728x90
SMALL
link: https://github.com/rookieboba/Terraform-3tier-architecture-AWS
AWS 아키텍처 다이어그램
- 3 tier architecture (draw.io 이용)
AWS CLI로 AWS 아키텍처 terraform 띄우기
1️⃣ CloudFormation Stack에서 생성된 리소스 목록 가져오기
aws cloudformation describe-stack-resources --stack-name cf.stack더보기
예시 결과
{
"StackResources": [
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "WebServer",
"PhysicalResourceId": "i-0ab12345cde678fgh",
"ResourceType": "AWS::EC2::Instance",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "AppServer",
"PhysicalResourceId": "i-0fgh67890ijk123abc",
"ResourceType": "AWS::EC2::Instance",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "Database",
"PhysicalResourceId": "db-xyz987654321",
"ResourceType": "AWS::RDS::DBInstance",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "VPC",
"PhysicalResourceId": "vpc-abc12def34gh56ij7",
"ResourceType": "AWS::EC2::VPC",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "PublicSubnet",
"PhysicalResourceId": "subnet-9876ab12cde34fgh5",
"ResourceType": "AWS::EC2::Subnet",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "PrivateSubnet",
"PhysicalResourceId": "subnet-12345def67ab89ghi",
"ResourceType": "AWS::EC2::Subnet",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
},
{
"StackName": "cf.stack",
"StackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/cf.stack/a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"LogicalResourceId": "ALB",
"PhysicalResourceId": "alb-0xy123z456ab78def",
"ResourceType": "AWS::ElasticLoadBalancingV2::LoadBalancer",
"Timestamp": "2025-02-10T10:00:00.000Z",
"ResourceStatus": "CREATE_COMPLETE"
}
]
}2️⃣ Terraform Import 실행
- CloudFormation이 생성한 모든 리소스를 Terraform 코드로 가져오기
더보기
# Terraformer로 AWS 리소스 Import
git clone https://github.com/GoogleCloudPlatform/terraformer
cd terraformer
go build -o terraformer .
sudo mv terraformer /usr/local/bin/
# 설치 확인
terraformer --version
mkdir ~/terraform-3tier-architecture
cd ~/terraform-3tier-architecture
# AWS 프로필 설정 (필요 시):
export AWS_PROFILE=<profile-name>
export AWS_REGION=<region>
# terraformer 실행
terraformer import aws \
--resources=all \
--regions=<region> \
--filter=Name=stack-name;Value=<stack-name>
# 파일 정리
mv generated/aws/provider.tf provider.tf
mv generated/aws/terraform.tfstate terraform.tfstate
mv generated/aws/*.tf .
# 네트워크 관련 파일 이동
mkdir vpc networking compute database
mv aws_vpc*.tf aws_subnet*.tf vpc/
mv aws_route_table*.tf aws_nat_gateway*.tf networking/
# 컴퓨팅 및 데이터베이스 관련 파일 이동
mv aws_instance*.tf aws_elb*.tf compute/
mv aws_db_instance*.tf aws_db_subnet_group*.tf database/3️⃣ Terraform 코드 정리
- 간결하게 정리하는 게 더 좋다. variables.tf 추가
📁 terraform-3tier-architecture/
│── 📄 provider.tf # AWS 프로바이더 설정
│── 📄 variables.tf # 변수 정의
│── 📄 terraform.tfvars # 변수 값 설정
│── 📄 main.tf # 모든 모듈을 연결하는 메인 파일
│── 📄 outputs.tf # 주요 리소스 출력
├── 📁 vpc/ # VPC 및 Subnet
│ ├── 📄 aws_vpc.tf
│ ├── 📄 aws_subnet.tf
│ ├── 📄 aws_internet_gateway.tf
│ ├── 📄 aws_nat_gateway.tf
│ ├── 📄 aws_security_group.tf
├── 📁 networking/ # Routing Table 설정
│ ├── 📄 aws_route_table.tf
├── 📁 compute/ # EC2 인스턴스 및 로드밸런서
│ ├── 📄 aws_instance.tf
│ ├── 📄 aws_alb.tf
│ ├── 📄 aws_nlb.tf- 최종 결과
더보기
(1) provider.tf - AWS 프로바이더 설정
provider "aws" {
region = var.aws_region
}(2) variables.tf - 변수 정의
# 변수 정의
variable "aws_region" {
description = "AWS Region"
type = string
default = "ap-northeast-2" # 서울 리전
}
variable "vpc_cidr" {
description = "VPC CIDR Block"
type = string
default = "10.0.0.0/16"
}
variable "public_subnet_cidrs" {
description = "Public Subnet CIDR Blocks"
type = list(string)
default = ["10.0.1.0/24", "10.0.2.0/24"]
}
variable "private_subnet_cidrs" {
description = "Private Subnet CIDR Blocks"
type = list(string)
default = ["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
}
variable "instance_type" {
description = "EC2 Instance Type"
type = string
default = "t3.micro"
}
variable "alb_name" {
description = "Application Load Balancer Name"
type = string
default = "app-alb"
}
variable "nlb_name" {
description = "Network Load Balancer Name"
type = string
default = "app-nlb"
}
variable "key_name" {
description = "Name of the AWS Key Pair"
type = string
default = "my-key-pair"
}(3) terraform.tfvars (변수 값 설정 파일)
# 변수 값 설정
aws_region = "ap-northeast-2"
vpc_cidr = "10.0.0.0/16"
public_subnet_cidrs = ["10.0.1.0/24", "10.0.2.0/24"]
private_subnet_cidrs = ["10.0.3.0/24", "10.0.4.0/24", "10.0.5.0/24", "10.0.6.0/24"]
