일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
- c3 축 없애기
- python os
- influxdb 설치
- 정규식 컴파일
- 정규식 문자열 출력
- gcc regex
- centos pyhon 설치
- python popen
- CentOS7
- snmp
- 백준
- g++ 업데이트
- 1697
- subporcess path
- semanage
- regex_search
- telegraf
- 정규식 활용
- c3 step graph
- snmp test
- grafana dashboard
- selinux port 등록
- c3 축 가리기
- gcc 업데이트
- python subprocess
- InfluxDB
- linux시간으로 변경
- c++ 정규식
- c3 second
- c3 초
- Today
- Total
리셋 되지 말자
[Terraform] AWS - EC2 Keypair RDS 생성 테스트 본문
환경
os : ubuntu18.04
가입된 aws 계정
terraform : 설치방법
참고 사이트
https://www.44bits.io/ko/post/terraform_introduction_infrastrucute_as_code
https://honglab.tistory.com/114
소스코드
https://github.com/Penguin135/IaC/tree/main/terraform/aws
example-2
IAM 계정 생성 및 ACCESS KEY 획득
root 계정의 권한으로 aws에서 어떤 작업을 하는건 권장되지 않는 방식이다.
특정 작업의 최소권한만 부여하는것이 중요하다.
최소권한까지는 아니더라도 큰 덩어리로 권한을 가진 계정을 따로 생성하여 사용해본다.
1. aws 콘솔 로그인
IAM 생성을 위해 루트 계정으로 로그인
2. IAM 서비스로 이동
3. 사용자 추가 선택
4. 사용자 생성 : 사용자 이름 입력 -> 액세스 유형 '프로그래밍 방식 엑세스' 체크
5. 권한 선택 : 기존 정책 직접 연결 -> ec2 검색 -> AmazonEC2FullAccess 체크
6. 생략
7. 사용자 생성 마무리 : 우측 하단 '사용자 만들기'
8. Access Key, Secret Key 획득
Access Key, Secret Key를 환경변수로 등록
vagrant@Vagrant-VM01:~/terraform/example-1$ export AWS_ACCESS_KEY_ID=AKIAVYDYMS3KT3YQCKFQ
vagrant@Vagrant-VM01:~/terraform/example-1$ export AWS_SECRET_ACCESS_KEY=skip
Terraform versions.tf 스크립트 작성
테라폼은 모든 tf 파일을 읽어와서 그래프 식으로 구성한다고 한다. 즉 파일 이름은 별 상관이 없다. 그냥 본인이 유지보수하기 쉽게, 알아보기 쉽게 네이밍한다.
1. 디렉토리 생성 및 이동
vagrant@Vagrant-VM01:~$ mkdir -p terraform/example-1
vagrant@Vagrant-VM01:~$ cd terraform/example-1/
2. versions.tf 작성
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
}
}
provider "aws" {
access_key = ""
secret_key = ""
region = "ap-northeast-2"
}
테라폼의 provider로 aws 지정
region은 ap-northeast-2(서울) 리전으로 선택
Terraform init 테스트
versions.tf가 있는 디렉토리 위치에서 terraform init 명령어 실행
1. terraform init
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform init
Initializing the backend...
Initializing provider plugins...
- Finding hashicorp/aws versions matching "~> 3.0"...
- Installing hashicorp/aws v3.44.0...
- Installed hashicorp/aws v3.44.0 (self-signed, key ID 34365D9472D7468F)
Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html
Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.
If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
successfully initialized 문구 확인
2. provider가 추가된 것을 확인
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform version
Terraform v0.14.8
+ provider registry.terraform.io/hashicorp/aws v3.44.0
key pair 생성
본격적인 aws resource 정의를 위해 main.tf 로 구분한다.
vagrant@Vagrant-VM01:~/terraform/example-1$ ls
main.tf versions.tf
1. ssh 키 생성
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/vagrant/.ssh/id_rsa.
Your public key has been saved in /home/vagrant/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:aAuSQAQOWH94WN0ixBfzWfcQtM0WVLn3JBAWcUZPpKU vagrant@Vagrant-VM01
The key's randomart image is:
+---[RSA 2048]----+
|*+. oo.oo **X=B|
|= . +o +o.+.+ &.|
|.. + oo .o .E B|
| . . o . .oo|
| o . o S oo|
| . o . .|
| . |
| |
| |
+----[SHA256]-----+
aws의 key페어에 사용할 ssh key를 ubuntu 에서 생성한다.
