Labmda 에 VPC를 연결하게 되면 기본적으로는 Internet에 접근할 수 없게 되어있다.
이것을 해결하기 위해 Nat gateway를 설정해서 이 문제를 해결할 수 있다.
가용성을 생각해서 만들기 위해 public subnet 2개, private subnet 2개를 할당하였다.
#Vpc.tf
#vpc 생성
resource "aws_vpc" "capstone_vpc" {
cidr_block = "10.10.0.0/16"
tags ={
Name="capstone_vpc"
}
}
#public subnet, private subnet 생성
resource "aws_subnet" "public_subnet_1a" {
vpc_id = aws_vpc.capstone_vpc.id
cidr_block = "10.10.1.0/24"
availability_zone = "ap-northeast-2a"
tags = {
Name = "public_subnet_a"
}
}
resource "aws_subnet" "public_subnet_1b" {
vpc_id = aws_vpc.capstone_vpc.id
cidr_block = "10.10.2.0/24"
availability_zone = "ap-northeast-2b"
tags = {
Name = "public_subnet_b"
}
}
# subnet (private)
resource "aws_subnet" "private_subnet_1a" {
vpc_id = aws_vpc.capstone_vpc.id
cidr_block = "10.10.101.0/24"
availability_zone = "ap-northeast-2c"
tags = {
Name = "private_subnet_a"
}
}
resource "aws_subnet" "private_subnet_1b" {
vpc_id = aws_vpc.capstone_vpc.id
cidr_block = "10.10.102.0/24"
availability_zone = "ap-northeast-2d"
tags = {
Name = "private_subnet_b"
}
}
# public subnet에 연결할 IG 생성
resource "aws_internet_gateway" "capstone_igw" {
vpc_id = aws_vpc.capstone_vpc.id
tags = {
Name = "Capstone_IGW"
}
}
# public subnet에 IG를 연결하기 위한 라우팅 테이블 생성
resource "aws_route_table" "capstone_public" {
vpc_id = aws_vpc.capstone_vpc.id
route{
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.capstone_igw.id
}
tags = {
Name="capstone_public"
}
}
#퍼블릭 서브넷 라우팅 테이블과 연결
resource "aws_route_table_association" "public-a" {
subnet_id = aws_subnet.public_subnet_1a.id
route_table_id = aws_route_table.capstone_public.id
}
resource "aws_route_table_association" "public-b" {
subnet_id = aws_subnet.public_subnet_1b.id
route_table_id = aws_route_table.capstone_public.id
}
# Nat Gateway를 위한 Elasic IP 생성
resource "aws_eip" "Capstone-nat-elp" {
domain = "vpc"
}
# Nat gateway 생성
resource "aws_nat_gateway" "capstoon-nat" {
allocation_id = aws_eip.Capstone-nat-elp.id
subnet_id = aws_subnet.public_subnet_1a.id
connectivity_type = "public"
tags = {
Name = "gw NAT"
}
# To ensure proper ordering, it is recommended to add an explicit dependency
# on the Internet Gateway for the VPC.
depends_on = [aws_internet_gateway.capstone_igw]
}
# private subnet과 Nat gateway 연결을 위한 라우팅 테이블
resource "aws_route_table" "capstone_private" {
vpc_id = aws_vpc.capstone_vpc.id
route{
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.capstoon-nat.id
}
tags = {
Name="capstone_private"
}
}
#private subnet 라우팅 테이블과 연결
resource "aws_route_table_association" "private-a" {
subnet_id = aws_subnet.private_subnet_1a.id
route_table_id = aws_route_table.capstone_private.id
depends_on = [ aws_nat_gateway.capstoon-nat ]
}
resource "aws_route_table_association" "private-b" {
subnet_id = aws_subnet.private_subnet_1b.id
route_table_id = aws_route_table.capstone_private.id
depends_on = [ aws_nat_gateway.capstoon-nat ]
}
#람다 함수 생성[image 기반]
resource "aws_lambda_function" "crawling_lambda" {
function_name = "crawling-server"
role = aws_iam_role.iam_for_lambda.arn
image_uri = ""
architectures = ["x86_64"]
package_type = "Image"
memory_size = 1024
timeout = 10
#앞서 생성한 private subnet 연결 *반드시 private subnet이여함*
vpc_config {
subnet_ids = [aws_subnet.private_subnet_1a.id,aws_subnet.private_subnet_1b.id]
security_group_ids = [aws_security_group.MSK_security.id]
}
}'프로그래밍 > aws' 카테고리의 다른 글
| AWS Glue VS AWS Step Function (0) | 2024.11.07 |
|---|---|
| [AWS] S3 Event -> SQS 사용방법 (0) | 2023.11.02 |
| [aws] 몇가지 기능 간단정리 (0) | 2023.07.27 |