first commit

README.md

@@ -0,0 +1,2 @@
+# provisioning
+

env/dev/main.tf

@@ -0,0 +1,98 @@
+# ---------------------------
+# VPCモジュールの実行
+# ---------------------------
+module "vpc" {
+  source      = "../../modules/vpc"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  vpc_cidr_block  = var.vpc_cidr_block
+  vpc_name        = var.vpc_name
+  public_1a_cidr  = var.public_1a_cidr
+  public_1c_cidr  = var.public_1c_cidr
+  private_1a_cidr = var.private_1a_cidr
+  private_1c_cidr = var.private_1c_cidr
+  public_1a_name  = var.public_1a_name
+  public_1c_name  = var.public_1c_name
+  private_1a_name = var.private_1a_name
+  private_1c_name = var.private_1c_name
+  igw_name        = var.igw_name
+  public_rtb_name = var.public_rtb_name
+}
+
+# ---------------------------
+# SecurityGroupモジュールの実行
+# ---------------------------
+module "securitygroup" {
+  source      = "../../modules/securitygroup"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  vpc_id         = module.vpc.vpc_id
+  vpc_cidr_block = module.vpc.vpc_cidr_block
+  ec2_sg_name    = var.ec2_sg_name
+  rds_sg_name    = var.rds_sg_name
+  alb_sg_name    = var.alb_sg_name
+}
+
+# ---------------------------
+# EC2モジュールの実行
+# ---------------------------
+module "ec2" {
+  source      = "../../modules/ec2"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id
+  aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id
+  ec2_sg_id               = module.securitygroup.ec2_sg_id
+  rds_sg_id               = module.securitygroup.rds_sg_id
+
+  key_name        = var.key_name
+  web1_private_ip = var.web1_private_ip
+  web2_private_ip = var.web2_private_ip
+  ni_web1_name    = var.ni_web1_name
+  ni_web2_name    = var.ni_web2_name
+  ec2_web1_name   = var.ec2_web1_name
+  ec2_web2_name   = var.ec2_web2_name
+
+}
+
+# ---------------------------
+# RDSモジュールの実行
+# ---------------------------
+module "rds" {
+  source      = "../../modules/rds"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  aws_subnet_private_1a_id = module.vpc.aws_subnet_private_1a_id
+  aws_subnet_private_1c_id = module.vpc.aws_subnet_private_1c_id
+  rds_sg_id                = module.securitygroup.rds_sg_id
+
+  db_subnet_group_name = var.db_subnet_group_name
+  rds_identifier       = var.rds_identifier
+  rds_db_name          = var.rds_db_name
+  rds_username         = var.rds_username
+  rds_password         = var.rds_password
+}
+
+# ---------------------------
+# ALBモジュールの実行
+# ---------------------------
+module "alb" {
+  source      = "../../modules/alb"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  alb_sg_id               = module.securitygroup.alb_sg_id
+  aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id
+  aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id
+  vpc_id                  = module.vpc.vpc_id
+  ec2_web1_id             = module.ec2.ec2_web1_id
+  ec2_web2_id             = module.ec2.ec2_web2_id
+
+  alb_name          = var.alb_name
+  target_group_name = var.target_group_name
+
+}

env/dev/provider.tf

@@ -0,0 +1,16 @@
+# ---------------------------
+# プロバイダ設定
+# ---------------------------
+# AWS
+provider "aws" {
+  region  = "ap-northeast-1"
+}
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.54.1"
+    }
+  }
+}

