Conversation
yongjun0511
reviewed
Aug 24, 2025
yongjun0511
reviewed
Aug 25, 2025
- terraform fmt -recursive & terraform validate 실행
- 배포 관련 브랜치 설명 코드와 일치화 - secret.tfvars 이외에 제외
- tfvars 관련 ignore 파일명 수정
- S3 모듈 추가 정의 - vars에 environment 추가 - S3 모듈 사용법 README 추가
- tfvars 관련 ignore 파일명 수정 후 terraform.tfvars 반영됨
- tfvars 관련 ignore 파일명 수정 후 terraform.tfvars 반영됨
- 각 모듈 variable.tf에 purpose와 environment, tags 추가 - 각 모듈 main.tf에 tags 정의 - compute, database 등에 적용
- volume size 입력받음 - volume type 입력받음 - public IP 사용 여부 입력받음 - SSH 키 주입 - was-userdata.sh로 wsa용 userdata 예시 추가
- volume size 입력받음 - volume type 입력받음 - public IP 사용 여부 입력받음 - SSH 키 주입 - was-userdata.sh로 wsa용 userdata 예시 추가
- engine_version, instance_class, publicly_accessible, backup_retention_period, parameter_group_name 추가
- variables.tf에 description 추가 - output.tf에 description 추가
- dev 적용 - prod 적용
- dev 적용 - prod 적용 - terraform format & validate
- dev 적용 - prod 적용
- VPC, IGW, Route Tables -> 공유 리소스에 environment 태그 삭제 - compute.tf -> api 서버 명시
- 가용영역, 서브넷 부분 하드코딩으로 수정
- EC2와 RDS의 보안그룹 분리 - RDS 보안그룹에 3306 포트 열어둠 - 파라미터 그룹 적용
- ACM 모듈 추가 (SSL 인증서 관리)
- ALB 모듈 추가 (Application Load Balancer)
- dev/prod 환경에 ACM과 ALB 적용
- CI 워크플로우 최적화 (terraform plan 변수 최소화)
- DB ID 통일 ('clokey_db'로 설정)
- Route53 모듈 개선 (ALB alias 레코드 지원)
- 보안 강화 (EC2는 ALB를 통해서만 접근 가능)
yongjun0511
approved these changes
Sep 21, 2025
- EC2 KeyPair 이름 문제 해결 - MySQL 버전을 8.0.35 → 8.0.34로 변경 - 인증서 검증 타임아웃을 10분 → 20분으로 증가 - Route53 레코드 의존성 명시적 추가 - S3 버킷 중복 문제 - website_endpoint → website_domain으로 변경
- EC2 KeyPair, RDS MySQL 버전, S3 버킷 충돌 문제 해결 - ACM 인증서 검증 및 UserData 로깅 개선 - deprecated 속성 수정
- ALB 설정
📝 Terraform Plan Result (dev)data.aws_ami.ubuntu_latest: Reading...
data.aws_availability_zones.available: Reading...
data.aws_region.current: Reading...
data.aws_caller_identity.current: Reading...
module.vpc.aws_vpc.this: Refreshing state... [id=vpc-08274a8d95d833104]
module.rds.aws_db_parameter_group.main[0]: Refreshing state... [id=dev-clokey-rds-parameter-group]
module.route53_zone.aws_route53_zone.main[0]: Refreshing state... [id=Z09909261Y36ELN4EONUQ]
module.s3.aws_s3_bucket.this: Refreshing state... [id=dev-clokey-storage-bucket]
data.aws_region.current: Read complete after 0s [id=ap-northeast-2]
module.acm.aws_acm_certificate.main: Refreshing state... [id=arn:aws:acm:ap-northeast-2:594755789271:certificate/c9eb1c76-81f0-4b8f-86d2-edb6cb6c2b9d]
data.aws_caller_identity.current: Read complete after 0s [id=594755789271]
data.aws_availability_zones.available: Read complete after 0s [id=ap-northeast-2]
module.acm.aws_route53_record.cert_validation["dev.clokey.store"]: Refreshing state... [id=Z09909261Y36ELN4EONUQ__0260b097a295b57f4ae0d8641e81a9f0.dev.clokey.store._CNAME]
data.aws_ami.ubuntu_latest: Read complete after 1s [id=ami-0e87051b5808b3155]
module.igw.aws_internet_gateway.this: Refreshing state... [id=igw-0d42973fe78800938]
module.subnet_public_a.aws_subnet.this: Refreshing state... [id=subnet-07166b82e397cee4f]
module.route_table_private.aws_route_table.this: Refreshing state... [id=rtb-0dcf39427dd9230eb]
module.subnet_public_c.aws_subnet.this: Refreshing state... [id=subnet-0d2ffedf584e19b7d]
module.route_table_public.aws_route_table.this: Refreshing state... [id=rtb-0159c824cca7c72af]
module.subnet_private_a.aws_subnet.this: Refreshing state... [id=subnet-04ce95e006ceee275]
module.sg_alb.aws_security_group.this: Refreshing state... [id=sg-03c4902cb0070a409]
module.alb.aws_lb_target_group.main: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-2:594755789271:targetgroup/dev-clokey-tg/acdb9eb824fd28d1]
module.subnet_private_c.aws_subnet.this: Refreshing state... [id=subnet-03a06747bd201f93c]
module.subnet_public_c.aws_route_table_association.this: Refreshing state... [id=rtbassoc-03f129f95d0b98be3]
module.route_table_public.aws_route.igw[0]: Refreshing state... [id=r-rtb-0159c824cca7c72af1080289494]
module.subnet_public_a.aws_route_table_association.this: Refreshing state... [id=rtbassoc-0dfdf6960a97bd93f]
module.s3.aws_s3_bucket_public_access_block.this[0]: Refreshing state... [id=dev-clokey-storage-bucket]
module.s3.aws_s3_bucket_server_side_encryption_configuration.this[0]: Refreshing state... [id=dev-clokey-storage-bucket]
module.s3.aws_s3_bucket_versioning.this[0]: Refreshing state... [id=dev-clokey-storage-bucket]
module.sg_ec2.aws_security_group.this: Refreshing state... [id=sg-0e3ddb785c09b7bd3]
module.alb.aws_lb.main: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-2:594755789271:loadbalancer/app/dev-clokey-alb/ec4b17bfa9ed77c4]
module.subnet_private_a.aws_route_table_association.this: Refreshing state... [id=rtbassoc-0e31c0af0ad13396e]
module.subnet_private_c.aws_route_table_association.this: Refreshing state... [id=rtbassoc-006e064dc70761fdf]
module.rds.aws_db_subnet_group.this: Refreshing state... [id=dev-clokey-rds]
module.sg_rds.aws_security_group.this: Refreshing state... [id=sg-0bc8567a3bd82199a]
module.ec2.aws_instance.this: Refreshing state... [id=i-016b6771c91fc84c9]
module.rds.aws_db_instance.this: Refreshing state... [id=db-NWBD7HN3KUUHLNNYX5IOSDHIDI]
module.alb.aws_lb_listener.http[0]: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-2:594755789271:listener/app/dev-clokey-alb/ec4b17bfa9ed77c4/eba8266a9e8816e9]
module.route53_record.aws_route53_record.alias[0]: Refreshing state... [id=Z09909261Y36ELN4EONUQ_dev.dev.clokey.store_A]
aws_lb_target_group_attachment.ec2: Refreshing state... [id=arn:aws:elasticloadbalancing:ap-northeast-2:594755789271:targetgroup/dev-clokey-tg/acdb9eb824fd28d1-20251013183202550200000002]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:
# module.ec2.aws_instance.this has changed
~ resource "aws_instance" "this" {
id = "i-016b6771c91fc84c9"
tags = {
"Name" = "dev-clokey-api"
}
# (40 unchanged attributes hidden)
~ root_block_device {
+ tags = {}
# (10 unchanged attributes hidden)
}
# (7 unchanged blocks hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.
─────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# module.ec2.aws_instance.this will be updated in-place
~ resource "aws_instance" "this" {
id = "i-016b6771c91fc84c9"
tags = {
"Name" = "dev-clokey-api"
}
~ user_data_replace_on_change = true -> false
# (39 unchanged attributes hidden)
# (8 unchanged blocks hidden)
}
# module.rds.aws_db_parameter_group.main[0] will be updated in-place
~ resource "aws_db_parameter_group" "main" {
id = "dev-clokey-rds-parameter-group"
name = "dev-clokey-rds-parameter-group"
tags = {
"Name" = "dev-clokey-rds-parameter-group"
}
# (6 unchanged attributes hidden)
- parameter {
- apply_method = "pending-reboot" -> null
- name = "innodb_buffer_pool_size" -> null
- value = "{DBInstanceClassMemory*3/4}" -> null
}
+ parameter {
+ apply_method = "immediate"
+ name = "innodb_buffer_pool_size"
+ value = "{DBInstanceClassMemory*3/4}"
}
# (1 unchanged block hidden)
}
Plan: 0 to add, 2 to change, 0 to destroy.
Warning: Value for undeclared variable
The root module does not declare a variable named "vpc_cidr_block" but a
value was found in file "terraform.tfvars". If you meant to use this value,
add a "variable" block to the configuration.
To silence these warnings, use TF_VAR_... environment variables to provide
certain "global" settings to all configurations in your organization. To
reduce the verbosity of these warnings, use the -compact-warnings option.
Warning: Value for undeclared variable
The root module does not declare a variable named "public_subnet_cidr" but a
value was found in file "terraform.tfvars". If you meant to use this value,
add a "variable" block to the configuration.
To silence these warnings, use TF_VAR_... environment variables to provide
certain "global" settings to all configurations in your organization. To
reduce the verbosity of these warnings, use the -compact-warnings option.
Warning: Values for undeclared variables
In addition to the other similar warnings shown, 3 other variable(s) defined
without being declared.
Warning: Deprecated attribute
on ../../modules/storage/s3/output.tf line 33, in output "bucket_website_endpoint":
33: value = aws_s3_bucket.this.website_domain
The attribute "website_domain" is deprecated. Refer to the provider
documentation for details.
─────────────────────────────────────────────────────────────────────────────
Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎯 개요
Clokey 프로젝트의 AWS 인프라를 Terraform으로 관리하기 위한 Infrastructure as Code 초기 구성을 추가했습니다.
주요 구성 요소
S3 백엔드 버킷: Terraform 상태 파일 저장소
버전 관리 활성화
AES256 서버 사이드 암호화
공개 액세스 차단
계정별 고유 버킷명 (clokey-terraform-state-{account_id})
Network: VPC, 서브넷, 라우팅 테이블, Internet Gateway
Compute: EC2 인스턴스 구성
Database: RDS MySQL 설정
Storage: S3 버킷 구성
Security: 보안 그룹 및 NACL
Dev 환경: 개발용 인프라 구성
Prod 환경: 프로덕션용 인프라 구성
각 환경별 독립적인 변수 관리
Dev 환경: main 브랜치 push 시 자동 배포
Prod 환경: GitHub Release 생성 시 자동 배포
환경별 AWS 인증 정보 분리 관리