Terraformでリソース構築①:NW周りと変数設定
Gitリポジトリの設定およびTerraformの初期設定が完了したら、AWSリソースをtfファイルを作成してapplyする事で作成していきます。
以下のように、並列にAWSリソースごとのtfファイルを用意して順々に作成します。
ここで作成する順番としては、以下。
AWSリソースを作成する度に正しく作成できたかをマネジメントコンソールから確認しながら行う。
AWSリソース作成手順は以下。
手順
以下①~③をtfファイルごとに繰り返す
①tfファイルの作成/編集
1~5のtfファイルを作成/編集する
②変更内容確認
$ terraform plan
③変更内容適用
$ terraform apply
tfファイルの中身
variables.tf
variable "common" {
type = "map"
default = {
prefix = "sampledirection"
region = "ap-northeast-1"
az-a = "ap-northeast-1a"
az-c = "ap-northeast-1c"
}
}
variable "vpc" {
type = "map"
default = {
cidr = "10.0.0.0/16"
}
}
variable "subnet" {
type = "map"
default = {
public-cidr-a = "10.0.0.0/24"
public-cidr-c = "10.0.1.0/24"
protected-cidr-a = "10.0.2.0/24"
protected-cidr-c = "10.0.3.0/24"
private-cidr-a = "10.0.4.0/24"
private-cidr-c = "10.0.5.0/24"
}
}
vpc.tf
resource "aws_vpc" "vpc" {
cidr_block = "${var.vpc["cidr"]}"
enable_dns_support = "true"
enable_dns_hostnames = "true"
tags = {
Name = "${var.common["prefix"]}-vpc-01"
}
}
subnet.tf
resource "aws_subnet" "public-subnet-a" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.subnet["public-cidr-a"]}"
availability_zone = "${var.common["az-a"]}"
tags = {
Name = "${var.common["prefix"]}-public-a"
}
}
resource "aws_subnet" "public-subnet-c" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.subnet["public-cidr-c"]}"
availability_zone = "${var.common["az-c"]}"
tags = {
Name = "${var.common["prefix"]}-public-c"
}
}
resource "aws_subnet" "protected-subnet-a" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.subnet["protected-cidr-a"]}"
availability_zone = "${var.common["az-a"]}"
tags = {
Name = "${var.common["prefix"]}-protect-a"
}
}
resource "aws_subnet" "protected-subnet-c" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.subnet["protected-cidr-c"]}"
availability_zone = "${var.common["az-c"]}"
tags = {
Name = "${var.common["prefix"]}-protect-c"
}
}
resource "aws_subnet" "private-subnet-a" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.subnet["private-cidr-a"]}"
availability_zone = "${var.common["az-a"]}"
tags = {
Name = "${var.common["prefix"]}-private-a"
}
}
resource "aws_subnet" "private-subnet-c" {
vpc_id = "${aws_vpc.vpc.id}"
cidr_block = "${var.subnet["private-cidr-c"]}"
availability_zone = "${var.common["az-c"]}"
tags = {
Name = "${var.common["prefix"]}-private-c"
}
}
igw.tf
resource "aws_internet_gateway" "igw" {
vpc_id = "${aws_vpc.vpc.id}"
tags = {
Name = "${var.common["prefix"]}-igw-01"
}
}
rt.tf
# RouteTable
resource "aws_route_table" "rt-public" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags = {
Name = "${var.common["prefix"]}-public-rtb-01"
}
}
resource "aws_route_table" "rt-protected" {
vpc_id = "${aws_vpc.vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.igw.id}"
}
tags = {
Name = "${var.common["prefix"]}-protect-rtb-01"
}
}
resource "aws_route_table" "rt-private" {
vpc_id = "${aws_vpc.vpc.id}"
tags = {
Name = "${var.common["prefix"]}-private-rtb-01"
}
}
# RouteTableAssociation
resource "aws_route_table_association" "public-rta-a" {
subnet_id = "${aws_subnet.public-subnet-a.id}"
route_table_id = "${aws_route_table.rt-public.id}"
}
resource "aws_route_table_association" "public-rta-c" {
subnet_id = "${aws_subnet.public-subnet-c.id}"
route_table_id = "${aws_route_table.rt-public.id}"
}
resource "aws_route_table_association" "protected-rta-a" {
subnet_id = "${aws_subnet.protected-subnet-a.id}"
route_table_id = "${aws_route_table.rt-protected.id}"
}
resource "aws_route_table_association" "protected-rta-c" {
subnet_id = "${aws_subnet.protected-subnet-c.id}"
route_table_id = "${aws_route_table.rt-protected.id}"
}
resource "aws_route_table_association" "private-rta-a" {
subnet_id = "${aws_subnet.private-subnet-a.id}"
route_table_id = "${aws_route_table.rt-private.id}"
}
resource "aws_route_table_association" "private-rta-c" {
subnet_id = "${aws_subnet.private-subnet-c.id}"
route_table_id = "${aws_route_table.rt-private.id}"
}