env/dev/variables.tf

@@ -0,0 +1,117 @@
+# ---------------------------
+# 共通
+# ---------------------------
+variable "name_prefix" {
+#    default = "userXX-"
+    default = 
+}
+variable "env" {
+    default = "dev"
+}
+
+# ---------------------------
+# vpc
+# ---------------------------
+variable "vpc_cidr_block" {
+    default = "10.0.0.0/16"
+}
+variable "vpc_name" {
+    default = "hands-on-vpc"
+}
+variable "public_1a_cidr" {
+    default = "10.0.0.0/24"
+}
+variable "public_1c_cidr" {
+    default = "10.0.2.0/24"
+}
+variable "private_1a_cidr" {
+    default = "10.0.1.0/24"
+}
+variable "private_1c_cidr" {
+    default = "10.0.3.0/24"
+}
+variable "public_1a_name" {
+    default = "hands-on-public-1a"
+}
+variable "public_1c_name" {
+    default = "hands-on-public-1c"
+}
+variable "private_1a_name" {
+    default = "hands-on-private-1a"
+}
+variable "private_1c_name" {
+    default = "hands-on-private-1c"
+}
+variable "igw_name" {
+    default = "hands-on-igw"
+}
+variable "public_rtb_name" {
+    default = "hands-on-public-rtb"
+}
+
+# ---------------------------
+# security group
+# ---------------------------
+variable "alb_sg_name" {
+    default = "hands-on-alb-sg"
+}
+variable "ec2_sg_name" {
+    default = "hands-on-ec2-sg"
+}
+variable "rds_sg_name" {
+    default = "hands-on-rds-sg"
+}
+
+# ---------------------------
+# ec2
+# ---------------------------
+variable "key_name" {
+    default = "hands-on-keypair"
+}
+variable "web1_private_ip" {
+    default = "10.0.0.10"
+}
+variable "web2_private_ip" {
+    default = "10.0.2.10"
+}
+variable "ni_web1_name" {
+    default = "hands-on-ni-web1"
+}
+variable "ni_web2_name" {
+    default = "hands-on-ni-web2"
+}
+variable "ec2_web1_name" {
+    default = "hands-on-ec2-web1"
+}
+variable "ec2_web2_name" {
+    default = "hands-on-ec2-web2"
+}
+
+# ---------------------------
+# rds
+# ---------------------------
+variable "db_subnet_group_name" {
+    default = "hands-on-db-subnet-group"
+}
+variable "rds_identifier" {
+    default = "hands-on-rds"
+}
+variable "rds_db_name" {
+    default = "wordpress"
+}
+variable "rds_username" {
+    default = "admin"
+}
+variable "rds_password" {
+    default = "passw0rd!"
+}
+
+# ---------------------------
+# alb
+# ---------------------------
+variable "alb_name" {
+    default = "hands-on-alb"
+}
+variable "target_group_name" {
+    default = "hands-on-target-group"
+}

