chore[infra]: 테라폼 생성

DooHyoJeong · DooHyoJeong · commit 36b375e1dbd6 · 2025-09-24T10:35:07.000+09:00
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -0,0 +1,32 @@
+# 첫 번째 스테이지: 빌드 스테이지
+FROM gradle:jdk-21-and-23-graal-jammy AS builder
+
+# 작업 디렉토리 설정
+WORKDIR /app
+
+# 소스 코드와 Gradle 래퍼 복사
+COPY build.gradle .
+COPY settings.gradle .
+
+# 종속성 설치
+RUN gradle dependencies --no-daemon
+
+# 소스 코드 복사
+COPY .env .
+COPY src src
+
+# 애플리케이션 빌드
+RUN gradle build --no-daemon
+
+# 두 번째 스테이지: 실행 스테이지
+FROM container-registry.oracle.com/graalvm/jdk:21
+
+# 작업 디렉토리 설정
+WORKDIR /app
+
+# 첫 번째 스테이지에서 빌드된 JAR 파일 복사
+COPY --from=builder /app/build/libs/*.jar app.jar
+COPY --from=builder /app/.env .env
+
+# 실행할 JAR 파일 지정
+ENTRYPOINT ["java", "-Dspring.profiles.active=prod", "-jar", "app.jar"]
diff --git a/infra/.gitignore b/infra/.gitignore
@@ -1,2 +1,7 @@
 .idea
-.terraform
+.terraform
+.terraform.lock.hcl
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.tfstate.lock.info
+secrets.tf
diff --git a/infra/main.tf b/infra/main.tf
@@ -1,22 +1,326 @@
 terraform {
-  // 자바의 import 와 비슷함
   // aws 라이브러리 불러옴
   required_providers {
     aws = {
-      source  = "hashicorp/aws"
+      source = "hashicorp/aws"
     }
   }
 }
 
-# Configure the AWS Provider
+# AWS 설정 시작
 provider "aws" {
-  region = "ap-northeast-2"
+  region = var.region
 }
+# AWS 설정 끝
 
-resource "aws_vpc" "example" {
+# VPC 설정 시작
+resource "aws_vpc" "vpc_1" {
   cidr_block = "10.0.0.0/16"
 
+  enable_dns_support   = true
+  enable_dns_hostnames = true
+
+  tags = {
+    Name = "${var.prefix}-vpc-1"
+  }
+}
+
+resource "aws_subnet" "subnet_1" {
+  vpc_id                  = aws_vpc.vpc_1.id
+  cidr_block              = "10.0.0.0/24"
+  availability_zone       = "${var.region}a"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "${var.prefix}-subnet-1"
+  }
+}
+
+resource "aws_subnet" "subnet_2" {
+  vpc_id                  = aws_vpc.vpc_1.id
+  cidr_block              = "10.0.1.0/24"
+  availability_zone       = "${var.region}b"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "${var.prefix}-subnet-2"
+  }
+}
+
+resource "aws_subnet" "subnet_3" {
+  vpc_id                  = aws_vpc.vpc_1.id
+  cidr_block              = "10.0.2.0/24"
+  availability_zone       = "${var.region}c"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "${var.prefix}-subnet-3"
+  }
+}
+
+resource "aws_subnet" "subnet_4" {
+  vpc_id                  = aws_vpc.vpc_1.id
+  cidr_block              = "10.0.3.0/24"
+  availability_zone       = "${var.region}d"
+  map_public_ip_on_launch = true
+
+  tags = {
+    Name = "${var.prefix}-subnet-4"
+  }
+}
+
+resource "aws_internet_gateway" "igw_1" {
+  vpc_id = aws_vpc.vpc_1.id
+
+  tags = {
+    Name = "${var.prefix}-igw-1"
+  }
+}
+
+resource "aws_route_table" "rt_1" {
+  vpc_id = aws_vpc.vpc_1.id
+
+  route {
+    cidr_block = "0.0.0.0/0"
+    gateway_id = aws_internet_gateway.igw_1.id
+  }
+
+  tags = {
+    Name = "${var.prefix}-rt-1"
+  }
+}
+
+resource "aws_route_table_association" "association_1" {
+  subnet_id      = aws_subnet.subnet_1.id
+  route_table_id = aws_route_table.rt_1.id
+}
+
+resource "aws_route_table_association" "association_2" {
+  subnet_id      = aws_subnet.subnet_2.id
+  route_table_id = aws_route_table.rt_1.id
+}
+
+resource "aws_route_table_association" "association_3" {
+  subnet_id      = aws_subnet.subnet_3.id
+  route_table_id = aws_route_table.rt_1.id
