Return to Tech/infra

terraform main.tf

file:vpc.tf 
# vpc 172.32.0.0/16
resource "aws_vpc" "tf-vpc-172-32" {
    cidr_block = "172.32.0.0/16"
    enable_dns_support = "true"
    enable_dns_hostname = "true"

    tags = {
        Name = "tf-vpc-172-32"
    }
}
file:output.tf 
output "vpc_id" {
    value = aws_vpc.tf-vpc-172-32.id
}
file:igw/igw.tf 
# Internet gateway
data terraform_remote_state "tf172-32" {
    backend = "local"

    config = {
        path = "../terraform.tfstate"
    }
}

resource "aws_internet_gateway" "tf-vpc172-32-igw" {
    vpc_id = data.terraform_remote_state.tf172-32.outputs.vpc_id
    tags = {
        Name = "tf-vpc-172-32-igw"
    }
}
file:igw/output.tf 
output "igwid" {
    value = aws_internet_gateway.tf-vpc-172-32-igw.id
}
file:security/sg.tf 
data terraform_remote_state "tf-172-32" {
    backend = "local"
    config = {
        path = "../terraform.tfstate"
    }
}

resource aws_security_group global-sg-172-32 {
    name = "sgglobal17232"
    description = "sgglobal17232 public"
    vpc_id = data.terraform_remote_state.tf172-32.outputs.vpc_id

    ingress {
        from_port = 80
        to_port = 80
        protocol = "tcp"
        cidr_blocks = [
            "0.0.0.0/0"
        ]
    }

    egress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }

    egress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        ipv6_cidr_blocks = ["::/0"]
    }

    tags = {
        Name = "sgglobal17232"
    }
}
file:security/output.tf 
output "sgglobal" {
    value = aws_security_group.global-sg-172-32.id
}
file:iam/iam.tf 

data "aws_iam_policy_document" "tf-172-32-ec2-policy" {
    statement {
        actions = ["sts:AssumeRole"]
        principals {
            type = "Service"
            identifiers = ["ec2.amazonaws.com"]
        }
    }
}

# SessionManagerを利用可能とする

data "aws_iam_policy" "tf-172-32-ssm-policy" {
    arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
}

resource "aws_iam_role" "tf-172-32-ec2-role" {
    name = "tf-172-32-ec2-role"
    assume_role_policy = data.aws_iam_policy_document.tf-172-32-ec2-policy.json
}

# IAMインスタンスプロファイル作成
resource "aws_iam_instance_profile" "tf-172-32-ec2-profile" {
    name = "tf-172-32-ec2-profile"
    role = aws_iam_role.tf-172-32-ec2-role.name
}

# ポリシーをアタッチ
resource "aws_iam_role_policy_document" "tf-172-32-ec2-role-ssm-policy-attach" {
    role = aws_iam_role.tf-172-32-ec2-role.name
    policy_arn = data.aws_iam_policy.tf-172-32-ssm-policy.arn
}
file:iam/output.tf 
output "aws_iam_instance_profile" {
    value = aws_iam_instance_profile.tf-172-32-ec2-profile.name
}
file:ec2/ec2al2.tf 
data terraform_remote_state "tf172-32-public-network" {
    backend = "local"
    config = {
        path = "../public_network/terraform.tfstate"
    }
}

data terraform_remote_state "tf172-32-iam" {
    backend = "local"
    config = {
        path = "../iam/terraform.tfstate"
    }
}

data terraform_remote_state "tf172-32-sg" {
    backend = "local"
    config = {
        path = "../security/terraform.tfstate"
    }
}

data aws_ssm_parameter al_ami {
    name = "/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2"
}

resource "aws_instance" "ec2-172-32-al2-01" {
    ami = data.aws_ssm_parameter.al_ami.value

    instance_type = "t2.micro"

    subnet_id = data.terraform_remote_state.tf172-32-public-network.outputs.subnet-2a_id
    iam_instance_profile = data.terraform_remote_state.tf172-32-iam.outputs.aws_iam_instance_profile

    vpc_security_group_ids = [
        data.terraform_remote_statte.tf172-32-sg.outputs.sgglobal
    ]

    key_name = "yourkeyname"
    tags = {
        Name = "area172-32-ec2-al2-01"
    }
}
file:publicnetwork/publicnetwork.tf 
data terraform_remote_state "tf172-32" {
    backend = "local"
    config = {
        path = "../terraform.tfstate"
    }
}

data terraform_remote_state "tf172-32-igw" {
    backend = "local"
    config = {
        path = "../igw/terraform.tfstate"
    }
}

resource "aws_route_table" "tf-public-route-table-172-32" {
    vpc_id = data.terraform_remote_state.tf172-32.outputs.vpc_id