env/prod/main.tf

@@ -0,0 +1,98 @@
+# ---------------------------
+# VPCモジュールの実行
+# ---------------------------
+module "vpc" {
+  source      = "../../modules/vpc"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  vpc_cidr_block  = var.vpc_cidr_block
+  vpc_name        = var.vpc_name
+  public_1a_cidr  = var.public_1a_cidr
+  public_1c_cidr  = var.public_1c_cidr
+  private_1a_cidr = var.private_1a_cidr
+  private_1c_cidr = var.private_1c_cidr
+  public_1a_name  = var.public_1a_name
+  public_1c_name  = var.public_1c_name
+  private_1a_name = var.private_1a_name
+  private_1c_name = var.private_1c_name
+  igw_name        = var.igw_name
+  public_rtb_name = var.public_rtb_name
+}
+
+# ---------------------------
+# SecurityGroupモジュールの実行
+# ---------------------------
+module "securitygroup" {
+  source      = "../../modules/securitygroup"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  vpc_id         = module.vpc.vpc_id
+  vpc_cidr_block = module.vpc.vpc_cidr_block
+  ec2_sg_name    = var.ec2_sg_name
+  rds_sg_name    = var.rds_sg_name
+  alb_sg_name    = var.alb_sg_name
+}
+
+# ---------------------------
+# EC2モジュールの実行
+# ---------------------------
+module "ec2" {
+  source      = "../../modules/ec2"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id
+  aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id
+  ec2_sg_id               = module.securitygroup.ec2_sg_id
+  rds_sg_id               = module.securitygroup.rds_sg_id
+
+  key_name        = var.key_name
+  web1_private_ip = var.web1_private_ip
+  web2_private_ip = var.web2_private_ip
+  ni_web1_name    = var.ni_web1_name
+  ni_web2_name    = var.ni_web2_name
+  ec2_web1_name   = var.ec2_web1_name
+  ec2_web2_name   = var.ec2_web2_name
+
+}
+
+# ---------------------------
+# RDSモジュールの実行
+# ---------------------------
+module "rds" {
+  source      = "../../modules/rds"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  aws_subnet_private_1a_id = module.vpc.aws_subnet_private_1a_id
+  aws_subnet_private_1c_id = module.vpc.aws_subnet_private_1c_id
+  rds_sg_id                = module.securitygroup.rds_sg_id
+
+  db_subnet_group_name = var.db_subnet_group_name
+  rds_identifier       = var.rds_identifier
+  rds_db_name          = var.rds_db_name
+  rds_username         = var.rds_username
+  rds_password         = var.rds_password
+}
+
+# ---------------------------
+# ALBモジュールの実行
+# ---------------------------
+module "alb" {
+  source      = "../../modules/alb"
+  name_prefix = var.name_prefix
+  env         = var.env
+
+  alb_sg_id               = module.securitygroup.alb_sg_id
+  aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id
+  aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id
+  vpc_id                  = module.vpc.vpc_id
+  ec2_web1_id             = module.ec2.ec2_web1_id
+  ec2_web2_id             = module.ec2.ec2_web2_id
+
+  alb_name          = var.alb_name
+  target_group_name = var.target_group_name
+
+}

env/prod/provider.tf

@@ -0,0 +1,16 @@
+# ---------------------------
+# プロバイダ設定
+# ---------------------------
+# AWS
+provider "aws" {
+  region  = "ap-northeast-1"
+}
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.54.1"
+    }
+  }
+}

env/prod/variables.tf

@@ -0,0 +1,117 @@
+# ---------------------------
+# 共通
+# ---------------------------
+variable "name_prefix" {
+#  default = "userXX-"
+  default = 
+}
+variable "env" {
+  default = "prod"
+}
+
+# ---------------------------
+# vpc
+# ---------------------------
+variable "vpc_cidr_block" {
+  default = "10.0.0.0/16"
+}
+variable "vpc_name" {
+  default = "hands-on-vpc"
+}
+variable "public_1a_cidr" {
+  default = "10.0.0.0/24"
+}
+variable "public_1c_cidr" {
+  default = "10.0.2.0/24"
+}
+variable "private_1a_cidr" {
+  default = "10.0.1.0/24"
+}
+variable "private_1c_cidr" {
+  default = "10.0.3.0/24"
+}
+variable "public_1a_name" {
+  default = "hands-on-public-1a"
+}
+variable "public_1c_name" {
+  default = "hands-on-public-1c"
+}
+variable "private_1a_name" {
+  default = "hands-on-private-1a"
+}
+variable "private_1c_name" {
+  default = "hands-on-private-1c"
+}
+variable "igw_name" {
+  default = "hands-on-igw"
+}
+variable "public_rtb_name" {
+  default = "hands-on-public-rtb"
+}
+
+# ---------------------------
+# security group
+# ---------------------------
+variable "alb_sg_name" {
+  default = "hands-on-alb-sg"
+}
+variable "ec2_sg_name" {
+  default = "hands-on-ec2-sg"
+}
+variable "rds_sg_name" {
+  default = "hands-on-rds-sg"
+}
+
+# ---------------------------
+# ec2
+# ---------------------------
+variable "key_name" {
+  default = "hands-on-keypair"
+}
+variable "web1_private_ip" {
+  default = "10.0.0.10"
+}
+variable "web2_private_ip" {
+  default = "10.0.2.10"
+}
+variable "ni_web1_name" {
+  default = "hands-on-ni-web1"
+}
+variable "ni_web2_name" {
+  default = "hands-on-ni-web2"
+}
+variable "ec2_web1_name" {
+  default = "hands-on-ec2-web1"
+}
+variable "ec2_web2_name" {
+  default = "hands-on-ec2-web2"
+}
+
+# ---------------------------
+# rds
+# ---------------------------
+variable "db_subnet_group_name" {
+  default = "hands-on-db-subnet-group"
+}
+variable "rds_identifier" {
+  default = "hands-on-rds"
+}
+variable "rds_db_name" {
+  default = "wordpress"
+}
+variable "rds_username" {
+  default = "admin"
+}
+variable "rds_password" {
+  default = "passw0rd!"
+}
+
+# ---------------------------
+# alb
+# ---------------------------
+variable "alb_name" {
+  default = "hands-on-alb"
+}
+variable "target_group_name" {
+  default = "hands-on-target-group"
+}