2. ssh key 생성 확인
vagrant@Vagrant-VM01:~/terraform/example-1$ ls ~/.ssh/
authorized_keys id_rsa id_rsa.pub
3. main.tf 작성
resource "aws_key_pair" "ec2-test" { # ec2-test라는 이름의 aws_key_pair라는 타입의 리소스를 정의한다.
key_name = "ec2-test" # 생성될 키페어의 이름
public_key = file("~/.ssh/id_rsa.pub") # 키페어에 사용할 public key 지정
}
4. terraform plan 테스트
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform plan
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.ec2-test will be created
+ resource "aws_key_pair" "ec2-test" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "ec2-test"
+ key_pair_id = (known after apply)
+ public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh6KImZO9wM2f37+vKzRA/lM5RMBh3j+hBeWXeGmyxZ2qSbDUnYeI8TjYRh3XK5VbdgC/Ert1cm5wFPr/pwknV8/phKzxu2ZvSuXGLoCbDJUKaiIu+bzYyN7anSnrP5iC9pE8mMfgMBk0soy3MIGPZsAjzybD9dLth7wBYLpmd2y71aBsKd/pT06gs1gZyRIFGGpBYCmxBa+Zl+Pn0LfeXrLaaROYI9JrU9/93EebYsbYythsjYOulQrMsemnlAYNl8LcBuajFfihqFI+7f3OU7GjwKLafrz1CPzXI8G/uqliQd+v0ylbr0IqanentoiQw9qztpAp2+SrQC32W6zWT vagrant@Vagrant-VM01"
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
키페어 하나가 생성된다는 것을 확인할 수 있다.
5. terraform apply
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_key_pair.ec2-test will be created
+ resource "aws_key_pair" "ec2-test" {
+ arn = (known after apply)
+ fingerprint = (known after apply)
+ id = (known after apply)
+ key_name = "ec2-test"
+ key_pair_id = (known after apply)
+ public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh6KImZO9wM2f37+vKzRA/lM5RMBh3j+hBeWXeGmyxZ2qSbDUnYeI8TjYRh3XK5VbdgC/Ert1cm5wFPr/pwknV8/phKzxu2ZvSuXGLoCbDJUKaiIu+bzYyN7anSnrP5iC9pE8mMfgMBk0soy3MIGPZsAjzybD9dLth7wBYLpmd2y71aBsKd/pT06gs1gZyRIFGGpBYCmxBa+Zl+Pn0LfeXrLaaROYI9JrU9/93EebYsbYythsjYOulQrMsemnlAYNl8LcBuajFfihqFI+7f3OU7GjwKLafrz1CPzXI8G/uqliQd+v0ylbr0IqanentoiQw9qztpAp2+SrQC32W6zWT vagrant@Vagrant-VM01"
+ tags_all = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_key_pair.ec2-test: Creating...
aws_key_pair.ec2-test: Creation complete after 0s [id=ec2-test]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
terraform plan대로 실제로 적용된 것을 확인할 수 있다.
6. 생성된 key pair 확인
aws의 EC2 콘솔에서 좌측의 '키 페어' 메뉴를 선택하면 'ec2-test'라는 이름의 키페어가 생성된 것을 확인할 수 있다.
security group 생성
테라폼으로 생성할 ec2 가상머신과 mysql RDS를 위한 security group을 생성한다. main.tf 에 이어서 작성하면 된다
1. main.tf 에 스크립트 추가
resource "aws_security_group" "ssh_mysql" {
name = "allow_ssh_mysql_from_all"
description = "Allow SSH Mysql port from all"
ingress = [ {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 22"
from_port = 22
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 22
}, {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 3306"
from_port = 3306
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 3306
} ]
}
2. terraform plan
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform plan
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_security_group.ssh_mysql will be created
+ resource "aws_security_group" "ssh_mysql" {
+ arn = (known after apply)
+ description = "Allow SSH Mysql port from all"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "port 22"
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "port 3306"
+ from_port = 3306
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 3306
},
]
+ name = "allow_ssh_mysql_from_all"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
3. terraform apply
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_security_group.ssh_mysql will be created
+ resource "aws_security_group" "ssh_mysql" {
+ arn = (known after apply)
+ description = "Allow SSH Mysql port from all"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = [
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "port 22"
+ from_port = 22
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 22
},
+ {
+ cidr_blocks = [
+ "0.0.0.0/0",
]
+ description = "port 3306"
+ from_port = 3306
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 3306
},
]
+ name = "allow_ssh_mysql_from_all"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_security_group.ssh_mysql: Creating...
aws_security_group.ssh_mysql: Creation complete after 2s [id=sg-098cb002660d4bca4]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
4. security group 생성 확인
5. (필수 아님) tags를 이용한 Name 설정
- tags 추가
resource "aws_security_group" "ssh_mysql" {
name = "allow_ssh_mysql_from_all"
description = "Allow SSH Mysql port from all"
ingress = [ {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 22"
from_port = 22
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 22
}, {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 3306"
from_port = 3306
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 3306
} ]
tags = {
Name = "ec2-test"
}
}
resource에 tags를 추가해서 이름을 설정할 수 있다.
