[root@com2 scenario01]# more *.tf :::::::::::::: main.tf :::::::::::::: # VPC > User scenario > Scenario 1. Single Public Subnet # https://docs.ncloud.com/ko/networking/vpc/vpc_userscenario1.html provider "ncloud" { support_vpc = true region = "KR" access_key = var.access_key secret_key = var.secret_key } resource "ncloud_login_key" "key_scn_01" { key_name = var.name_scn01 } resource "ncloud_vpc" "vpc_scn_01" { name = var.name_scn01 ipv4_cidr_block = "10.0.0.0/20" } resource "ncloud_subnet" "subnet_scn_01" { name = var.pub1 vpc_no = ncloud_vpc.vpc_scn_01.id subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 4, 2) zone = "KR-2" network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no subnet_type = "PUBLIC" // PUBLIC(Public) | PRIVATE(Private) } resource "ncloud_subnet" "subnet_scn_02" { name = var.pri1 vpc_no = ncloud_vpc.vpc_scn_01.id subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 3, 0) zone = "KR-2" network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no subnet_type = "PRIVATE" // PUBLIC(Public) | PRIVATE(Private) } resource "ncloud_subnet" "lb_subnet" { vpc_no = ncloud_vpc.vpc_scn_01.id # subnet = "10.0.100.0/24" subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 4, 5) zone = "KR-2" network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no subnet_type = "PRIVATE" name = "lb-subnet-pri1" usage_type = "LOADB" } # pri-lb1 4.0 resource "ncloud_subnet" "lb_subnet_pub" { vpc_no = ncloud_vpc.vpc_scn_01.id # subnet = "10.0.101.0/24" subnet = cidrsubnet(ncloud_vpc.vpc_scn_01.ipv4_cidr_block, 4, 4) zone = "KR-2" network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no subnet_type = "PUBLIC" name = "lb-subnet-pub1" usage_type = "LOADB" } locals { scn01_inbound = [ [1, "TCP", "0.0.0.0/0", "80", "ALLOW"], [2, "TCP", "0.0.0.0/0", "443", "ALLOW"], [3, "TCP", "${var.client_ip}/32", "22", "ALLOW"], [4, "TCP", "${var.client_ip}/32", "3389", "ALLOW"], [5, "TCP", "0.0.0.0/0", "32768-65535", "ALLOW"], [197, "TCP", "0.0.0.0/0", "1-65535", "DROP"], [198, "UDP", "0.0.0.0/0", "1-65535", "DROP"], [199, "ICMP", "0.0.0.0/0", null, "DROP"], ] scn01_outbound = [ [1, "TCP", "0.0.0.0/0", "80", "ALLOW"], [2, "TCP", "0.0.0.0/0", "443", "ALLOW"], [3, "TCP", "${var.client_ip}/32", "1000-65535", "ALLOW"], [197, "TCP", "0.0.0.0/0", "1-65535", "DROP"], [198, "UDP", "0.0.0.0/0", "1-65535", "DROP"], [199, "ICMP", "0.0.0.0/0", null, "DROP"] ] } resource "ncloud_network_acl_rule" "network_acl_01_rule" { network_acl_no = ncloud_vpc.vpc_scn_01.default_network_acl_no dynamic "inbound" { for_each = local.scn01_inbound content { priority = inbound.value[0] protocol = inbound.value[1] ip_block = inbound.value[2] port_range = inbound.value[3] rule_action = inbound.value[4] description = "for ${var.name_scn01}" } } dynamic "outbound" { for_each = local.scn01_outbound content { priority = outbound.value[0] protocol = outbound.value[1] ip_block = outbound.value[2] port_range = outbound.value[3] rule_action = outbound.value[4] description = "for ${var.name_scn01}" } } } :::::::::::::: variables.tf :::::::::::::: variable name_scn01 { default = "game" } variable pub1 { default = "pub1" } variable pri1 { default = "pri1" } variable client_ip { default = "211.188.62.90" } variable access_key { default = "ncp_iam_BPA6kR" } variable secret_key { default = "ncp_iam_BPKMKRNFX2FXtJ" } :::::::::::::: versions.tf :::::::::::::: terraform { required_providers { ncloud = { source = "navercloudplatform/ncloud" } } required_version = ">= 0.13" } [root@com2 scenario01]#