WHS-DevSecOps-infra · luujaiyn · Jul 6, 2025 · Jul 6, 2025 · Jul 6, 2025 · Jul 6, 2025
diff --git a/management-team-account/.gitignore b/management-team-account/.gitignore
@@ -0,0 +1,28 @@
+# Terraform 관련 파일 무시
+.terraform/             # terraform init 시 생성되는 폴더
+*.tfstate               # 상태 파일 (리소스 실제 정보 포함)
+*.tfstate.*             # 상태 파일 백업
+terraform.tfstate
+terraform.tfstate.*
+*.tfvars
+*.tfstate.backup
+.terraform.lock.hcl
+terraform.tfvars        # 민감 정보 입력용 파일
+*.auto.tfvars
+crash.log               # Terraform 충돌 로그
+.terraform
+override.tf
+override.tf.json
+# AWS CLI 자격 증명
+.aws/                   # ~/.aws/credentials, config 등
+~/.aws/
+.aws
+# 시스템 자동 생성 파일 (Windows/macOS)
+.DS_Store               # macOS
+Thumbs.db               # Windows
+ehthumbs.db             # Windows
+*.log                   # 일반 로그 파일
+*.tmp                   # 임시 파일
+
+# VSCode 설정 (선택사항)
+.vscode/
diff --git a/management-team-account/main.tf b/management-team-account/main.tf
@@ -0,0 +1,42 @@
+terraform {
+  required_version = ">= 1.1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+
+  backend "s3" {
+    bucket         = "cloudfence-management-state"
+    key            = "cloudtrail/terraform.tfstate"
+    region         = "ap-northeast-2"
+    encrypt        = true
+    dynamodb_table = "tfstate-management-lock"
+    profile        = "whs-sso-management"
+  }
+}
+
+provider "aws" {
+  region  = var.aws_region
+  profile = "whs-sso-management"
+}
+
+data "terraform_remote_state" "operation" {
+  backend = "s3"
+  config = {
+    bucket  = "cloudfence-operation-state"
+    key     = "monitoring/terraform.tfstate"
+    region  = "ap-northeast-2"
+    profile = "whs-sso-operation"
+  }
+}
+
+data "aws_caller_identity" "current" {}
+
+module "cloudtrail" {
+  source                 = "./modules/cloudtrail"
+  org_trail_name         = var.org_trail_name
+  cloudtrail_bucket_name = data.terraform_remote_state.operation.outputs.bucket_name
+  cloudtrail_kms_key_arn = data.terraform_remote_state.operation.outputs.kms_key_arn
+}
diff --git a/management-team-account/modules/cloudtrail/main.tf b/management-team-account/modules/cloudtrail/main.tf
@@ -0,0 +1,17 @@
+resource "aws_cloudtrail" "org" {
+  name                          = var.org_trail_name
+  is_organization_trail         = true
+  is_multi_region_trail         = true
+  include_global_service_events = true
+  enable_log_file_validation    = true
+  enable_logging                = true
+
+  s3_bucket_name = var.cloudtrail_bucket_name
+  kms_key_id     = var.cloudtrail_kms_key_arn
+
+  tags = {
+    Name        = var.org_trail_name
+    Environment = "prod"
+    Owner       = "security-team"
+  }
+}
diff --git a/management-team-account/modules/cloudtrail/variables.tf b/management-team-account/modules/cloudtrail/variables.tf
@@ -0,0 +1,14 @@
+variable "org_trail_name" {
+  description = "Organization CloudTrail name"
+  type        = string
+}
+
+variable "cloudtrail_bucket_name" {
+  description = "S3 bucket name for CloudTrail logs (from operation account)"
+  type        = string
+}
+
+variable "cloudtrail_kms_key_arn" {
+  description = "KMS key ARN for CloudTrail SSE-KMS (from operation account)"
+  type        = string
+}
diff --git a/management-team-account/variables.tf b/management-team-account/variables.tf
@@ -0,0 +1,11 @@
+variable "aws_region" {
+  description = "AWS region"
+  type        = string
+  default     = "ap-northeast-2"
+}
+
+variable "org_trail_name" {
+  description = "Organization CloudTrail name"
+  type        = string
+  default     = "org-cloudtrail"
+}
diff --git a/operation-team-account/.gitignore b/operation-team-account/.gitignore
@@ -0,0 +1,28 @@
+# Terraform 관련 파일 무시
+.terraform/             # terraform init 시 생성되는 폴더
+*.tfstate               # 상태 파일 (리소스 실제 정보 포함)
+*.tfstate.*             # 상태 파일 백업
+terraform.tfstate
+terraform.tfstate.*
+*.tfvars
+*.tfstate.backup
+.terraform.lock.hcl
+terraform.tfvars        # 민감 정보 입력용 파일
+*.auto.tfvars
+crash.log               # Terraform 충돌 로그
+.terraform
+override.tf
+override.tf.json
+# AWS CLI 자격 증명
+.aws/                   # ~/.aws/credentials, config 등
+~/.aws/
+.aws
+# 시스템 자동 생성 파일 (Windows/macOS)
+.DS_Store               # macOS
+Thumbs.db               # Windows
+ehthumbs.db             # Windows
+*.log                   # 일반 로그 파일
+*.tmp                   # 임시 파일
+
+# VSCode 설정 (선택사항)
+.vscode/
diff --git a/operation-team-account/main.tf b/operation-team-account/main.tf
@@ -0,0 +1,98 @@
+terraform {
+  required_version = ">= 1.1.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  backend "s3" {
+    bucket         = "cloudfence-operation-state"
+    key            = "monitoring/terraform.tfstate"
+    region         = "ap-northeast-2"
+    encrypt        = true
+    dynamodb_table = "tfstate-operation-lock"
+    profile        = "whs-sso-operation"
+  }
+}
+
+provider "aws" {
+  region  = var.aws_region
+  profile = "whs-sso-operation"
+}
+
+provider "aws" {
+  alias   = "management"
+  region  = var.aws_region
+  profile = "whs-sso-management"
+}
+
+data "aws_caller_identity" "current" {}
+
+# 기본(default) VPC 자동 조회
+data "aws_vpc" "default" {
+  default = true
+}
+
+# 해당 VPC의 모든 서브넷 ID
+data "aws_subnets" "default" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+}
+
+# 해당 VPC의 default 보안 그룹
+data "aws_security_group" "default" {
+  name   = "default"
+  vpc_id = data.aws_vpc.default.id
+}
+
+data "aws_caller_identity" "management" {
+  provider = aws.management
+}
+
+# 2) S3 모듈: CloudTrail 로그 버킷 + KMS
+module "s3" {
+  source      = "./modules/s3"
+  bucket_name = var.cloudtrail_bucket_name
+  aws_region  = var.aws_region
+  kms_alias_name = var.kms_alias_name
+  management_account_id = data.aws_caller_identity.management.account_id
+}
+
+# 3) OpenSearch 모듈: 도메인 생성 + 접근 정책
+module "opensearch" {
+  source                 = "./modules/opensearch"
+  domain_name            = var.opensearch_domain_name
+  engine_version         = var.opensearch_engine_version
+  cluster_instance_type  = var.opensearch_instance_type
+  cluster_instance_count = var.opensearch_instance_count
+  ebs_volume_size        = var.opensearch_ebs_size
+  kms_key_arn            = module.s3.kms_key_arn
+  lambda_role_arn        = module.lambda.lambda_function_role_arn
+  subnet_ids             = [data.aws_subnets.default.ids[0]]
+  security_group_ids     = [data.aws_security_group.default.id]
+}
+
+# 4) Lambda 모듈: 로그 파싱 → OpenSearch + Slack 전송
+module "lambda" {
+  source                    = "./modules/lambda"
+  lambda_function_name      = "cloudtrail-log-processor"
+  lambda_zip_path           = "./modules/lambda/lambda_package.zip"
+  opensearch_domain_arn     = module.opensearch.domain_arn
+  opensearch_endpoint       = module.opensearch.endpoint
+  slack_webhook_url         = var.slack_webhook_url
+  kms_key_arn               = module.s3.kms_key_arn
+  bucket_arn                = module.s3.bucket_arn
+  lambda_subnet_ids         = [data.aws_subnets.default.ids[0]]
+  lambda_security_group_ids = [data.aws_security_group.default.id]
+}
+
+# 5) EventBridge 모듈: S3 PutObject → Lambda 트리거
+module "eventbridge" {
+  source               = "./modules/eventbridge"
+  bucket_name          = module.s3.bucket_name
+  lambda_function_name = module.lambda.lambda_function_name
+  lambda_function_arn  = module.lambda.lambda_function_arn
+}