- terraform plan
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform plan
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_security_group.ssh_mysql will be updated in-place
~ resource "aws_security_group" "ssh_mysql" {
id = "sg-098cb002660d4bca4"
name = "allow_ssh_mysql_from_all"
~ tags = {
+ "Name" = "ec2-test"
}
~ tags_all = {
+ "Name" = "ec2-test"
}
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
- terraform apply
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_security_group.ssh_mysql will be updated in-place
~ resource "aws_security_group" "ssh_mysql" {
id = "sg-098cb002660d4bca4"
name = "allow_ssh_mysql_from_all"
~ tags = {
+ "Name" = "ec2-test"
}
~ tags_all = {
+ "Name" = "ec2-test"
}
# (7 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_security_group.ssh_mysql: Modifying... [id=sg-098cb002660d4bca4]
aws_security_group.ssh_mysql: Modifications complete after 1s [id=sg-098cb002660d4bca4]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
- ec2 대시보드의 security group 확인
'ec2-test'라는 Name이 추가된 것을 확인할 수 있다.
ec2 가상머신 생성 및 접속
위에서 생성한 키페어, 보안그룹을 사용하여 ec2 가상머신을 생성하고, 접속해본다.
1. main.tf 에 스크립트 추가
resource "aws_instance" "web" {
ami = "ami-0ba5cd124d7a79612" # ubuntu 18.04 이미지
instance_type = "t2.micro" # 가상머신의 type 지정
key_name = aws_key_pair.ec2-test.key_name # main.tf 에 정의되어 있는 'ec2-test' 키페어의 이름
vpc_security_group_ids = [ # main.tf 에 정의되어 있는 security group(ssh_mysql)의 id
aws_security_group.ssh_mysql.id
]
}
ami 이미지의 id는 검색해보거나 또는 ec2 가상머신 생성을 진행하다 보면, ami id를 확인할 수 있다.
2. terraform plan
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform plan
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.web will be created
+ resource "aws_instance" "web" {
+ ami = "ami-0ba5cd124d7a79612"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "ec2-test"
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags_all = (known after apply)
+ tenancy = (known after apply)
+ vpc_security_group_ids = [
+ "sg-098cb002660d4bca4",
]
+ capacity_reservation_specification {
+ capacity_reservation_preference = (known after apply)
+ capacity_reservation_target {
+ capacity_reservation_id = (known after apply)
}
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ enclave_options {
+ enabled = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
3. terraform apply
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_instance.web will be created
+ resource "aws_instance" "web" {
+ ami = "ami-0ba5cd124d7a79612"
+ arn = (known after apply)
+ associate_public_ip_address = (known after apply)
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ id = (known after apply)
+ instance_initiated_shutdown_behavior = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t2.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = "ec2-test"
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ secondary_private_ips = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags_all = (known after apply)
+ tenancy = (known after apply)
+ vpc_security_group_ids = [
+ "sg-098cb002660d4bca4",
]
+ capacity_reservation_specification {
+ capacity_reservation_preference = (known after apply)
+ capacity_reservation_target {
+ capacity_reservation_id = (known after apply)
}
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ enclave_options {
+ enabled = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ metadata_options {
+ http_endpoint = (known after apply)
+ http_put_response_hop_limit = (known after apply)
+ http_tokens = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
+ root_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_instance.web: Creating...
aws_instance.web: Still creating... [10s elapsed]
aws_instance.web: Still creating... [20s elapsed]
aws_instance.web: Creation complete after 22s [id=i-05f905b61c4b131af]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
4. ec2 대시보드에서 생성된 인스턴스 확인
여기서도 tags를 사용하면 Name 설정이 가능하다(생략)
5. terraform console에서 인스턴스의 ip 확인
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform console
> aws_instance.web.public_ip
"3.36.133.214"
ec2 대시보드에서 확인 가능하다
6. 생성된 인스턴스에 접속
vagrant@Vagrant-VM01:~/terraform/example-1$ ssh -i ~/.ssh/id_rsa ubuntu@3.36.133.214
The authenticity of host '3.36.133.214 (3.36.133.214)' can't be established.
ECDSA key fingerprint is SHA256:Vj7UDZUdECcxyCkRVPB6z7JNh1wyMBAMB8LXtk7fcfM.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '3.36.133.214' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1045-aws x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
System information as of Mon Jun 7 05:31:45 UTC 2021
System load: 0.01 Processes: 96
Usage of /: 14.7% of 7.69GB Users logged in: 0
Memory usage: 19% IP address for eth0: 172.31.9.42
Swap usage: 0%
0 packages can be updated.
