EC2でWEBサーバーを構築し、さっと検証したいときのTerraform
作成するもの
iamRole
vpc
subnet
ec2
security group
AWS access_key secret_key ec2のkey_nameの設定を各環境ごとにおこなう。
設定
provider "aws" {
access_key = "******"
secret_key = "******"
region = "ap-northeast-2"
}
data "aws_availability_zones" "available" {}
resource "aws_vpc" "sample-test-vpc" {
cidr_block = "10.1.0.0/16"
instance_tenancy = "default"
enable_dns_support = "true"
enable_dns_hostnames = "true"
tags {
Name = "sample-test-vpc"
}
}
resource "aws_iam_instance_profile" "base_profile" {
name = "BaseIAMRoleProfile"
roles = ["${aws_iam_role.base_role.name}"]
}
resource "aws_iam_role" "base_role" {
name = "BaseIAMRole"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy" "instance_role_policy" {
name = "BaseIAMRolePolicy"
role = "${aws_iam_role.base_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["organizations:DescribeOrganization"],
"Resource": "*"
}
]
}
EOF
}
//subnet とりあえず1つ作る
resource "aws_subnet" "sample-test-subnet" {
count = 1
vpc_id = "${aws_vpc.sample-test-vpc.id}"
cidr_block = "10.1.${count.index}.0/24"
availability_zone = "${data.aws_availability_zones.available.names[count.index]}"
map_public_ip_on_launch = true
tags {
Name = "sample-test-vpc.sample-test-subnet-${count.index}"
}
}
resource "aws_internet_gateway" "sample-gw" {
vpc_id = "${aws_vpc.sample-test-vpc.id}"
tags {
Name = "sample-gw"
}
}
resource "aws_route_table" "sample-route-table" {
vpc_id = "${aws_vpc.sample-test-vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.sample-gw.id}"
}
}
resource "aws_route_table_association" "sample-test-subnet-route-table-association" {
count = 2
subnet_id = "${element(aws_subnet.sample-test-subnet.*.id, count.index)}"
route_table_id = "${aws_route_table.sample-route-table.id}"
}
data "aws_ami" "amazon_linux" {
most_recent = true
owners = ["amazon"]
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "root-device-type"
values = ["ebs"]
}
filter {
name = "name"
values = ["amzn-ami-hvm-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
filter {
name = "block-device-mapping.volume-type"
values = ["gp2"]
}
}
// EC2インスタンス作成
resource "aws_instance" "sample-ec2" {
ami = "${data.aws_ami.amazon_linux.id}"
instance_type = "t2.micro"
key_name = "your-keyname"
associate_public_ip_address = true
iam_instance_profile = "${aws_iam_instance_profile.base_profile.name}"
subnet_id = "${aws_subnet.sample-test-subnet.0.id}"
vpc_security_group_ids = ["${aws_security_group.sample-sec.id}"]
tags {
Name = "TEST"
}
}
//セキュリティグループ 80 443 22 を許可 ip制限は各自で。
resource "aws_security_group" "sample-sec" {
name = "sample-sec"
description = "test-sg for tf test"
vpc_id = "${aws_vpc.sample-test-vpc.id}"
//アウトバウンド
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
/*インバウンド*/
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}