Merge pull request #59 from YAPP-Github/chore/PRODUCT-145

[Chore] 이미지 처리를 위한 S3 버킷 추가

Author: lvalentine6

build.gradle

@@ -27,8 +27,8 @@ jacoco {
 
 sonarqube {
     properties {
-        property "sonar.projectKey", "baegam_eatda"
-        property "sonar.organization", "baegam"
+        property "sonar.projectKey", "YAPP-Github_26th-Web-Team-1-BE"
+        property "sonar.organization", "yapp-github"
         property "sonar.host.url", "https://sonarcloud.io"
         property 'sonar.sourceEncoding', 'UTF-8'
         property 'sonar.java.coveragePlugin', 'jacoco'
@@ -85,6 +85,7 @@ dependencies {
 
     // aws
     implementation 'io.awspring.cloud:spring-cloud-aws-starter-parameter-store:3.2.1'
+    implementation 'software.amazon.awssdk:s3:2.31.77'
 }
 
 bootJar {

terraform/dev/ec2/main.tf

@@ -6,7 +6,7 @@ resource "aws_instance" "dev" {
   key_name                    = var.instance_definitions.key_name
   user_data                   = var.instance_definitions.user_data
   vpc_security_group_ids = [var.ec2_sg_id]
-  user_data_replace_on_change = true
+  user_data_replace_on_change = false
 
   metadata_options {
     http_tokens   = "required"

terraform/dev/locals.tf

@@ -23,8 +23,14 @@ locals {
   environment  = "dev"
   name_prefix  = "eatda"
 
+  bucket_name_prefix = "eatda-storage"
+  allowed_origins = [
+    "https://dev.eatda.net",
+    "http://localhost:3000"
+  ]
+
   ec2_sg_id             = data.terraform_remote_state.common.outputs.security_group_ids["ec2"]
-  instance_subnet_map = data.terraform_remote_state.common.outputs.public_subnet_ids # 에러가 났던 부분
+  instance_subnet_map   = data.terraform_remote_state.common.outputs.public_subnet_ids
   ecr_repo_urls         = data.terraform_remote_state.bootstrap.outputs.ecr_repo_urls
   ecs_services          = var.ecs_services
   alb_target_group_arns = data.terraform_remote_state.common.outputs.target_group_arns

terraform/dev/main.tf

@@ -16,3 +16,10 @@ module "ecs" {
   environment           = local.environment
   tags                  = local.common_tags
 }
+
+module "s3" {
+  source             = "./s3"
+  bucket_name_prefix = local.bucket_name_prefix
+  environment        = local.environment
+  allowed_origins    = local.allowed_origins
+}

terraform/dev/s3/main.tf

@@ -0,0 +1,40 @@
+resource "aws_s3_bucket" "dev" {
+  bucket = "${var.bucket_name_prefix}-${var.environment}"
+
+  tags = {
+    Name        = "${var.bucket_name_prefix}-${var.environment}"
+    Environment = var.environment
+    ManagedBy   = "Terraform"
+  }
+}
+
+resource "aws_s3_bucket_public_access_block" "dev" {
+  bucket = aws_s3_bucket.dev.id
+
+  block_public_acls       = true
+  block_public_policy     = true
+  ignore_public_acls      = true
+  restrict_public_buckets = true
+}
+
+resource "aws_s3_bucket_server_side_encryption_configuration" "dev" {
+  bucket = aws_s3_bucket.dev.id
+
+  rule {
+    apply_server_side_encryption_by_default {
+      sse_algorithm = "AES256"
+    }
+  }
+}
+
+resource "aws_s3_bucket_cors_configuration" "dev" {
+  bucket = aws_s3_bucket.dev.id
+
+  cors_rule {
+    allowed_headers = ["*"]
+    allowed_methods = ["GET"]
+    allowed_origins = var.allowed_origins
+    expose_headers = ["ETag"]
+    max_age_seconds = 3000
+  }
+}

terraform/dev/s3/outputs.tf

@@ -0,0 +1,11 @@
+variable "bucket_name_prefix" {
+  type = string
+}
+
+variable "environment" {
+  type = string
+}
+
+variable "allowed_origins" {
+  type = list(string)
+}

terraform/dev/s3/variables.tf

@@ -6,7 +6,7 @@ resource "aws_instance" "prod" {
   key_name                    = var.instance_definitions.key_name
   user_data                   = var.instance_definitions.user_data
   vpc_security_group_ids = [var.ec2_sg_id]
-  user_data_replace_on_change = true
+  user_data_replace_on_change = false
 
   metadata_options {
     http_tokens   = "required"
@@ -25,4 +25,4 @@ resource "aws_eip" "prod" {
   tags = {
     Name = "${var.name_prefix}-${var.instance_definitions.role}-eip"
   }
-}
+}

terraform/prod/ec2/main.tf

@@ -23,6 +23,12 @@ locals {
   environment  = "prod"
   name_prefix  = "eatda"
 
+  bucket_name_prefix = "eatda-storage"
+  allowed_origins = [
+    "https://eatda.net",
+    "https://www.eatda.net"
+  ]
+
   ec2_sg_id                 = data.terraform_remote_state.common.outputs.security_group_ids["ec2"]
   instance_definitions      = data.terraform_remote_state.common.outputs.instance_profile_name["ec2-to-ecs"]
   instance_subnet_map       = data.terraform_remote_state.common.outputs.public_subnet_ids

terraform/prod/locals.tf

@@ -46,3 +46,10 @@ module "rds" {
   storage_encrypted       = true
   tags                    = local.common_tags
 }
+
+module "s3" {
+  source             = "./s3"
+  bucket_name_prefix = local.bucket_name_prefix
+  environment        = local.environment
+  allowed_origins    = local.allowed_origins
+}