From 6554c1180bd7cb87ba76741105b6b2a0d61526c5 Mon Sep 17 00:00:00 2001 From: Jongwoo Han Date: Sat, 31 May 2025 17:04:54 +0900 Subject: [PATCH] chore: Add db access instance --- Modules/EC2/main.tf | 29 +++++++++++++++++++++++++++++ Modules/EC2/variables.tf | 7 +++++++ Modules/SecurityGroup/main.tf | 25 ++++++++++++++++++++++--- Modules/SecurityGroup/outputs.tf | 4 ++++ main.tf | 6 ++++++ 5 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 Modules/EC2/main.tf create mode 100644 Modules/EC2/variables.tf diff --git a/Modules/EC2/main.tf b/Modules/EC2/main.tf new file mode 100644 index 0000000..7523724 --- /dev/null +++ b/Modules/EC2/main.tf @@ -0,0 +1,29 @@ +data "aws_ami" "amazon_linux" { + most_recent = true + owners = ["amazon"] + + filter { + name = "name" + values = ["amzn2-ami-hvm-*-x86_64-gp2"] + } +} + +resource "aws_instance" "db_access_instance" { + ami = data.aws_ami.amazon_linux.id + instance_type = "t2.micro" + subnet_id = var.public_subnets[0] + vpc_security_group_ids = [var.sg_db_access_instance_id] + + instance_market_options { + market_type = "spot" + spot_options { + spot_instance_type = "one-time" + } + } + + associate_public_ip_address = true + + tags = { + Name = "dummy-db-access-instance" + } +} diff --git a/Modules/EC2/variables.tf b/Modules/EC2/variables.tf new file mode 100644 index 0000000..631f949 --- /dev/null +++ b/Modules/EC2/variables.tf @@ -0,0 +1,7 @@ +variable "public_subnets" { + type = list(string) +} + +variable "sg_db_access_instance_id" { + type = string +} diff --git a/Modules/SecurityGroup/main.tf b/Modules/SecurityGroup/main.tf index 59f7ad3..489ec25 100644 --- a/Modules/SecurityGroup/main.tf +++ b/Modules/SecurityGroup/main.tf @@ -94,7 +94,7 @@ resource "aws_security_group" "sg_mysql" { from_port = 3306 to_port = 3306 protocol = "tcp" - security_groups = [aws_security_group.sg_ecs.id] + security_groups = [aws_security_group.sg_ecs.id, aws_security_group.sg_db_access_instance.id] } egress { @@ -117,7 +117,7 @@ resource "aws_security_group" "sg_valkey" { from_port = 6379 to_port = 6379 protocol = "tcp" - security_groups = [aws_security_group.sg_ecs.id] + security_groups = [aws_security_group.sg_ecs.id, aws_security_group.sg_db_access_instance.id] } egress { @@ -140,7 +140,7 @@ resource "aws_security_group" "sg_mongodb" { from_port = 27017 to_port = 27017 protocol = "tcp" - security_groups = [aws_security_group.sg_ecs.id] + security_groups = [aws_security_group.sg_ecs.id, aws_security_group.sg_db_access_instance.id] } egress { @@ -154,3 +154,22 @@ resource "aws_security_group" "sg_mongodb" { Name = "dutymate-sg-mongodb" } } + +resource "aws_security_group" "sg_db_access_instance" { + name = "dutymate-sg-db-access-instance" + vpc_id = var.vpc_id + + ingress { + from_port = 22 + to_port = 22 + protocol = "tcp" + cidr_blocks = ["0.0.0.0/0"] + } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + } +} diff --git a/Modules/SecurityGroup/outputs.tf b/Modules/SecurityGroup/outputs.tf index 8f82c02..9f8abb1 100644 --- a/Modules/SecurityGroup/outputs.tf +++ b/Modules/SecurityGroup/outputs.tf @@ -2,6 +2,10 @@ output "sg_alb_id" { value = aws_security_group.sg_alb.id } +output "sg_db_access_instance_id" { + value = aws_security_group.sg_db_access_instance.id +} + output "sg_ecs_id" { value = aws_security_group.sg_ecs.id } diff --git a/main.tf b/main.tf index b2e5d2f..643d613 100644 --- a/main.tf +++ b/main.tf @@ -52,6 +52,12 @@ module "ecs" { sg_ecs_id = module.security_group.sg_ecs_id } +module "ec2" { + source = "./Modules/EC2" + public_subnets = module.networking.public_subnets + sg_db_access_instance_id = module.security_group.sg_db_access_instance_id +} + module "elasticache" { source = "./Modules/ElastiCache" public_subnets = module.networking.public_subnets