0 of these updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.
ubuntu@ip-172-31-9-42:~$
키페어에 사용한 id_rsa.pub의 private key인 id_rsa를 이용하여 접속
인스턴스 생성에 사용한 이미지가 ubuntu 이미지라서 계정 이름이 ubuntu 이다. amazon linux를 썻다면 ec2-user일 것이다.
MySQL RDS 생성
1. main.tf 에 스크립트 추가
resource "aws_db_instance" "ec2-test" {
allocated_storage = 8
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
username = "admin"
password = "admin-password"
skip_final_snapshot = true
}
password가 8글자 이상이어야 함을 주의한다
2. terraform plan
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform plan
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
aws_instance.web: Refreshing state... [id=i-05f905b61c4b131af]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_db_instance.ec2-test will be created
+ resource "aws_db_instance" "ec2-test" {
+ address = (known after apply)
+ allocated_storage = 8
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ backup_retention_period = (known after apply)
+ backup_window = (known after apply)
+ ca_cert_identifier = (known after apply)
+ character_set_name = (known after apply)
+ copy_tags_to_snapshot = false
+ db_subnet_group_name = (known after apply)
+ delete_automated_backups = true
+ endpoint = (known after apply)
+ engine = "mysql"
+ engine_version = "5.7"
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ identifier = (known after apply)
+ identifier_prefix = (known after apply)
+ instance_class = "db.t2.micro"
+ kms_key_id = (known after apply)
+ latest_restorable_time = (known after apply)
+ license_model = (known after apply)
+ maintenance_window = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ multi_az = (known after apply)
+ name = (known after apply)
+ option_group_name = (known after apply)
+ parameter_group_name = (known after apply)
+ password = (sensitive value)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ publicly_accessible = false
+ replicas = (known after apply)
+ resource_id = (known after apply)
+ skip_final_snapshot = true
+ snapshot_identifier = (known after apply)
+ status = (known after apply)
+ storage_type = (known after apply)
+ tags_all = (known after apply)
+ timezone = (known after apply)
+ username = "admin"
+ vpc_security_group_ids = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
3. terraform apply (에러 발생)
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
aws_instance.web: Refreshing state... [id=i-05f905b61c4b131af]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_db_instance.ec2-test will be created
+ resource "aws_db_instance" "ec2-test" {
+ address = (known after apply)
+ allocated_storage = 8
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ backup_retention_period = (known after apply)
+ backup_window = (known after apply)
+ ca_cert_identifier = (known after apply)
+ character_set_name = (known after apply)
+ copy_tags_to_snapshot = false
+ db_subnet_group_name = (known after apply)
+ delete_automated_backups = true
+ endpoint = (known after apply)
+ engine = "mysql"
+ engine_version = "5.7"
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ identifier = (known after apply)
+ identifier_prefix = (known after apply)
+ instance_class = "db.t2.micro"
+ kms_key_id = (known after apply)
+ latest_restorable_time = (known after apply)
+ license_model = (known after apply)
+ maintenance_window = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ multi_az = (known after apply)
+ name = (known after apply)
+ option_group_name = (known after apply)
+ parameter_group_name = (known after apply)
+ password = (sensitive value)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ publicly_accessible = false
+ replicas = (known after apply)
+ resource_id = (known after apply)
+ skip_final_snapshot = true
+ snapshot_identifier = (known after apply)
+ status = (known after apply)
+ storage_type = (known after apply)
+ tags_all = (known after apply)
+ timezone = (known after apply)
+ username = "admin"
+ vpc_security_group_ids = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_db_instance.ec2-test: Creating...
Error: Error creating DB Instance: AccessDenied: User: arn:aws:iam::395389474517:user/ec2-test is not authorized to perform: rds:CreateDBInstance on resource: arn:aws:rds:ap-northeast-2:395389474517:db:terraform-20210607053640148400000001
status code: 403, request id: bb7595ef-837d-4e6d-b5d7-3857f50a946c
on main.tf line 45, in resource "aws_db_instance" "ec2-test":
45: resource "aws_db_instance" "ec2-test" {
terraform plan까지는 정상 동작 하지만, apply시에 위와 같은 에러를 확인할 수 있다.
요약하자면, Access Denied 즉, 권한이 없다는 얘기다.
위에서 IAM 계정에 권할을 줬을 때, EC2에 대한 권한만 줬다. 그러면 RDS에 대한 권한도 추가해주면 된다.