modules/alb/main.tf

@@ -0,0 +1,70 @@
+# ---------------------------
+# ALB
+# ---------------------------
+# ALBの作成
+resource "aws_lb" "alb" {
+  name               = "${var.name_prefix}${var.env}-${var.alb_name}"
+  internal           = false
+  load_balancer_type = "application"
+  security_groups    = [var.alb_sg_id]
+  subnets = [
+    var.aws_subnet_public_1a_id,
+    var.aws_subnet_public_1c_id
+  ]
+  ip_address_type = "ipv4"
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.alb_name}"
+  }
+}
+
+# ターゲットグループの作成
+resource "aws_lb_target_group" "target_group" {
+  name             = "${var.name_prefix}${var.env}-${var.target_group_name}"
+  target_type      = "instance"
+  protocol_version = "HTTP1"
+  port             = 80
+  protocol         = "HTTP"
+  vpc_id           = var.vpc_id
+  # ヘルスチェックの設定
+  health_check {
+    interval            = 30
+    path                = "/wp-includes/images/blank.gif"
+    port                = "traffic-port"
+    protocol            = "HTTP"
+    timeout             = 5
+    healthy_threshold   = 5
+    unhealthy_threshold = 2
+    matcher             = "200,301"
+  }
+  # スティッキーセッションの設定
+  stickiness {
+    type            = "lb_cookie"
+    cookie_duration = 1800
+    enabled         = true
+  }
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.target_group_name}"
+  }
+}
+
+# ターゲットグループとインスタンスの紐づけ
+resource "aws_lb_target_group_attachment" "attach_ec2_web1" {
+  target_group_arn = aws_lb_target_group.target_group.arn
+  target_id        = var.ec2_web1_id
+}
+
+resource "aws_lb_target_group_attachment" "attach_ec2_web2" {
+  target_group_arn = aws_lb_target_group.target_group.arn
+  target_id        = var.ec2_web2_id
+}
+
+# リスナーの設定
+resource "aws_lb_listener" "listener" {
+  load_balancer_arn = aws_lb.alb.arn
+  port              = 80
+  protocol          = "HTTP"
+  default_action {
+    type             = "forward"
+    target_group_arn = aws_lb_target_group.target_group.arn
+  }
+}

modules/alb/output.tf

@@ -0,0 +1,3 @@
+output "alb_dns_name" {
+  value = aws_lb.alb.dns_name
+}

modules/alb/variables.tf

@@ -0,0 +1,15 @@
+# ---------------------------
+# 変数設定
+# ---------------------------
+variable "name_prefix" {}
+variable "env" {}
+
+variable "alb_sg_id" {}
+variable "aws_subnet_public_1a_id" {}
+variable "aws_subnet_public_1c_id" {}
+variable "vpc_id" {}
+variable "ec2_web1_id" {}
+variable "ec2_web2_id" {}
+
+variable "alb_name" {}
+variable "target_group_name" {}

modules/ec2/install_wordpress.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+dnf update -y
+dnf install -y httpd wget php-fpm php-mysqli php-json php php-devel mariadb105
+
+wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/
+tar zxvf /tmp/latest-ja.tar.gz -C /tmp
+cp -r /tmp/wordpress/* /var/www/html/
+chown apache:apache -R /var/www/html
+
+systemctl enable httpd.service
+systemctl start httpd.service

modules/ec2/main.tf

@@ -0,0 +1,98 @@
+# ---------------------------
+# EC2 Keypairの設定
+# ---------------------------
+# 秘密鍵のアルゴリズム設定
+resource "tls_private_key" "private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 2048
+}
+
+# 生成するkeypair（秘密鍵と公開鍵）のパスを指定
+locals {
+  public_key_file  = "${path.root}/.keypair/${var.name_prefix}${var.env}-${var.key_name}.id_rsa.pub"
+  private_key_file = "${path.root}/.keypair/${var.name_prefix}${var.env}-${var.key_name}.id_rsa"
+}
+
+# 鍵の生成
+resource "local_file" "private_key_pem" {
+  filename = local.private_key_file
+  content  = tls_private_key.private_key.private_key_pem
+}
+
+# 公開鍵をAWSのkeypairにインポート
+resource "aws_key_pair" "key_pair" {
+  key_name   = "${var.name_prefix}${var.env}-${var.key_name}"
+  public_key = tls_private_key.private_key.public_key_openssh
+}
+
+# ---------------------------
+# EC2 インスタンス
+# ---------------------------
+# Amazon Linux2023のAMIを取得
+data "aws_ssm_parameter" "amazon_linux2023" {
+  name = "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"
+}
+
+# ネットワークインターフェイスの作成
+resource "aws_network_interface" "ni_web1" {
+  subnet_id   = var.aws_subnet_public_1a_id
+  private_ips = [var.web1_private_ip]
+  # セキュリティグループの指定
+  security_groups = [var.ec2_sg_id]
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.ni_web1_name}"
+  }
+}
+
+resource "aws_network_interface" "ni_web2" {
+  subnet_id   = var.aws_subnet_public_1c_id
+  private_ips = [var.web2_private_ip]
+  # セキュリティグループの指定
+  security_groups = [var.ec2_sg_id]
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.ni_web2_name}"
+  }
+}
+
+# EC2インスタンスの作成
+resource "aws_instance" "ec2_web1" {
+  # AMIの指定
+  ami = data.aws_ssm_parameter.amazon_linux2023.value
+  # インスタンスタイプの指定
+  instance_type = "t3.micro"
+  # アベイラビリティーゾーンの指定
+  availability_zone = "ap-northeast-1a"
+  # ネットワークインターフェイスの指定
+  network_interface {
+    network_interface_id = aws_network_interface.ni_web1.id
+    device_index         = 0
+  }
+  # キーペアの指定
+  key_name = aws_key_pair.key_pair.key_name
+  # user dataの指定（Wordpressのインストール）
+  user_data = file("${path.module}/install_wordpress.sh")
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.ec2_web1_name}"
+  }
+}
+
+resource "aws_instance" "ec2_web2" {
+  # AMIの指定
+  ami = data.aws_ssm_parameter.amazon_linux2023.value
+  # インスタンスタイプの指定
+  instance_type = "t3.micro"
+  # アベイラビリティーゾーンの指定
+  availability_zone = "ap-northeast-1c"
+  # ネットワークインターフェイスの指定
+  network_interface {
+    network_interface_id = aws_network_interface.ni_web2.id
+    device_index         = 0
+  }
+  # キーペアの指定
+  key_name = aws_key_pair.key_pair.key_name
+  # user dataの指定（Wordpressのインストール）
+  user_data = file("${path.module}/install_wordpress.sh")
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.ec2_web2_name}"
+  }
+}

