- 공유 링크 만들기
- X
- 이메일
- 기타 앱
[Tool]Terraform SG(Security Group)생성
Terraform으로 Security Group생성
- EC2생성과 마찬가지로 유저 디렉토리의 「*.tf」 파일을 읽어들여 SG를 생성한다.
- terraform.tfstate파일에 SG의 정보가 저장된다.
SG(Security Group)생성(CentOS 2016.2.15기준)
- Group으로 관리하기 위해 디렉토리를 생성한다.
$ mkdir aws-sg-test
$ cd aws-sg-test
- *.tf 파일을 생성한다.
$ vi aws-sg-test.tf
# Create Security Group
provider "aws" {
access_key = "[IAM Access_key]"
secret_key = "[IAM Secret_key]"
region = "ap-northeast-1"
}
resource "aws_security_group" "SG-TEST" {
name = "SG-TEST"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
description = "Terraform Test SG"
}
:wq
- 설정 파일을 확인(Group를 지정하여 확인)
$ terraform plan ./
Refreshing Terraform state prior to plan...
The Terraform execution plan has been generated and is shown below.
Resources are shown in alphabetical order for quick scanning. Green resources
will be created (or destroyed and then created if an existing resource
exists), yellow resources are being changed in-place, and red resources
will be destroyed.
Note: You didn't specify an "-out" parameter to save this plan, so when
"apply" is called, Terraform can't guarantee this is what will execute.
+ aws_security_group.SG-TEST
description: "" => "Terraform Test SG"
egress.#: "" => "<computed>"
ingress.#: "" => "1"
ingress.1403647648.cidr_blocks.#: "" => "1"
ingress.1403647648.cidr_blocks.0: "" => "0.0.0.0/0"
ingress.1403647648.from_port: "" => "0"
ingress.1403647648.protocol: "" => "tcp"
ingress.1403647648.security_groups.#: "" => "0"
ingress.1403647648.self: "" => "0"
ingress.1403647648.to_port: "" => "65535"
name: "" => "SG-TEST"
owner_id: "" => "<computed>"
vpc_id: "" => "<computed>"
Plan: 1 to add, 0 to change, 0 to destroy.
- Group을 지정하여 적용
$ terraform apply ./
aws_security_group.SG-TEST: Creating...
description: "" => "Terraform Test SG"
egress.#: "" => "<computed>"
ingress.#: "" => "1"
ingress.1403647648.cidr_blocks.#: "" => "1"
ingress.1403647648.cidr_blocks.0: "" => "0.0.0.0/0"
ingress.1403647648.from_port: "" => "0"
ingress.1403647648.protocol: "" => "tcp"
ingress.1403647648.security_groups.#: "" => "0"
ingress.1403647648.self: "" => "0"
ingress.1403647648.to_port: "" => "65535"
name: "" => "SG-TEST"
owner_id: "" => "<computed>"
vpc_id: "" => "<computed>"
aws_security_group.SG-TEST: Creation complete
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.
State path: terraform.tfstate
- AWS Console에서 SG추가가 정상처리 되었는지 확인
SG에 정책을 추가할 때
- *.tf파일을 편집
$ vi aws-sg-test.tf
# Create Security Group
provider "aws" {
access_key = "[IAM Access_key]"
secret_key = "[IAM Secret_key]"
region = "ap-northeast-1"
}
resource "aws_security_group" "SG-TEST" {
name = "SG-TEST"
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# ####################
# Add HTTP
# DATE : 2016.2.15
# Purpose : HTTP TEST
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# ####################
description = "Terraform Test SG"
}
:wq
- 설정 후 적용으로 추가 완료
- SG의 적용 상태를 CLI환경에서 확인
$ terraform show terraform.tfstate
aws_security_group.SG-TEST:
id = sg-d69167b2
description = Terraform Test SG
egress.# = 0
ingress.# = 2
ingress.1403647648.cidr_blocks.# = 1
ingress.1403647648.cidr_blocks.0 = 0.0.0.0/0
ingress.1403647648.from_port = 0
ingress.1403647648.protocol = tcp
ingress.1403647648.security_groups.# = 0
ingress.1403647648.self = false
ingress.1403647648.to_port = 65535
ingress.2214680975.cidr_blocks.# = 1
ingress.2214680975.cidr_blocks.0 = 0.0.0.0/0
ingress.2214680975.from_port = 80
ingress.2214680975.protocol = tcp
ingress.2214680975.security_groups.# = 0
ingress.2214680975.self = false
ingress.2214680975.to_port = 80
name = SG-TEST
owner_id = 555392473069
tags.# = 0
vpc_id = vpc-d28926b7
- AWS Console에서도 추가한 정책이 적용되었는지 확인
댓글
댓글 쓰기