provider "aws" {
region = "ap-northeast-2"
}
########################
# VPCs
########################
resource "aws_vpc" "wsi_hub" {
cidr_block = "172.16.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = { Name = "wsi-hub-vpc" }
}
resource "aws_vpc" "wsi_app" {
cidr_block = "192.168.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags = { Name = "wsi-app-vpc" }
}
########################
# Subnets - Hub 퍼블릭 서브넷 (인터넷용, NAT Gateway 위치)
########################
resource "aws_subnet" "wsi_hub_subnet_az_a" {
vpc_id = aws_vpc.wsi_hub.id
cidr_block = "172.16.10.0/24"
availability_zone = "ap-northeast-2a"
map_public_ip_on_launch = true
tags = { Name = "wsi-hub-subnet-az-a" }
}
resource "aws_subnet" "wsi_hub_subnet_az_c" {
vpc_id = aws_vpc.wsi_hub.id
cidr_block = "172.16.11.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = true
tags = { Name = "wsi-hub-subnet-az-c" }
}
########################
# Subnets - Hub 사설 서브넷 (NAT 뒤)
########################
resource "aws_subnet" "wsi_hub_app_subnet_az_a" {
vpc_id = aws_vpc.wsi_hub.id
cidr_block = "172.16.20.0/24"
availability_zone = "ap-northeast-2a"
map_public_ip_on_launch = false
tags = { Name = "wsi-hub-app-subnet-az-a" }
}
resource "aws_subnet" "wsi_hub_app_subnet_az_c" {
vpc_id = aws_vpc.wsi_hub.id
cidr_block = "172.16.21.0/24"
availability_zone = "ap-northeast-2c"
map_public_ip_on_launch = false
tags = { Name = "wsi-hub-app-subnet-az-c" }
}
########################
# Subnets - App (사설 서브넷)
########################
resource "aws_subnet" "wsi_app_subnet_az_a" {
vpc_id = aws_vpc.wsi_app.id
cidr_block = "192.168.0.0/24"
availability_zone = "ap-northeast-2a"
tags = { Name = "wsi-app-subnet-az-a" }
}
resource "aws_subnet" "wsi_app_subnet_az_c" {
vpc_id = aws_vpc.wsi_app.id
cidr_block = "192.168.10.0/24"
availability_zone = "ap-northeast-2c"
tags = { Name = "wsi-app-subnet-az-c" }
}
########################
# Internet Gateway (hub)
########################
resource "aws_internet_gateway" "wsi_hub_igw" {
vpc_id = aws_vpc.wsi_hub.id
tags = { Name = "wsi-hub-igw" }
}
########################
# NAT Gateways in Hub 퍼블릭 서브넷에 생성 (a, c 가용영역 각각)
########################
resource "aws_eip" "wsi_hub_nat_eip_a" {
tags = { Name = "wsi-hub-nat-eip-a" }
}
resource "aws_eip" "wsi_hub_nat_eip_c" {
tags = { Name = "wsi-hub-nat-eip-c" }
}
resource "aws_nat_gateway" "wsi_hub_nat_a" {
allocation_id = aws_eip.wsi_hub_nat_eip_a.id
subnet_id = aws_subnet.wsi_hub_subnet_az_a.id
tags = { Name = "wsi-hub-nat-a" }
depends_on = [aws_internet_gateway.wsi_hub_igw]
}
resource "aws_nat_gateway" "wsi_hub_nat_c" {
allocation_id = aws_eip.wsi_hub_nat_eip_c.id
subnet_id = aws_subnet.wsi_hub_subnet_az_c.id
tags = { Name = "wsi-hub-nat-c" }
depends_on = [aws_internet_gateway.wsi_hub_igw]
}
########################
# Route Tables - Hub 퍼블릭 서브넷용 (인터넷 접근용)
########################
resource "aws_route_table" "wsi_hub_rtb" {
vpc_id = aws_vpc.wsi_hub.id
tags = { Name = "wsi-hub-rtb" }
}
resource "aws_route_table_association" "hub_sub_az_a_assoc" {
subnet_id = aws_subnet.wsi_hub_subnet_az_a.id
route_table_id = aws_route_table.wsi_hub_rtb.id
}
resource "aws_route_table_association" "hub_sub_az_c_assoc" {
subnet_id = aws_subnet.wsi_hub_subnet_az_c.id
route_table_id = aws_route_table.wsi_hub_rtb.id
}
resource "aws_route" "hub_rtb_igw_route" {
route_table_id = aws_route_table.wsi_hub_rtb.id
destination_cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.wsi_hub_igw.id
}
########################
# Route Tables - Hub 사설 서브넷용 (NAT 경유)
########################
resource "aws_route_table" "wsi_hub_app_rtb_a" {
vpc_id = aws_vpc.wsi_hub.id
tags = { Name = "wsi-hub-app-rtb-a" }
}
resource "aws_route_table" "wsi_hub_app_rtb_c" {
vpc_id = aws_vpc.wsi_hub.id
tags = { Name = "wsi-hub-app-rtb-c" }
}
resource "aws_route_table_association" "hub_app_a_assoc" {
subnet_id = aws_subnet.wsi_hub_app_subnet_az_a.id
route_table_id = aws_route_table.wsi_hub_app_rtb_a.id
}
resource "aws_route_table_association" "hub_app_c_assoc" {
subnet_id = aws_subnet.wsi_hub_app_subnet_az_c.id
route_table_id = aws_route_table.wsi_hub_app_rtb_c.id
}
resource "aws_route" "hub_app_rtb_a_to_nat" {
route_table_id = aws_route_table.wsi_hub_app_rtb_a.id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.wsi_hub_nat_a.id
}
resource "aws_route" "hub_app_rtb_c_to_nat" {
route_table_id = aws_route_table.wsi_hub_app_rtb_c.id
destination_cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.wsi_hub_nat_c.id
}
########################
# Route Tables - App 서브넷용 (트랜짓 게이트웨이 경유)
########################
resource "aws_route_table" "wsi_app_rtb_a" {
vpc_id = aws_vpc.wsi_app.id
tags = { Name = "wsi-app-rtb-a" }
}
resource "aws_route_table" "wsi_app_rtb_c" {
vpc_id = aws_vpc.wsi_app.id
tags = { Name = "wsi-app-rtb-c" }
}
resource "aws_route_table_association" "app_sub_a_assoc" {
subnet_id = aws_subnet.wsi_app_subnet_az_a.id
route_table_id = aws_route_table.wsi_app_rtb_a.id
}
resource "aws_route_table_association" "app_sub_c_assoc" {
subnet_id = aws_subnet.wsi_app_subnet_az_c.id
route_table_id = aws_route_table.wsi_app_rtb_c.id
}
########################
# Transit Gateway 및 연결
########################
resource "aws_ec2_transit_gateway" "wsi_vpc_tgw" {
description = "wsi-vpc-tgw"
default_route_table_association = "disable"
default_route_table_propagation = "disable"
tags = { Name = "wsi-vpc-tgw" }
}
resource "aws_ec2_transit_gateway_route_table" "wsi_vpc_tgw_rtb" {
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
tags = { Name = "wsi-vpc-tgw-rtb" }
}
resource "aws_ec2_transit_gateway_vpc_attachment" "wsi_hub_tgat" {
vpc_id = aws_vpc.wsi_hub.id
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
subnet_ids = [aws_subnet.wsi_hub_app_subnet_az_a.id, aws_subnet.wsi_hub_app_subnet_az_c.id]
tags = { Name = "wsi-hub-tgat" }
transit_gateway_default_route_table_association = false
}
resource "aws_ec2_transit_gateway_vpc_attachment" "wsi_app_tgat" {
vpc_id = aws_vpc.wsi_app.id
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
subnet_ids = [aws_subnet.wsi_app_subnet_az_a.id, aws_subnet.wsi_app_subnet_az_c.id]
tags = { Name = "wsi-app-tgat" }
transit_gateway_default_route_table_association = false
}
resource "aws_ec2_transit_gateway_route_table_association" "wsi_hub_assoc" {