modules/ec2/output.tf

@@ -0,0 +1,12 @@
+output "ec2_web1_public_ip" {
+  value = "${aws_instance.ec2_web1.public_ip}"
+}
+output "ec2_web2_public_ip" {
+  value = "${aws_instance.ec2_web2.public_ip}"
+}
+output "ec2_web1_id" {
+  value = aws_instance.ec2_web1.id
+}
+output "ec2_web2_id" {
+  value = aws_instance.ec2_web2.id
+}

modules/ec2/variables.tf

@@ -0,0 +1,19 @@
+# ---------------------------
+# 変数設定
+# ---------------------------
+variable "name_prefix" {}
+variable "env" {}
+
+variable "aws_subnet_public_1a_id" {}
+variable "aws_subnet_public_1c_id" {}
+
+variable "ec2_sg_id" {}
+variable "rds_sg_id" {}
+
+variable "key_name" {}
+variable "web1_private_ip" {}
+variable "web2_private_ip" {}
+variable "ni_web1_name" {}
+variable "ni_web2_name" {}
+variable "ec2_web1_name" {}
+variable "ec2_web2_name" {}

modules/rds/main.tf

@@ -0,0 +1,41 @@
+# ---------------------------
+# RDS
+# ---------------------------
+# DBサブネットグループの作成
+resource "aws_db_subnet_group" "db_subnet_group" {
+  name = "${var.name_prefix}${var.env}-${var.db_subnet_group_name}"
+  subnet_ids = [
+    var.aws_subnet_private_1a_id,
+    var.aws_subnet_private_1c_id
+  ]
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.db_subnet_group_name}"
+  }
+}
+
+# RDSインスタンスの作成
+resource "aws_db_instance" "rds" {
+  identifier = "${var.name_prefix}${var.env}-${var.rds_identifier}"
+  # インスタンスクラス、ストレージサイズの指定
+  instance_class    = "db.t3.micro"
+  allocated_storage = 20
+  # DBサブネットグループの指定
+  db_subnet_group_name = aws_db_subnet_group.db_subnet_group.name
+  # セキュリティグループの指定
+  vpc_security_group_ids = [var.rds_sg_id]
+  # マルチAZインスタンスの設定
+  multi_az = true
+  # DBエンジンの指定
+  engine         = "mysql"
+  engine_version = "8.0.35"
+  # DB情報の設定
+  db_name  = var.rds_db_name
+  username = var.rds_username
+  password = var.rds_password
+  # 設定変更の即時反映
+  apply_immediately = true
+  # DB削除時にスナップショットを作成しない
+  skip_final_snapshot = true
+  # バックアップ保持期間（0に設定すると自動バックアップ無効）
+  backup_retention_period = "0"
+}

modules/rds/output.tf

@@ -0,0 +1,3 @@
+output "rds_fqdn" {
+  value = "${aws_db_instance.rds.endpoint}"
+}

modules/rds/variables.tf

@@ -0,0 +1,15 @@
+# ---------------------------
+# 変数設定
+# ---------------------------
+variable "name_prefix" {}
+variable "env" {}
+
+variable "aws_subnet_private_1a_id" {}
+variable "aws_subnet_private_1c_id" {}
+variable "rds_sg_id" {}
+
+variable "db_subnet_group_name" {}
+variable "rds_identifier" {}
+variable "rds_db_name" {}
+variable "rds_username" {}
+variable "rds_password" {}

