![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
AWS modules
https://registry.terraform.io/namespaces/terraform-aws-modules
使用新的 module 時要行 "terraform init" 安裝它
使用 vpc module
main.tf
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "My-VPC"
cidr = "10.0.0.0/20" // 10.0.0.1 ~ 10.0.15.254
azs = ["ap-east-1a", "ap-east-1b", "ap-east-1c"]
public_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
intra_subnets = ["10.0.11.0/24", "10.0.12.0/24", "10.0.13.0/24"]
enable_nat_gateway = false
enable_vpn_gateway = false
}Default Settings
- create_igw = "true"
- enable_nat_gateway = "false"
- single_nat_gateway = "false"
預設在 3 subnets 情況下會建立 3 隻使用 EIP 的 NAT Gateway
設定 "single_nat_gateway = true" 時可以建立 1 隻
"private" vs "intra" subnets
If you need private subnets that should have no Internet routing, "intra_subnets" should be specified.
Note
provider Version 4.0.2 之後就到 Version 5.0.0, 中間沒有 4.66
ALB Module
module "alb" {
source = "terraform-aws-modules/alb/aws"
name = "MyALB"
load_balancer_type = "application"
vpc_id = module.vpc.vpc_id
subnets = module.vpc.public_subnets
security_groups = [aws_security_group.alb_sg.id]
target_groups = [
{
name_prefix = "MyALB-"
backend_protocol = "HTTP"
backend_port = 80
}
]
https_listeners = [
{
port = 443
protocol = "HTTPS"
certificate_arn = aws_acm_certificate.MyCert.id
target_group_index = 0
}
]
http_tcp_listeners = [
{
port = 80
protocol = "HTTP"
action_type = "redirect"
redirect = {
port = "443"
protocol = "HTTPS"
status_code = "HTTP_301"
}
}
]
}targets 設定
target_type = "instance"
targets = {
my_target = {
target_id = "i-xxx"
port = 80
}
}
