feat: Lambda와 CloudFront를 TF로 관리하도록 Migrate

.gitignore

@@ -4,6 +4,7 @@
 *.tfstate.backup
 *.tfvars
 .terraform.lock.hcl
+modules/shared_resources/dist/*.zip
 
 # --- Secrets (보안상 절대 커밋 금지) ---
 *.pem

README.md

@@ -9,13 +9,23 @@ solid-connection-infra/
 │   └── secrets/              # 민감한 data 관리
 │       └── ...
 ├── modules/
-│   └── app_stack/            # [Prod/Stage 환경의 공통 모듈]
-│       ├── security_groups.tf
-│       ├── ec2.tf
-│       ├── rds.tf
+│   ├── app_stack/            # [Prod/Stage 환경의 공통 모듈]
+│   │   ├── security_groups.tf
+│   │   ├── ec2.tf
+│   │   ├── rds.tf
+│   │   ├── variables.tf
+│   │   └── outputs.tf
+│   └── shared_resources/      # [global 환경의 공유 자원 모듈]
+│       ├── src/
+│       │   ├── img_resizing/
+│       │   │   └── index.js
+│       │   └── thumbnail/
+│       │       └── index.js
+│       ├── cloudfront.tf
+│       ├── lambda.tf
+│       ├── provider.tf
 │       ├── s3.tf
-│       ├── variables.tf
-│       └── outputs.tf
+│       └── variables.tf
 └── environments/
     ├── prod/                 # [Prod 환경]
     │   ├── main.tf
@@ -29,7 +39,11 @@ solid-connection-infra/
     │   ├── main.tf
     │   ├── provider.tf
     │   └── variables.tf
-    └── monitoring/           # [Monitoring 환경]
+    ├── monitoring/            # [부하테스트 환경]
+    │   ├── main.tf
+    │   ├── provider.tf
+    │   └── variables.tf
+    └── global/                # [global 공유 환경]
         ├── main.tf
         ├── provider.tf
         └── variables.tf

environment/global/main.tf

@@ -0,0 +1,25 @@
+module "shared_resources" {
+  source = "../../modules/shared_resources"
+
+  providers = {
+    aws     = aws
+  }
+
+  s3_default_bucket_name            = var.s3_default_bucket_name
+  s3_upload_bucket_name             = var.s3_upload_bucket_name
+
+  resizing_img_func_name            = var.resizing_img_func_name
+  resizing_img_func_role            = var.resizing_img_func_role
+  resizing_img_func_handler         = var.resizing_img_func_handler
+  resizing_img_func_runtime         = var.resizing_img_func_runtime
+  resizing_img_func_layers          = var.resizing_img_func_layers
+
+  thumbnail_generating_func_name    = var.thumbnail_generating_func_name
+  thumbnail_generating_func_role    = var.thumbnail_generating_func_role
+  thumbnail_generating_func_handler = var.thumbnail_generating_func_handler
+  thumbnail_generating_func_runtime = var.thumbnail_generating_func_runtime
+  thumbnail_generating_func_layers  = var.thumbnail_generating_func_layers
+
+  default_cdn_web_acl_id            = var.default_cdn_web_acl_id
+  upload_cdn_web_acl_id             = var.upload_cdn_web_acl_id
+}

environment/global/provider.tf

@@ -0,0 +1,21 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "ap-northeast-2"
+
+  default_tags {
+    tags = {
+      Project     = "solid-connection"
+      Environment = "global"
+    }
+  }
+}

environment/global/variables.tf

@@ -0,0 +1,71 @@
+# [S3 버킷 관련 변수]
+variable "s3_default_bucket_name" {
+  description = "Name of the default S3 bucket"
+  type        = string
+}
+
+variable "s3_upload_bucket_name" {
+  description = "Name of the upload S3 bucket"
+  type        = string
+}
+
+# [Lambda 관련 변수]
+variable "resizing_img_func_name" {
+  description = "Image Resizing function name for uploaded s3 file"
+  type = string
+}
+
+variable "resizing_img_func_role" {
+  description = "Image Resizing function role for uploaded s3 file"
+  type = string
+}
+
+variable "resizing_img_func_handler" {
+  description = "Image Resizing function handler for uploaded s3 file"
+  type = string
+}
+
+variable "resizing_img_func_runtime" {
+  description = "Image Resizing function runtime for uploaded s3 file"
+  type = string
+}
+
+variable "thumbnail_generating_func_name" {
+  description = "Thumbnail generating function name for uploaded s3 file"
+  type = string
+}
+
+variable "thumbnail_generating_func_role" {
+  description = "Thumbnail generating function role for uploaded s3 file"
+  type = string
+}
+
+variable "thumbnail_generating_func_handler" {
+  description = "Thumbnail generating function handler for uploaded s3 file"
+  type = string
+}
+
+variable "thumbnail_generating_func_runtime" {
+  description = "Thumbnail generating function runtime for uploaded s3 file"
+  type = string
+}
+
+variable "resizing_img_func_layers" {
+  description = "Layers For Image Resizing func"
+  type = list(string)
+}
+
+variable "thumbnail_generating_func_layers" {
+  description = "Layers For Image Resizing func"
+  type = list(string)
+}
+
+variable "default_cdn_web_acl_id" {
+  description = "WAF Web ACL Id for Default Cloudfront CDN"
+  type = string
+}
+
+variable "upload_cdn_web_acl_id" {
+  description = "WAF Web ACL Id for Upload Cloudfront CDN"
+  type = string
+}

environment/prod/main.tf

@@ -41,8 +41,4 @@ module "prod_stack" {
   domain_name = var.domain_name
   cert_email  = var.cert_email
   nginx_conf_name = var.nginx_conf_name
-
-  # S3 버킷 이름 전달
-  s3_default_bucket_name = var.s3_default_bucket_name
-  s3_upload_bucket_name  = var.s3_upload_bucket_name
 }

environment/prod/variables.tf

@@ -93,13 +93,3 @@ variable "nginx_conf_name" {
   description = "Nginx conf name for the prod environment"
   type        = string
 }
-
-variable "s3_default_bucket_name" {
-  description = "Name of the default S3 bucket"
-  type        = string
-}
-
-variable "s3_upload_bucket_name" {
-  description = "Name of the upload S3 bucket"
-  type        = string
-}

environment/stage/main.tf

@@ -41,8 +41,4 @@ module "stage_stack" {
   domain_name = var.domain_name
   cert_email  = var.cert_email
   nginx_conf_name = var.nginx_conf_name
-
-  # S3 버킷 이름 전달
-  s3_default_bucket_name = var.s3_default_bucket_name
-  s3_upload_bucket_name  = var.s3_upload_bucket_name
 }

environment/stage/variables.tf

@@ -93,13 +93,3 @@ variable "nginx_conf_name" {
   description = "Nginx conf name for the stage environment"
   type        = string
 }
-
-variable "s3_default_bucket_name" {
-  description = "Name of the default S3 bucket"
-  type        = string
-}
-
-variable "s3_upload_bucket_name" {
-  description = "Name of the upload S3 bucket"
-  type        = string
-}

modules/app_stack/variables.tf

@@ -103,14 +103,3 @@ variable "nginx_conf_name" {
   description = "Nginx config filename"
   type        = string
 }
-
-# [S3 버킷 관련 변수]
-variable "s3_default_bucket_name" {
-  description = "Name of the default S3 bucket"
-  type        = string
-}
-
-variable "s3_upload_bucket_name" {
-  description = "Name of the upload S3 bucket"
-  type        = string
-}

modules/shared_resources/cloudfront.tf

@@ -0,0 +1,97 @@
+# 1. CDN for Default Bucket
+resource "aws_cloudfront_distribution" "default_cdn" {
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "solid-connection s3 default cloudfront"
+  price_class         = "PriceClass_All"
+  http_version        = "http2"
+
+  web_acl_id          = var.default_cdn_web_acl_id
+
+  tags = {
+    "Name" = "solid-connection s3 default cloudfront"
+  }
+
+  origin {
+    domain_name              = "${var.s3_default_bucket_name}.s3.ap-northeast-2.amazonaws.com"
+    origin_id                = "${var.s3_default_bucket_name}.s3.ap-northeast-2.amazonaws.com-mjo1g7tk2w8" # 기존 ID 유지
+    origin_access_control_id = "E14M8OP55A3YO7"
+
+    connection_attempts      = 3
+    connection_timeout       = 10
+  }
+
+  default_cache_behavior {
+    target_origin_id       = "${var.s3_default_bucket_name}.s3.ap-northeast-2.amazonaws.com-mjo1g7tk2w8" # 위 origin_id와 같아야 함
+    viewer_protocol_policy = "redirect-to-https"
+    compress               = true
+
+    allowed_methods  = ["GET", "HEAD"]
+    cached_methods   = ["GET", "HEAD"]
+
+    cache_policy_id  = "658327ea-f89d-4fab-a63d-7e88639e58f6"
+
+    smooth_streaming = false
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+      locations        = []
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+    minimum_protocol_version       = "TLSv1"
+  }
+}
+
+# 2. CDN for Upload Bucket
+resource "aws_cloudfront_distribution" "upload_cdn" {
+  enabled             = true
+  is_ipv6_enabled     = true
+  comment             = "solid-connection s3 upload cloudfront"
+  price_class         = "PriceClass_All"
+  http_version        = "http2"
+
+  web_acl_id          = var.upload_cdn_web_acl_id
+
+  tags = {
+    "Name" = "solid-connection s3 upload cloudfront"
+  }
+
+  origin {
+    domain_name              = "${var.s3_upload_bucket_name}.s3.ap-northeast-2.amazonaws.com"
+    origin_id                = "${var.s3_upload_bucket_name}.s3.ap-northeast-2.amazonaws.com-mjo1jpx6rvc"
+    origin_access_control_id = "E1ZBB5RMSBZQ4I"
+
+    connection_attempts      = 3
+    connection_timeout       = 10
+  }
+
+  default_cache_behavior {
+    target_origin_id       = "${var.s3_upload_bucket_name}.s3.ap-northeast-2.amazonaws.com-mjo1jpx6rvc"
+    viewer_protocol_policy = "redirect-to-https"
+    compress               = true
+
+    allowed_methods  = ["GET", "HEAD"]
+    cached_methods   = ["GET", "HEAD"]
+
+    cache_policy_id  = "658327ea-f89d-4fab-a63d-7e88639e58f6"
+
+    smooth_streaming = false
+  }
+
+  restrictions {
+    geo_restriction {
+      restriction_type = "none"
+      locations        = []
+    }
+  }
+
+  viewer_certificate {
+    cloudfront_default_certificate = true
+    minimum_protocol_version       = "TLSv1"
+  }
+}