-
-
Save rubysoho07/a270ed1e77fe4ca693b641165840d367 to your computer and use it in GitHub Desktop.
Pulumi 테스트
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import json | |
import pulumi | |
import pulumi_aws as aws | |
# AWS Resources | |
bucket = aws.s3.Bucket('yungon-iac-test-bucket', | |
bucket="YOUR_BUCKET_NAME", | |
tags={ | |
"Name": "YOUR_BUCKET_NAME", | |
"CreatedBy": "yungon" | |
} | |
) | |
sg = aws.ec2.SecurityGroup("yungon_test_security_group", | |
name="allow_ssh_for_my_home", | |
description="Allow SSH access for my home", | |
vpc_id="vpc-YOUR_VPC_ID", # My default VPC | |
ingress=[aws.ec2.SecurityGroupIngressArgs( | |
description="My home IP Address", | |
from_port=22, | |
to_port=22, | |
protocol="tcp", | |
cidr_blocks=["YOUR_PUBLIC_IP_ADDRESS/32"] | |
)], | |
egress=[aws.ec2.SecurityGroupEgressArgs( | |
from_port=0, | |
to_port=0, | |
protocol="-1", | |
cidr_blocks=["0.0.0.0/0"] | |
)] | |
) | |
test_role = aws.iam.Role("yungon-iac-test-role", | |
name="yungon-iac-test-role", | |
assume_role_policy=json.dumps({ | |
"Version": "2012-10-17", | |
"Statement": [{ | |
"Action": "sts:AssumeRole", | |
"Effect": "Allow", | |
"Sid": "", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
} | |
}] | |
}) | |
) | |
def make_bucket_policy(bucket_name: str): | |
return json.dumps({ | |
"Version": "2012-10-17", | |
"Statement": [{ | |
"Action": ["s3:*"], | |
"Effect": "Allow", | |
"Resource": [ | |
f"arn:aws:s3:::{bucket_name}", | |
f"arn:aws:s3:::{bucket_name}/*" # For objects of the bucket | |
] | |
}] | |
}) | |
test_policy = aws.iam.RolePolicy("yungon-test-role-policy", | |
name="yungon-iac-test-policy", | |
role=test_role.id, | |
policy=bucket.id.apply(make_bucket_policy) | |
) | |
instance_profile = aws.iam.InstanceProfile( | |
"yungon-iac-test-instance-profile", | |
role=test_role.name | |
) | |
server = aws.ec2.Instance("yungon-iac-test-ec2", | |
ami="ami-003ef1c0e2776ea27", # Amazon Linux 2 for AMD64 (Seoul Region) | |
instance_type="t3.micro", | |
subnet_id="subnet-YOUR_SUBNET_ID", # My public subnet | |
key_name="YOUR_KEY_PAIR_NAME", | |
iam_instance_profile=instance_profile.id, | |
vpc_security_group_ids=[sg.id], | |
tags={ | |
"Name": "YOUR_INSTANCE_NAME", | |
"CreatedBy": "Yungon" | |
} | |
) | |
# Export the name of the bucket | |
pulumi.export('bucket_name', bucket.id) | |
pulumi.export('server_ip', server.public_ip) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment