테라폼 ACG 설정하기
테라폼 ACG 생성
resource "ncloud_vpc" "vpc" {
ipv4_cidr_block = "10.4.0.0/16"
}
resource "ncloud_access_control_group" "acg" {
name = "my-acg"
description = "description"
vpc_no = ncloud_vpc.vpc.id
}ACG생성
resource "ncloud_access_control_group_rule" "acg-rule" {
access_control_group_no = ncloud_access_control_group.acg.id
inbound {
protocol = "TCP"
ip_block = "0.0.0.0/0"
port_range = "22"
description = "accept 22 port"
}
inbound {
protocol = "TCP"
ip_block = "0.0.0.0/0"
port_range = "80"
description = "accept 80 port"
}
outbound {
protocol = "TCP"
ip_block = "0.0.0.0/0"
port_range = "1-65535"
description = "accept 1-65535 port"
}
}ACG 룰 생성
Terraform Registry
registry.terraform.io
추가된 함수dynamic
여러 함수 참조 할 때 좋다.
키와 벨류 값을 일치시켜 복잡한 함수를 조금은 단순화 시킨다.
공식 문서
https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks
Dynamic Blocks - Configuration Language | Terraform | HashiCorp Developer
Dynamic blocks automatically construct multi-level, nested block structures. Learn to configure dynamic blocks and understand their behavior.
developer.hashicorp.com
security.tf
#acg pub 변수
locals {
create_acg_rules_pub_inbound = [
["TCP", "0.0.0.0/0", "80"],
["TCP", "0.0.0.0/0", "443"],
["TCP", "${var.client_ip}/32", "22"],
["TCP", "${var.client_ip}/32", "3389"],
]
create_acg_rules_pub_outbound = [
["TCP", "0.0.0.0/0", "1-65535"],
["UDP", "0.0.0.0/0", "1-65534"],
["ICMP", "0.0.0.0/0", null]
]
}
#acg pri 변수
locals {
create_acg_rules_pri_inbound = [
["TCP", "$10.0.0.0/16", "22"],
["TCP", "$10.0.0.0/16", "8080"]
["TCP", "$10.0.0.0/16", "3306"],
]
create_acg_rules_pri_outbound = [
["TCP", "0.0.0.0/0", "1-65535"],
["UDP", "0.0.0.0/0", "1-65534"],
["ICMP", "0.0.0.0/0", null]
]
}
# acg pub
resource "ncloud_access_control_group" "create_acg_pub" {
name = "${var.pnoun}-acg-pub"
description = "${var.pnoun}-acg-pub"
vpc_no = ncloud_vpc.create_vpc.id
}
resource "ncloud_access_control_group_rule" "create_acg_pub_role" {
access_control_group_no = ncloud_access_control_group.create_acg_pub.id
dynamic "inbound" { #dynamic 함수
for_each = local.create_acg_rules_pub_inbound
content {
protocol = inbound.value[0]
ip_block = inbound.value[1]
port_range = inbound.value[2]
}
}
dynamic "outbound" {
for_each = local.create_acg_rules_pub_outbound
content {
protocol = outbound.value[0]
ip_block = outbound.value[1]
port_range = outbound.value[2]
}
}
}
# acg pri
resource "ncloud_access_control_group" "create_acg_pri" {
name = "${var.pnoun}-acg-pri"
description = "${var.pnoun}-acg-pri"
vpc_no = ncloud_vpc.create_vpc.id
}
resource "ncloud_access_control_group_rule" "create_acg_pri_role" {
access_control_group_no = ncloud_access_control_group.create_acg_pri.id
dynamic "inbound" {
for_each = local.create_acg_rules_pri_inbound
content {
protocol = inbound.value[0]
ip_block = inbound.value[1]
port_range = inbound.value[2]
}
}
dynamic "outbound" {
for_each = local.create_acg_rules_pri_outbound
content {
protocol = outbound.value[0]
ip_block = outbound.value[1]
port_range = outbound.value[2]
}
}
}
for_each는 키 벨류 반복문이다.(나중에 설명)
이런 식으로 많은 양의 정보를 한번에 입력해서 오류를 줄일 수 있다.
잠깐 공부용으로 만들려면
default_network_acl_no- The ID of the network ACL created by default on VPC creation.default_access_control_group_no- The ID of the ACG created by default on VPC creation.default_public_route_table_no- The ID of the Public Route Table created by default on VPC creation.default_private_route_table_no- The ID of the Private Route Table created by default on VPC creation.
VPC디폴트를 사용하여 하는 것이 일을 줄인다...
https://registry.terraform.io/providers/NaverCloudPlatform/ncloud/latest/docs/resources/vpc
Terraform Registry
registry.terraform.io
'네이버클라우드플랫폼(Ncloud) > 테라폼' 카테고리의 다른 글
| Cloud for MySQL (+Init-script) (0) | 2024.03.25 |
|---|---|
| 테라폼 Auto Scaling Group 생성(+ 서버이미지 적용) (1) | 2024.03.01 |
| 테라폼 Loadbalancer 구축하기(+count) (1) | 2024.01.29 |
| 테라폼 서버 생성(+nic) (0) | 2024.01.27 |
| 테라폼 subnet 생성(+인수참조) (0) | 2024.01.27 |
