-
-
Save rubysoho07/71ee30b353f51dae7b133297b7ad20e3 to your computer and use it in GitHub Desktop.
Terraform 테스트
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Terraform settings, including the required providers Terraform will use to provision your infrastructure. | |
| terraform { | |
| required_providers { | |
| aws = { | |
| source = "hashicorp/aws" | |
| version = "~> 3.27" | |
| } | |
| } | |
| required_version = ">= 1.0" | |
| } | |
| # Specify provider | |
| provider "aws" { | |
| profile = "default" | |
| region = "ap-northeast-2" # Seoul Region | |
| } | |
| # Resources | |
| resource "aws_instance" "yungon_test_instance" { | |
| ami = "ami-003ef1c0e2776ea27" # Amazon Linux 2 for AMD64 (Seoul Region) | |
| instance_type = "t3.micro" | |
| subnet_id = "subnet-YOUR_SUBNET_ID" # My public subnet | |
| key_name = "YOUR_KEY_NAME" | |
| iam_instance_profile = aws_iam_instance_profile.yungon_test_instance_profile.id | |
| vpc_security_group_ids = [ aws_security_group.yungon_test_security_group.id ] | |
| tags = { | |
| "Name" = "YOUR_EC2_NAME" | |
| "CreatedBy" = "Yungon" | |
| } | |
| } | |
| resource "aws_security_group" "yungon_test_security_group" { | |
| name = "allow_ssh_for_my_home" | |
| description = "Allow SSH access for my home" | |
| vpc_id = "vpc-YOUR_VPC_ID" # My default VPC | |
| ingress = [ { | |
| description = "My home IP address" | |
| cidr_blocks = [ "YOUR_PUBLIC_IP_ADDR/32" ] | |
| from_port = 22 | |
| to_port = 22 | |
| protocol = "tcp" | |
| ipv6_cidr_blocks = [] | |
| prefix_list_ids = [] | |
| security_groups = [] | |
| self = false | |
| }] | |
| egress = [ { | |
| description = "Allow all traffic" | |
| cidr_blocks = [ "0.0.0.0/0" ] | |
| from_port = 0 | |
| to_port = 0 | |
| protocol = -1 | |
| ipv6_cidr_blocks = [] | |
| prefix_list_ids = [] | |
| security_groups = [] | |
| self = false | |
| } ] | |
| } | |
| resource "aws_iam_instance_profile" "yungon_test_instance_profile" { | |
| name = "yungon-iac-test-instance-profile" | |
| role = aws_iam_role.yungon-test-role.name | |
| } | |
| resource "aws_s3_bucket" "yungon-test-bucket" { | |
| bucket = "YOUR_BUCKET_NAME" | |
| tags = { | |
| "Name" = "YOUR_BUCKET_NAME" | |
| "CreatedBy" = "Yungon" | |
| } | |
| } | |
| # It will make inline policy for IAM role below | |
| # (If you want managed policy, use "aws_iam_policy") | |
| resource "aws_iam_role_policy" "yungon-test-role-policy" { | |
| name = "yungon-iac-test-policy" | |
| role = aws_iam_role.yungon-test-role.id | |
| policy = jsonencode({ | |
| Version = "2012-10-17" | |
| Statement = [ | |
| { | |
| Action = [ | |
| "s3:*" | |
| ] | |
| Effect = "Allow" | |
| Resource = [ | |
| # For s3 bucket | |
| aws_s3_bucket.yungon-test-bucket.arn, | |
| # For objects in the s3 bucket | |
| format("%s/*", aws_s3_bucket.yungon-test-bucket.arn) | |
| ] | |
| } | |
| ] | |
| }) | |
| } | |
| resource "aws_iam_role" "yungon-test-role" { | |
| name = "yungon-iac-test-role" | |
| assume_role_policy = jsonencode({ | |
| Version = "2012-10-17" | |
| Statement = [ | |
| { | |
| Action = "sts:AssumeRole" | |
| Effect = "Allow" | |
| Sid = "" | |
| Principal = { | |
| Service = "ec2.amazonaws.com" | |
| } | |
| } | |
| ] | |
| }) | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment