Created
October 6, 2019 05:09
-
-
Save d-tsuji/4792ad2c35aba23454a6083079ebe899 to your computer and use it in GitHub Desktop.
ワンライナースクリプト
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
####################################### | |
# VPC | |
####################################### | |
resource "aws_vpc" "example" { | |
cidr_block = "10.0.0.0/16" | |
tags = { | |
Name = "sample" | |
} | |
} | |
# Subnet | |
resource "aws_subnet" "public_0" { | |
cidr_block = "10.0.1.0/24" | |
vpc_id = aws_vpc.example.id | |
availability_zone = "ap-northeast-1a" | |
} | |
resource "aws_subnet" "public_1" { | |
cidr_block = "10.0.2.0/24" | |
vpc_id = aws_vpc.example.id | |
availability_zone = "ap-northeast-1c" | |
} | |
resource "aws_subnet" "private_0" { | |
vpc_id = aws_vpc.example.id | |
cidr_block = "10.0.101.0/24" | |
availability_zone = "ap-northeast-1a" | |
} | |
resource "aws_subnet" "private_1" { | |
vpc_id = aws_vpc.example.id | |
cidr_block = "10.0.102.0/24" | |
availability_zone = "ap-northeast-1c" | |
} | |
resource "aws_internet_gateway" "example" { | |
vpc_id = aws_vpc.example.id | |
} | |
resource "aws_eip" "nat_gateway_0" { | |
vpc = true | |
depends_on = [aws_internet_gateway.example] | |
} | |
resource "aws_eip" "nat_gateway_1" { | |
vpc = true | |
depends_on = [aws_internet_gateway.example] | |
} | |
resource "aws_nat_gateway" "nat_gateway_0" { | |
allocation_id = aws_eip.nat_gateway_0.id | |
subnet_id = aws_subnet.public_0.id | |
depends_on = [aws_internet_gateway.example] | |
} | |
resource "aws_nat_gateway" "nat_gateway_1" { | |
allocation_id = aws_eip.nat_gateway_1.id | |
subnet_id = aws_subnet.public_1.id | |
depends_on = [aws_internet_gateway.example] | |
} | |
resource "aws_route_table" "private_0" { | |
vpc_id = aws_vpc.example.id | |
} | |
resource "aws_route_table" "private_1" { | |
vpc_id = aws_vpc.example.id | |
} | |
resource "aws_route_table" "public" { | |
vpc_id = aws_vpc.example.id | |
} | |
resource "aws_route" "private_0" { | |
route_table_id = aws_route_table.private_0.id | |
nat_gateway_id = aws_nat_gateway.nat_gateway_0.id | |
destination_cidr_block = "0.0.0.0/0" | |
} | |
resource "aws_route" "private_1" { | |
route_table_id = aws_route_table.private_1.id | |
nat_gateway_id = aws_nat_gateway.nat_gateway_1.id | |
destination_cidr_block = "0.0.0.0/0" | |
} | |
resource "aws_route_table_association" "private_0" { | |
subnet_id = aws_subnet.private_0.id | |
route_table_id = aws_route_table.private_0.id | |
} | |
resource "aws_route_table_association" "private_1" { | |
subnet_id = aws_subnet.private_1.id | |
route_table_id = aws_route_table.private_1.id | |
} | |
# route | |
resource "aws_route" "public" { | |
route_table_id = aws_route_table.public.id | |
gateway_id = aws_internet_gateway.example.id | |
destination_cidr_block = "0.0.0.0/0" | |
} | |
# route table association | |
resource "aws_route_table_association" "public_0" { | |
route_table_id = aws_route_table.public.id | |
subnet_id = aws_subnet.public_0.id | |
} | |
resource "aws_route_table_association" "public_1" { | |
route_table_id = aws_route_table.public.id | |
subnet_id = aws_subnet.public_1.id | |
} | |
# security group | |
resource "aws_security_group" "example" { | |
name = "example" | |
vpc_id = aws_vpc.example.id | |
} | |
resource "aws_security_group_rule" "ingress_example_http" { | |
from_port = "80" | |
to_port = "80" | |
protocol = "tcp" | |
security_group_id = aws_security_group.example.id | |
type = "ingress" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
resource "aws_security_group_rule" "ingress_example_https" { | |
from_port = "443" | |
to_port = "443" | |
protocol = "tcp" | |
security_group_id = aws_security_group.example.id | |
type = "ingress" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
resource "aws_security_group_rule" "egress_example" { | |
from_port = 0 | |
to_port = 0 | |
protocol = "-1" | |
security_group_id = aws_security_group.example.id | |
type = "egress" | |
cidr_blocks = ["0.0.0.0/0"] | |
} | |
####################################### | |
# Route53 | |
####################################### | |
data "aws_route53_zone" "example" { | |
name = "tutuz.org" | |
} | |
## ALBのDNSレコードの定義 | |
resource "aws_route53_record" "example" { | |
name = data.aws_route53_zone.example.name | |
zone_id = data.aws_route53_zone.example.id | |
type = "A" | |
alias { | |
evaluate_target_health = true | |
name = aws_alb.example.dns_name | |
zone_id = aws_alb.example.zone_id | |
} | |
} | |
####################################### | |
# ACM(SSL証明書の作成) | |
####################################### | |
resource "aws_acm_certificate" "example" { | |
domain_name = data.aws_route53_zone.example.name | |
subject_alternative_names = [] | |
validation_method = "DNS" | |
lifecycle { | |
create_before_destroy = true | |
} | |
} | |
# 検証用DNSレコードの作成 | |
resource "aws_route53_record" "example-test" { | |
name = aws_acm_certificate.example.domain_validation_options[0].resource_record_name | |
