🗂
【入門#1】ECS環境構築準備(EC2環境で作成したものを流用)
目標とするAWS構成図
本記事は、下記までを完了し、流用元のEC2の環境ができていると飲み込みやすいです。
12.【入門#12】Terraform環境を変数化をしていこう
EC2環境から流用できるものを一気にコピーします。
variable.tfの変更や、リソース名を変えるのみでOKのものをコピーします。
本記事を行うと下記のリソースが作成されます。
・VPC
・サブネット
・ルートテーブル
・インターネットゲートウェイ
・S3バケット
・ALB
・ALB用Aレコード
・セキュリティグループ(ALB/ECS)
◯main.tf
terraform {
required_version = "1.11.3"
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
◯provider.tf
provider "aws" {
region = var.region
profile = var.env_name
}
◯data.tf
# 手動作成したホストゾーン
data "aws_route53_zone" "cask_tokyo" {
name = "${var.route53_domain}."
private_zone = false
}
◯network.tf
# VPN
resource "aws_vpc" "cask_tokyo_ecs_vpc" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
tags = {
Name = "${var.project_name}-vpc"
}
}
# Subnet
resource "aws_subnet" "cask_tokyo_ecs_subnet_public1" {
vpc_id = aws_vpc.cask_tokyo_ecs_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "ap-northeast-1a"
map_public_ip_on_launch = true
tags = {
Name = "${var.project_name}-subnet-public1-ap-northeast-1a"
}
}
resource "aws_subnet" "cask_tokyo_ecs_subnet_public2" {
vpc_id = aws_vpc.cask_tokyo_ecs_vpc.id
cidr_block = "10.0.2.0/24"
availability_zone = "ap-northeast-1c"
map_public_ip_on_launch = true
tags = {
Name = "${var.project_name}-subnet-public2-ap-northeast-1c"
}
}
# Internet Gateway
resource "aws_internet_gateway" "cask_tokyo_ecs_igw" {
vpc_id = aws_vpc.cask_tokyo_ecs_vpc.id
tags = {
Name = "${var.project_name}-igw"
}
}
# Route Table
resource "aws_route_table" "cask_tokyo_ecs_rt" {
vpc_id = aws_vpc.cask_tokyo_ecs_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.cask_tokyo_ecs_igw.id
}
tags = {
Name = "${var.project_name}-rt"
}
}
# Route Table ↔ Subnets Association
resource "aws_route_table_association" "cask_tokyo_ecs_rt_association_public1" {
subnet_id = aws_subnet.cask_tokyo_ecs_subnet_public1.id
route_table_id = aws_route_table.cask_tokyo_ecs_rt.id
}
resource "aws_route_table_association" "cask_tokyo_ecs_rt_association_public2" {
subnet_id = aws_subnet.cask_tokyo_ecs_subnet_public2.id
route_table_id = aws_route_table.cask_tokyo_ecs_rt.id
}
# ACM
resource "aws_acm_certificate" "cask_tokyo_cert" {
domain_name = "${var.route53_sub_domain}.${var.route53_domain}"
validation_method = "DNS"
tags = {
Name = "${var.env_name}-acm"
}
}
# Route53 ACM用CNAMEレコード
resource "aws_route53_record" "cask_tokyo_cert_cname" {
for_each = {
for dvo in aws_acm_certificate.cask_tokyo_cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
type = each.value.type
ttl = "300"
# HostZoneID
zone_id = data.aws_route53_zone.cask_tokyo.zone_id
}
# Route53 ALB用Aレコード
resource "aws_route53_record" "cask_tokyo_ecs_alb_a" {
name = "${var.route53_sub_domain}.${var.route53_domain}"
type = "A"
alias {
name = aws_lb.cask_tokyo_ecs.dns_name
zone_id = aws_lb.cask_tokyo_ecs.zone_id
evaluate_target_health = true
}
# HostZoneID
zone_id = data.aws_route53_zone.cask_tokyo.zone_id
}
◯security_groups.tf
# SecurityGroup(ALB)
resource "aws_security_group" "cask_tokyo_ecs_sg_alb" {
name = "${var.project_name}-sg-alb"
description = "For ALB"
vpc_id = aws_vpc.cask_tokyo_ecs_vpc.id
tags = {
Name = "${var.project_name}-sg-alb"
}
ingress {
description = "From ALL 80"
protocol = "tcp"
from_port = 80
to_port = 80
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "From ALL 443"
protocol = "tcp"
from_port = 443
to_port = 443
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Allow all IPv4"
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Allow all IPv6"
protocol = "-1"
from_port = 0
to_port = 0
ipv6_cidr_blocks = ["::/0"]
}
}
# SecurityGroup(ECS)
resource "aws_security_group" "cask_tokyo_ecs_sg_ecs" {
name = "${var.project_name}-sg-ecs"
description = "For ECS"
vpc_id = aws_vpc.cask_tokyo_ecs_vpc.id
tags = {
Name = "${var.project_name}-sg-ecs"
}
ingress {
description = "From ALB 80"
protocol = "tcp"
from_port = 80
to_port = 80
security_groups = [aws_security_group.cask_tokyo_ecs_sg_alb.id]
}
egress {
description = "Allow all IPv4"
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "Allow all IPv6"
protocol = "-1"
from_port = 0
to_port = 0
ipv6_cidr_blocks = ["::/0"]
}
}
◯storage.tf
# S3 bucket
resource "aws_s3_bucket" "cask_tokyo_ecs_s3_bucket" {
bucket = var.s3_bucket_name
}
◯valiables.tf
# 環境名(共通リソースのprefixに使用)
variable "env_name" {
default = "cask-tokyo"
}
# プロジェクト名(ECS環境リソースのprefixに使用)
variable "project_name" {
default = "cask-tokyo-ecs"
}
# リージョン
variable "region" {
default = "ap-northeast-1"
}
# Webアプリ ヘルスチェックパス
variable "tgtgrp_health_check_path" {
default = "/health"
}
# S3バケット名
variable "s3_bucket_name" {
default = "cask-tokyo-ecs"
}
# ドメイン名
variable "route53_domain" {
default = "cask.tokyo"
}
# サブドメイン名
variable "route53_sub_domain" {
default = "ecs"
}
以上です!
下記の記事を目次として、続きをどんどん構築を行っていきますので、気になる方はぜひ見に来てください!
Discussion