modules/securitygroup/main.tf

@@ -0,0 +1,110 @@
+# ---------------------------
+# セキュリティグループ
+# ---------------------------
+# ALB用
+resource "aws_security_group" "alb_sg" {
+  name        = "${var.name_prefix}${var.env}-${var.alb_sg_name}"
+  description = "for alb"
+  vpc_id      = var.vpc_id
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.alb_sg_name}"
+  }
+}
+
+# EC2用
+resource "aws_security_group" "ec2_sg" {
+  name        = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"
+  description = "for ec2"
+  vpc_id      = var.vpc_id
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}"
+  }
+}
+
+# RDS用
+resource "aws_security_group" "rds_sg" {
+  name        = "${var.name_prefix}${var.env}-${var.rds_sg_name}"
+  description = "for rds"
+  vpc_id      = var.vpc_id
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.rds_sg_name}"
+  }
+}
+
+# ---------------------------
+# セキュリティグループルール
+# ---------------------------
+# ALB用インバウンドルール http
+resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_http" {
+  security_group_id = aws_security_group.alb_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = 80
+  to_port           = 80
+  ip_protocol       = "tcp"
+}
+
+# ALB用インバウンドルール https
+resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_https" {
+  security_group_id = aws_security_group.alb_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = 443
+  to_port           = 443
+  ip_protocol       = "tcp"
+}
+
+# ALB用アウトバウンドルール any
+resource "aws_vpc_security_group_egress_rule" "alb_sg_allow_all" {
+  security_group_id = aws_security_group.alb_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1"
+}
+
+# EC2用インバウンドルール http
+resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_http" {
+  security_group_id = aws_security_group.ec2_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = 80
+  to_port           = 80
+  ip_protocol       = "tcp"
+}
+
+# EC2用インバウンドルール https
+resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_https" {
+  security_group_id = aws_security_group.ec2_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  from_port         = 443
+  to_port           = 443
+  ip_protocol       = "tcp"
+}
+
+# EC2用インバウンドルール インスタンスコネクト
+resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_instance_connect" {
+  security_group_id = aws_security_group.ec2_sg.id
+  cidr_ipv4         = "3.112.23.0/29"
+  from_port         = 22
+  to_port           = 22
+  ip_protocol       = "tcp"
+}
+
+# EC2用アウトバウンドルール any
+resource "aws_vpc_security_group_egress_rule" "ec2_sg_allow_all" {
+  security_group_id = aws_security_group.ec2_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1"
+}
+
+# RDS用インバウンドルール mysql
+resource "aws_vpc_security_group_ingress_rule" "rds_sg_allow_mysql" {
+  security_group_id = aws_security_group.rds_sg.id
+  cidr_ipv4         = var.vpc_cidr_block
+  from_port         = 3306
+  to_port           = 3306
+  ip_protocol       = "tcp"
+}
+
+# RDS用アウトバウンドルール any
+resource "aws_vpc_security_group_egress_rule" "rds_sg_allow_all" {
+  security_group_id = aws_security_group.rds_sg.id
+  cidr_ipv4         = "0.0.0.0/0"
+  ip_protocol       = "-1"
+}

modules/securitygroup/output.tf

@@ -0,0 +1,9 @@
+output "ec2_sg_id" {
+  value = aws_security_group.ec2_sg.id
+}
+output "rds_sg_id" {
+  value = aws_security_group.rds_sg.id
+}
+output "alb_sg_id" {
+  value = aws_security_group.alb_sg.id
+}

modules/securitygroup/variables.tf

@@ -0,0 +1,12 @@
+# ---------------------------
+# 変数設定
+# ---------------------------
+variable "name_prefix" {}
+variable "env" {}
+
+variable "vpc_id" {}
+variable "vpc_cidr_block" {}
+
+variable "alb_sg_name" {}
+variable "ec2_sg_name" {}
+variable "rds_sg_name" {}