    # for Internet Access
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = data.terraform_remote_state.tf172-32-igw.outputs.igwid
    }

    tags = {
        Name = "tf-public-route-table-172-32"
    }
}

resource "aws_subnet" "tf-public-subnet-172-32-2a" {
    vpc_id = data.terraform_remote_state.tf172-32.outputs.vpc_id
    cidr_block = "172.32.0.0/24"
    map_public_ip_on_launch = true
    availability_zone = "us-west-2a"
    tags = {
        Name = "tf-public-subnet-172-32-2a"
    }
}

resource "aws_subnet_table_association" "tf-assoc-rt-172-32-2a" {
    subnet_id = aws_subnet.tf-public-subnet-172-32-2a.id
    route_table_id = aws_route_table.tf-public-route-table-172-32.id
}
file:publicnetwork/output.tf 
output "subnet-2a_id" {
    value = aws_subnet.tf-public-subnet-172-32-2a.id
}
file:alb/alb.tf 
data terraform_remote_state "tf172-32" {
    backend = "local"
    config = {
        path = "../terraform.tfstate"
    }
}

data terraform_remote_state "tf172-32-sg" {
    backend = "local"
    config = {
        path = "../security/terraform.tfstate"
    }
}

data terraform_remote_state "tf17232-net" {
    backend = "local"
    config = {
        path = "./public_network/terraform.tfstate"
    }
}

resource "aws_lb" "tf-alb172-32" {
    name = "tf-alb172-32"

    load_balancer_type = "application"
    internal = false
    idle_timeout = 60
    enable_deletion_protection = false

    subnets = [
        data.terraform_remote_state.tf172-32-net.outputs.subnet-2c_id,
        data.terraform_remote_state.tf172-32-net.outputs.subnet-2d_id,
    ]

    security_groups = [
        data.terraform_remote_state.tf172-32-sg.outputs.sgglobal
    ]
}

resource "aws_lb_listener" "tf-alb-listener-http172-32" {
    load_balancer_arn = aws_lb.tf-alb172-32.arn
    port = "80"
    protocol = "HTTP"

    default_action {
        type = "fixed-response"

        fixed_response {
            content_type = "text/plain"
            message_body = "this is http alb"
            status_code = "200"
        }
    }
}

# Listener Target Group
resource "aws_lb_target_group" "tf-tg-http172-32" {
    name = "tf-tg-http172-32"
    vpc_id = data.terraform_remote_state.tf172-32.outputs.vpc_id
    port = 80
    protocol = "HTTP"

    health_check {
        interval = 30
        path = "/index.html"
        port = 80
        protocol = "HTTP"
        timeout = 5
        unhealthy_threshold = 2
        matcher = 200
    }
}

# Listener HTTPS
resource "aws_lb_listener" "tf-alb-listener-https172-32" {
    load_balaner_arn = aws_lb.tf-alb172-32.arn
    port = 443
    protocol = "HTTPS"
    ssl_policy = "ELBSecurityPolicy-20??-??"
    certificate_arn = "arn:aws:acm:REGION:ACCOUNTID:certificate/01234ABCDE"

    default_action {
        type = "forward"
        target_group_arn = aws_lb_target_group.tf-tg-http172-32.arn
    }
}
file:ecs/alb.tf 
resource "aws_ecs_cluster" "ecs172-32" {
    name = "ecs-172-32"
}

resource "aws_ecs_task_definition" "task172-32-01 {
    family = "task172-32-01"
    cpu = "256"
    memory = "512"
    network_mode = "awsvpc"
    requires_compatibilities = ["FARGATE"]
    container_definitions = file("./container_definitions.json")
}

resource "aws_ecs_service" "svc-172-32-01" {
    name = "svc172-32-01"
    cluster = aws_ecs_cluster.ecs172-32.arn
    task_definition = aws_ecs_task_definition.task172-32-01.arn
    desired_count = 1
    launch_type= "FARGATE"
    platform_version = "1.4.0"
    health_check_grace_period_seconds = 60
}
file:ecs/container_definitions.json 
[
    {
        "name": "nginx",
        "image": "nginx:latest",
        "essential": true,
        "portMappings": [
            {
                "protocol": "tcp",
                "containerPort": 80
            }
        ]
    }
]
Return to Tech/infra/Terraform
Return to Tech/infra