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.wsi_hub_tgat.id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.wsi_vpc_tgw_rtb.id
}
resource "aws_ec2_transit_gateway_route_table_association" "wsi_app_assoc" {
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.wsi_app_tgat.id
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.wsi_vpc_tgw_rtb.id
}
# TGW routes: App <-> Hub
resource "aws_ec2_transit_gateway_route" "tgw_to_app" {
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.wsi_vpc_tgw_rtb.id
destination_cidr_block = aws_vpc.wsi_app.cidr_block
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.wsi_app_tgat.id
}
resource "aws_ec2_transit_gateway_route" "tgw_to_hub" {
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.wsi_vpc_tgw_rtb.id
destination_cidr_block = aws_vpc.wsi_hub.cidr_block
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.wsi_hub_tgat.id
}
# TGW default route -> Hub attachment (App VPC의 기본 인터넷 경로는 Hub NAT -> IGW)
resource "aws_ec2_transit_gateway_route" "tgw_default_to_hub" {
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.wsi_vpc_tgw_rtb.id
destination_cidr_block = "0.0.0.0/0"
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.wsi_hub_tgat.id
}
########################
# VPC Route Tables에 TGW 경로 추가
########################
resource "aws_route" "app_rtb_a_to_tgw" {
route_table_id = aws_route_table.wsi_app_rtb_a.id
destination_cidr_block = "0.0.0.0/0"
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
depends_on = [aws_ec2_transit_gateway_vpc_attachment.wsi_app_tgat]
}
resource "aws_route" "app_rtb_c_to_tgw" {
route_table_id = aws_route_table.wsi_app_rtb_c.id
destination_cidr_block = "0.0.0.0/0"
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
depends_on = [aws_ec2_transit_gateway_vpc_attachment.wsi_app_tgat]
}
resource "aws_route" "hub_rtb_to_app_via_tgw" {
route_table_id = aws_route_table.wsi_hub_rtb.id
destination_cidr_block = aws_vpc.wsi_app.cidr_block
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
depends_on = [aws_ec2_transit_gateway_vpc_attachment.wsi_hub_tgat]
}
resource "aws_route" "hub_app_rtb_a_to_app_via_tgw" {
route_table_id = aws_route_table.wsi_hub_app_rtb_a.id
destination_cidr_block = aws_vpc.wsi_app.cidr_block
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
depends_on = [aws_ec2_transit_gateway_vpc_attachment.wsi_hub_tgat]
}
resource "aws_route" "hub_app_rtb_c_to_app_via_tgw" {
route_table_id = aws_route_table.wsi_hub_app_rtb_c.id
destination_cidr_block = aws_vpc.wsi_app.cidr_block
transit_gateway_id = aws_ec2_transit_gateway.wsi_vpc_tgw.id
depends_on = [aws_ec2_transit_gateway_vpc_attachment.wsi_hub_tgat]
}
########################
# Outputs
########################
output "wsi_hub_vpc_id" {
value = aws_vpc.wsi_hub.id
}
output "wsi_app_vpc_id" {
value = aws_vpc.wsi_app.id
}
output "wsi_tgw_id" {
value = aws_ec2_transit_gateway.wsi_vpc_tgw.id
}
output "wsi_tgw_rt_id" {
value = aws_ec2_transit_gateway_route_table.wsi_vpc_tgw_rtb.id
}
output "wsi_hub_nat_a_eip" {
value = aws_eip.wsi_hub_nat_eip_a.public_ip
}
output "wsi_hub_nat_c_eip" {
value = aws_eip.wsi_hub_nat_eip_c.public_ip
}