From 96d99abdd7ec3aa1f34c1c17a6784c77e5374957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=8F=A4=E5=B7=9D=20=E4=B8=80=E4=B9=8B=E8=BC=94?= <8100076@AS-RHEL.wb.local> Date: Thu, 3 Jul 2025 17:09:15 +0900 Subject: [PATCH] first commit --- README.md | 2 + env/dev/main.tf | 98 ++++++++++++++++++++++++ env/dev/provider.tf | 16 ++++ env/dev/variables.tf | 117 +++++++++++++++++++++++++++++ env/prod/main.tf | 98 ++++++++++++++++++++++++ env/prod/provider.tf | 16 ++++ env/prod/variables.tf | 117 +++++++++++++++++++++++++++++ modules/alb/README.md | 0 modules/alb/main.tf | 70 +++++++++++++++++ modules/alb/output.tf | 3 + modules/alb/variables.tf | 15 ++++ modules/ec2/README.md | 0 modules/ec2/install_wordpress.sh | 12 +++ modules/ec2/main.tf | 98 ++++++++++++++++++++++++ modules/ec2/output.tf | 12 +++ modules/ec2/variables.tf | 19 +++++ modules/rds/README.md | 0 modules/rds/main.tf | 41 ++++++++++ modules/rds/output.tf | 3 + modules/rds/variables.tf | 15 ++++ modules/securitygroup/README.md | 0 modules/securitygroup/main.tf | 110 +++++++++++++++++++++++++++ modules/securitygroup/output.tf | 9 +++ modules/securitygroup/variables.tf | 12 +++ modules/vpc/README.md | 0 modules/vpc/main.tf | 92 +++++++++++++++++++++++ modules/vpc/output.tf | 19 +++++ modules/vpc/variables.tf | 17 +++++ 28 files changed, 1011 insertions(+) create mode 100644 README.md create mode 100644 env/dev/main.tf create mode 100644 env/dev/provider.tf create mode 100644 env/dev/variables.tf create mode 100644 env/prod/main.tf create mode 100644 env/prod/provider.tf create mode 100644 env/prod/variables.tf create mode 100644 modules/alb/README.md create mode 100644 modules/alb/main.tf create mode 100644 modules/alb/output.tf create mode 100644 modules/alb/variables.tf create mode 100644 modules/ec2/README.md create mode 100644 modules/ec2/install_wordpress.sh create mode 100644 modules/ec2/main.tf create mode 100644 modules/ec2/output.tf create mode 100644 modules/ec2/variables.tf create mode 100644 modules/rds/README.md create mode 100644 modules/rds/main.tf create mode 100644 modules/rds/output.tf create mode 100644 modules/rds/variables.tf create mode 100644 modules/securitygroup/README.md create mode 100644 modules/securitygroup/main.tf create mode 100644 modules/securitygroup/output.tf create mode 100644 modules/securitygroup/variables.tf create mode 100644 modules/vpc/README.md create mode 100644 modules/vpc/main.tf create mode 100644 modules/vpc/output.tf create mode 100644 modules/vpc/variables.tf diff --git a/README.md b/README.md new file mode 100644 index 0000000..d452ebe --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# provisioning + diff --git a/env/dev/main.tf b/env/dev/main.tf new file mode 100644 index 0000000..cba5464 --- /dev/null +++ b/env/dev/main.tf @@ -0,0 +1,98 @@ +# --------------------------- +# VPCモジュールの実行 +# --------------------------- +module "vpc" { + source = "../../modules/vpc" + name_prefix = var.name_prefix + env = var.env + + vpc_cidr_block = var.vpc_cidr_block + vpc_name = var.vpc_name + public_1a_cidr = var.public_1a_cidr + public_1c_cidr = var.public_1c_cidr + private_1a_cidr = var.private_1a_cidr + private_1c_cidr = var.private_1c_cidr + public_1a_name = var.public_1a_name + public_1c_name = var.public_1c_name + private_1a_name = var.private_1a_name + private_1c_name = var.private_1c_name + igw_name = var.igw_name + public_rtb_name = var.public_rtb_name +} + +# --------------------------- +# SecurityGroupモジュールの実行 +# --------------------------- +module "securitygroup" { + source = "../../modules/securitygroup" + name_prefix = var.name_prefix + env = var.env + + vpc_id = module.vpc.vpc_id + vpc_cidr_block = module.vpc.vpc_cidr_block + ec2_sg_name = var.ec2_sg_name + rds_sg_name = var.rds_sg_name + alb_sg_name = var.alb_sg_name +} + +# --------------------------- +# EC2モジュールの実行 +# --------------------------- +module "ec2" { + source = "../../modules/ec2" + name_prefix = var.name_prefix + env = var.env + + aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id + aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id + ec2_sg_id = module.securitygroup.ec2_sg_id + rds_sg_id = module.securitygroup.rds_sg_id + + key_name = var.key_name + web1_private_ip = var.web1_private_ip + web2_private_ip = var.web2_private_ip + ni_web1_name = var.ni_web1_name + ni_web2_name = var.ni_web2_name + ec2_web1_name = var.ec2_web1_name + ec2_web2_name = var.ec2_web2_name + +} + +# --------------------------- +# RDSモジュールの実行 +# --------------------------- +module "rds" { + source = "../../modules/rds" + name_prefix = var.name_prefix + env = var.env + + aws_subnet_private_1a_id = module.vpc.aws_subnet_private_1a_id + aws_subnet_private_1c_id = module.vpc.aws_subnet_private_1c_id + rds_sg_id = module.securitygroup.rds_sg_id + + db_subnet_group_name = var.db_subnet_group_name + rds_identifier = var.rds_identifier + rds_db_name = var.rds_db_name + rds_username = var.rds_username + rds_password = var.rds_password +} + +# --------------------------- +# ALBモジュールの実行 +# --------------------------- +module "alb" { + source = "../../modules/alb" + name_prefix = var.name_prefix + env = var.env + + alb_sg_id = module.securitygroup.alb_sg_id + aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id + aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id + vpc_id = module.vpc.vpc_id + ec2_web1_id = module.ec2.ec2_web1_id + ec2_web2_id = module.ec2.ec2_web2_id + + alb_name = var.alb_name + target_group_name = var.target_group_name + +} diff --git a/env/dev/provider.tf b/env/dev/provider.tf new file mode 100644 index 0000000..89d9fbe --- /dev/null +++ b/env/dev/provider.tf @@ -0,0 +1,16 @@ +# --------------------------- +# プロバイダ設定 +# --------------------------- +# AWS +provider "aws" { + region = "ap-northeast-1" +} + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.54.1" + } + } +} diff --git a/env/dev/variables.tf b/env/dev/variables.tf new file mode 100644 index 0000000..a3d5e66 --- /dev/null +++ b/env/dev/variables.tf @@ -0,0 +1,117 @@ +# --------------------------- +# 共通 +# --------------------------- +variable "name_prefix" { +# default = "userXX-" + default = +} +variable "env" { + default = "dev" +} + +# --------------------------- +# vpc +# --------------------------- +variable "vpc_cidr_block" { + default = "10.0.0.0/16" +} +variable "vpc_name" { + default = "hands-on-vpc" +} +variable "public_1a_cidr" { + default = "10.0.0.0/24" +} +variable "public_1c_cidr" { + default = "10.0.2.0/24" +} +variable "private_1a_cidr" { + default = "10.0.1.0/24" +} +variable "private_1c_cidr" { + default = "10.0.3.0/24" +} +variable "public_1a_name" { + default = "hands-on-public-1a" +} +variable "public_1c_name" { + default = "hands-on-public-1c" +} +variable "private_1a_name" { + default = "hands-on-private-1a" +} +variable "private_1c_name" { + default = "hands-on-private-1c" +} +variable "igw_name" { + default = "hands-on-igw" +} +variable "public_rtb_name" { + default = "hands-on-public-rtb" +} + +# --------------------------- +# security group +# --------------------------- +variable "alb_sg_name" { + default = "hands-on-alb-sg" +} +variable "ec2_sg_name" { + default = "hands-on-ec2-sg" +} +variable "rds_sg_name" { + default = "hands-on-rds-sg" +} + +# --------------------------- +# ec2 +# --------------------------- +variable "key_name" { + default = "hands-on-keypair" +} +variable "web1_private_ip" { + default = "10.0.0.10" +} +variable "web2_private_ip" { + default = "10.0.2.10" +} +variable "ni_web1_name" { + default = "hands-on-ni-web1" +} +variable "ni_web2_name" { + default = "hands-on-ni-web2" +} +variable "ec2_web1_name" { + default = "hands-on-ec2-web1" +} +variable "ec2_web2_name" { + default = "hands-on-ec2-web2" +} + +# --------------------------- +# rds +# --------------------------- +variable "db_subnet_group_name" { + default = "hands-on-db-subnet-group" +} +variable "rds_identifier" { + default = "hands-on-rds" +} +variable "rds_db_name" { + default = "wordpress" +} +variable "rds_username" { + default = "admin" +} +variable "rds_password" { + default = "passw0rd!" +} + +# --------------------------- +# alb +# --------------------------- +variable "alb_name" { + default = "hands-on-alb" +} +variable "target_group_name" { + default = "hands-on-target-group" +} diff --git a/env/prod/main.tf b/env/prod/main.tf new file mode 100644 index 0000000..cba5464 --- /dev/null +++ b/env/prod/main.tf @@ -0,0 +1,98 @@ +# --------------------------- +# VPCモジュールの実行 +# --------------------------- +module "vpc" { + source = "../../modules/vpc" + name_prefix = var.name_prefix + env = var.env + + vpc_cidr_block = var.vpc_cidr_block + vpc_name = var.vpc_name + public_1a_cidr = var.public_1a_cidr + public_1c_cidr = var.public_1c_cidr + private_1a_cidr = var.private_1a_cidr + private_1c_cidr = var.private_1c_cidr + public_1a_name = var.public_1a_name + public_1c_name = var.public_1c_name + private_1a_name = var.private_1a_name + private_1c_name = var.private_1c_name + igw_name = var.igw_name + public_rtb_name = var.public_rtb_name +} + +# --------------------------- +# SecurityGroupモジュールの実行 +# --------------------------- +module "securitygroup" { + source = "../../modules/securitygroup" + name_prefix = var.name_prefix + env = var.env + + vpc_id = module.vpc.vpc_id + vpc_cidr_block = module.vpc.vpc_cidr_block + ec2_sg_name = var.ec2_sg_name + rds_sg_name = var.rds_sg_name + alb_sg_name = var.alb_sg_name +} + +# --------------------------- +# EC2モジュールの実行 +# --------------------------- +module "ec2" { + source = "../../modules/ec2" + name_prefix = var.name_prefix + env = var.env + + aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id + aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id + ec2_sg_id = module.securitygroup.ec2_sg_id + rds_sg_id = module.securitygroup.rds_sg_id + + key_name = var.key_name + web1_private_ip = var.web1_private_ip + web2_private_ip = var.web2_private_ip + ni_web1_name = var.ni_web1_name + ni_web2_name = var.ni_web2_name + ec2_web1_name = var.ec2_web1_name + ec2_web2_name = var.ec2_web2_name + +} + +# --------------------------- +# RDSモジュールの実行 +# --------------------------- +module "rds" { + source = "../../modules/rds" + name_prefix = var.name_prefix + env = var.env + + aws_subnet_private_1a_id = module.vpc.aws_subnet_private_1a_id + aws_subnet_private_1c_id = module.vpc.aws_subnet_private_1c_id + rds_sg_id = module.securitygroup.rds_sg_id + + db_subnet_group_name = var.db_subnet_group_name + rds_identifier = var.rds_identifier + rds_db_name = var.rds_db_name + rds_username = var.rds_username + rds_password = var.rds_password +} + +# --------------------------- +# ALBモジュールの実行 +# --------------------------- +module "alb" { + source = "../../modules/alb" + name_prefix = var.name_prefix + env = var.env + + alb_sg_id = module.securitygroup.alb_sg_id + aws_subnet_public_1a_id = module.vpc.aws_subnet_public_1a_id + aws_subnet_public_1c_id = module.vpc.aws_subnet_public_1c_id + vpc_id = module.vpc.vpc_id + ec2_web1_id = module.ec2.ec2_web1_id + ec2_web2_id = module.ec2.ec2_web2_id + + alb_name = var.alb_name + target_group_name = var.target_group_name + +} diff --git a/env/prod/provider.tf b/env/prod/provider.tf new file mode 100644 index 0000000..89d9fbe --- /dev/null +++ b/env/prod/provider.tf @@ -0,0 +1,16 @@ +# --------------------------- +# プロバイダ設定 +# --------------------------- +# AWS +provider "aws" { + region = "ap-northeast-1" +} + +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.54.1" + } + } +} diff --git a/env/prod/variables.tf b/env/prod/variables.tf new file mode 100644 index 0000000..cf9a1ff --- /dev/null +++ b/env/prod/variables.tf @@ -0,0 +1,117 @@ +# --------------------------- +# 共通 +# --------------------------- +variable "name_prefix" { +# default = "userXX-" + default = +} +variable "env" { + default = "prod" +} + +# --------------------------- +# vpc +# --------------------------- +variable "vpc_cidr_block" { + default = "10.0.0.0/16" +} +variable "vpc_name" { + default = "hands-on-vpc" +} +variable "public_1a_cidr" { + default = "10.0.0.0/24" +} +variable "public_1c_cidr" { + default = "10.0.2.0/24" +} +variable "private_1a_cidr" { + default = "10.0.1.0/24" +} +variable "private_1c_cidr" { + default = "10.0.3.0/24" +} +variable "public_1a_name" { + default = "hands-on-public-1a" +} +variable "public_1c_name" { + default = "hands-on-public-1c" +} +variable "private_1a_name" { + default = "hands-on-private-1a" +} +variable "private_1c_name" { + default = "hands-on-private-1c" +} +variable "igw_name" { + default = "hands-on-igw" +} +variable "public_rtb_name" { + default = "hands-on-public-rtb" +} + +# --------------------------- +# security group +# --------------------------- +variable "alb_sg_name" { + default = "hands-on-alb-sg" +} +variable "ec2_sg_name" { + default = "hands-on-ec2-sg" +} +variable "rds_sg_name" { + default = "hands-on-rds-sg" +} + +# --------------------------- +# ec2 +# --------------------------- +variable "key_name" { + default = "hands-on-keypair" +} +variable "web1_private_ip" { + default = "10.0.0.10" +} +variable "web2_private_ip" { + default = "10.0.2.10" +} +variable "ni_web1_name" { + default = "hands-on-ni-web1" +} +variable "ni_web2_name" { + default = "hands-on-ni-web2" +} +variable "ec2_web1_name" { + default = "hands-on-ec2-web1" +} +variable "ec2_web2_name" { + default = "hands-on-ec2-web2" +} + +# --------------------------- +# rds +# --------------------------- +variable "db_subnet_group_name" { + default = "hands-on-db-subnet-group" +} +variable "rds_identifier" { + default = "hands-on-rds" +} +variable "rds_db_name" { + default = "wordpress" +} +variable "rds_username" { + default = "admin" +} +variable "rds_password" { + default = "passw0rd!" +} + +# --------------------------- +# alb +# --------------------------- +variable "alb_name" { + default = "hands-on-alb" +} +variable "target_group_name" { + default = "hands-on-target-group" +} diff --git a/modules/alb/README.md b/modules/alb/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/alb/main.tf b/modules/alb/main.tf new file mode 100644 index 0000000..b0b3c66 --- /dev/null +++ b/modules/alb/main.tf @@ -0,0 +1,70 @@ +# --------------------------- +# ALB +# --------------------------- +# ALBの作成 +resource "aws_lb" "alb" { + name = "${var.name_prefix}${var.env}-${var.alb_name}" + internal = false + load_balancer_type = "application" + security_groups = [var.alb_sg_id] + subnets = [ + var.aws_subnet_public_1a_id, + var.aws_subnet_public_1c_id + ] + ip_address_type = "ipv4" + tags = { + Name = "${var.name_prefix}${var.env}-${var.alb_name}" + } +} + +# ターゲットグループの作成 +resource "aws_lb_target_group" "target_group" { + name = "${var.name_prefix}${var.env}-${var.target_group_name}" + target_type = "instance" + protocol_version = "HTTP1" + port = 80 + protocol = "HTTP" + vpc_id = var.vpc_id + # ヘルスチェックの設定 + health_check { + interval = 30 + path = "/wp-includes/images/blank.gif" + port = "traffic-port" + protocol = "HTTP" + timeout = 5 + healthy_threshold = 5 + unhealthy_threshold = 2 + matcher = "200,301" + } + # スティッキーセッションの設定 + stickiness { + type = "lb_cookie" + cookie_duration = 1800 + enabled = true + } + tags = { + Name = "${var.name_prefix}${var.env}-${var.target_group_name}" + } +} + +# ターゲットグループとインスタンスの紐づけ +resource "aws_lb_target_group_attachment" "attach_ec2_web1" { + target_group_arn = aws_lb_target_group.target_group.arn + target_id = var.ec2_web1_id +} + +resource "aws_lb_target_group_attachment" "attach_ec2_web2" { + target_group_arn = aws_lb_target_group.target_group.arn + target_id = var.ec2_web2_id +} + +# リスナーの設定 +resource "aws_lb_listener" "listener" { + load_balancer_arn = aws_lb.alb.arn + port = 80 + protocol = "HTTP" + default_action { + type = "forward" + target_group_arn = aws_lb_target_group.target_group.arn + } +} diff --git a/modules/alb/output.tf b/modules/alb/output.tf new file mode 100644 index 0000000..8a9be53 --- /dev/null +++ b/modules/alb/output.tf @@ -0,0 +1,3 @@ +output "alb_dns_name" { + value = aws_lb.alb.dns_name +} \ No newline at end of file diff --git a/modules/alb/variables.tf b/modules/alb/variables.tf new file mode 100644 index 0000000..df0449b --- /dev/null +++ b/modules/alb/variables.tf @@ -0,0 +1,15 @@ +# --------------------------- +# 変数設定 +# --------------------------- +variable "name_prefix" {} +variable "env" {} + +variable "alb_sg_id" {} +variable "aws_subnet_public_1a_id" {} +variable "aws_subnet_public_1c_id" {} +variable "vpc_id" {} +variable "ec2_web1_id" {} +variable "ec2_web2_id" {} + +variable "alb_name" {} +variable "target_group_name" {} diff --git a/modules/ec2/README.md b/modules/ec2/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/ec2/install_wordpress.sh b/modules/ec2/install_wordpress.sh new file mode 100644 index 0000000..304bf17 --- /dev/null +++ b/modules/ec2/install_wordpress.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +dnf update -y +dnf install -y httpd wget php-fpm php-mysqli php-json php php-devel mariadb105 + +wget http://ja.wordpress.org/latest-ja.tar.gz -P /tmp/ +tar zxvf /tmp/latest-ja.tar.gz -C /tmp +cp -r /tmp/wordpress/* /var/www/html/ +chown apache:apache -R /var/www/html + +systemctl enable httpd.service +systemctl start httpd.service diff --git a/modules/ec2/main.tf b/modules/ec2/main.tf new file mode 100644 index 0000000..ae00aab --- /dev/null +++ b/modules/ec2/main.tf @@ -0,0 +1,98 @@ +# --------------------------- +# EC2 Keypairの設定 +# --------------------------- +# 秘密鍵のアルゴリズム設定 +resource "tls_private_key" "private_key" { + algorithm = "RSA" + rsa_bits = 2048 +} + +# 生成するkeypair(秘密鍵と公開鍵)のパスを指定 +locals { + public_key_file = "${path.root}/.keypair/${var.name_prefix}${var.env}-${var.key_name}.id_rsa.pub" + private_key_file = "${path.root}/.keypair/${var.name_prefix}${var.env}-${var.key_name}.id_rsa" +} + +# 鍵の生成 +resource "local_file" "private_key_pem" { + filename = local.private_key_file + content = tls_private_key.private_key.private_key_pem +} + +# 公開鍵をAWSのkeypairにインポート +resource "aws_key_pair" "key_pair" { + key_name = "${var.name_prefix}${var.env}-${var.key_name}" + public_key = tls_private_key.private_key.public_key_openssh +} + +# --------------------------- +# EC2 インスタンス +# --------------------------- +# Amazon Linux2023のAMIを取得 +data "aws_ssm_parameter" "amazon_linux2023" { + name = "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64" +} + +# ネットワークインターフェイスの作成 +resource "aws_network_interface" "ni_web1" { + subnet_id = var.aws_subnet_public_1a_id + private_ips = [var.web1_private_ip] + # セキュリティグループの指定 + security_groups = [var.ec2_sg_id] + tags = { + Name = "${var.name_prefix}${var.env}-${var.ni_web1_name}" + } +} + +resource "aws_network_interface" "ni_web2" { + subnet_id = var.aws_subnet_public_1c_id + private_ips = [var.web2_private_ip] + # セキュリティグループの指定 + security_groups = [var.ec2_sg_id] + tags = { + Name = "${var.name_prefix}${var.env}-${var.ni_web2_name}" + } +} + +# EC2インスタンスの作成 +resource "aws_instance" "ec2_web1" { + # AMIの指定 + ami = data.aws_ssm_parameter.amazon_linux2023.value + # インスタンスタイプの指定 + instance_type = "t3.micro" + # アベイラビリティーゾーンの指定 + availability_zone = "ap-northeast-1a" + # ネットワークインターフェイスの指定 + network_interface { + network_interface_id = aws_network_interface.ni_web1.id + device_index = 0 + } + # キーペアの指定 + key_name = aws_key_pair.key_pair.key_name + # user dataの指定(Wordpressのインストール) + user_data = file("${path.module}/install_wordpress.sh") + tags = { + Name = "${var.name_prefix}${var.env}-${var.ec2_web1_name}" + } +} + +resource "aws_instance" "ec2_web2" { + # AMIの指定 + ami = data.aws_ssm_parameter.amazon_linux2023.value + # インスタンスタイプの指定 + instance_type = "t3.micro" + # アベイラビリティーゾーンの指定 + availability_zone = "ap-northeast-1c" + # ネットワークインターフェイスの指定 + network_interface { + network_interface_id = aws_network_interface.ni_web2.id + device_index = 0 + } + # キーペアの指定 + key_name = aws_key_pair.key_pair.key_name + # user dataの指定(Wordpressのインストール) + user_data = file("${path.module}/install_wordpress.sh") + tags = { + Name = "${var.name_prefix}${var.env}-${var.ec2_web2_name}" + } +} diff --git a/modules/ec2/output.tf b/modules/ec2/output.tf new file mode 100644 index 0000000..e55a9d4 --- /dev/null +++ b/modules/ec2/output.tf @@ -0,0 +1,12 @@ +output "ec2_web1_public_ip" { + value = "${aws_instance.ec2_web1.public_ip}" +} +output "ec2_web2_public_ip" { + value = "${aws_instance.ec2_web2.public_ip}" +} +output "ec2_web1_id" { + value = aws_instance.ec2_web1.id +} +output "ec2_web2_id" { + value = aws_instance.ec2_web2.id +} \ No newline at end of file diff --git a/modules/ec2/variables.tf b/modules/ec2/variables.tf new file mode 100644 index 0000000..f3b334e --- /dev/null +++ b/modules/ec2/variables.tf @@ -0,0 +1,19 @@ +# --------------------------- +# 変数設定 +# --------------------------- +variable "name_prefix" {} +variable "env" {} + +variable "aws_subnet_public_1a_id" {} +variable "aws_subnet_public_1c_id" {} + +variable "ec2_sg_id" {} +variable "rds_sg_id" {} + +variable "key_name" {} +variable "web1_private_ip" {} +variable "web2_private_ip" {} +variable "ni_web1_name" {} +variable "ni_web2_name" {} +variable "ec2_web1_name" {} +variable "ec2_web2_name" {} diff --git a/modules/rds/README.md b/modules/rds/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/rds/main.tf b/modules/rds/main.tf new file mode 100644 index 0000000..d5eff3a --- /dev/null +++ b/modules/rds/main.tf @@ -0,0 +1,41 @@ +# --------------------------- +# RDS +# --------------------------- +# DBサブネットグループの作成 +resource "aws_db_subnet_group" "db_subnet_group" { + name = "${var.name_prefix}${var.env}-${var.db_subnet_group_name}" + subnet_ids = [ + var.aws_subnet_private_1a_id, + var.aws_subnet_private_1c_id + ] + tags = { + Name = "${var.name_prefix}${var.env}-${var.db_subnet_group_name}" + } +} + +# RDSインスタンスの作成 +resource "aws_db_instance" "rds" { + identifier = "${var.name_prefix}${var.env}-${var.rds_identifier}" + # インスタンスクラス、ストレージサイズの指定 + instance_class = "db.t3.micro" + allocated_storage = 20 + # DBサブネットグループの指定 + db_subnet_group_name = aws_db_subnet_group.db_subnet_group.name + # セキュリティグループの指定 + vpc_security_group_ids = [var.rds_sg_id] + # マルチAZインスタンスの設定 + multi_az = true + # DBエンジンの指定 + engine = "mysql" + engine_version = "8.0.35" + # DB情報の設定 + db_name = var.rds_db_name + username = var.rds_username + password = var.rds_password + # 設定変更の即時反映 + apply_immediately = true + # DB削除時にスナップショットを作成しない + skip_final_snapshot = true + # バックアップ保持期間(0に設定すると自動バックアップ無効) + backup_retention_period = "0" +} diff --git a/modules/rds/output.tf b/modules/rds/output.tf new file mode 100644 index 0000000..a497a1b --- /dev/null +++ b/modules/rds/output.tf @@ -0,0 +1,3 @@ +output "rds_fqdn" { + value = "${aws_db_instance.rds.endpoint}" +} diff --git a/modules/rds/variables.tf b/modules/rds/variables.tf new file mode 100644 index 0000000..638fe6a --- /dev/null +++ b/modules/rds/variables.tf @@ -0,0 +1,15 @@ +# --------------------------- +# 変数設定 +# --------------------------- +variable "name_prefix" {} +variable "env" {} + +variable "aws_subnet_private_1a_id" {} +variable "aws_subnet_private_1c_id" {} +variable "rds_sg_id" {} + +variable "db_subnet_group_name" {} +variable "rds_identifier" {} +variable "rds_db_name" {} +variable "rds_username" {} +variable "rds_password" {} diff --git a/modules/securitygroup/README.md