From 66ae62f9f1743d759dbc7dd801b5d4cc395c6507 Mon Sep 17 00:00:00 2001 From: imyourhopeee <144752063+imyourhopeee@users.noreply.github.com> Date: Sun, 6 Jul 2025 16:58:47 +0900 Subject: [PATCH 1/3] add --- .../modules/ec2/variables.tf | 103 ++++++++++++++++++ identity-team-account/modules/s3/outputs.tf | 103 ++++++++++++++++++ 2 files changed, 206 insertions(+) create mode 100644 identity-team-account/modules/ec2/variables.tf create mode 100644 identity-team-account/modules/s3/outputs.tf diff --git a/identity-team-account/modules/ec2/variables.tf b/identity-team-account/modules/ec2/variables.tf new file mode 100644 index 0000000..dc1a386 --- /dev/null +++ b/identity-team-account/modules/ec2/variables.tf @@ -0,0 +1,103 @@ +# terraform { +# required_providers { +# aws = { +# source = "hashicorp/aws" +# } +# } +# } + +# provider "aws" { +# region = "ap-northeast-2" +# } + +# # S3 버킷 생성 +# resource "aws_s3_bucket" "state_org" { +# bucket = "cloudfence-identity-bucket" + +# lifecycle { +# prevent_destroy = true +# } + +# tags = { +# Name = "Terraform State Bucket" +# Environment = "identity" +# } +# } + +# # 버킷 버전 관리 +# resource "aws_s3_bucket_versioning" "state_org_versioning" { +# bucket = aws_s3_bucket.state_org.id + +# versioning_configuration { +# status = "Enabled" +# } +# } + +# # 버킷 소유권 제어 +# resource "aws_s3_bucket_ownership_controls" "ownership" { +# bucket = aws_s3_bucket.state_org.id + +# rule { +# object_ownership = "ObjectWriter" +# } +# } + +# # 퍼블릭 접근 차단 +# resource "aws_s3_bucket_public_access_block" "state_org_block" { +# bucket = aws_s3_bucket.state_org.id +# block_public_acls = true +# block_public_policy = true +# ignore_public_acls = true +# restrict_public_buckets = true +# } + +# # S3 암호화를 위한 KMS 키 +# resource "aws_kms_key" "s3_key" { +# description = "KMS key for S3 encryption" +# enable_key_rotation = true +# } + +# # S3 버킷 서버 측 암호화 +# resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" { +# bucket = aws_s3_bucket.state_org.id + +# rule { +# apply_server_side_encryption_by_default { +# sse_algorithm = "aws:kms" +# kms_master_key_id = aws_kms_key.s3_key.arn +# } +# } +# } + +# # 리소스 단위 Lock Table + +# locals { +# resources = [ +# "cloudwatch", +# "firehose", +# "opensearch", +# "securitylake" +# ] +# } + +# resource "aws_dynamodb_table" "resource_locks" { +# for_each = toset(local.resources) +# name = "${each.key}-identity-lock" +# billing_mode = "PAY_PER_REQUEST" +# hash_key = "LockID" + +# attribute { +# name = "LockID" +# type = "S" +# } + +# # 서버 측 암호화 설정 +# server_side_encryption { +# enabled = true # 서버 측 암호화 활성화 +# } + +# tags = { +# Name = "${each.key} Lock Table" +# Environment = "identity" +# } +# } \ No newline at end of file diff --git a/identity-team-account/modules/s3/outputs.tf b/identity-team-account/modules/s3/outputs.tf new file mode 100644 index 0000000..6b225a5 --- /dev/null +++ b/identity-team-account/modules/s3/outputs.tf @@ -0,0 +1,103 @@ +# terraform { +# required_providers { +# aws = { +# source = "hashicorp/aws" +# } +# } +# } + +# provider "aws" { +# region = "ap-northeast-2" +# } + +# # S3 버킷 생성 +# resource "aws_s3_bucket" "state_org" { +# bucket = "cloudfence-identity-bucket" + +# lifecycle { +# prevent_destroy = true +# } + +# tags = { +# Name = "Terraform State Bucket" +# Environment = "identity" +# } +# } + +# # 버킷 버전 관리 +# resource "aws_s3_bucket_versioning" "state_org_versioning" { +# bucket = aws_s3_bucket.state_org.id + +# versioning_configuration { +# status = "Enabled" +# } +# } + +# # 버킷 소유권 제어 +# resource "aws_s3_bucket_ownership_controls" "ownership" { +# bucket = aws_s3_bucket.state_org.id + +# rule { +# object_ownership = "ObjectWriter" +# } +# } + +# # 퍼블릭 접근 차단 +# resource "aws_s3_bucket_public_access_block" "state_org_block" { +# bucket = aws_s3_bucket.state_org.id +# block_public_acls = true +# block_public_policy = true +# ignore_public_acls = true +# restrict_public_buckets = true +# } + +# # S3 암호화를 위한 KMS 키 +# resource "aws_kms_key" "s3_key" { +# description = "KMS key for S3 encryption" +# enable_key_rotation = true +# } + +# # S3 버킷 서버 측 암호화 +# resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" { +# bucket = aws_s3_bucket.state_org.id + +# rule { +# apply_server_side_encryption_by_default { +# sse_algorithm = "aws:kms" +# kms_master_key_id = aws_kms_key.s3_key.arn +# } +# } +# } + +# # 리소스 단위 Lock Table + +# locals { +# resources = [ +# "cloudwatch", +# "firehose", +# "opensearch", +# "securitylake" +# ] +# } + +# resource "aws_dynamodb_table" "resource_locks" { +# for_each = toset(local.resources) +# name = "${each.key}-identity-lock" +# billing_mode = "PAY_PER_REQUEST" +# hash_key = "LockID" + +# attribute { +# name = "LockID" +# type = "S" +# } + +# # 서버 측 암호화 설정 +# server_side_encryption { +# enabled = true # 서버 측 암호화 활성화 +# } + +# tags = { +# Name = "${each.key} Lock Table" +# Environment = "identity" +# } +# } \ No newline at end of file From 34589a82d2787aa03cab59c080cdb511bc118833 Mon Sep 17 00:00:00 2001 From: imyourhopeee <144752063+imyourhopeee@users.noreply.github.com> Date: Sun, 6 Jul 2025 17:01:01 +0900 Subject: [PATCH 2/3] add --- identity-team-account/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/identity-team-account/main.tf b/identity-team-account/main.tf index e69de29..0289cc7 100644 --- a/identity-team-account/main.tf +++ b/identity-team-account/main.tf @@ -0,0 +1 @@ +#main.tf \ No newline at end of file From eeb6cd609af619c78f565316d8353a8ba1ff40ac Mon Sep 17 00:00:00 2001 From: imyourhopeee <144752063+imyourhopeee@users.noreply.github.com> Date: Sun, 6 Jul 2025 17:03:56 +0900 Subject: [PATCH 3/3] add --- identity-team-account/ec2/main.tf | 103 ------------------ identity-team-account/main.tf | 3 +- .../modules/ec2/variables.tf | 2 +- identity-team-account/s3/main.tf | 103 ------------------ 4 files changed, 3 insertions(+), 208 deletions(-) delete mode 100644 identity-team-account/ec2/main.tf delete mode 100644 identity-team-account/s3/main.tf diff --git a/identity-team-account/ec2/main.tf b/identity-team-account/ec2/main.tf deleted file mode 100644 index dc1a386..0000000 --- a/identity-team-account/ec2/main.tf +++ /dev/null @@ -1,103 +0,0 @@ -# terraform { -# required_providers { -# aws = { -# source = "hashicorp/aws" -# } -# } -# } - -# provider "aws" { -# region = "ap-northeast-2" -# } - -# # S3 버킷 생성 -# resource "aws_s3_bucket" "state_org" { -# bucket = "cloudfence-identity-bucket" - -# lifecycle { -# prevent_destroy = true -# } - -# tags = { -# Name = "Terraform State Bucket" -# Environment = "identity" -# } -# } - -# # 버킷 버전 관리 -# resource "aws_s3_bucket_versioning" "state_org_versioning" { -# bucket = aws_s3_bucket.state_org.id - -# versioning_configuration { -# status = "Enabled" -# } -# } - -# # 버킷 소유권 제어 -# resource "aws_s3_bucket_ownership_controls" "ownership" { -# bucket = aws_s3_bucket.state_org.id - -# rule { -# object_ownership = "ObjectWriter" -# } -# } - -# # 퍼블릭 접근 차단 -# resource "aws_s3_bucket_public_access_block" "state_org_block" { -# bucket = aws_s3_bucket.state_org.id -# block_public_acls = true -# block_public_policy = true -# ignore_public_acls = true -# restrict_public_buckets = true -# } - -# # S3 암호화를 위한 KMS 키 -# resource "aws_kms_key" "s3_key" { -# description = "KMS key for S3 encryption" -# enable_key_rotation = true -# } - -# # S3 버킷 서버 측 암호화 -# resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" { -# bucket = aws_s3_bucket.state_org.id - -# rule { -# apply_server_side_encryption_by_default { -# sse_algorithm = "aws:kms" -# kms_master_key_id = aws_kms_key.s3_key.arn -# } -# } -# } - -# # 리소스 단위 Lock Table - -# locals { -# resources = [ -# "cloudwatch", -# "firehose", -# "opensearch", -# "securitylake" -# ] -# } - -# resource "aws_dynamodb_table" "resource_locks" { -# for_each = toset(local.resources) -# name = "${each.key}-identity-lock" -# billing_mode = "PAY_PER_REQUEST" -# hash_key = "LockID" - -# attribute { -# name = "LockID" -# type = "S" -# } - -# # 서버 측 암호화 설정 -# server_side_encryption { -# enabled = true # 서버 측 암호화 활성화 -# } - -# tags = { -# Name = "${each.key} Lock Table" -# Environment = "identity" -# } -# } \ No newline at end of file diff --git a/identity-team-account/main.tf b/identity-team-account/main.tf index 0289cc7..5056d1b 100644 --- a/identity-team-account/main.tf +++ b/identity-team-account/main.tf @@ -1 +1,2 @@ -#main.tf \ No newline at end of file +#main.tf +#### \ No newline at end of file diff --git a/identity-team-account/modules/ec2/variables.tf b/identity-team-account/modules/ec2/variables.tf index dc1a386..073f781 100644 --- a/identity-team-account/modules/ec2/variables.tf +++ b/identity-team-account/modules/ec2/variables.tf @@ -5,7 +5,7 @@ # } # } # } - +## # provider "aws" { # region = "ap-northeast-2" # } diff --git a/identity-team-account/s3/main.tf b/identity-team-account/s3/main.tf deleted file mode 100644 index 6b225a5..0000000 --- a/identity-team-account/s3/main.tf +++ /dev/null @@ -1,103 +0,0 @@ -# terraform { -# required_providers { -# aws = { -# source = "hashicorp/aws" -# } -# } -# } - -# provider "aws" { -# region = "ap-northeast-2" -# } - -# # S3 버킷 생성 -# resource "aws_s3_bucket" "state_org" { -# bucket = "cloudfence-identity-bucket" - -# lifecycle { -# prevent_destroy = true -# } - -# tags = { -# Name = "Terraform State Bucket" -# Environment = "identity" -# } -# } - -# # 버킷 버전 관리 -# resource "aws_s3_bucket_versioning" "state_org_versioning" { -# bucket = aws_s3_bucket.state_org.id - -# versioning_configuration { -# status = "Enabled" -# } -# } - -# # 버킷 소유권 제어 -# resource "aws_s3_bucket_ownership_controls" "ownership" { -# bucket = aws_s3_bucket.state_org.id - -# rule { -# object_ownership = "ObjectWriter" -# } -# } - -# # 퍼블릭 접근 차단 -# resource "aws_s3_bucket_public_access_block" "state_org_block" { -# bucket = aws_s3_bucket.state_org.id -# block_public_acls = true -# block_public_policy = true -# ignore_public_acls = true -# restrict_public_buckets = true -# } - -# # S3 암호화를 위한 KMS 키 -# resource "aws_kms_key" "s3_key" { -# description = "KMS key for S3 encryption" -# enable_key_rotation = true -# } - -# # S3 버킷 서버 측 암호화 -# resource "aws_s3_bucket_server_side_encryption_configuration" "encryption" { -# bucket = aws_s3_bucket.state_org.id - -# rule { -# apply_server_side_encryption_by_default { -# sse_algorithm = "aws:kms" -# kms_master_key_id = aws_kms_key.s3_key.arn -# } -# } -# } - -# # 리소스 단위 Lock Table - -# locals { -# resources = [ -# "cloudwatch", -# "firehose", -# "opensearch", -# "securitylake" -# ] -# } - -# resource "aws_dynamodb_table" "resource_locks" { -# for_each = toset(local.resources) -# name = "${each.key}-identity-lock" -# billing_mode = "PAY_PER_REQUEST" -# hash_key = "LockID" - -# attribute { -# name = "LockID" -# type = "S" -# } - -# # 서버 측 암호화 설정 -# server_side_encryption { -# enabled = true # 서버 측 암호화 활성화 -# } - -# tags = { -# Name = "${each.key} Lock Table" -# Environment = "identity" -# } -# } \ No newline at end of file