Skip to content

Instantly share code, notes, and snippets.

@rubysoho07
Created Nov 20, 2021
Embed
What would you like to do?
Terraform 테스트
# Terraform settings, including the required providers Terraform will use to provision your infrastructure.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
required_version = ">= 1.0"
}
# Specify provider
provider "aws" {
profile = "default"
region = "ap-northeast-2" # Seoul Region
}
# Resources
resource "aws_instance" "yungon_test_instance" {
ami = "ami-003ef1c0e2776ea27" # Amazon Linux 2 for AMD64 (Seoul Region)
instance_type = "t3.micro"
subnet_id = "subnet-YOUR_SUBNET_ID" # My public subnet
key_name = "YOUR_KEY_NAME"
iam_instance_profile = aws_iam_instance_profile.yungon_test_instance_profile.id
vpc_security_group_ids = [ aws_security_group.yungon_test_security_group.id ]
tags = {
"Name" = "YOUR_EC2_NAME"
"CreatedBy" = "Yungon"
}
}
resource "aws_security_group" "yungon_test_security_group" {
name = "allow_ssh_for_my_home"
description = "Allow SSH access for my home"
vpc_id = "vpc-YOUR_VPC_ID" # My default VPC
ingress = [ {
description = "My home IP address"
cidr_blocks = [ "YOUR_PUBLIC_IP_ADDR/32" ]
from_port = 22
to_port = 22
protocol = "tcp"
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
}]
egress = [ {
description = "Allow all traffic"
cidr_blocks = [ "0.0.0.0/0" ]
from_port = 0
to_port = 0
protocol = -1
ipv6_cidr_blocks = []
prefix_list_ids = []
security_groups = []
self = false
} ]
}
resource "aws_iam_instance_profile" "yungon_test_instance_profile" {
name = "yungon-iac-test-instance-profile"
role = aws_iam_role.yungon-test-role.name
}
resource "aws_s3_bucket" "yungon-test-bucket" {
bucket = "YOUR_BUCKET_NAME"
tags = {
"Name" = "YOUR_BUCKET_NAME"
"CreatedBy" = "Yungon"
}
}
# It will make inline policy for IAM role below
# (If you want managed policy, use "aws_iam_policy")
resource "aws_iam_role_policy" "yungon-test-role-policy" {
name = "yungon-iac-test-policy"
role = aws_iam_role.yungon-test-role.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = [
"s3:*"
]
Effect = "Allow"
Resource = [
# For s3 bucket
aws_s3_bucket.yungon-test-bucket.arn,
# For objects in the s3 bucket
format("%s/*", aws_s3_bucket.yungon-test-bucket.arn)
]
}
]
})
}
resource "aws_iam_role" "yungon-test-role" {
name = "yungon-iac-test-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Sid = ""
Principal = {
Service = "ec2.amazonaws.com"
}
}
]
})
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment