Ssoon

[T101-3주차] 03 테라폼 상태 관리하기 - (4) 상태파일격리 - 파일 레이아웃을 이용한 격리 본문

Terraform 101 Study

[T101-3주차] 03 테라폼 상태 관리하기 - (4) 상태파일격리 - 파일 레이아웃을 이용한 격리

구구달스 2022. 11. 1. 01:29 
CloudNet@ 팀의 가시다님이 진행하는 Terraform 101 Study 03주차 정리입니다.

💠 파일 레이아웃을 이용한 격리 - 1

📌격리 수준을 높이기 위해서는 "component" 수준으로 내려가는 것이 바람직 합니다.

"component" 란 ? 일반적으로 함께 배포되는 일관된 리소스 집합

 

 백엔드 리소스 생성 / global/s3/main.tf

provider "aws" {
  region = "ap-northeast-2"
}

resource "aws_s3_bucket" "ssoon_s3bucket" {
  bucket = "ssoon-t101study-tfstate-week3-files"
}

# Enable versioning so you can see the full revision history of your state files
resource "aws_s3_bucket_versioning" "ssoon_s3bucket_versioning" {
  bucket = aws_s3_bucket.ssoon_s3bucket.id
  versioning_configuration {
    status = "Enabled"
  }
}

resource "aws_dynamodb_table" "ssoon_dynamodbtable" {
  name         = "terraform-locks-week3-files"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "LockID"

  attribute {
    name = "LockID"
    type = "S"
  }
}

global/s3/outputs.tf

output "s3_bucket_arn" {
  value       = aws_s3_bucket.ssoon_s3bucket.arn
  description = "The ARN of the S3 bucket"
}

output "dynamodb_table_name" {
  value       = aws_dynamodb_table.ssoon_dynamodbtable.name
  description = "The name of the DynamoDB table"
}

🚩 Console 확인

📢 CLI 확인

VPC & Security Group 생성: main-vpcsg.tf

terraform {
  backend "s3" {
    bucket = "ssoon-t101study-tfstate-week3-files"
    key    = "stage/data-stores/ssoon_sql/terraform.tfstate"
    region = "ap-northeast-2"
    dynamodb_table = "terraform-locks-week3-files"
  }
}

provider "aws" {
  region  = "ap-northeast-2"
}

resource "aws_vpc" "ssoon_vpc" {
  cidr_block       = "10.10.0.0/16"
  enable_dns_hostnames = true

  tags = {
    Name = "t101-study"
  }
}

resource "aws_subnet" "ssoon_subnet3" {
  vpc_id     = aws_vpc.ssoon_vpc.id
  cidr_block = "10.10.3.0/24"

  availability_zone = "ap-northeast-2a"

  tags = {
    Name = "t101-subnet3"
  }
}

resource "aws_subnet" "ssoon_subnet4" {
  vpc_id     = aws_vpc.ssoon_vpc.id
  cidr_block = "10.10.4.0/24"

  availability_zone = "ap-northeast-2c"

  tags = {
    Name = "t101-subnet4"
  }
}

resource "aws_route_table" "ssoon_rt2" {
  vpc_id = aws_vpc.ssoon_vpc.id

  tags = {
    Name = "t101-rt2"
  }
}

resource "aws_route_table_association" "ssoon_rtassociation3" {
  subnet_id      = aws_subnet.ssoon_subnet3.id
  route_table_id = aws_route_table.ssoon_rt2.id
}

resource "aws_route_table_association" "ssoon_rtassociation4" {
  subnet_id      = aws_subnet.ssoon_subnet4.id
  route_table_id = aws_route_table.ssoon_rt2.id
}

resource "aws_security_group" "ssoon_sg2" {
  vpc_id      = aws_vpc.ssoon_vpc.id
  name        = "T101 SG - RDS"
  description = "T101 Study SG - RDS"
}

resource "aws_security_group_rule" "rdssginbound" {
  type              = "ingress"
  from_port         = 0
  to_port           = 3389
  protocol          = "tcp"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.ssoon_sg2.id
}

resource "aws_security_group_rule" "rdssgoutbound" {
  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  security_group_id = aws_security_group.ssoon_sg2.id
}

🚩 Console 확인

 RDS 생성 : stage/data-stores/mysql/main.tf

resource "aws_db_subnet_group" "ssoon_dbsubnet" {
  name       = "ssoon_dbsubnetgroup"
  subnet_ids = [aws_subnet.ssoon_subnet3.id, aws_subnet.ssoon_subnet4.id]

  tags = {
    Name = "ssoon_DB subnet group"
  }
}

resource "aws_db_instance" "ssoon_rds" {
  identifier             = "ssoon-rds"
  engine                 = "mysql"
  allocated_storage      = 10
  instance_class         = "db.t2.micro"
  db_subnet_group_name   = aws_db_subnet_group.ssoon_dbsubnet.name
  vpc_security_group_ids = [aws_security_group.ssoon_sg2.id]
  skip_final_snapshot    = true

  db_name  = var.db_name
  username = var.db_username
  password = var.db_password

  tags = {
    Name = "ssoon-rds"
  }
}

stage/data-stores/mysql/outputs.tf

output "address" {
  value       = aws_db_instance.ssoon_rds.address
  description = "Connect to the database at this endpoint"
}

output "port" {
  value       = aws_db_instance.ssoon_rds.port
  description = "The port the database is listening on"
}

output "vpcid" {
  value       = aws_vpc.ssoon_vpc.id
  description = "ssoon_ VPC Id"
}

stage/data-stores/mysql/variable.tf

# # # # # # # # # # # # # # # # # # # # # # # # 
# REQUIRED PARAMETERS
# You must provide a value for each of these parameters.
# # # # # # # # # # # # # # # # # # # # # # # # 

variable "db_username" {
  description = "The username for the database"
  type        = string
  sensitive   = true
}

variable "db_password" {
  description = "The password for the database"
  type        = string
  sensitive   = true
}

# # # # # # # # # # # # # # # # # # # # # # # 
# OPTIONAL PARAMETERS
# These parameters have reasonable defaults.
# # # # # # # # # # # # # # # # # # # # # # # 

variable "db_name" {
  description = "The name to use for the database"
  type        = string
  default     = "tstudydb"
}

🚩 Console 확인

📢 CLI 확인

 

저작자표시

'Terraform 101 Study' 카테고리의 다른 글

[T101-4주차] 04 테라폼 모듈로 재사용 가능한 인프라 생성하기 - (1) 모듈의 기본  (0) 2022.11.09
[T101-3주차] 03 테라폼 상태 관리하기 - (5) terraform_remote_state 데이터 소스  (0) 2022.11.05
[T101-3주차] 03 테라폼 상태 관리하기 - (4) 상태파일격리 - workspaces 을 통한 격리  (0) 2022.10.31
[T101-2주차] 03 테라폼 상태 관리하기 - (2) 상태파일공유  (0) 2022.10.28
[T101-2주차] 03 테라폼 상태 관리하기 - (1) 테러폼상태란?  (0) 2022.10.27
'Terraform 101 Study' Related Articles more
Comments