프로덕션 terraform 추가

.github/workflows/terraform.yml

@@ -21,15 +21,26 @@ jobs:
         with:
           terraform_version: 1.10.3
 
-      - name: Select workspace
+      - name: Create Terraform Credentials File
         run: |
-          ENVIRONMENT=${{ github.event.inputs.environment }}
-          terraform workspace select "$ENVIRONMENT" || terraform workspace new "$ENVIRONMENT"
+          mkdir -p ~/.terraform.d
+          cat <<EOF > ~/.terraform.d/credentials.tfrc.json
+            {
+              "credentials": {
+                "app.terraform.io": {
+                  "token": "${{ secrets.TF_API_TOKEN }}"
+                }
+              }
+            }
+          EOF
 
       - name: Terraform Init and Apply
         env:
           TF_API_TOKEN: ${{ secrets.TF_API_TOKEN }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: |
+          cd terraform/environments/${{ github.event.inputs.environment }}
           terraform init
           terraform plan -out=tfplan
           terraform apply tfplan

terraform/environments/dev/backend.tf

@@ -0,0 +1,9 @@
+terraform {
+    cloud {
+        organization = "cholog"
+
+        workspaces {
+            name = "cholog-dev"
+        }
+    }
+}

terraform/environments/dev/main.tf

@@ -1,29 +1,3 @@
-terraform {
-    required_providers {
-        aws = {
-            source  = "hashicorp/aws"
-            version = "5.54.1"
-        }
-    }
-
-    cloud {
-        organization = "cholog"
-
-        workspaces {
-            name = "cholog-dev"
-        }
-    }
-}
-
-provider "aws" {
-    region = var.region
-
-    /** Note: access_key와 secret_key는 환경변수를 통해 설정하면 된다.
-    export AWS_ACCESS_KEY_ID="your-access-key"
-    export AWS_SECRET_ACCESS_KEY="your-secret-key"
-     */
-}
-
 module "tags" {
     source = "../../modules/tags"
 

terraform/environments/dev/provider.tf

@@ -0,0 +1,22 @@
+terraform {
+    required_providers {
+        aws = {
+            source  = "hashicorp/aws"
+            version = "5.54.1"
+        }
+    }
+}
+
+provider "aws" {
+    region = var.region
+
+    /** Note:
+    AWS_ACCESS_KEY_ID와 AWS_SECRET_ACCESS_KEY는 환경변수를 통해 설정해야 합니다.
+    아래와 같이 환경 변수를 설정하세요:
+
+    export AWS_ACCESS_KEY_ID="your-access-key"
+    export AWS_SECRET_ACCESS_KEY="your-secret-key"
+
+    GitHub Actions에서는 환경 변수를 Secrets에 저장하여 사용해야 합니다.
+    */
+}

terraform/environments/prod/backend.tf

@@ -0,0 +1,9 @@
+terraform {
+    cloud {
+        organization = "cholog"
+
+        workspaces {
+            name = "cholog-prod"
+        }
+    }
+}

terraform/environments/prod/main.tf

@@ -0,0 +1,87 @@
+module "tags" {
+    source = "../../modules/tags"
+
+    project_name = var.project_name
+    environment  = var.environment
+}
+
+module "compute" {
+    source = "../../modules/compute"
+
+    project_name = var.project_name
+}
+
+
+module "network" {
+    source = "../../modules/network"
+
+    region       = var.region
+    project_name = var.project_name
+    server_tags  = module.tags.server_tags
+    gateway_tags = module.tags.gateway_tags
+}
+
+module "storage" {
+    source = "../../modules/storage"
+
+    bucket_name  = var.bucket_name
+    project_name = var.project_name
+    storage_tags = module.tags.storage_tags
+}
+
+module "iam" {
+    source = "../../modules/iam"
+
+    project_name = var.project_name
+    bucket_arns = [
+        module.storage.bucket_arn,
+        "${module.storage.bucket_arn}/*"
+    ]
+}
+
+module "bastion" {
+    source = "../../modules/bastion"
+
+    vpc_id            = module.network.vpc_id
+    project_name      = var.project_name
+    ami_id            = module.compute.ami_id
+    key_pair_name     = module.compute.key_pair_name
+    public_subnet_ids = module.network.public_subnet_ids
+    server_tags       = module.tags.server_tags
+
+}
+
+module "application" {
+    source = "../../modules/application"
+
+    vpc_id               = module.network.vpc_id
+    project_name         = var.project_name
+    environment          = var.environment
+    ec2_role_name        = module.iam.ec2_role_name
+    bucket_name          = module.storage.bucket_name
+    region               = var.region
+    code_deploy_role_arn = module.iam.code_deploy_role_arn
+    ami_id               = module.compute.ami_id
+    key_pair_name        = module.compute.key_pair_name
+    bastion_sg_id        = module.bastion.bastion_sg_id
+    private_subnet_ids   = module.network.private_subnet_ids
+    public_subnet_ids    = module.network.public_subnet_ids
+    service_worker_tags  = module.tags.service_worker_tags
+    server_tags          = module.tags.server_tags
+}
+
+module "database" {
+    source = "../../modules/database"
+
+    vpc_id       = module.network.vpc_id
+    project_name = var.project_name
+    db_name      = var.db_name
+    secret_name  = var.db_secret_name
+    ingress_security_group_ids = [module.application.application_sg_id, module.bastion.bastion_sg_id]
+
+    private_subnet_ids = module.network.private_subnet_ids
+    server_tags        = module.tags.server_tags
+    database_tags      = module.tags.database_tags
+}
+
+

