From 479b1568c19a3c5c1fb0cf489905327c501e5270 Mon Sep 17 00:00:00 2001 From: luujaiyn Date: Thu, 22 May 2025 14:00:19 +0900 Subject: [PATCH 1/2] Create main.tf --- monitor/main.tf | 87 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 monitor/main.tf diff --git a/monitor/main.tf b/monitor/main.tf new file mode 100644 index 0000000..7ddb750 --- /dev/null +++ b/monitor/main.tf @@ -0,0 +1,87 @@ +provider "aws" { + region = "ap-northeast-2" + access_key = "접근 키" + secret_key = "비밀 키" +} + +# 현재 AWS 계정 ID +data "aws_caller_identity" "current" {} + +# CloudWatch 로그 그룹 +resource "aws_cloudwatch_log_group" "cloudtrail_logs" { + name = "cloudtrail-log-group" +} + +# IAM Role for CloudTrail → CloudWatch + +resource "aws_iam_role" "cloudtrail_role" { + name = "cloudtrail-to-cloudwatch-role" + + assume_role_policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Principal = { + Service = "cloudtrail.amazonaws.com" + }, + Action = "sts:AssumeRole" + } + ] + }) + + inline_policy { + name = "cloudwatch-logs-permission" + + policy = jsonencode({ + Version = "2012-10-17", + Statement = [ + { + Effect = "Allow", + Action = [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + Resource = "${aws_cloudwatch_log_group.cloudtrail_logs.arn}:*" + } + ] + }) + } +} + +# IAM Policy attach +resource "aws_iam_role_policy_attachment" "cloudtrail_logs" { + role = aws_iam_role.cloudtrail_role.name + policy_arn = "arn:aws:iam::aws:policy/AWSCloudTrail_FullAccess" +} + +# CloudTrail 로그 저장용 S3 버킷 +resource "aws_s3_bucket" "trail_bucket" { + bucket = "my-cloudtrail-logs-thswn-unique-2025" # 고유하게 유지 + force_destroy = true +} + +# 로컬 변수: 외부 JSON 템플릿을 동적으로 읽기 +locals { + bucket_policy = templatefile("${path.module}/bucket-policy.json.tpl", { + bucket_name = aws_s3_bucket.trail_bucket.bucket + account_id = data.aws_caller_identity.current.account_id + }) +} + +# S3 Bucket Policy 적용 +resource "aws_s3_bucket_policy" "trail_policy" { + bucket = aws_s3_bucket.trail_bucket.id + policy = local.bucket_policy +} + +# CloudTrail 생성 +resource "aws_cloudtrail" "my_trail" { + name = "my-cloudtrail" + s3_bucket_name = aws_s3_bucket.trail_bucket.id + include_global_service_events = true + is_multi_region_trail = true + enable_log_file_validation = true + cloud_watch_logs_role_arn = aws_iam_role.cloudtrail_role.arn + cloud_watch_logs_group_arn = "${aws_cloudwatch_log_group.cloudtrail_logs.arn}:*" +} From 73cd4bf3c5a033e9b109db4a06b74cd56f3a60b3 Mon Sep 17 00:00:00 2001 From: maybSubin <129381949+maybSubin@users.noreply.github.com> Date: Tue, 27 May 2025 22:26:26 +0900 Subject: [PATCH 2/2] Create infracost_test.tf --- infracost_test.tf | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 infracost_test.tf diff --git a/infracost_test.tf b/infracost_test.tf new file mode 100644 index 0000000..4a757b3 --- /dev/null +++ b/infracost_test.tf @@ -0,0 +1,35 @@ +provider "aws" { + region = "us-east-1" + skip_credentials_validation = true + skip_requesting_account_id = true + access_key = "mock_access_key" + secret_key = "mock_secret_key" +} + +resource "aws_instance" "my_web_app" { + ami = "ami-005e54dee72cc1d00" + + instance_type = "m3.xlarge" # <<<<<<<<<< Try changing this to m5.xlarge to compare the costs + + tags = { + Environment = "production" + Service = "web-app" + } + + root_block_device { + volume_size = 1000 # <<<<<<<<<< Try adding volume_type="gp3" to compare costs + } +} + +resource "aws_lambda_function" "my_hello_world" { + runtime = "nodejs12.x" + handler = "exports.test" + image_uri = "test" + function_name = "test" + role = "arn:aws:ec2:us-east-1:123123123123:instance/i-1231231231" + + memory_size = 512 + tags = { + Environment = "Prod" + } +}