4. IAM 사용자 선택 : AWS 콘솔 -> IAM 서비스로 이동 -> 사용자 이름 클릭
5. 권한 추가 선택
6. RDS 권한 추가
7. 추가된 권한 확인 (EC2, RDS 총 두개)
8. terraform apply 재시도 (오래 걸림)
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
aws_instance.web: Refreshing state... [id=i-05f905b61c4b131af]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_db_instance.ec2-test will be created
+ resource "aws_db_instance" "ec2-test" {
+ address = (known after apply)
+ allocated_storage = 8
+ apply_immediately = (known after apply)
+ arn = (known after apply)
+ auto_minor_version_upgrade = true
+ availability_zone = (known after apply)
+ backup_retention_period = (known after apply)
+ backup_window = (known after apply)
+ ca_cert_identifier = (known after apply)
+ character_set_name = (known after apply)
+ copy_tags_to_snapshot = false
+ db_subnet_group_name = (known after apply)
+ delete_automated_backups = true
+ endpoint = (known after apply)
+ engine = "mysql"
+ engine_version = "5.7"
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ identifier = (known after apply)
+ identifier_prefix = (known after apply)
+ instance_class = "db.t2.micro"
+ kms_key_id = (known after apply)
+ latest_restorable_time = (known after apply)
+ license_model = (known after apply)
+ maintenance_window = (known after apply)
+ monitoring_interval = 0
+ monitoring_role_arn = (known after apply)
+ multi_az = (known after apply)
+ name = (known after apply)
+ option_group_name = (known after apply)
+ parameter_group_name = (known after apply)
+ password = (sensitive value)
+ performance_insights_enabled = false
+ performance_insights_kms_key_id = (known after apply)
+ performance_insights_retention_period = (known after apply)
+ port = (known after apply)
+ publicly_accessible = false
+ replicas = (known after apply)
+ resource_id = (known after apply)
+ skip_final_snapshot = true
+ snapshot_identifier = (known after apply)
+ status = (known after apply)
+ storage_type = (known after apply)
+ tags_all = (known after apply)
+ timezone = (known after apply)
+ username = "admin"
+ vpc_security_group_ids = (known after apply)
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_db_instance.ec2-test: Creating...
aws_db_instance.ec2-test: Still creating... [10s elapsed]
aws_db_instance.ec2-test: Still creating... [20s elapsed]
aws_db_instance.ec2-test: Still creating... [30s elapsed]
aws_db_instance.ec2-test: Still creating... [40s elapsed]
aws_db_instance.ec2-test: Still creating... [50s elapsed]
aws_db_instance.ec2-test: Still creating... [1m0s elapsed]
aws_db_instance.ec2-test: Still creating... [1m10s elapsed]
aws_db_instance.ec2-test: Still creating... [1m20s elapsed]
aws_db_instance.ec2-test: Still creating... [1m30s elapsed]
aws_db_instance.ec2-test: Still creating... [1m40s elapsed]
aws_db_instance.ec2-test: Still creating... [1m50s elapsed]
aws_db_instance.ec2-test: Still creating... [2m0s elapsed]
aws_db_instance.ec2-test: Still creating... [2m10s elapsed]
aws_db_instance.ec2-test: Still creating... [2m20s elapsed]
aws_db_instance.ec2-test: Still creating... [2m30s elapsed]
aws_db_instance.ec2-test: Still creating... [2m40s elapsed]
aws_db_instance.ec2-test: Still creating... [2m50s elapsed]
aws_db_instance.ec2-test: Still creating... [3m0s elapsed]
aws_db_instance.ec2-test: Still creating... [3m10s elapsed]
aws_db_instance.ec2-test: Still creating... [3m20s elapsed]
aws_db_instance.ec2-test: Still creating... [3m30s elapsed]
aws_db_instance.ec2-test: Still creating... [3m40s elapsed]
aws_db_instance.ec2-test: Still creating... [3m50s elapsed]
aws_db_instance.ec2-test: Still creating... [4m0s elapsed]
aws_db_instance.ec2-test: Still creating... [4m10s elapsed]
aws_db_instance.ec2-test: Still creating... [4m20s elapsed]
aws_db_instance.ec2-test: Still creating... [4m30s elapsed]
aws_db_instance.ec2-test: Creation complete after 4m38s [id=terraform-20210607054424427400000001]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
9. RDS 서비스 검색 및 클릭하여 RDS 대시보드 접속
10. 생성된 RDS 확인
RDS 접속 테스트
0. main.tf의 security_group 스크립트 추가
resource "aws_security_group" "ssh_mysql" {
name = "allow_ssh_mysql_from_all"
description = "Allow SSH Mysql port from all"
