【Terraform】Terraform ~ AWS VPC ~

■ はじめに

 今回は、Terraform で AWS VPC を作成することについて
まとめておく。

目次

【1】VPC
【2】Subnet
【3】Security Group

【1】VPC

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc

主な項目

Items Explanations Example
cidr_block IPv4 CIDR Block 172.20.0.0/16
assign_generated_ipv6_cidr_block IPv6 CIDR Block
instance_tenancy テナンシー default(共有) or dedicated(ハードウェア専有インスタンス
enable_dns_support DNS解決 true/false
enable_dns_hostnames DNSホスト名
resource "aws_vpc" "demo_vpc" {
  cidr_block       = "10.0.0.0/16"
  instance_tenancy = "default"
  enable_dns_support = true
  enable_dns_hostnames = true
  assign_generated_ipv6_cidr_block = false
  tags = merge(local.common_tags, {"Name" = "demo-vpc" })
}

【2】Subnet

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet

resource "aws_subnet" "demo_subnet" {
  vpc_id     = aws_vpc.demo_vpc.id
  cidr_block = "10.0.1.0/24"

  tags = {
    Name = "demo_subnet"
  }
}

【3】Security Group

* セキュリティグループ

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_ingress_rule
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_security_group_egress_rule

resource "aws_security_group" "demo_sg" {
  name        = "demo-sg"
  description = "This is a sample for security group"
  vpc_id      = aws_vpc.demo_vpc.id

  tags = {
    Name = "demo-sg"
  }
}

# インバウンドルール (IPv4)
resource "aws_vpc_security_group_ingress_rule" "demo_sg_ingress_rule" {
  security_group_id = aws_security_group.demo_sg.id
  cidr_ipv4         = aws_vpc.demo_vpc.cidr_block
  type                = "ingress"
  from_port         = 443
  to_port           = 443
  ip_protocol       = "tcp"
  cidr_blocks      = ["0.0.0.0/0"]
}

# アウトバウンドルール (IPv4)
resource "aws_vpc_security_group_egress_rule" "demo_sg_ingress_rule" {
  security_group_id = aws_security_group.demo_sg.id
  cidr_ipv4         = "0.0.0.0/0"
  type                = "egress"
  from_port         = 0
  to_port           = 0
  ip_protocol       = "-1" # semantically equivalent to all ports
}

関連記事

Terraform ~ 環境構築編 ~
https://dk521123.hatenablog.com/entry/2023/04/05/000224
Terraform ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2024/05/29/201119
Terraform ~ 基本編 ~
https://dk521123.hatenablog.com/entry/2023/05/03/000000
Terraform ~ AWS EC2 ~
https://dk521123.hatenablog.com/entry/2023/05/21/003048
Amazon VPC ~ 基礎知識編 ~
https://dk521123.hatenablog.com/entry/2019/12/08/105415
Amazon VPC ~ 入門編 ~
https://dk521123.hatenablog.com/entry/2021/01/24/000000