Terraform으로 AWS Route Table 구성하기

Terraform으로 AWS Route Table 구성하기

VPC에서 트래픽 흐름을 제어하기 위해 Route Table을 구성합니다.

일반적으로 Public/Private Route Table을 분리하여 사용합니다.

아키텍쳐 흐름

[ Internet ]
      ↓
[ Internet Gateway ]
      ↓
[ Public Route Table ]
      ↓
[ Public Subnet ]

[ Private Route Table ]
      ↓
[ Private Subnet ] (NAT 필요)

1. 사전 조건

• VPC 생성 완료
• Subnet 구성 완료
• Internet Gateway 생성 완료

2. Route Table 구성

vim rtb.tf

#################################
# Public Route Table
#################################

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.sangchul_vpc11.id

  tags = {
    Name        = "${var.vpc_name}-public-rt"
    Environment = var.env
    Role        = "public-route"
    Service     = "network"
  }
}

# 인터넷 라우팅 (IGW 연결)
resource "aws_route" "public_internet_access" {
  route_table_id         = aws_route_table.public.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.igw.id
}

#################################
# Private Route Table
#################################

resource "aws_route_table" "private" {
  vpc_id = aws_vpc.sangchul_vpc11.id

  tags = {
    Name        = "${var.vpc_name}-private-rt"
    Environment = var.env
    Role        = "private-route"
    Service     = "network"
  }
}

#################################
# Public Subnet Association
#################################

resource "aws_route_table_association" "public_a" {
  subnet_id      = aws_subnet.public_a.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route_table_association" "public_c" {
  subnet_id      = aws_subnet.public_c.id
  route_table_id = aws_route_table.public.id
}

#################################
# Private Subnet Association
#################################

resource "aws_route_table_association" "private_a" {
  subnet_id      = aws_subnet.private_a.id
  route_table_id = aws_route_table.private.id
}

resource "aws_route_table_association" "private_c" {
  subnet_id      = aws_subnet.private_c.id
  route_table_id = aws_route_table.private.id
}

3. 실행 절차

3.1 실행 계획 확인

terraform plan -out=tfplan

3.2 Route Table 적용

terraform apply tfplan

또는

terraform apply

aws_vpc.sangchul_vpc11: Refreshing state... [id=vpc]
aws_route_table.sangchul_vpc11-rt-pri01: Refreshing state... [id=rtb]
aws_subnet.sangchul_vpc11-sb13: Refreshing state... [id=subnet]
aws_subnet.sangchul_vpc11-sb4: Refreshing state... [id=subnet]
aws_internet_gateway.sangchul_vpc11-igw: Refreshing state... [id=igw]
aws_subnet.sangchul_vpc11-sb14: Refreshing state... [id=subnet]
aws_subnet.sangchul_vpc11-sb3: Refreshing state... [id=subnet]
aws_default_route_table.sangchul_vpc11-rt: Refreshing state... [id=rtb]
aws_route_table_association.sangchul_vpc11-sb13: Refreshing state... [id=rtbassoc]
aws_route_table_association.sangchul_vpc11-sb14: Refreshing state... [id=rtbassoc]
aws_route_table_association.sangchul_vpc11-sb3: Refreshing state... [id=rtbassoc]
aws_route_table_association.sangchul_vpc11-sb4: Refreshing state... [id=rtbassoc]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

...

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_route_table.sangchul_vpc11-rt-pri01: Creating...
aws_route_table.sangchul_vpc11-rt-pri01: Creation complete after 3s [id=rtb]
aws_route_table_association.sangchul_vpc11-sb13: Creating...
aws_route_table_association.sangchul_vpc11-sb14: Creating...
aws_route_table_association.sangchul_vpc11-sb13: Creation complete after 1s [id=rtbassoc]
aws_route_table_association.sangchul_vpc11-sb14: Creation complete after 1s [id=rtbassoc]

Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

4. 생성 결과 확인

terraform show

또는

aws ec2 describe-route-tables

5. Output 설정 (권장)

vim outputs.tf

output "public_route_table_id" {
  value = aws_route_table.public.id
}

output "private_route_table_id" {
  value = aws_route_table.private.id
}