diff --git a/.github/workflows/cd_dev.yml b/.github/workflows/cd_dev.yml index 1b3f0dc..b3f1a38 100644 --- a/.github/workflows/cd_dev.yml +++ b/.github/workflows/cd_dev.yml @@ -39,7 +39,6 @@ jobs: aws_secret_access_key = "${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}" rds_username = "${{ secrets.RDS_USERNAME }}" rds_password = "${{ secrets.RDS_PASSWORD }}" - domain_name = "${{ secrets.DEV_DOMAIN_NAME }}" EOF - name: Terraform Apply (dev) diff --git a/.github/workflows/cd_prod.yml b/.github/workflows/cd_prod.yml index 1558889..f3dab95 100644 --- a/.github/workflows/cd_prod.yml +++ b/.github/workflows/cd_prod.yml @@ -40,7 +40,6 @@ jobs: aws_secret_access_key = "${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}" rds_username = "${{ secrets.RDS_USERNAME }}" rds_password = "${{ secrets.RDS_PASSWORD }}" - domain_name = "${{ secrets.PROD_DOMAIN_NAME }}" EOF - name: Terraform Apply (prod) diff --git a/.github/workflows/ci_dev.yml b/.github/workflows/ci_dev.yml index d9797cf..cca18c6 100644 --- a/.github/workflows/ci_dev.yml +++ b/.github/workflows/ci_dev.yml @@ -43,7 +43,6 @@ jobs: aws_secret_access_key = "${{ secrets.DEV_AWS_SECRET_ACCESS_KEY }}" rds_username = "${{ secrets.RDS_USERNAME }}" rds_password = "${{ secrets.RDS_PASSWORD }}" - domain_name = "${{ secrets.DEV_DOMAIN_NAME }}" EOF - name: Terraform Plan (dev) diff --git a/.github/workflows/ci_prod.yml b/.github/workflows/ci_prod.yml index d14ea87..abf0887 100644 --- a/.github/workflows/ci_prod.yml +++ b/.github/workflows/ci_prod.yml @@ -43,7 +43,6 @@ jobs: aws_secret_access_key = "${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}" rds_username = "${{ secrets.RDS_USERNAME }}" rds_password = "${{ secrets.RDS_PASSWORD }}" - domain_name = "${{ secrets.PROD_DOMAIN_NAME }}" EOF - name: Terraform Plan (prod) diff --git a/terraform/env/dev/compute.tf b/terraform/env/dev/compute.tf index 2f49204..a05e3f1 100644 --- a/terraform/env/dev/compute.tf +++ b/terraform/env/dev/compute.tf @@ -27,10 +27,3 @@ module "ec2" { user_data = local.user_data_base64 } -# ALB Target Group 추가 -resource "aws_lb_target_group_attachment" "ec2" { - target_group_arn = module.alb.target_group_arn - target_id = module.ec2.instance_id - port = 80 -} - diff --git a/terraform/env/dev/example.tfvars b/terraform/env/dev/example.tfvars index ceb8fb4..ba287da 100644 --- a/terraform/env/dev/example.tfvars +++ b/terraform/env/dev/example.tfvars @@ -12,6 +12,3 @@ availability_zone = "ap-northeast-2a" # RDS Configuration rds_username = "admin" # 실제 환경에서는 더 복잡한 비밀번호 사용 -# Route53 Configuration -# hosted_zone_id = "YOUR_HOSTED_ZONE_ID" # 도메인의 hosted zone ID -# domain_name = "yourdomain.com" # 실제 도메인으로 변경 diff --git a/terraform/env/dev/network.tf b/terraform/env/dev/network.tf index 73dcbba..1afce06 100644 --- a/terraform/env/dev/network.tf +++ b/terraform/env/dev/network.tf @@ -98,12 +98,20 @@ module "sg_ec2" { ingress_rules = [ { - from_port = 80 - to_port = 80 - protocol = "tcp" - use_cidr = false - use_sg = true - source_security_group_id = module.sg_alb.security_group_id + from_port = 80 + to_port = 80 + protocol = "tcp" + use_cidr = true + use_sg = false + cidr_blocks = ["0.0.0.0/0"] + }, + { + from_port = 443 + to_port = 443 + protocol = "tcp" + use_cidr = true + use_sg = false + cidr_blocks = ["0.0.0.0/0"] }, { from_port = 22 @@ -159,107 +167,3 @@ module "sg_rds" { ] } -# ALB Security Group -module "sg_alb" { - source = "../../modules/security/security_group" - vpc_id = module.vpc.vpc_id - - environment = local.environment - purpose = "alb" - security_group_name = "${local.name_prefix}-sg-alb" - - ingress_rules = [ - { - from_port = 80 - to_port = 80 - protocol = "tcp" - use_cidr = true - use_sg = false - cidr_blocks = ["0.0.0.0/0"] - }, - { - from_port = 443 - to_port = 443 - protocol = "tcp" - use_cidr = true - use_sg = false - cidr_blocks = ["0.0.0.0/0"] - } - ] - - egress_rules = [ - { - from_port = 0 - to_port = 0 - protocol = "-1" - use_cidr = true - use_sg = false - cidr_blocks = ["0.0.0.0/0"] - } - ] -} - -# ACM Certificate (1단계: 인증서만 생성, 검증은 나중에) -module "acm" { - source = "../../modules/network/acm" - - name_prefix = local.name_prefix - domain_name = var.domain_name - hosted_zone_id = module.route53_zone.hosted_zone_id - create_validation = false # 1단계에서는 검증 비활성화 - - tags = local.common_tags -} - -# Application Load Balancer -module "alb" { - source = "../../modules/network/alb" - - name_prefix = local.name_prefix - internal = false - security_groups = [module.sg_alb.security_group_id] - subnet_ids = [module.subnet_public_a.subnet_id, module.subnet_public_c.subnet_id] - vpc_id = module.vpc.vpc_id - - target_group_port = 80 - target_group_protocol = "HTTP" - - health_check_path = "/health" - health_check_matcher = "200" - - # HTTPS 리스너 비활성화 (인증서 검증 완료 후 활성화) - create_https_listener = false - certificate_arn = null - - tags = local.common_tags -} - -# Route53 - Hosted Zone 생성 -module "route53_zone" { - source = "../../modules/network/route53" - - # 새로운 hosted zone 생성 - create_hosted_zone = true - domain_name = var.domain_name - create_a_record = false - - tags = local.common_tags -} - -# Route53 - ALB를 A 레코드로 설정 (ALB 생성 후) -module "route53_record" { - source = "../../modules/network/route53" - - # 기존 hosted zone 사용 - create_hosted_zone = false - hosted_zone_id = module.route53_zone.hosted_zone_id - - # A 레코드 생성 (ALB로 변경) - create_a_record = true - record_name = "${local.environment}.${var.domain_name}" - target_alias = module.alb.load_balancer_dns_name - target_zone_id = module.alb.load_balancer_zone_id - ttl = 300 - - depends_on = [module.alb] -} diff --git a/terraform/env/dev/terraform.tfvars b/terraform/env/dev/terraform.tfvars index 5720a2b..33c0168 100644 --- a/terraform/env/dev/terraform.tfvars +++ b/terraform/env/dev/terraform.tfvars @@ -7,8 +7,5 @@ availability_zone = "ap-northeast-2a" # RDS 설정 (기본값 - 민감한 정보는 secret.tfvars에서 관리) # rds_username은 secret.tfvars에서 관리 -# Route53 설정 (기본값 - 민감한 정보는 secret.tfvars에서 관리) -# domain_name은 secret.tfvars에서 관리 - # User Data (기본값 - 민감한 정보는 secret.tfvars에서 관리) # userdata는 locals.tf에서 filebase64() 함수로 로드됨 diff --git a/terraform/env/dev/variables.tf b/terraform/env/dev/variables.tf index 0bb9ff5..c4d5dd6 100644 --- a/terraform/env/dev/variables.tf +++ b/terraform/env/dev/variables.tf @@ -23,10 +23,3 @@ variable "rds_password" { sensitive = true } -# Route53 설정 (도메인 관련) -variable "domain_name" { - description = "Base domain name for Route53 records" - type = string - default = "example.com" - sensitive = true -} diff --git a/terraform/env/prod/compute.tf b/terraform/env/prod/compute.tf index 70538f3..17ac8f6 100644 --- a/terraform/env/prod/compute.tf +++ b/terraform/env/prod/compute.tf @@ -20,9 +20,6 @@ module "ec2" { root_volume_type = "gp3" root_volume_encrypted = true - # 종료 보호 활성화 (프로덕션 환경) - disable_api_termination = true - # 종료 시 중지 (삭제하지 않음) instance_initiated_shutdown_behavior = "stop" @@ -30,10 +27,3 @@ module "ec2" { user_data = local.user_data_base64 } -# ALB Target Group 추가 -resource "aws_lb_target_group_attachment" "ec2" { - target_group_arn = module.alb.target_group_arn - target_id = module.ec2.instance_id - port = 80 -} - diff --git a/terraform/env/prod/database.tf b/terraform/env/prod/database.tf index d2e0100..129823e 100644 --- a/terraform/env/prod/database.tf +++ b/terraform/env/prod/database.tf @@ -6,10 +6,10 @@ module "rds" { module.subnet_private_a.subnet_id, module.subnet_private_c.subnet_id ] - storage = 50 + storage = 30 engine = "mysql" engine_version = "8.0.42" - instance_class = "db.t3.small" + instance_class = "db.t3.micro" db_name = "clokey_db" username = var.rds_username password = var.rds_password @@ -21,24 +21,24 @@ module "rds" { publicly_accessible = false # 프라이빗 서브넷에 위치하므로 false # 백업 설정 - backup_retention_period = 30 # 프로덕션에서는 30일 보관 - backup_window = "02:00-03:00" - maintenance_window = "sun:02:00-sun:03:00" + backup_retention_period = 7 + backup_window = "03:00-04:00" + maintenance_window = "sun:04:00-sun:05:00" # 성능 설정 - multi_az = true # 프로덕션에서는 Multi-AZ 활성화 + multi_az = false storage_type = "gp3" storage_encrypted = true # 보안 설정 - deletion_protection = true # 프로덕션에서는 삭제 보호 활성화 + deletion_protection = false - # 파라미터 그룹 설정 (선택적) + # 파라미터 그룹 설정 parameter_group_family = "mysql8.0" parameter_group_parameters = [ { name = "max_connections" - value = "200" + value = "100" }, { name = "innodb_buffer_pool_size" diff --git a/terraform/env/prod/example.tfvars b/terraform/env/prod/example.tfvars index 6e6f75c..de26740 100644 --- a/terraform/env/prod/example.tfvars +++ b/terraform/env/prod/example.tfvars @@ -12,7 +12,3 @@ availability_zone = "ap-northeast-2a" # RDS Configuration rds_username = "admin" # 실제 환경에서는 더 복잡한 비밀번호 사용 -# Route53 Configuration -# hosted_zone_id = "YOUR_HOSTED_ZONE_ID" # 도메인의 hosted zone ID -# domain_name = "yourdomain.com" # 실제 도메인으로 변경 - diff --git a/terraform/env/prod/network.tf b/terraform/env/prod/network.tf index 75d39c7..2a256d2 100644 --- a/terraform/env/prod/network.tf +++ b/terraform/env/prod/network.tf @@ -98,12 +98,20 @@ module "sg_ec2" { ingress_rules = [ { - from_port = 80 - to_port = 80 - protocol = "tcp" - use_cidr = false - use_sg = true - source_security_group_id = module.sg_alb.security_group_id + from_port = 80 + to_port = 80 + protocol = "tcp" + use_cidr = true + use_sg = false + cidr_blocks = ["0.0.0.0/0"] + }, + { + from_port = 443 + to_port = 443 + protocol = "tcp" + use_cidr = true + use_sg = false + cidr_blocks = ["0.0.0.0/0"] }, { from_port = 22 @@ -159,105 +167,4 @@ module "sg_rds" { ] } -# ALB Security Group -module "sg_alb" { - source = "../../modules/security/security_group" - vpc_id = module.vpc.vpc_id - - environment = local.environment - purpose = "alb" - security_group_name = "${local.name_prefix}-sg-alb" - - ingress_rules = [ - { - from_port = 80 - to_port = 80 - protocol = "tcp" - use_cidr = true - use_sg = false - cidr_blocks = ["0.0.0.0/0"] - }, - { - from_port = 443 - to_port = 443 - protocol = "tcp" - use_cidr = true - use_sg = false - cidr_blocks = ["0.0.0.0/0"] - } - ] - - egress_rules = [ - { - from_port = 0 - to_port = 0 - protocol = "-1" - use_cidr = true - use_sg = false - cidr_blocks = ["0.0.0.0/0"] - } - ] -} - -# ACM Certificate -module "acm" { - source = "../../modules/network/acm" - - name_prefix = local.name_prefix - domain_name = var.domain_name - hosted_zone_id = module.route53_zone.hosted_zone_id - - tags = local.common_tags -} - -# Application Load Balancer -module "alb" { - source = "../../modules/network/alb" - - name_prefix = local.name_prefix - internal = false - security_groups = [module.sg_alb.security_group_id] - subnet_ids = [module.subnet_public_a.subnet_id, module.subnet_public_c.subnet_id] - vpc_id = module.vpc.vpc_id - - target_group_port = 80 - target_group_protocol = "HTTP" - - health_check_path = "/health" - health_check_matcher = "200" - - certificate_arn = module.acm.certificate_arn - - tags = local.common_tags -} - -# Route53 - Hosted Zone 생성 -module "route53_zone" { - source = "../../modules/network/route53" - - # 새로운 hosted zone 생성 - create_hosted_zone = true - domain_name = var.domain_name - create_a_record = false - - tags = local.common_tags -} - -# Route53 - ALB를 A 레코드로 설정 (ALB 생성 후) -module "route53_record" { - source = "../../modules/network/route53" - - # 기존 hosted zone 사용 - create_hosted_zone = false - hosted_zone_id = module.route53_zone.hosted_zone_id - - # A 레코드 생성 (ALB로 변경) - create_a_record = true - record_name = "${local.environment}.${var.domain_name}" - target_alias = module.alb.load_balancer_dns_name - target_zone_id = module.alb.load_balancer_zone_id - ttl = 300 - - depends_on = [module.alb] -} diff --git a/terraform/env/prod/terraform.tfvars b/terraform/env/prod/terraform.tfvars index 78ce5d5..8fc8e89 100644 --- a/terraform/env/prod/terraform.tfvars +++ b/terraform/env/prod/terraform.tfvars @@ -7,9 +7,5 @@ availability_zone = "ap-northeast-2a" # RDS 설정 (기본값 - 민감한 정보는 secret.tfvars에서 관리) # rds_username은 secret.tfvars에서 관리 -# Route53 설정 (기본값 - 민감한 정보는 secret.tfvars에서 관리) -# hosted_zone_id는 secret.tfvars에서 관리 -# domain_name은 secret.tfvars에서 관리 - # User Data (기본값 - 민감한 정보는 secret.tfvars에서 관리) # userdata는 locals.tf에서 filebase64() 함수로 로드됨 diff --git a/terraform/env/prod/variables.tf b/terraform/env/prod/variables.tf index f1f8a76..220ef0b 100644 --- a/terraform/env/prod/variables.tf +++ b/terraform/env/prod/variables.tf @@ -24,10 +24,3 @@ variable "rds_password" { sensitive = true } -# Route53 설정 (도메인 관련) -variable "domain_name" { - description = "Base domain name for Route53 records" - type = string - default = "example.com" - sensitive = true -} diff --git a/terraform/modules/network/alb/main.tf b/terraform/modules/network/alb/main.tf index 2816bce..c9ca146 100644 --- a/terraform/modules/network/alb/main.tf +++ b/terraform/modules/network/alb/main.tf @@ -49,12 +49,16 @@ resource "aws_lb_listener" "http" { protocol = "HTTP" default_action { - type = "redirect" - - redirect { - port = "443" - protocol = "HTTPS" - status_code = "HTTP_301" + type = var.http_listener_action_type + target_group_arn = var.http_listener_action_type == "forward" ? aws_lb_target_group.main.arn : null + + dynamic "redirect" { + for_each = var.http_listener_action_type == "redirect" ? [1] : [] + content { + port = "443" + protocol = "HTTPS" + status_code = "HTTP_301" + } } } } diff --git a/terraform/modules/network/alb/variables.tf b/terraform/modules/network/alb/variables.tf index 65af55e..2728366 100644 --- a/terraform/modules/network/alb/variables.tf +++ b/terraform/modules/network/alb/variables.tf @@ -114,6 +114,16 @@ variable "create_http_listener" { default = true } +variable "http_listener_action_type" { + description = "Action type for HTTP listener: 'forward' or 'redirect'" + type = string + default = "redirect" + validation { + condition = contains(["forward", "redirect"], var.http_listener_action_type) + error_message = "http_listener_action_type must be either 'forward' or 'redirect'." + } +} + variable "create_https_listener" { description = "Whether to create HTTPS listener" type = bool