Skip to content

Instantly share code, notes, and snippets.

@rubysoho07
Created Nov 20, 2021
Embed
What would you like to do?
Pulumi 테스트
import json
import pulumi
import pulumi_aws as aws
# AWS Resources
bucket = aws.s3.Bucket('yungon-iac-test-bucket',
bucket="YOUR_BUCKET_NAME",
tags={
"Name": "YOUR_BUCKET_NAME",
"CreatedBy": "yungon"
}
)
sg = aws.ec2.SecurityGroup("yungon_test_security_group",
name="allow_ssh_for_my_home",
description="Allow SSH access for my home",
vpc_id="vpc-YOUR_VPC_ID", # My default VPC
ingress=[aws.ec2.SecurityGroupIngressArgs(
description="My home IP Address",
from_port=22,
to_port=22,
protocol="tcp",
cidr_blocks=["YOUR_PUBLIC_IP_ADDRESS/32"]
)],
egress=[aws.ec2.SecurityGroupEgressArgs(
from_port=0,
to_port=0,
protocol="-1",
cidr_blocks=["0.0.0.0/0"]
)]
)
test_role = aws.iam.Role("yungon-iac-test-role",
name="yungon-iac-test-role",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Sid": "",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}]
})
)
def make_bucket_policy(bucket_name: str):
return json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": [
f"arn:aws:s3:::{bucket_name}",
f"arn:aws:s3:::{bucket_name}/*" # For objects of the bucket
]
}]
})
test_policy = aws.iam.RolePolicy("yungon-test-role-policy",
name="yungon-iac-test-policy",
role=test_role.id,
policy=bucket.id.apply(make_bucket_policy)
)
instance_profile = aws.iam.InstanceProfile(
"yungon-iac-test-instance-profile",
role=test_role.name
)
server = aws.ec2.Instance("yungon-iac-test-ec2",
ami="ami-003ef1c0e2776ea27", # Amazon Linux 2 for AMD64 (Seoul Region)
instance_type="t3.micro",
subnet_id="subnet-YOUR_SUBNET_ID", # My public subnet
key_name="YOUR_KEY_PAIR_NAME",
iam_instance_profile=instance_profile.id,
vpc_security_group_ids=[sg.id],
tags={
"Name": "YOUR_INSTANCE_NAME",
"CreatedBy": "Yungon"
}
)
# Export the name of the bucket
pulumi.export('bucket_name', bucket.id)
pulumi.export('server_ip', server.public_ip)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment