ベースサブネットの更新

5170 ワード

  • variable.tfファイル
  • の変更
    bastion keynameが生成されます.
    デフォルトは次のとおりです.
    以前awsで生成したkeypairのkey名と一致する必要があります.
    それで
    bastion ec 2の例がlaunchの場合、
    variabe.tfに宣言されたキー名と一致する値
    AWS sshキーペアからロードします.
    
     (생략)
     
    variable "bastion_key_name" {
      default = "recipe-app-api-devops-bastion"
    }
  • bastion.tf
  • data "aws_ami" "amazon_linux" {
      most_recent = true
      filter {
        name   = "name"
        values = ["amzn2-ami-hvm-2.0.*-x86_64-gp2"]
      }
      owners = ["amazon"]
    }
    
    resource "aws_iam_role" "bastion" {
      name               = "${local.prefix}-bastion"
      assume_role_policy = file("./templates/bastion/instance-profile-policy.json")
    
      tags = local.common_tags
    }
    
    resource "aws_iam_role_policy_attachment" "bastion_attach_policy" {
      role       = aws_iam_role.bastion.name
      policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
    }
    
    resource "aws_iam_instance_profile" "bastion" {
      name = "${local.prefix}-bastion-instance-profile"
      role = aws_iam_role.bastion.name
    }
    
    resource "aws_instance" "bastion" {
      ami                  = data.aws_ami.amazon_linux.id
      user_data            = file("./templates/bastion/user-data.sh")
      instance_type        = "t2.micro"
      iam_instance_profile = aws_iam_instance_profile.bastion.name
      key_name = var.bastion_key_name
      subnet_id = aws_subnet.public_a.id
      
      tags = merge(
        local.common_tags,
        map("Name", "${local.prefix}-bastion")
      )
    }