instance_type = "t3.micro"
alb_name = "web-alb"
nlb_name = "app-nlb"
key_name = "your-key-pair-name"
(4) main.tf (모든 리소스 연결 메인 파일)
# 메인 파일: 모든 모듈 연결
module "vpc" {
source = "./vpc"
}
module "networking" {
source = "./networking"
}
module "compute" {
source = "./compute"
}(5) outputs.tf (주요 리소스 정보 출력)
# 주요 리소스 출력
output "vpc_id" {
value = module.vpc.vpc_id
}
output "public_subnet_ids" {
value = module.vpc.public_subnet_ids
}
output "private_subnet_ids" {
value = module.vpc.private_subnet_ids
}
output "web_server_ips" {
value = module.compute.web_server_ips
}
output "alb_dns_name" {
value = module.compute.alb_dns_name
}
output "nlb_dns_name" {
value = module.compute.nlb_dns_name
}
(6) vpc/aws_vpc.tf - VPC 및 서브넷
# VPC 설정
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
enable_dns_support = true
enable_dns_hostnames = true
tags = {
Name = "MainVPC"
}
}(7) vpc/aws_subnet.tf - 라우팅 설정
# 서브넷 설정
resource "aws_subnet" "public" {
count = length(var.public_subnet_cidrs)
vpc_id = aws_vpc.main.id
cidr_block = var.public_subnet_cidrs[count.index]
map_public_ip_on_launch = true
tags = {
Name = "PublicSubnet-${count.index + 1}"
}
}
resource "aws_subnet" "private" {
count = length(var.private_subnet_cidrs)
vpc_id = aws_vpc.main.id
cidr_block = var.private_subnet_cidrs[count.index]
tags = {
Name = "PrivateSubnet-${count.index + 1}"
}
}
(8) vpc/aws_internet_gateway.tf - EInstance
# 인터넷 게이트웨이 설정
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "InternetGateway"
}
}(9) vpc/aws_nat_gateway.tf
# NAT Gateway 설정
resource "aws_nat_gateway" "nat" {
allocation_id = aws_eip.nat.id
subnet_id = aws_subnet.public[0].id
tags = {
Name = "NATGateway"
}
}
resource "aws_eip" "nat" {
vpc = true
}(10) networking/aws_route_table.tf
# 라우팅 테이블 설정
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
tags = {
Name = "PublicRouteTable"
}
}
resource "aws_route_table" "private" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat.id
}
tags = {
Name = "PrivateRouteTable"
}
}
resource "aws_route_table_association" "public" {
count = length(aws_subnet.public)
subnet_id = aws_subnet.public[count.index].id
route_table_id = aws_route_table.public.id
}
resource "aws_route_table_association" "private" {
count = length(aws_subnet.private)
subnet_id = aws_subnet.private[count.index].id
route_table_id = aws_route_table.private.id
}(11) compute/aws_instance.tf
# EC2 인스턴스 설정 (총 6대)
resource "aws_instance" "web_server_1" {
ami = "ami-0abcdef1234567890"
instance_type = var.instance_type
subnet_id = aws_subnet.public[0].id
key_name = var.key_name
tags = {
Name = "WebServer-1"
}
}
resource "aws_instance" "web_server_2" {
ami = "ami-0abcdef1234567890"
instance_type = var.instance_type
subnet_id = aws_subnet.public[1].id
key_name = var.key_name
tags = {
Name = "WebServer-2"
}
}
resource "aws_instance" "was_server_1" {
ami = "ami-0abcdef1234567890"
instance_type = var.instance_type
subnet_id = aws_subnet.private[0].id
key_name = var.key_name
tags = {
Name = "WASServer-1"
}
}
resource "aws_instance" "was_server_2" {
ami = "ami-0abcdef1234567890"
instance_type = var.instance_type
subnet_id = aws_subnet.private[1].id
key_name = var.key_name
tags = {
Name = "WASServer-2"
}
}
resource "aws_instance" "db_server_1" {
ami = "ami-0abcdef1234567890"
instance_type = var.instance_type
subnet_id = aws_subnet.private[2].id
key_name = var.key_name
tags = {
Name = "DBServer-1"
}
}
resource "aws_instance" "db_server_2" {
ami = "ami-0abcdef1234567890"
instance_type = var.instance_type
subnet_id = aws_subnet.private[3].id
key_name = var.key_name
tags = {
Name = "DBServer-2"
}
}(12) compute/aws_alb.tf
# Application Load Balancer 설정
resource "aws_lb" "alb" {
name = var.alb_name
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.default.id]
subnets = aws_subnet.public[*].id
tags = {
Name = "AppALB"
}
}
(13) compute/aws_nlb.tf
# Network Load Balancer 설정
resource "aws_lb" "nlb" {
name = var.nlb_name
internal = true
load_balancer_type = "network"
subnets = aws_subnet.private[*].id
tags = {
Name = "AppNLB"
}
}- terraform plan 확인 필수
terraform init
terraform plan
terraform apply -auto-approveLIST
'🔹 DevOps' 카테고리의 다른 글
| OpenSearch 또는 ECK 기반의 로깅 시스템 구축 및 고도화 (1) | 2025.02.17 |
|---|---|
| GitOps 작동 방식 (간단한 흐름) (1) | 2025.02.14 |
| EKS / GitHub Actions & ArgoCD를 활용 CI/CD 배포 파이프라인 구축 및 운영 (전체 과정) (1) | 2025.02.14 |
| Ansible 사용 Ceph 설치 (0) | 2025.01.27 |
| Terraform 주요 명령어 정리 (0) | 2024.03.10 |