ingress = [ {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 22"
from_port = 22
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 22
}, {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 3306"
from_port = 3306
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 3306
}, {
cidr_blocks = [ "0.0.0.0/0" ]
description = "port 80"
from_port = 80
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "tcp"
security_groups = []
self = false
to_port = 80
}]
egress = [ {
cidr_blocks = [ "0.0.0.0/0" ]
description = "outbound all"
from_port = 0
ipv6_cidr_blocks = []
prefix_list_ids = []
protocol = "-1"
security_groups = []
self = false
to_port = 0
} ]
tags = {
Name = "ec2-test"
}
}
apt 패키지 설치에 필요한 80포트와 outboud를 전체로하여 security group에 추가해준다. (terraform paln, terraform apply 실행)
1. terraform console에서 RDS 인스턴스의 endpoint 확인
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform console
> aws_db_instance.ec2-test.endpoint
"terraform-20210607054424427400000001.cud6kjuzk497.ap-northeast-2.rds.amazonaws.com:3306"
2. ec2 인스턴스에 접속
vagrant@Vagrant-VM01:~/terraform/example-1$ ssh -i ~/.ssh/id_rsa ubuntu@3.36.133.214
3. mysql client 설치 : apt update, apt install mysql-client-5.7
ubuntu@ip-172-31-9-42:~$ apt list mysql-client*
Listing... Done
mysql-client/bionic-updates,bionic-security 5.7.33-0ubuntu0.18.04.1 all
mysql-client-5.7/bionic-updates,bionic-security 5.7.33-0ubuntu0.18.04.1 amd64
mysql-client-core-5.7/bionic-updates,bionic-security 5.7.33-0ubuntu0.18.04.1 amd64
ubuntu@ip-172-31-9-42:~$ sudo apt update -y
ubuntu@ip-172-31-9-42:~$ sudo apt install -ㅛ mysql-client-5.7
ubuntu@ip-172-31-9-42:~$ sudo apt install mysql-client-core-5.7
4. RDS 접속 테스트
ubuntu@ip-172-31-9-42:~$ mysql -h terraform-20210607054424427400000001.cud6kjuzk497.ap-northeast-2.rds.amazonaws.com -u admin -p
Enter password:
ERROR 2003 (HY000): Can't connect to MySQL server on 'terraform-20210607054424427400000001.cud6kjuzk497.ap-northeast-2.rds.amazonaws.com' (110)
접속이 안되는 걸 확인.
5. RDS 인스턴스의 보안그룹 확인
우측 하단의 '보안' 섹션을 보면 보안 그룹이 'default'로 설정되어 있는걸 확인할 수 있다. RDS의 보안그룹을 우리가 생성한 'ec2-test' 로 변경해줘야 한다.
6. main.tf의 'aws_db_instance' 수정
resource "aws_db_instance" "ec2-test" {
allocated_storage = 8
engine = "mysql"
engine_version = "5.7"
instance_class = "db.t2.micro"
username = "admin"
password = "admin-password"
skip_final_snapshot = true
vpc_security_group_ids = [ # main.tf 에 정의되어 있는 security group의 id
aws_security_group.ssh_mysql.id
]
}
7. terraform plan, terraform apply 수행
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform apply
aws_key_pair.ec2-test: Refreshing state... [id=ec2-test]
aws_security_group.ssh_mysql: Refreshing state... [id=sg-098cb002660d4bca4]
aws_instance.web: Refreshing state... [id=i-05f905b61c4b131af]
aws_db_instance.ec2-test: Refreshing state... [id=terraform-20210607054424427400000001]
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_db_instance.ec2-test will be updated in-place
~ resource "aws_db_instance" "ec2-test" {
id = "terraform-20210607054424427400000001"
tags = {}
~ vpc_security_group_ids = [
+ "sg-098cb002660d4bca4",
- "sg-f8f46e99",
]
# (43 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_db_instance.ec2-test: Modifying... [id=terraform-20210607054424427400000001]
aws_db_instance.ec2-test: Still modifying... [id=terraform-20210607054424427400000001, 10s elapsed]
aws_db_instance.ec2-test: Still modifying... [id=terraform-20210607054424427400000001, 20s elapsed]
aws_db_instance.ec2-test: Still modifying... [id=terraform-20210607054424427400000001, 30s elapsed]
aws_db_instance.ec2-test: Still modifying... [id=terraform-20210607054424427400000001, 40s elapsed]
aws_db_instance.ec2-test: Modifications complete after 41s [id=terraform-20210607054424427400000001]
Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
8. 수정된 보안그룹 확인
9. RDS 접속 테스트 재시도
ubuntu@ip-172-31-9-42:~$ mysql -h terraform-20210607054424427400000001.cud6kjuzk497.ap-northeast-2.rds.amazonaws.com -u admin -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.7.26 Source distribution
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| innodb |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)
mysql>
접속까지 성공
terraform destroy
실습을 마치면, 모든 자원을 다시 반납해서 요금이 안나가게 해야한다.