b/modules/securitygroup/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/securitygroup/main.tf b/modules/securitygroup/main.tf new file mode 100644 index 0000000..b4a25fa --- /dev/null +++ b/modules/securitygroup/main.tf @@ -0,0 +1,110 @@ +# --------------------------- +# セキュリティグループ +# --------------------------- +# ALB用 +resource "aws_security_group" "alb_sg" { + name = "${var.name_prefix}${var.env}-${var.alb_sg_name}" + description = "for alb" + vpc_id = var.vpc_id + tags = { + Name = "${var.name_prefix}${var.env}-${var.alb_sg_name}" + } +} + +# EC2用 +resource "aws_security_group" "ec2_sg" { + name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}" + description = "for ec2" + vpc_id = var.vpc_id + tags = { + Name = "${var.name_prefix}${var.env}-${var.ec2_sg_name}" + } +} + +# RDS用 +resource "aws_security_group" "rds_sg" { + name = "${var.name_prefix}${var.env}-${var.rds_sg_name}" + description = "for rds" + vpc_id = var.vpc_id + tags = { + Name = "${var.name_prefix}${var.env}-${var.rds_sg_name}" + } +} + +# --------------------------- +# セキュリティグループルール +# --------------------------- +# ALB用インバウンドルール http +resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_http" { + security_group_id = aws_security_group.alb_sg.id + cidr_ipv4 = "0.0.0.0/0" + from_port = 80 + to_port = 80 + ip_protocol = "tcp" +} + +# ALB用インバウンドルール https +resource "aws_vpc_security_group_ingress_rule" "alb_sg_allow_https" { + security_group_id = aws_security_group.alb_sg.id + cidr_ipv4 = "0.0.0.0/0" + from_port = 443 + to_port = 443 + ip_protocol = "tcp" +} + +# ALB用アウトバウンドルール any +resource "aws_vpc_security_group_egress_rule" "alb_sg_allow_all" { + security_group_id = aws_security_group.alb_sg.id + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "-1" +} + +# EC2用インバウンドルール http +resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_http" { + security_group_id = aws_security_group.ec2_sg.id + cidr_ipv4 = "0.0.0.0/0" + from_port = 80 + to_port = 80 + ip_protocol = "tcp" +} + +# EC2用インバウンドルール https +resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_https" { + security_group_id = aws_security_group.ec2_sg.id + cidr_ipv4 = "0.0.0.0/0" + from_port = 443 + to_port = 443 + ip_protocol = "tcp" +} + +# EC2用インバウンドルール インスタンスコネクト +resource "aws_vpc_security_group_ingress_rule" "ec2_sg_allow_instance_connect" { + security_group_id = aws_security_group.ec2_sg.id + cidr_ipv4 = "3.112.23.0/29" + from_port = 22 + to_port = 22 + ip_protocol = "tcp" +} + +# EC2用アウトバウンドルール any +resource "aws_vpc_security_group_egress_rule" "ec2_sg_allow_all" { + security_group_id = aws_security_group.ec2_sg.id + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "-1" +} + +# RDS用インバウンドルール mysql +resource "aws_vpc_security_group_ingress_rule" "rds_sg_allow_mysql" { + security_group_id = aws_security_group.rds_sg.id + cidr_ipv4 = var.vpc_cidr_block + from_port = 3306 + to_port = 3306 + ip_protocol = "tcp" +} + +# RDS用アウトバウンドルール any +resource "aws_vpc_security_group_egress_rule" "rds_sg_allow_all" { + security_group_id = aws_security_group.rds_sg.id + cidr_ipv4 = "0.0.0.0/0" + ip_protocol = "-1" +} diff --git a/modules/securitygroup/output.tf b/modules/securitygroup/output.tf new file mode 100644 index 0000000..880113e --- /dev/null +++ b/modules/securitygroup/output.tf @@ -0,0 +1,9 @@ +output "ec2_sg_id" { + value = aws_security_group.ec2_sg.id +} +output "rds_sg_id" { + value = aws_security_group.rds_sg.id +} +output "alb_sg_id" { + value = aws_security_group.alb_sg.id +} \ No newline at end of file diff --git a/modules/securitygroup/variables.tf b/modules/securitygroup/variables.tf new file mode 100644 index 0000000..ebc687f --- /dev/null +++ b/modules/securitygroup/variables.tf @@ -0,0 +1,12 @@ +# --------------------------- +# 変数設定 +# --------------------------- +variable "name_prefix" {} +variable "env" {} + +variable "vpc_id" {} +variable "vpc_cidr_block" {} + +variable "alb_sg_name" {} +variable "ec2_sg_name" {} +variable "rds_sg_name" {} diff --git a/modules/vpc/README.md b/modules/vpc/README.md new file mode 100644 index 0000000..e69de29 diff --git a/modules/vpc/main.tf b/modules/vpc/main.tf new file mode 100644 index 0000000..2dca355 --- /dev/null +++ b/modules/vpc/main.tf @@ -0,0 +1,92 @@ +# --------------------------- +# VPC +# --------------------------- +resource "aws_vpc" "vpc" { + cidr_block = var.vpc_cidr_block + enable_dns_hostnames = true # DNSホスト名を有効化 + tags = { + Name = "${var.name_prefix}${var.env}-${var.vpc_name}" + } +} + +# --------------------------- +# サブネット +# --------------------------- +# パブリックサブネット1 +resource "aws_subnet" "public_1a_subnet" { + vpc_id = aws_vpc.vpc.id + cidr_block = var.public_1a_cidr + availability_zone = "ap-northeast-1a" + map_public_ip_on_launch = true + tags = { + Name = "${var.name_prefix}${var.env}-${var.public_1a_name}" + } +} + +# パブリックサブネット2 +resource "aws_subnet" "public_1c_subnet" { + vpc_id = aws_vpc.vpc.id + cidr_block = var.public_1c_cidr + availability_zone = "ap-northeast-1c" + map_public_ip_on_launch = true + tags = { + Name = "${var.name_prefix}${var.env}-${var.public_1c_name}" + } +} + +# プライベートサブネット1 +resource "aws_subnet" "private_1a_subnet" { + vpc_id = aws_vpc.vpc.id + cidr_block = var.private_1a_cidr + availability_zone = "ap-northeast-1a" + tags = { + Name = "${var.name_prefix}${var.env}-${var.private_1a_name}" + } +} + +# プライベートサブネット2 +resource "aws_subnet" "private_1c_subnet" { + vpc_id = aws_vpc.vpc.id + cidr_block = var.private_1c_cidr + availability_zone = "ap-northeast-1c" + tags = { + Name = "${var.name_prefix}${var.env}-${var.private_1c_name}" + } +} + +# --------------------------- +# インターネットゲートウェイ +# --------------------------- +resource "aws_internet_gateway" "igw" { + vpc_id = aws_vpc.vpc.id + tags = { + Name = "${var.name_prefix}${var.env}-${var.igw_name}" + } +} + +# --------------------------- +# ルートテーブル +# --------------------------- +# パブリックサブネット用のルートテーブル +resource "aws_route_table" "public_rtb" { + vpc_id = aws_vpc.vpc.id + route { + cidr_block = "0.0.0.0/0" + gateway_id = aws_internet_gateway.igw.id + } + tags = { + Name = "${var.name_prefix}${var.env}-${var.public_rtb_name}" + } +} + +# ルートテーブルの関連付け(パブリックサブネット1) +resource "aws_route_table_association" "public_1a_rtb_associate" { + subnet_id = aws_subnet.public_1a_subnet.id + route_table_id = aws_route_table.public_rtb.id +} + +# ルートテーブルの関連付け(パブリックサブネット2) +resource "aws_route_table_association" "public_1c_rtb_associate" { + subnet_id = aws_subnet.public_1c_subnet.id + route_table_id = aws_route_table.public_rtb.id +} diff --git a/modules/vpc/output.tf b/modules/vpc/output.tf new file mode 100644 index 0000000..b4a701c --- /dev/null +++ b/modules/vpc/output.tf @@ -0,0 +1,19 @@ +# 作成したVPC・サブネットのIDを出力 +output "vpc_id" { + value = aws_vpc.vpc.id +} +output "vpc_cidr_block" { + value = aws_vpc.vpc.cidr_block +} +output "aws_subnet_public_1a_id" { + value = aws_subnet.public_1a_subnet.id +} +output "aws_subnet_public_1c_id" { + value = aws_subnet.public_1c_subnet.id +} +output "aws_subnet_private_1a_id" { + value = aws_subnet.private_1a_subnet.id +} +output "aws_subnet_private_1c_id" { + value = aws_subnet.private_1c_subnet.id +} diff --git a/modules/vpc/variables.tf b/modules/vpc/variables.tf new file mode 100644 index 0000000..32d8e3c --- /dev/null +++ b/modules/vpc/variables.tf @@ -0,0 +1,17 @@ +# --------------------------- +# 変数設定 +# --------------------------- +variable "name_prefix" {} +variable "env" {} +variable "vpc_cidr_block" {} +variable "vpc_name" {} +variable "public_1a_cidr" {} +variable "public_1c_cidr" {} +variable "private_1a_cidr" {} +variable "private_1c_cidr" {} +variable "public_1a_name" {} +variable "public_1c_name" {} +variable "private_1a_name" {} +variable "private_1c_name" {} +variable "igw_name" {} +variable "public_rtb_name" {}