【AWS/Terraform】网络构建
简述
这篇文章将介绍如何使用Terraform来构建在AWS上包含虚拟私有云(VPC)的一系列网络资源。
环境
-
- Terraform v1.0.0以上
-
- AWSアカウント登録済み
- AWS CLIインストール済み
构成图
目录结构
├── main.tf
├── network.tf
├── terraform.tfstate
使用Terraform进行初始化
首先,进行Terraform的初始化。
terraform init
创建Terraform文件
主.tf
terraform {
required_version = ">= 0.13"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0.0"
}
}
}
provider "aws" {
profile = "terraform"
region = "ap-northeast-1"
}
网络.tf
resource "aws_vpc" "vpc" {
cidr_block = "10.0.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = true
enable_dns_support = true
assign_generated_ipv6_cidr_block = false
tags = {
Name = "vpc"
}
}
# パブリックサブネット(ELB)
resource "aws_subnet" "public-subnet-elb-1a" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.12.0/24"
map_public_ip_on_launch = true
tags = {
Name = "public-subnet-elb-1a"
}
}
# パブリックサブネット(ELB)
resource "aws_subnet" "public-subnet-elb-1c" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.20.0/24"
map_public_ip_on_launch = true
tags = {
Name = "public-subnet-elb-1c"
}
}
# パブリックサブネット(開発)
resource "aws_subnet" "public-subnet-dev-1a" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.21.0/24"
map_public_ip_on_launch = true
tags = {
Name = "public-subnet-dev-1a"
}
}
# プライベートサブネット(web)
resource "aws_subnet" "private-subnet-web-1a" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.41.0/24"
map_public_ip_on_launch = true
tags = {
Name = "private-subnet-web-1a"
}
}
# プライベートサブネット(web)
resource "aws_subnet" "private-subnet-web-1c" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.51.0/24"
map_public_ip_on_launch = true
tags = {
Name = "private-subnet-web-1c"
}
}
# プライベートサブネット(db)
resource "aws_subnet" "private-subnet-db-1a" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1a"
cidr_block = "10.0.61.0/24"
map_public_ip_on_launch = true
tags = {
Name = "private-subnet-db-1a"
}
}
# プライベートサブネット(db)
resource "aws_subnet" "private-subnet-db-1c" {
vpc_id = aws_vpc.vpc.id
availability_zone = "ap-northeast-1c"
cidr_block = "10.0.71.0/24"
map_public_ip_on_launch = true
tags = {
Name = "private-subnet-db-1c"
}
}
# パブリックルートテーブル
resource "aws_route_table" "public_route" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "public-rt"
}
}
resource "aws_route_table_association" "public_route_elb-1a" {
route_table_id = aws_route_table.public_route.id
subnet_id = aws_subnet.public-subnet-elb-1a.id
}
resource "aws_route_table_association" "public_route_elb_1c" {
route_table_id = aws_route_table.public_route.id
subnet_id = aws_subnet.public-subnet-elb-1c.id
}
resource "aws_route_table_association" "public_route_dev" {
route_table_id = aws_route_table.public_route.id
subnet_id = aws_subnet.public-subnet-dev-1a.id
}
# プライベートルートテーブル
resource "aws_route_table" "private_route" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "private-rt"
}
}
resource "aws_route_table_association" "private_route_web_1a" {
route_table_id = aws_route_table.private_route.id
subnet_id = aws_subnet.private-subnet-web-1a.id
}
resource "aws_route_table_association" "private_route_web_1c" {
route_table_id = aws_route_table.private_route.id
subnet_id = aws_subnet.private-subnet-web-1c.id
}
resource "aws_route_table_association" "private_route_db_1a" {
route_table_id = aws_route_table.private_route.id
subnet_id = aws_subnet.private-subnet-db-1a.id
}
resource "aws_route_table_association" "private_route_db_1c" {
route_table_id = aws_route_table.private_route.id
subnet_id = aws_subnet.private-subnet-db-1c.id
}
# インターネットゲートウェイ
resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.vpc.id
tags = {
Name = "igw"
}
}
resource "aws_route" "public_route_igw" {
route_table_id = aws_route_table.public_route.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}
创建资源
使用Terraform创建资源。使用terraform apply命令,在Terraform当前目录中创建由tf文件定义的资源。要查看详细计划,请执行terraform plan命令。
terraform apply