본문으로 건너뛰기

VPC

VPC & Internet Gateway

  • 리전당 생성가능한 VPC 수는 5 개로 설정되어 있습니다.(Quota 변경 가능)
  • VPC당 생성 가능한 Subnet 수는 200 개로 설정되어 있습니다.(Quota 변경 가능)
// 172.16.0.1 ~ 172.16.255.255
const vpcName = "vpc";
const vpc = new aws.ec2.Vpc(
	vpcName,
	{
		enableDnsHostnames: true,
		enableDnsSupport: true,
		instanceTenancy: "default",
		cidrBlock: "172.16.0.0/16",
		tags: {
			Name: vpcName,
			"loliot.net/stack": variable.stackName,
		},
	},
	{ protect: true },
);

const igwName = "igw";
const igw = new aws.ec2.InternetGateway(
	igwName,
	{
		vpcId: vpc.id,
		tags: {
			Name: igwName,
			"loliot.net/stack": variable.stackName,
		},
	},
	{ protect: true },
);

const igwRouteTableName = `${igwName}-rtb`;
const igwRouteTable = new aws.ec2.RouteTable(
	igwRouteTableName,
	{
		vpcId: vpc.id,
		routes: [
			{
				cidrBlock: "0.0.0.0/0", // 모든 IP에 대한 요청을
				gatewayId: igw.id, // Internet Gateway로 연결
			},
		],
		tags: {
			Name: igwRouteTableName,
			"loliot.net/stack": variable.stackName,
		},
	},
	{ protect: true },
);
정보

VPC에 IP가 부족한 경우 CIDR 블록을 추가할 수 있습니다.

const secondaryCIDRName = "vpc-secondary-cidr";
const secondaryCIDR = new aws.ec2.VpcIpv4CidrBlockAssociation(
	secondaryCIDRName,
	{
		cidrBlock: "172.17.0.0/16",
		vpcId: vpc.id,
	},
	{ protect: true },
);

RouteTable

  • VPC에는 암시적 라우터가 있습니다
  • RouteTable은 Subnet에 대한 라우팅 정의입니다
  • Subnet에 명시적으로 RouteTable을 연결하지 않으면 기본 RouteTable에 연결됩니다
  • Subnet은 하나의 RouteTable에만 연결됩니다
  • RouteTable에는 여러개의 Subnet을 연결할 수 있습니다
  • RouteTable에는 기본적으로 VPC 내부 통신을 위한 로컬 라우팅이 포함됩니다

Public Subnet && NAT Gateway

// 172.16.0.1 ~ 172.16.0.255
const publicSubnet1Name = "public-subnet-1";
const publicSubnet1 = new aws.ec2.Subnet(
	publicSubnet1Name,
	{
		vpcId: vpc.id,
		cidrBlock: "172.16.0.0/24",
		availabilityZone: "ap-northeast-2a",
		tags: {
			Name: publicSubnet1Name,
			"loliot.net/stack": variable.stackName,
			"kubernetes.io/cluster/eks": "shared",
		},
	},
	{ protect: true },
);

new aws.ec2.RouteTableAssociation(
	`${igwRouteTableName}-${publicSubnet1Name}`,
	{
		routeTableId: igwRouteTable.id,
		subnetId: publicSubnet1.id,
	},
	{ protect: true },
);

const ngw1Name = "ngw-1";
const ngw1EIPName = `${ngw1Name}-eip`;
const ngw1 = new aws.ec2.NatGateway(
	ngw1Name,
	{
		allocationId: new aws.ec2.Eip(ngw1EIPName, {
			tags: {
				Name: ngw1EIPName,
				"loliot.net/stack": variable.stackName,
			},
		}).id,
		subnetId: publicSubnet1.id,
		tags: {
			Name: ngw1Name,
			"loliot.net/stack": variable.stackName,
		},
	},
	{ protect: true },
);

const ngw1RouteTableName = `${ngw1Name}-rtb`;
const ngw1RouteTable = new aws.ec2.RouteTable(
	ngw1RouteTableName,
	{
		vpcId: vpc.id,
		routes: [
			{
				cidrBlock: "0.0.0.0/0",
				natGatewayId: ngw1.id,
			},
		],
		tags: {
			Name: ngw1RouteTableName,
			"loliot.net/stack": variable.stackName,
		},
	},
	{ protect: true },
);

Private Subnet

// 172.16.32.1 ~ 172.16.47.255
const privateSubnet1Name = "private-subnet-1";
export const privateSubnet1 = new aws.ec2.Subnet(
	privateSubnet1Name,
	{
		vpcId: vpc.id,
		cidrBlock: "172.16.32.0/20",
		availabilityZone: "ap-northeast-2a",
		tags: {
			Name: privateSubnet1Name,
			"loliot.net/stack": variable.stackName,
			"kubernetes.io/cluster/eks": "shared",
		},
	},
	{ protect: true },
);

new aws.ec2.RouteTableAssociation(
	`${ngw1RouteTableName}-${privateSubnet1Name}`,
	{
		routeTableId: ngw1RouteTable.id,
		subnetId: privateSubnet1.id,
	},
	{ protect: true },
);