+}
+
+resource "aws_route_table_association" "association_4" {
+  subnet_id      = aws_subnet.subnet_4.id
+  route_table_id = aws_route_table.rt_1.id
+}
+
+resource "aws_security_group" "sg_1" {
+  name = "${var.prefix}-sg-1"
+
+  ingress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "all"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  egress {
+    from_port = 0
+    to_port   = 0
+    protocol  = "all"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  vpc_id = aws_vpc.vpc_1.id
+
   tags = {
-    Name = "example"
+    Name = "${var.prefix}-sg-1"
   }
+}
+
+# EC2 설정 시작
+
+# EC2 역할 생성
+resource "aws_iam_role" "ec2_role_1" {
+  name = "${var.prefix}-ec2-role-1"
+
+  # 이 역할에 대한 신뢰 정책 설정. EC2 서비스가 이 역할을 가정할 수 있도록 설정
+  assume_role_policy = <<EOF
+  {
+    "Version": "2012-10-17",
+    "Statement": [
+      {
+        "Sid": "",
+        "Action": "sts:AssumeRole",
+        "Principal": {
+            "Service": "ec2.amazonaws.com"
+        },
+        "Effect": "Allow"
+      }
+    ]
+  }
+  EOF
+
+  tags = {
+    Name = "${var.prefix}-ec2-role-1"
+  }
+}
+
+# EC2 역할에 AmazonS3FullAccess 정책을 부착
+resource "aws_iam_role_policy_attachment" "s3_full_access" {
+  role       = aws_iam_role.ec2_role_1.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonS3FullAccess"
+}
+
+# EC2 역할에 AmazonEC2RoleforSSM 정책을 부착
+resource "aws_iam_role_policy_attachment" "ec2_ssm" {
+  role       = aws_iam_role.ec2_role_1.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM"
+}
+
+# IAM 인스턴스 프로파일 생성
+resource "aws_iam_instance_profile" "instance_profile_1" {
+  name = "${var.prefix}-instance-profile-1"
+  role = aws_iam_role.ec2_role_1.name
+
+  tags = {
+    Name = "${var.prefix}-instance-profile-1"
+  }
+}
+
+locals {
+  ec2_user_data_base = <<-END_OF_FILE
+#!/bin/bash
+# 가상 메모리 4GB 설정
+dd if=/dev/zero of=/swapfile bs=128M count=32
+chmod 600 /swapfile
+mkswap /swapfile
+swapon /swapfile
+sh -c 'echo "/swapfile swap swap defaults 0 0" >> /etc/fstab'
+
+# 타임존 설정
+timedatectl set-timezone Asia/Seoul
+
+# 환경변수 세팅(/etc/environment)
+echo "PASSWORD_1=${var.password_1}" >> /etc/environment
+echo "APP_1_DOMAIN=${var.app_1_domain}" >> /etc/environment
+echo "APP_1_DB_NAME=${var.app_1_db_name}" >> /etc/environment
+echo "GITHUB_ACCESS_TOKEN_1_OWNER=${var.github_access_token_1_owner}" >> /etc/environment
+echo "GITHUB_ACCESS_TOKEN_1=${var.github_access_token_1}" >> /etc/environment
+source /etc/environment
+
+# 도커 설치 및 실행/활성화
+yum install docker -y
+systemctl enable docker
+systemctl start docker
+
+# 도커 네트워크 생성
+docker network create common
+
+# nginx 설치
+docker run -d \
+  --name npm_1 \
+  --restart unless-stopped \
+  --network common \
+  -p 80:80 \
+  -p 443:443 \
+  -p 81:81 \
+  -e TZ=Asia/Seoul \
+  -e INITIAL_ADMIN_EMAIL=admin@npm.com \
+  -e INITIAL_ADMIN_PASSWORD=${var.password_1} \
+  -v /dockerProjects/npm_1/volumes/data:/data \
+  -v /dockerProjects/npm_1/volumes/etc/letsencrypt:/etc/letsencrypt \
+  jc21/nginx-proxy-manager:latest
+
+# mysql 설치
+docker run -d \
+  --name mysql_1 \
+  --restart unless-stopped \
+  -v /dockerProjects/mysql_1/volumes/var/lib/mysql:/var/lib/mysql \
+  -v /dockerProjects/mysql_1/volumes/etc/mysql/conf.d:/etc/mysql/conf.d \
+  --network common \
+  -p 3306:3306 \
+  -e MYSQL_ROOT_PASSWORD=${var.password_1} \
+  -e TZ=Asia/Seoul \
+  mysql:latest
+
+# MySQL 컨테이너가 준비될 때까지 대기
+echo "MySQL이 기동될 때까지 대기 중..."
+until docker exec mysql_1 mysql -uroot -p${var.password_1} -e "SELECT 1" &> /dev/null; do
+  echo "MySQL이 아직 준비되지 않음. 5초 후 재시도..."
+  sleep 5
+done
+echo "MySQL이 준비됨. 초기화 스크립트 실행 중..."
+
+docker exec mysql_1 mysql -uroot -p${var.password_1} -e "
+CREATE USER 'lldjlocal'@'127.0.0.1' IDENTIFIED WITH caching_sha2_password BY '1234';
+CREATE USER 'lldjlocal'@'172.18.%.%' IDENTIFIED WITH caching_sha2_password BY '1234';
+CREATE USER 'lldj'@'%' IDENTIFIED WITH caching_sha2_password BY '${var.password_1}';
+
+GRANT ALL PRIVILEGES ON *.* TO 'lldjlocal'@'127.0.0.1';
+GRANT ALL PRIVILEGES ON *.* TO 'lldjlocal'@'172.18.%.%';
+GRANT ALL PRIVILEGES ON *.* TO 'lldj'@'%';
+
+CREATE DATABASE \`${var.app_1_db_name}\`;
+
+FLUSH PRIVILEGES;
+"
+
+echo "${var.github_access_token_1}" | docker login ghcr.io -u ${var.github_access_token_1_owner} --password-stdin
+
+END_OF_FILE
+}
+
+# 최신 Amazon Linux 2023 AMI 조회 (프리 티어 호환)
+data "aws_ami" "latest_amazon_linux" {
+  most_recent = true
+  owners = ["amazon"]
+
+  filter {
+    name = "name"
+    values = ["al2023-ami-2023.*-x86_64"]
+  }
+
+  filter {
+    name = "architecture"
+    values = ["x86_64"]
+  }
+
+  filter {
+    name = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name = "root-device-type"
+    values = ["ebs"]
+  }
+}
+
+# EC2 인스턴스 생성
+resource "aws_instance" "ec2_1" {
+  # 사용할 AMI ID
+  ami = data.aws_ami.latest_amazon_linux.id
+  # EC2 인스턴스 유형
+  instance_type = "t3.micro"
+  # 사용할 서브넷 ID
+  subnet_id = aws_subnet.subnet_2.id
+  # 적용할 보안 그룹 ID
+  vpc_security_group_ids = [aws_security_group.sg_1.id]
+  # 퍼블릭 IP 연결 설정
+  associate_public_ip_address = true
+
+  # 인스턴스에 IAM 역할 연결
+  iam_instance_profile = aws_iam_instance_profile.instance_profile_1.name
+
+  # 인스턴스에 태그 설정
+  tags = {
+    Name = "${var.prefix}-ec2-1"
+  }
+
+  # 루트 볼륨 설정
+  root_block_device {
+    volume_type = "gp3"
+    volume_size = 30 # 볼륨 크기를 12GB로 설정
+  }
+
+  user_data = <<-EOF
+${local.ec2_user_data_base}
+EOF
 }
diff --git a/infra/secrets.tf.default b/infra/secrets.tf.default
@@ -0,0 +1,19 @@
+variable "app_1_db_name" {
+  description = "app_1 db_name"
+  default     = "" // mysql 데이터베이스 이름
+}
+
+variable "password_1" {
+  description = "password_1"
+  default     = "" // nginx, mysql, redis 비밀번호, 공개되면 안됨, 팀원하고만 공유
+}
+
+variable "github_access_token_1_owner" {
+  description = "github_access_token_1_owner"
+  default     = "" // GITHUB 계정 소문자(이메일 아님)
+}
+
+variable "github_access_token_1" {
+  description = "github_access_token_1, read:packages only"
+  default     = "" // GITHUB API KEY(class token, read:packages only, expiration: 300일 이하 키)
+}
diff --git a/infra/variables.tf b/infra/variables.tf
