반응형
보안 그룹에 정책 추가
- EC2 보안 그룹에 ALB 정책 추가
ec2-sg.tf
$ vim ec2-sg.tf
####################EC2 웹 시큐리티 구룹 생성
resource "aws_security_group" "tf_vpc99_sg-ec2-web1" {
name = "ec2-web1"
description = "Managed In Terraform"
vpc_id = aws_vpc.tf_vpc99.id
tags = {
Name = "ec2-web1"
Env = "stg"
CreateUser = "terraform@email.com"
Owner = "iac"
Role = "security_group"
Service = "security"
}
ingress {
description = "any-22 open"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "any open"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
alb-sg.tf
$ vim alb-sg.tf
###ALB 웹 시큐리티 구룹 생성
resource "aws_security_group" "tf_vpc99_sg_alb-web1" {
name = "alb-web1"
description = "Managed In Terraform"
vpc_id = aws_vpc.tf_vpc99.id
tags = {
Name = "alb-web1"
Env = "stg"
CreateUser = "terraform@email.com"
Owner = "iac"
Role = "security_group"
Service = "security"
}
ingress {
description = "any-80port open"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "any-443port open"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
description = "any open"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
sg-rule.tf
$ vim sg-rule.tf
####################EC2 정책에 ALB 정책 룰 추가
resource "aws_security_group_rule" "tf_vpc99_sg_rule-ec2-web1" {
description = "alb service port open"
security_group_id = aws_security_group.tf_vpc99_sg-ec2-web1.id
source_security_group_id = aws_security_group.tf_vpc99_sg_alb-web1.id
type = "ingress"
from_port = 80
to_port = 80
protocol = "tcp"
}
728x90
반응형
'퍼블릭 클라우드' 카테고리의 다른 글
[Terraform] 테라폼 모듈화 테스트 (0) | 2021.02.04 |
---|---|
[Terraform] 테라폼 키 페어 생성 (0) | 2021.02.03 |
[Terraform] 테라폼 ALB(로드밸런서) 생성 (0) | 2021.02.03 |
[Terraform] 테라폼 ec2 인스턴스 생성 (0) | 2021.02.02 |
[Terraform] 테라폼 SSL 인증서 등록(Certificate_Manager) (0) | 2021.02.02 |