@@ -215,6 +215,37 @@ resource "aws_iam_role_policy_attachment" "ec2_ssm" {
215215 policy_arn = " arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
216216}
217217
218+ # EC2가 자기 자신에 SendCommand 할 수 있게 허용
219+ resource "aws_iam_role_policy" "ec2_allow_ssm_send_command_self" {
220+ name = " ${ var . prefix } -allow-ssm-send-command"
221+ role = . ec2_role_1 . name
222+
223+ policy = jsonencode ({
224+ Version = " 2012-10-17"
225+ Statement = [
226+ {
227+ Sid = " SendCommandToThisInstance"
228+ Effect = " Allow"
229+ Action = [" ssm:SendCommand"
230+ Resource = [
231+ aws_instance.ec2_1.arn, # 타겟: 이 인스턴스
232+ " arn:aws:ssm:${ var . region } ::document/AWS-RunShellScript" # 사용할 SSM 문서
233+ ]
234+ },
235+ {
236+ Sid = " ReadCommandResults"
237+ Effect = " Allow"
238+ Action = [
239+ " ssm:GetCommandInvocation"
240+ " ssm:ListCommands"
241+ " ssm:ListCommandInvocations"
242+ ],
243+ Resource = " *"
244+ }
245+ ]
246+ })
247+ }
248+
218249# IAM 인스턴스 프로파일 생성
219250resource "aws_iam_instance_profile" "instance_profile_1" {
220251 name = " ${ var . prefix } -instance-profile-1"
@@ -436,18 +467,18 @@ ${local.ec2_user_data_base}
436467EOF
437468}
438469
439- # # Elastic IP 생성
440- # resource "aws_eip" "eip_1" {
441- # domain = "vpc"
442- #
443- # tags = {
444- # Name = "${var.prefix}-eip-1"
445- # }
446- #
447- # }
448- #
449- # # Elastic IP와 EC2 인스턴스 연결
450- # resource "aws_eip_association" "eip_assoc" {
451- # instance_id = aws_instance.ec2_1.id
452- # allocation_id = aws_eip.eip_1.id
453- # }
470+ # Elastic IP 생성
471+ resource "aws_eip" "eip_1" {
472+ domain = " vpc"
473+
474+ tags =
475+ Name = " ${ var . prefix } -eip-1"
476+ }
477+
478+ }
479+
480+ # Elastic IP와 EC2 인스턴스 연결
481+ resource "aws_eip_association" "eip_assoc" {
482+ instance_id = . ec2_1 . id
483+ allocation_id = . eip_1 . id
484+ }
0 commit comments