1. terraform plan --destroy
vagrant@Vagrant-VM01:~/terraform/example-1$ terraform plan --destroy
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
- destroy
Terraform will perform the following actions:
# aws_db_instance.ec2-test will be destroyed
- resource "aws_db_instance" "ec2-test" {
- address = "terraform-20210607054424427400000001.cud6kjuzk497.ap-northeast-2.rds.amazonaws.com" -> null
- allocated_storage = 8 -> null
- arn = "arn:aws:rds:ap-northeast-2:395389474517:db:terraform-20210607054424427400000001" -> null
- auto_minor_version_upgrade = true -> null
- availability_zone = "ap-northeast-2b" -> null
- backup_retention_period = 0 -> null
- backup_window = "13:29-13:59" -> null
- ca_cert_identifier = "rds-ca-2019" -> null
- copy_tags_to_snapshot = false -> null
- db_subnet_group_name = "default" -> null
- delete_automated_backups = true -> null
- deletion_protection = false -> null
- enabled_cloudwatch_logs_exports = [] -> null
- endpoint = "terraform-20210607054424427400000001.cud6kjuzk497.ap-northeast-2.rds.amazonaws.com:3306" -> null
- engine = "mysql" -> null
- engine_version = "5.7.26" -> null
- hosted_zone_id = "ZLA2NUCOLGUUR" -> null
- iam_database_authentication_enabled = false -> null
- id = "terraform-20210607054424427400000001" -> null
- identifier = "terraform-20210607054424427400000001" -> null
- instance_class = "db.t2.micro" -> null
- iops = 0 -> null
- latest_restorable_time = "0001-01-01T00:00:00Z" -> null
- license_model = "general-public-license" -> null
- maintenance_window = "wed:18:19-wed:18:49" -> null
- max_allocated_storage = 0 -> null
- monitoring_interval = 0 -> null
- multi_az = false -> null
- option_group_name = "default:mysql-5-7" -> null
- parameter_group_name = "default.mysql5.7" -> null
- password = (sensitive value)
- performance_insights_enabled = false -> null
- performance_insights_retention_period = 0 -> null
- port = 3306 -> null
- publicly_accessible = false -> null
- replicas = [] -> null
- resource_id = "db-EK7YUTEMNU3WV33KZMLQ3MWHME" -> null
- security_group_names = [] -> null
- skip_final_snapshot = true -> null
- status = "available" -> null
- storage_encrypted = false -> null
- storage_type = "gp2" -> null
- tags = {} -> null
- tags_all = {} -> null
- username = "admin" -> null
- vpc_security_group_ids = [
- "sg-098cb002660d4bca4",
] -> null
}
# aws_instance.web will be destroyed
- resource "aws_instance" "web" {
- ami = "ami-0ba5cd124d7a79612" -> null
- arn = "arn:aws:ec2:ap-northeast-2:395389474517:instance/i-05f905b61c4b131af" -> null
- associate_public_ip_address = true -> null
- availability_zone = "ap-northeast-2a" -> null
- cpu_core_count = 1 -> null
- cpu_threads_per_core = 1 -> null
- disable_api_termination = false -> null
- ebs_optimized = false -> null
- get_password_data = false -> null
- hibernation = false -> null
- id = "i-05f905b61c4b131af" -> null
- instance_initiated_shutdown_behavior = "stop" -> null
- instance_state = "running" -> null
- instance_type = "t2.micro" -> null
- ipv6_address_count = 0 -> null
- ipv6_addresses = [] -> null
- key_name = "ec2-test" -> null
- monitoring = false -> null
- primary_network_interface_id = "eni-0538a157ada6a9308" -> null
- private_dns = "ip-172-31-9-42.ap-northeast-2.compute.internal" -> null
- private_ip = "172.31.9.42" -> null
- public_dns = "ec2-3-36-133-214.ap-northeast-2.compute.amazonaws.com" -> null
- public_ip = "3.36.133.214" -> null
- secondary_private_ips = [] -> null
- security_groups = [
- "allow_ssh_mysql_from_all",
] -> null
- source_dest_check = true -> null
- subnet_id = "subnet-2929d142" -> null
- tags = {} -> null
- tags_all = {} -> null
- tenancy = "default" -> null
- vpc_security_group_ids = [
- "sg-098cb002660d4bca4",
] -> null
- capacity_reservation_specification {
- capacity_reservation_preference = "open" -> null
}
- credit_specification {
- cpu_credits = "standard" -> null
}
- enclave_options {
- enabled = false -> null
}
- metadata_options {
- http_endpoint = "enabled" -> null
- http_put_response_hop_limit = 1 -> null
- http_tokens = "optional" -> null
}
- root_block_device {
- delete_on_termination = true -> null
- device_name = "/dev/sda1" -> null
- encrypted = false -> null
- iops = 100 -> null
- tags = {} -> null
- throughput = 0 -> null
- volume_id = "vol-06b1051b78d4b5279" -> null
- volume_size = 8 -> null
- volume_type = "gp2" -> null
}
}
# aws_key_pair.ec2-test will be destroyed
- resource "aws_key_pair" "ec2-test" {
- arn = "arn:aws:ec2:ap-northeast-2:395389474517:key-pair/ec2-test" -> null
- fingerprint = "8a:11:42:fa:6c:66:02:12:fd:b3:30:7d:af:3d:70:7f" -> null
- id = "ec2-test" -> null
- key_name = "ec2-test" -> null
- key_pair_id = "key-0d2381e99fbf268f6" -> null
- public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDh6KImZO9wM2f37+vKzRA/lM5RMBh3j+hBeWXeGmyxZ2qSbDUnYeI8TjYRh3XK5VbdgC/Ert1cm5wFPr/pwknV8/phKzxu2ZvSuXGLoCbDJUKaiIu+bzYyN7anSnrP5iC9pE8mMfgMBk0soy3MIGPZsAjzybD9dLth7wBYLpmd2y71aBsKd/pT06gs1gZyRIFGGpBYCmxBa+Zl+Pn0LfeXrLaaROYI9JrU9/93EebYsbYythsjYOulQrMsemnlAYNl8LcBuajFfihqFI+7f3OU7GjwKLafrz1CPzXI8G/uqliQd+v0ylbr0IqanentoiQw9qztpAp2+SrQC32W6zWT vagrant@Vagrant-VM01" -> null
- tags = {} -> null
- tags_all = {} -> null
}
# aws_security_group.ssh_mysql will be destroyed
- resource "aws_security_group" "ssh_mysql" {
- arn = "arn:aws:ec2:ap-northeast-2:395389474517:security-group/sg-098cb002660d4bca4" -> null
- description = "Allow SSH Mysql port from all" -> null
- egress = [
- {
- cidr_blocks = [
- "0.0.0.0/0",
]
- description = "outbound all"
- from_port = 0
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "-1"
- security_groups = []
- self = false
- to_port = 0
},
] -> null
- id = "sg-098cb002660d4bca4" -> null
- ingress = [
- {
- cidr_blocks = [
- "0.0.0.0/0",
]
- description = "port 22"
- from_port = 22
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = []
- self = false
- to_port = 22
},
- {
- cidr_blocks = [
- "0.0.0.0/0",
]
- description = "port 3306"
- from_port = 3306
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = []
- self = false
- to_port = 3306
},
- {
- cidr_blocks = [
- "0.0.0.0/0",
]
- description = "port 80"
- from_port = 80
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = []
- self = false
- to_port = 80
},
] -> null
- name = "allow_ssh_mysql_from_all" -> null
- owner_id = "395389474517" -> null
- revoke_rules_on_delete = false -> null
- tags = {
- "Name" = "ec2-test"
} -> null
- tags_all = {
- "Name" = "ec2-test"
} -> null
- vpc_id = "vpc-34c50b5f" -> null
}
Plan: 0 to add, 0 to change, 4 to destroy.
------------------------------------------------------------------------
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
키페어, ec2, RDS, 보안그룹 총 4개의 리소스를 destory 할것이라고 출력된다.
terraform plan에 --destroy 옵션을 주면, 위처럼 리소스 반납 plan을 확인할 수 있다.
2. terraform destroy
Destroy complete! Resources: 4 destroyed.
후기
ec2 하나, RDS 데이터베이스 인스턴스 하나 띄우고 연동하는 것도 복잡한 것 같아 보인다.
하지만 테라폼 없이 처음부터 하나씩 생성, 설정 까지 하면 더 오래 걸릴 것이다.
그리고 한번 작성해 놓으면, 같은 인프라 리소스를 언제든지 다시 만들 수 있다.
IAM 사용자는 직접 만들었지만, 이것마저도 root 계정의 Key를 사용하여 설정 및 생성 가능하다.
provider 마다 resource 정의 방식이 다르다는게 단점...?
IAM 사용자는 자동으로 제거되지 않으니 따로 제거해줘야 한다
'Infra' 카테고리의 다른 글
[Terraform] AWS - Lightsail 생성 (0) | 2021.06.09 |
---|---|
[Terraform] AWS - 보안그룹 out boud 규칙 - egress all 설정 (0) | 2021.06.07 |
[Ansible] Ubuntu Ansible 설치 (0) | 2021.04.07 |
[Terraform] NCP - Terraform을 활용한 네이버 클라우드 플랫폼 인프라 구성하기 (0) | 2021.03.29 |
[Terraform] NCP - server(VM 스펙) 정보 출력 (0) | 2021.03.18 |