modules/vpc/main.tf

@@ -0,0 +1,92 @@
+# ---------------------------
+# VPC
+# ---------------------------
+resource "aws_vpc" "vpc" {
+  cidr_block           = var.vpc_cidr_block
+  enable_dns_hostnames = true # DNSホスト名を有効化
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.vpc_name}"
+  }
+}
+
+# ---------------------------
+# サブネット
+# ---------------------------
+# パブリックサブネット1
+resource "aws_subnet" "public_1a_subnet" {
+  vpc_id                  = aws_vpc.vpc.id
+  cidr_block              = var.public_1a_cidr
+  availability_zone       = "ap-northeast-1a"
+  map_public_ip_on_launch = true
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.public_1a_name}"
+  }
+}
+
+# パブリックサブネット2
+resource "aws_subnet" "public_1c_subnet" {
+  vpc_id                  = aws_vpc.vpc.id
+  cidr_block              = var.public_1c_cidr
+  availability_zone       = "ap-northeast-1c"
+  map_public_ip_on_launch = true
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.public_1c_name}"
+  }
+}
+
+# プライベートサブネット1
+resource "aws_subnet" "private_1a_subnet" {
+  vpc_id            = aws_vpc.vpc.id
+  cidr_block        = var.private_1a_cidr
+  availability_zone = "ap-northeast-1a"
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.private_1a_name}"
+  }
+}
+
+# プライベートサブネット2
+resource "aws_subnet" "private_1c_subnet" {
+  vpc_id            = aws_vpc.vpc.id
+  cidr_block        = var.private_1c_cidr
+  availability_zone = "ap-northeast-1c"
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.private_1c_name}"
+  }
+}
+
+# ---------------------------
+# インターネットゲートウェイ
+# ---------------------------
+resource "aws_internet_gateway" "igw" {
+  vpc_id = aws_vpc.vpc.id
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.igw_name}"
+  }
+}
+
+# ---------------------------
+# ルートテーブル
+# ---------------------------
+# パブリックサブネット用のルートテーブル
+resource "aws_route_table" "public_rtb" {
+  vpc_id = aws_vpc.vpc.id
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.igw.id
+  }
+  tags = {
+    Name = "${var.name_prefix}${var.env}-${var.public_rtb_name}"
+  }
+}
+
+# ルートテーブルの関連付け（パブリックサブネット1）
+resource "aws_route_table_association" "public_1a_rtb_associate" {
+  subnet_id      = aws_subnet.public_1a_subnet.id
+  route_table_id = aws_route_table.public_rtb.id
+}
+
+# ルートテーブルの関連付け（パブリックサブネット2）
+resource "aws_route_table_association" "public_1c_rtb_associate" {
+  subnet_id      = aws_subnet.public_1c_subnet.id
+  route_table_id = aws_route_table.public_rtb.id
+}

modules/vpc/output.tf

@@ -0,0 +1,19 @@
+# 作成したVPC・サブネットのIDを出力
+output "vpc_id" {
+  value = aws_vpc.vpc.id
+}
+output "vpc_cidr_block" {
+  value = aws_vpc.vpc.cidr_block
+}
+output "aws_subnet_public_1a_id" {
+  value = aws_subnet.public_1a_subnet.id
+}
+output "aws_subnet_public_1c_id" {
+  value = aws_subnet.public_1c_subnet.id
+}
+output "aws_subnet_private_1a_id" {
+  value = aws_subnet.private_1a_subnet.id
+}
+output "aws_subnet_private_1c_id" {
+  value = aws_subnet.private_1c_subnet.id
+}

modules/vpc/variables.tf

@@ -0,0 +1,17 @@
+# ---------------------------
+# 変数設定
+# ---------------------------
+variable "name_prefix" {}
+variable "env" {}
+variable "vpc_cidr_block" {}
+variable "vpc_name" {}
+variable "public_1a_cidr" {}
+variable "public_1c_cidr" {}
+variable "private_1a_cidr" {}
+variable "private_1c_cidr" {}
+variable "public_1a_name" {}
+variable "public_1c_name" {}
+variable "private_1a_name" {}
+variable "private_1c_name" {}
+variable "igw_name" {}
+variable "public_rtb_name" {}