LoginSignup
1
0
@hrkkanda

AWSリソースをTerraformにImportする(Network関連_microVPC)

Last updated at Posted at 2024-03-10

前提

全体の概略はこちらから
Netowork部分の概略はこちらから

構成図

Module

main.tf

# microservice vpc
resource "aws_vpc" "vpc_microservice" {
    cidr_block  = var.vpc_cidr_microservice
    tags = {
        Name    = "${var.project}-vpc-${var.env}-microservice"
        Env     = var.env
        Account = var.account
        Project = var.project
    }   
}
# subnet allocated in az 1c
resource "aws_subnet" "subnet_microservice1a" {
    vpc_id     = aws_vpc.vpc_microservice.id
    cidr_block = var.subnet_cidr_microservice1a
    availability_zone   = "ap-northeast-1a"
    tags = {
        Name    = "${var.project}-subnet-${var.env}-micro-${var.region}a"
        // ... 略
    }   
}
# subnet allocated in az 1c
resource "aws_subnet" "subnet_microservice1c" {
    vpc_id     = aws_vpc.vpc_microservice.id
    cidr_block = var.subnet_cidr_microservice1c
    availability_zone   = "ap-northeast-1c"
    tags = {
        Name    = "${var.project}-subnet-${var.env}-micro-${var.region}c"
        // ... 略
    }   
}
# route table
resource "aws_route_table" "rtb_micro" {
    vpc_id = aws_vpc.vpc_microservice.id
    tags = {
        Name    = "${var.project}-rtb-${var.env}-micro"
        // ... 略
    }   
}
resource "aws_route_table_association" "micro1a" {
    subnet_id      = aws_subnet.subnet_microservice1a.id
    route_table_id = aws_route_table.rtb_micro.id
}
resource "aws_route_table_association" "micro1c" {
    subnet_id      = aws_subnet.subnet_microservice1c.id
    route_table_id = aws_route_table.rtb_micro.id
}
# securitygroup associated with lambda
resource "aws_security_group" "sg_micro" {
    name        = "${var.project}-sg-${var.env}-micro"
    vpc_id      = aws_vpc.vpc_microservice.id
    tags = {
        Name    = "${var.project}-sg-${var.env}-micro"
        // ... 略
    }
}
resource "aws_vpc_security_group_egress_rule" "https" {
    security_group_id = aws_security_group.sg_micro.id
    cidr_ipv4   = "0.0.0.0/0"
    from_port   = 443
    ip_protocol = "tcp"
    to_port     = 443
}
resource "aws_vpc_security_group_egress_rule" "dynamodb" {
    description         = "http to dynamodb"
    security_group_id   = aws_security_group.sg_micro.id
    prefix_list_id      = "pl-78a54011"
    from_port   = 80
    ip_protocol = "tcp"
    to_port     = 80
}
resource "aws_vpc_security_group_egress_rule" "s3" {
    description         = "http to s3"
    security_group_id   = aws_security_group.sg_micro.id
    prefix_list_id      = "pl-61a54008"
    from_port   = 80
    ip_protocol = "tcp"
    to_port     = 80
}

resource "aws_vpc_endpoint" "s3" {
    vpc_id            = aws_vpc.vpc_microservice.id
    service_name      = "com.amazonaws.${var.region}.s3"
    vpc_endpoint_type = "Gateway"
    route_table_ids   = [aws_route_table.rtb_micro.id]
    tags = {
        Name    = "${var.project}-${var.env}-endpoint-s3-micro"
        // ... 略
    }
}
resource "aws_vpc_endpoint" "dynamodb" {
    vpc_id            = aws_vpc.vpc_microservice.id
    service_name      = "com.amazonaws.${var.region}.dynamodb"
    vpc_endpoint_type = "Gateway"
    route_table_ids   = [aws_route_table.rtb_micro.id]
    tags = {
        Name    = "${var.project}-${var.env}-endpoint-dynamodb-micro"
        // ... 略
    }
}

variables.tf

# common variable
variable "project" {}
variable "account" {}
variable "env" {}
variable "region" {}

# variables of cidr
variable "vpc_cidr_microservice" {}
variable "subnet_cidr_microservice1a" {}
variable "subnet_cidr_microservice1c" {}

output.tf

output "vpc_microservice_id"{
  value = aws_vpc.vpc_microservice.id
  description = "id of vpc associated with microservice"
}
output "subnet_microservice1a_id"{
  value = aws_subnet.subnet_microservice1a.id
  description = "id of subnet 1a associated with microservice"
}
output "subnet_microservice1c_id"{
  value = aws_subnet.subnet_microservice1c.id
  description = "id of subnet 1a associated with microservice"
}
output "rtb_micro_id"{
  value = aws_route_table.rtb_micro.id
  description = "id of rtb associated with microservice"
}
output "sg_micro_id"{
  value = aws_security_group.sg_micro.id
  description = "id of security group associated with microservice"
}
output "endpoint_s3_id" {
  value = aws_vpc_endpoint.s3.id
  description = "id of vpc endpoint of s3"
}
output "endpoint_dynamodb_id" {
  value = aws_vpc_endpoint.dynamodb.id
  description = "id of vpc endpoint of dynamodb"
}

Import コマンド

基本は👇

$ terraform import module.vpc_micro[\"dev\"].{resourceタイプ}.{resource名} {importするresourceのID}

※vpcの場合

$ terraform import module.vpc_micro[\"dev\"].aws_vpc.vpc_microservice vpc-***

以下のリソースは注意!

  • aws_route_table_association
    subentとルートテーブルの明示的な関連付けを定義する設定。
    ImportするリソースIDはサブネットID/ルートテーブルID 
$ terraform import module.vpc_micro[\"dev\"].aws_route_table_association.micro1a subnet-***/rtb-***

他Moduleで構築したリソース

  • インターネットへのアウトバウンド通信のroute
    • Transit GatewayのIDが必要なため、Transit Gatewayが作成されるまで。作成不可
    • アウトバウンド通信の要件 or 開発が進むまでコストのかかるTransit Gatewayは不要
1
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
0