packer & ansible 이용한 ami 생성 1차 실습

.gitignore

@@ -0,0 +1,4 @@
+.env
+*.log
+*-local.json
+.packer_cache/

README.md

@@ -1 +1,18 @@
-# AMI
+# 📦 DevSecOps 표준 AMI 빌드 프로젝트
+
+본 프로젝트는 Packer와 Ansible을 사용하여 보안 설정이 내재된 AWS AMI를 자동으로 빌드하고, GitHub Actions를 통해 CI 파이프라인을 구성하는 DevSecOps 인프라 구성 예제입니다.
+
+---
+
+## 프로젝트 구성
+
+| 구성 요소 | 설명 |
+|-----------|------|
+| `packer-template.json` | AMI 빌드를 위한 Packer 템플릿 |
+| `ansible/playbook.yml` | EC2 프로비저닝을 위한 Ansible 플레이북 |
+| `ansible/roles/` | 역할 기반 하드닝 및 설치 스크립트 |
+| `.github/workflows/ami-build.yml` | GitHub Actions 자동화 워크플로우 |
+
+---
+
+

ansible/playbook.yml

@@ -0,0 +1,5 @@
+- hosts: all
+  become: true
+  roles:
+    - common
+    - docker

ansible/roles/common/tasks/main.yml

@@ -0,0 +1,4 @@
+- name: Update all packages
+  dnf:
+    name: '*'
+    state: latest

ansible/roles/docker/tasks/main.yml

@@ -0,0 +1,10 @@
+- name: Install Docker
+  dnf:
+    name: docker
+    state: present
+
+- name: Start Docker service
+  service:
+    name: docker
+    state: started
+    enabled: true

devsecops.pkr.hcl

@@ -0,0 +1,49 @@
+packer {
+  required_plugins {
+    amazon = {
+      version = ">= 1.0.8"
+      source  = "github.com/hashicorp/amazon"
+    }
+  }
+}
+
+variable "vpc_id" {}
+variable "subnet_id" {}
+variable "security_group_id" {}
+
+source "amazon-ebs" "devsecops" {
+  region                     = "ap-northeast-2"
+  source_ami                 = "ami-05377cf8cfef186c2" # Amazon Linux 2023
+  instance_type              = "t2.micro"
+  ssh_username               = "ec2-user"
+  ssh_interface              = "public_ip"
+  associate_public_ip_address = true
+  pause_before_connecting    = "10s"
+  temporary_key_pair_type    = "ed25519"
+
+  vpc_id           = var.vpc_id
+  subnet_id        = var.subnet_id
+  security_group_id = var.security_group_id
+
+  ami_name         = "devsecops-ami-{{timestamp}}"
+  ami_description  = "Base DevSecOps AMI with Ansible Provisioning"
+
+  tags = {
+    Name           = "devsecops-ami"
+    BaseAMI_Id     = "ami-05377cf8cfef186c2"
+    TEAM           = "DevSecOps Team"
+    Environment    = "Development"
+    BuildDate      = "{{timestamp}}"
+  }
+}
+
+build {
+  sources = ["source.amazon-ebs.devsecops"]
+
+  provisioner "ansible" {
+    playbook_file = "ansible/playbook.yml"
+    extra_arguments = [
+      "--ssh-extra-args=-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa"
+    ]
+  }
+}

packer-template.json

@@ -0,0 +1,35 @@
+{
+    "variables": {
+        "vpc_id": "",
+        "subnet_id": "",
+        "security_group_id": ""
+    },
+    "builders": [
+        {
+            "type": "amazon-ebs",
+            "region": "ap-northeast-2",
+            "source_ami": "ami-05377cf8cfef186c2",
+            "vpc_id": "{{user `vpc_id`}}",
+            "subnet_id": "{{user `subnet_id`}}",
+            "security_group_id": "{{user `security_group_id`}}",
+            "instance_type": "t2.micro",
+            "ssh_interface": "public_ip",
+            "ssh_username": "ec2-user",
+            "ami_name": "devsecops-ami-{{timestamp}}",
+            "ami_description": "Base DevSecOps AMI with Ansible Provisioning",
+            "tags": {
+                "Name": "devsecops-ami",
+                "BaseAMI_Id": "ami-05377cf8cfef186c2",
+                "TEAM": "DevSecOps Team",
+                "Environment": "Development",
+                "BuildDate": "{{timestamp}}"
+            }
+        }
+    ],
+    "provisioners": [
+        {
+            "type": "ansible",
+            "playbook_file": "ansible/playbook.yml"
+        }
+    ]
+}