terraform/environments/prod/outputs.tf

@@ -0,0 +1,80 @@
+# Network
+output "vpc_id" {
+  description = "VPC ID created by the network module"
+  value       = module.network.vpc_id
+}
+
+output "public_subnet_ids" {
+  description = "Public subnet IDs created by the network module"
+  value       = module.network.public_subnet_ids
+}
+
+output "private_subnet_ids" {
+  description = "Private subnet IDs created by the network module"
+  value       = module.network.private_subnet_ids
+}
+
+# Storage
+output "bucket_arn" {
+  description = "Bucket ARN created by the storage module"
+  value       = module.storage.bucket_arn
+}
+
+output "bucket_name" {
+  description = "Bucket name created by the storage module"
+  value       = module.storage.bucket_name
+}
+
+# IAM
+output "ec2_role_name" {
+  description = "EC2 IAM role name created by the IAM module"
+  value       = module.iam.ec2_role_name
+}
+
+output "s3_policy_arn" {
+  description = "S3 access policy ARN created by the IAM module"
+  value       = module.iam.s3_access_policy_arn
+}
+
+# Bastion
+output "bastion_sg_id" {
+  description = "Security Group ID for the Bastion host"
+  value       = module.bastion.bastion_sg_id
+}
+
+output "bastion_eip" {
+  description = "Elastic IP address for the Bastion host"
+  value       = module.bastion.bastion_eip_allocation_id
+}
+
+# Application
+output "application_sg_id" {
+  description = "Security Group ID for the application instances"
+  value       = module.application.application_sg_id
+}
+
+output "application_asg_name" {
+  description = "Name of the Auto Scaling Group for application instances"
+  value       = module.application.asg_name
+}
+
+output "application_launch_template_id" {
+  description = "Launch Template ID for application instances"
+  value       = module.application.launch_template_id
+}
+
+# Database
+output "database_endpoint" {
+  description = "Endpoint of the RDS database"
+  value       = module.database.db_instance_endpoint
+}
+
+output "database_id" {
+  description = "ID of the RDS database instance"
+  value       = module.database.db_instance_id
+}
+
+output "database_sg_id" {
+  description = "Security Group ID for the database"
+  value       = module.database.database_sg_id
+}

terraform/environments/prod/provider.tf

@@ -0,0 +1,22 @@
+terraform {
+    required_providers {
+        aws = {
+            source  = "hashicorp/aws"
+            version = "5.54.1"
+        }
+    }
+}
+
+provider "aws" {
+    region = var.region
+
+    /** Note:
+    AWS_ACCESS_KEY_ID와 AWS_SECRET_ACCESS_KEY는 환경변수를 통해 설정해야 합니다.
+    아래와 같이 환경 변수를 설정하세요:
+
+    export AWS_ACCESS_KEY_ID="your-access-key"
+    export AWS_SECRET_ACCESS_KEY="your-secret-key"
+
+    GitHub Actions에서는 환경 변수를 Secrets에 저장하여 사용해야 합니다.
+    */
+}

terraform/environments/prod/variables.tf

@@ -0,0 +1,21 @@
+variable "region" {
+    default = "ap-northeast-2"
+}
+variable "project_name" {
+    default = "prolog-prod"
+}
+variable "environment" {
+    default = "prod"
+}
+variable "bucket_name" {
+    default = "prolog-prod-bucket"
+}
+variable "key_pair_name" {
+    default = "prolog-prod"
+}
+variable "db_name" {
+    default = "prolog"
+}
+variable "db_secret_name" {
+    default = "secrets/prolog_prod"
+}