjectD/feat/module-ec2

[Feat] create module ec2
CloudProjectD · Dec 4, 2023 · 2aa58aa · 2aa58aa
2 parents 3ebf155 + c1ccdbe
commit 2aa58aa
Show file tree

Hide file tree

Showing 5 changed files with 223 additions and 44 deletions.
diff --git a/module-ec2/main.tf b/module-ec2/main.tf
@@ -0,0 +1,179 @@
+provider "aws" {
+  region = var.aws_region
+}
+
+# ami
+data "aws_ami" "ubuntu" {
+  most_recent = true
+
+  filter {
+    name   = "name"
+    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
+  }
+
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  owners = ["099720109477"] # Canonical
+}
+
+# bastion host ec2 instance
+resource "aws_instance" "bastion-host" {
+  ami           = data.aws_ami.ubuntu.id
+  instance_type = "t2.micro"
+  subnet_id     = var.bastion_subnet_id
+  key_name      = "vockey1"
+
+  tags = {
+    Name = "${var.env_name}-bastion"
+  }
+}
+
+# eip
+resource "aws_eip" "bastion" {
+  instance = aws_instance.bastion-host.id
+  domain   = "vpc"
+}
+
+# security groups
+resource "aws_security_group" "bastion-sg" {
+  name   = "bastion-sg"
+  vpc_id = var.vpc_id
+
+  ingress {
+    from_port   = 22
+    to_port     = 22
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "asg-alb-sg" {
+  name   = "asg-alb-sg"
+  vpc_id = var.vpc_id
+
+  ingress {
+    from_port       = 80
+    to_port         = 80
+    protocol        = "tcp"
+    security_groups = [aws_security_group.alb-sg.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "asg-bastion-sg" {
+  name   = "asg-bastion-sg"
+  vpc_id = var.vpc_id
+
+  ingress {
+    from_port       = 22
+    to_port         = 22
+    protocol        = "tcp"
+    security_groups = [aws_security_group.bastion-sg.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+resource "aws_security_group" "alb-sg" {
+  name   = "alb-sg"
+  vpc_id = var.vpc_id
+
+  ingress {
+    from_port   = 80
+    to_port     = 80
+    protocol    = "tcp"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}
+
+# auto scaling group
+resource "aws_launch_configuration" "khu-launch-config" {
+  image_id        = data.aws_ami.ubuntu.id
+  instance_type   = "t2.micro"
+  security_groups = [aws_security_group.asg-alb-sg.id, aws_security_group.asg-bastion-sg.id]
+  key_name        = "vockey2"
+
+  lifecycle {
+    create_before_destroy = true
+  }
+}
+
+resource "aws_autoscaling_group" "khu-asg" {
+  launch_configuration = aws_launch_configuration.khu-launch-config.name
+  vpc_zone_identifier  = var.private_subnet_ids
+
+  target_group_arns = [aws_lb_target_group.khu-alb-tg.arn]
+  # lb tg가 생성되어 arn이 지정된 후 사용 가능하므로 
+  depends_on        = [aws_lb_target_group.khu-alb-tg]
+  health_check_type = "ELB"
+
+  desired_capacity = 2
+  min_size         = 2
+  max_size         = 5
+}
+
+# load balancer
+resource "aws_lb" "khu-alb" {
+  name               = "khu-alb"
+  internal           = false
+  load_balancer_type = "application"
+
+  security_groups = [aws_security_group.alb-sg.id]
+  subnets         = var.private_subnet_ids
+
+  tags = {
+    Name = "${var.env_name}-alb"
+  }
+}
+
+resource "aws_lb_listener" "khu-alb-listner" {
+  load_balancer_arn = aws_lb.khu-alb.arn
+  port              = 80
+  protocol          = "HTTP"
+
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.khu-alb-tg.arn
+  }
+}
+
+resource "aws_lb_target_group" "khu-alb-tg" {
+  name     = "khu-alb-tg"
+  port     = 8000
+  protocol = "HTTP"
+  vpc_id   = var.vpc_id
+}
+
+resource "aws_lb_target_group_attachment" "khu-tg-attach" {
+  target_group_arn = aws_lb_target_group.khu-alb-tg.arn
+  target_id        = aws_autoscaling_group.khu-asg.id
+  port             = 8000
+}
diff --git a/module-ec2/outputs.tf b/module-ec2/outputs.tf
@@ -0,0 +1,14 @@
+output "bastion_public_ip" {
+  description = "Public IP address of the bastion host."
+  value       = aws_eip.bastion.public_ip
+}
+
+output "alb_dns_name" {
+  description = "DNS name of the Application Load Balancer."
+  value       = aws_lb.khu-alb.dns_name
+}
+
+output "autoscaling_group_name" {
+  description = "Name of the Auto Scaling group."
+  value       = aws_autoscaling_group.khu-asg.name
+}
diff --git a/module-ec2/variables.tf b/module-ec2/variables.tf
@@ -0,0 +1,28 @@
+variable "aws_region" {
+  type    = string
+  default = "us-east-1"
+}
+
+variable "env_name" {
+  type = string
+}
+
+variable "vpc_id" {
+  type = string
+}
+
+variable "bastion_subnet_id" {
+  type = string
+}
+
+variable "private_subnet_a_id" {
+  type = string
+}
+
+variable "private_subnet_b_id" {
+  type = string
+}
+
+variable "private_subnet_ids" {
+  type = list(any)
+}
diff --git a/module-network/main.tf b/module-network/main.tf
@@ -110,46 +110,4 @@ resource "aws_route_table_association" "public-a-association" {
 resource "aws_route_table_association" "public-b-association" {
   subnet_id      = aws_subnet.public-subnet-b.id
   route_table_id = aws_route_table.public-route.id
-}
-
-# bastion sg
-resource "aws_security_group" "bastion-sg" {
-  name        = "bastion-sg"
-  description = "Allow ssh inbound traffic"
-  vpc_id      = aws_vpc.main.id
-
-  ingress {
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-# private ec2 sg
-resource "aws_security_group" "private-sg" {
-  name        = "private-sg"
-  description = "Allow inbound traffic for private ec2"
-  vpc_id      = aws_vpc.main.id
-
-  ingress {
-    from_port       = 22
-    to_port         = 22
-    protocol        = "tcp"
-    security_groups = [aws_security_group.bastion-sg.id]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
 }
diff --git a/module-network/outputs.tf b/module-network/outputs.tf
@@ -13,14 +13,14 @@ output "subnet_ids" {
   ]
 }
 
-output "asg_subnet_ids" {
+output "asg_private_subnet_ids" {
   value = [
     aws_subnet.private-subnet-a.id,
     aws_subnet.private-subnet-b.id,
   ]
 }
 
-output "db_subnet_ids" {
+output "db_private_subnet_ids" {
   value = [
     aws_subnet.private-subnet-c.id,
     aws_subnet.private-subnet-d.id,