type = aws_acm_certificate.example.domain_validation_options[0].resource_record_type | |
records = [aws_acm_certificate.example.domain_validation_options[0].resource_record_value] | |
zone_id = data.aws_route53_zone.example.id | |
ttl = 60 | |
} | |
# DNSレコードの検証 | |
resource "aws_acm_certificate_validation" "default" { | |
certificate_arn = aws_acm_certificate.example.arn | |
validation_record_fqdns = [aws_route53_record.example-test.fqdn] | |
} | |
######################################################################### | |
# ALB | |
######################################################################### | |
# ALB本体 | |
resource "aws_alb" "example" { | |
name = "web" | |
load_balancer_type = "application" | |
internal = false | |
idle_timeout = 60 | |
enable_deletion_protection = false | |
subnets = [ | |
aws_subnet.public_0.id, | |
aws_subnet.public_1.id, | |
] | |
security_groups = [aws_security_group.example.id] | |
} | |
# リスナーの作成 | |
resource "aws_alb_listener" "example" { | |
load_balancer_arn = aws_alb.example.arn | |
port = "443" | |
protocol = "HTTPS" | |
certificate_arn = aws_acm_certificate.example.arn | |
ssl_policy = "ELBSecurityPolicy-2016-08" | |
default_action { | |
type = "forward" | |
target_group_arn = aws_alb_target_group.example.arn | |
} | |
} | |
# ターゲットグループの作成 | |
resource "aws_alb_target_group" "example" { | |
name = "example-target" | |
vpc_id = aws_vpc.example.id | |
target_type = "ip" | |
port = 80 | |
protocol = "HTTP" | |
deregistration_delay = 300 | |
health_check { | |
path = "/" | |
healthy_threshold = 5 | |
unhealthy_threshold = 2 | |
timeout = 5 | |
interval = 30 | |
matcher = 200 | |
port = "traffic-port" | |
protocol = "HTTP" | |
} | |
depends_on = [aws_alb.example] | |
} | |
resource "aws_alb_listener_rule" "example" { | |
listener_arn = aws_alb_listener.example.arn | |
priority = 100 | |
action { | |
type = "forward" | |
target_group_arn = aws_alb_target_group.example.arn | |
} | |
condition { | |
field = "path-pattern" | |
values = ["/*"] | |
} | |
} | |
######################################################################### | |
# ECS | |
######################################################################### | |
resource "aws_ecs_cluster" "example" { | |
name = "nginx-cluster" | |
} | |
resource "aws_ecs_task_definition" "example" { | |
container_definitions = file("./example_task_definitions.json") | |
family = "example" | |
cpu = 256 | |
memory = 512 | |
network_mode = "awsvpc" | |
requires_compatibilities = ["FARGATE"] | |
execution_role_arn = aws_iam_role.example.arn | |
} | |
resource "aws_ecs_service" "example" { | |
name = "example-nginx-service" | |
cluster = aws_ecs_cluster.example.arn | |
task_definition = aws_ecs_task_definition.example.arn | |
desired_count = 2 | |
launch_type = "FARGATE" | |
platform_version = "1.3.0" | |
health_check_grace_period_seconds = 60 | |
network_configuration { | |
assign_public_ip = false | |
security_groups = [aws_security_group.example.id] | |
subnets = [ | |
aws_subnet.private_0.id, | |
aws_subnet.private_1.id, | |
] | |
} | |
load_balancer { | |
target_group_arn = aws_alb_target_group.example.arn | |
container_name = "example" | |
container_port = 80 | |
} | |
lifecycle { | |
ignore_changes = [task_definition] | |
} | |
} | |
######################################################################### | |
# CloudWatch Logs | |
######################################################################### | |
resource "aws_cloudwatch_log_group" "for_ecs" { | |
name = "/ecs/example" | |
retention_in_days = 7 | |
} | |
######################################################################### | |
# IAM | |
######################################################################### | |
data "aws_iam_policy" "ecs_task_execution_role_policy" { | |
arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" | |
} | |
data "aws_iam_policy_document" "ecs_task_execution" { | |
source_json = data.aws_iam_policy.ecs_task_execution_role_policy.policy | |
statement { | |
effect = "Allow" | |
actions = ["ssm:GetParameters", "kms:Decrypt"] | |
resources = ["*"] | |
} | |
} | |
data "aws_iam_policy_document" "assume_role" { | |
statement { | |
actions = ["sts:AssumeRole"] | |
principals { | |
type = "Service" | |
identifiers = ["ecs-tasks.amazonaws.com"] | |
} | |
} | |
} | |
resource "aws_iam_policy" "example" { | |
name = "example-policy-ecs-task-execution" | |
policy = data.aws_iam_policy_document.ecs_task_execution.json | |
} | |
resource "aws_iam_role" "example" { | |
name = "example-role-ecs-task-execution" | |
assume_role_policy = data.aws_iam_policy_document.assume_role.json | |
} | |
resource "aws_iam_role_policy_attachment" "example" { | |
role = aws_iam_role.example.name | |
policy_arn = aws_iam_policy.example.arn | |
} | |
provider "aws" { | |
region = "ap-northeast-1" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment