AWS CLI Install
Ubuntu 외 다른 OS 사용 시 아래 링크 참조하여 설치
https://docs.aws.amazon.com/ko_kr/cli/latest/userguide/getting-started-install.html
AWS Management Console> 우상단 계정 클릭 >Security Credentials>Create New Access Key클릭Access Key ID와Secret Access Key생성 후 저장
sudo apt-get install -y unzip
cd
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
aws --version
aws configure
AWS Access Key ID [None]: # 입력
AWS Secret Access Key [None]: # 입력
Default region name [None]: ap-northeast-2
Default output format [None]: json
Terraform Install
Ubuntu 외 다른 OS 사용 시 아래 링크 참조하여 설치
https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli
sudo apt-get update && sudo apt-get install -y gnupg software-properties-common
wget -O- https://apt.releases.hashicorp.com/gpg | \
gpg --dearmor | \
sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg > /dev/null
gpg --no-default-keyring \
--keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg \
--fingerprint
echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \
https://apt.releases.hashicorp.com $(lsb_release -cs) main" | \
sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt-get update -y
sudo apt-get install -y terraform
terraform -install-autocomplete
source ~/.bashrc
Terraform Code
tree ~/mlops/terraform-aws
├── 01_network
│ ├── main.tf
│ └── variables.tf
└── 02_ec2
├── main.tf
└── variables.tf
01_network
mkdir -p ~/mlops/terraform-aws/01_network
cd ~/mlops/terraform-aws/01_network
variables.tf
variable "region" {
description = "AWS Region"
default = "ap-northeast-2"
}
variable "vpc_cidr" {
description = "VPC CIDR block"
default = "10.0.0.0/20"
}
variable "public_subnet_cidr" {
description = "Public Subnet CIDR block"
default = "10.0.1.0/24"
}
variable "elastic_ip" {
description = "Elastic IP address for the instance"
default = ""
}
main.tf
- EC2 가 재시작하거나 재생성될 경우를 대비해 공인 IP 할당
- 실습 편의상 네트워크적인 제약 없음 (인터넷 가능, 모든 IP에서 SSH 접근 허용, 모든 아웃바운드 트래픽 허용)
provider "aws" {
region = var.region
}
# VPC 생성
resource "aws_vpc" "kf_vpc" {
cidr_block = var.vpc_cidr
tags = {
Name = "kf-vpc"
}
}
# 퍼블릭 서브넷 생성
resource "aws_subnet" "kf_public_subnet" {
vpc_id = aws_vpc.kf_vpc.id
cidr_block = var.public_subnet_cidr
availability_zone = "ap-northeast-2a"
tags = {
Name = "kf-public-subnet"
}
}
# 인터넷 게이트웨이 생성
resource "aws_internet_gateway" "kf_igw" {
vpc_id = aws_vpc.kf_vpc.id
tags = {
Name = "kf-internet-gateway"
}
}
# 퍼블릭 서브넷에 대한 라우트 테이블 생성
resource "aws_route_table" "kf_public_route_table" {
vpc_id = aws_vpc.kf_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.kf_igw.id
}
tags = {
Name = "kf-public-route-table"
}
}
# 퍼블릭 서브넷에 라우트 테이블 연결
resource "aws_route_table_association" "kf_public_route_table_association" {
subnet_id = aws_subnet.kf_public_subnet.id
route_table_id = aws_route_table.kf_public_route_table.id
}
# EC2 인스턴스에 대한 보안 그룹
resource "aws_security_group" "kf_sg" {
vpc_id = aws_vpc.kf_vpc.id
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"] # 모든 IP에서 SSH 접근 허용
}
egress {
from_port = 0
to_port = 0
protocol = "-1" # 모든 아웃바운드 트래픽 허용
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "kf-sg"
}
}
resource "aws_eip" "kf_eip" {
}
output "public_subnet_id" {
value = aws_subnet.kf_public_subnet.id
}
output "security_group_id" {
value = aws_security_group.kf_sg.id
}
output "eip_allocation_id" {
value = aws_eip.kf_eip.id # Elastic IP의 할당 ID 출력
}
output "elastic_ip" {
value = aws_eip.kf_eip.public_ip # 생성된 Elastic IP 출력
}
Terraform 환경변수 설정
- Red Hat의 AWS 계정 ID로 이미지 검색
RHEL-8.6.0_HVM-20231114-x86_64-59-Hourly2-GP3이미지의 AMI ID(ami-0d9478bea993499d8) 선택
aws ec2 describe-images --owners 309956199498 --filters "Name=name,Values=*RHEL-8.6*" --query "Images[*].[ImageId, Name]" --output table
----------------------------------------------------------------------------
| DescribeImages |
+------------------------+-------------------------------------------------+
| ami-047e8b37730fdd44c | RHEL-8.6.0_HVM-20240229-x86_64-19-Hourly2-GP3 |
| ami-0739462db1ecd710b | RHEL-8.6.0_HVM-20231009-arm64-59-Hourly2-GP2 |
| ami-0d9478bea993499d8 | RHEL-8.6.0_HVM-20231114-x86_64-59-Hourly2-GP3 |
| ami-0df0cf6e898d8310c | RHEL-8.6.0_HVM-20240117-arm64-2-Hourly2-GP3 |
| ami-07cb1696f2b4c5119 | RHEL-8.6.0_HVM-20230712-arm64-43-Hourly2-GP2 |
| ami-08fdbc7aa6497b37a | RHEL-8.6.0_HVM-20240521-x86_64-58-Hourly2-GP3 |
| ami-0043967e9e176e61c | RHEL-8.6.0_HVM-20231114-arm64-59-Hourly2-GP3 |
| ami-087f710a87ab31599 | RHEL-8.6.0_HVM-20230411-arm64-60-Hourly2-GP2 |
| ami-0bdcd8e71fe8474b7 | RHEL-8.6.0_HVM-20240229-arm64-19-Hourly2-GP3 |
| ami-0e3c45fb9585c169a | RHEL-8.6.0_HVM-20240117-x86_64-2-Hourly2-GP3 |
| ami-065803b32ab151b3b | RHEL-8.6.0_HVM-20240521-arm64-58-Hourly2-GP3 |
| ami-053bff68f61b4dbfb | RHEL-8.6.0_HVM-20230823-x86_64-20-Hourly2-GP2 |
| ami-0f836d9008531d6d0 | RHEL-8.6.0_HVM-20230411-x86_64-60-Hourly2-GP2 |
| ami-08e58006e62583160 | RHEL-8.6.0_HVM-20230712-x86_64-43-Hourly2-GP2 |
| ami-055cd947f9c41747e | RHEL-8.6.0_HVM-20231009-x86_64-59-Hourly2-GP2 |
| ami-0a18ed64d80d9e0e0 | RHEL-8.6.0_HVM-20230823-arm64-20-Hourly2-GP2 |
| ami-04ecc893466f1de2f | RHEL-8.6.0_HVM-20240419-arm64-63-Hourly2-GP3 |
| ami-0a1df78facdd222f0 | RHEL-8.6.0_HVM-20240419-x86_64-63-Hourly2-GP3 |
+------------------------+-------------------------------------------------+
02_ec2
mkdir -p ~/mlops/terraform-aws/02_ec2
cd ~/mlops/terraform-aws/02_ec2
variables.tf
- instance_type은 적절한 타입을 선택
- 사전에 키페어 생성 필요
AWS Management Console> EC2 대시보드 좌측 사이드바 > 네트워크 및 보안 > 키 페어 > 키 페어 생성- 이름 :
mlops-key - 파일 형식 :
pem
- VPC CIDR 은
10.0.0.0/20대역으로 설정
variable "region" {
description = "AWS Region"
default = "ap-northeast-2"
}
variable "vpc_cidr" {
description = "VPC CIDR block"
default = "10.0.0.0/20"
}
variable "public_subnet_cidr" {
description = "Public Subnet CIDR block"
default = "10.0.1.0/24"
}
variable "kf_instance_type" {
description = "Kubeflow instance type"
default = "g4dn.8xlarge"
}
variable "ami_id" {
description = "AMI ID for the instances"
default = "ami-0d9478bea993499d8"
}
variable "key_name" {
description = "Key pair name for EC2 instances"
default = "mlops-key"
}
variable "elastic_ip" {
description = "Kubeflow instance Public IP"
default = "3.37.7.81"
}
main.tf
provider "aws" {
region = "ap-northeast-2"
}
data "terraform_remote_state" "network" {
backend = "local" # 이 예에서는 로컬 백엔드를 사용
config = {
path = "../01_network/terraform.tfstate" # 네트워크 상태 파일의 경로
}
}
# EC2 인스턴스 생성
resource "aws_instance" "kf_instance" {
count = 1
ami = var.ami_id
instance_type = var.kf_instance_type
subnet_id = data.terraform_remote_state.network.outputs.public_subnet_id
vpc_security_group_ids = [data.terraform_remote_state.network.outputs.security_group_id]
associate_public_ip_address = false # 퍼블릭 IP 자동 할당 비활성화
key_name = var.key_name
# EBS 볼륨 설정
root_block_device {
volume_size = 500 # 500GB
volume_type = "gp3" # 일반적인 SSD 타입
}
tags = {
Name = "kf-instance-${count.index + 1}"
}
}
# Elastic IP와 EC2 인스턴스 연결
resource "aws_eip_association" "kf_eip_association" {
instance_id = aws_instance.kf_instance[0].id # 첫 번째 인스턴스에 연결
allocation_id = data.terraform_remote_state.network.outputs.eip_allocation_id # Elastic IP 할당 ID
}
# 출력
output "instance_ips" {
value = {
for instance in aws_instance.kf_instance :
instance.tags["Name"] => {
public_ip = data.terraform_remote_state.network.outputs.elastic_ip, # Elastic IP 사용
private_ip = instance.private_ip
}
}
}
Terraform Apply
terraform init
terraform plan
terraform apply -auto-approve
terraform refresh
terraform destroy -auto-approve
EC2 SSH Connect
# 위에서 생성한 키페어 파일 권한설정
$> chmod 400 ~/mlops-key.pem
$> ll ~/mlops-key.pem
-r-------- 1 wooyoung wooyoung 1.7K Feb 6 16:36 /home/wooyoung/mlops-key.pem
# rm -rf ~/.ssh
PUBLIC_IP=3.36.163.33 # 할당받은 공인 IP 입력
ssh -i ~/mlops-key.pem ec2-user@$PUBLIC_IP