fix: RDS 인스턴스에 암호화 설정 추가 by chisanahn · Pull Request #31 · AnnyangService/infra

chisanahn · 2025-11-02T09:58:00Z

No description provided.

github-actions · 2025-11-02T09:58:34Z

🏗️ Terraform Plan

data.http.myip: Reading...
data.http.myip: Read complete after 0s [id=https://api.ipify.org]
module.acm.data.aws_acm_certificate.cloudfront_main_domain: Reading...
module.acm.data.aws_acm_certificate.cloudfront_main_domain: Read complete after 0s [id=arn:aws:acm:us-east-1:124951343483:certificate/7199e1d7-472a-4f28-bab0-fe52b5bed8ca]
module.frontend.data.aws_s3_bucket.frontend: Reading...
module.s3-for-codedeploy.data.aws_s3_bucket.app_deploy: Reading...
module.acm.data.aws_acm_certificate.main_domain: Reading...
module.s3-images.data.aws_s3_bucket.images: Reading...
module.acm.data.aws_acm_certificate.wildcard_domain: Reading...
module.frontend.data.aws_s3_bucket.frontend: Read complete after 1s [id=annyang-frontend]
module.s3-images.data.aws_s3_bucket.images: Read complete after 1s [id=annyang-images]
module.s3-for-codedeploy.data.aws_s3_bucket.app_deploy: Read complete after 1s [id=annyang-for-codedeploy]
module.acm.data.aws_acm_certificate.main_domain: Read complete after 2s [id=arn:aws:acm:ap-northeast-2:124951343483:certificate/64fa3405-11c5-43c8-bfe2-1fe137310eb5]
module.acm.data.aws_acm_certificate.wildcard_domain: Read complete after 2s [id=arn:aws:acm:ap-northeast-2:124951343483:certificate/180cc689-0225-4b47-9ddb-c23c8b6c7954]

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ssm_parameter.ai_server_codedeploy_group will be created
  + resource "aws_ssm_parameter" "ai_server_codedeploy_group" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/server-deploy/ai-server/group_name"
      + tags           = {
          + "Name" = "annyang-ai-server-deploy-group"
        }
      + tags_all       = {
          + "Name" = "annyang-ai-server-deploy-group"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.ai_server_endpoint will be created
  + resource "aws_ssm_parameter" "ai_server_endpoint" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "AI Server Private IP Endpoint"
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/ai-server/url"
      + tags           = {
          + "Application" = "annyang"
          + "Name"        = "annyang-ai-server-endpoint"
        }
      + tags_all       = {
          + "Application" = "annyang"
          + "Name"        = "annyang-ai-server-endpoint"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.api_server_codedeploy_group will be created
  + resource "aws_ssm_parameter" "api_server_codedeploy_group" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/server-deploy/api-server/group_name"
      + tags           = {
          + "Name" = "annyang-api-server-deploy-group"
        }
      + tags_all       = {
          + "Name" = "annyang-api-server-deploy-group"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.cloudfront_distribution_id will be created
  + resource "aws_ssm_parameter" "cloudfront_distribution_id" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/frontend/cloudfront-distribution-id"
      + tags           = {
          + "Name" = "annyang-cloudfront-distribution-id"
        }
      + tags_all       = {
          + "Name" = "annyang-cloudfront-distribution-id"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.codedeploy_app will be created
  + resource "aws_ssm_parameter" "codedeploy_app" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/server-deploy/app_name"
      + tags           = {
          + "Name" = "annyang-server-deploy-app"
        }
      + tags_all       = {
          + "Name" = "annyang-server-deploy-app"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.db_password will be created
  + resource "aws_ssm_parameter" "db_password" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/db/password"
      + tags_all       = (known after apply)
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.db_url will be created
  + resource "aws_ssm_parameter" "db_url" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/db/url"
      + tags           = {
          + "Name" = "annyang-db-url"
        }
      + tags_all       = {
          + "Name" = "annyang-db-url"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.db_username will be created
  + resource "aws_ssm_parameter" "db_username" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/db/username"
      + tags           = {
          + "Name" = "annyang-db-username"
        }
      + tags_all       = {
          + "Name" = "annyang-db-username"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.deployment_bucket will be created
  + resource "aws_ssm_parameter" "deployment_bucket" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/server-deploy/bucket"
      + tags           = {
          + "Name" = "annyang-server-deploy-bucket"
        }
      + tags_all       = {
          + "Name" = "annyang-server-deploy-bucket"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # aws_ssm_parameter.ssh_user will be created
  + resource "aws_ssm_parameter" "ssh_user" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/ssh/user"
      + tags           = {
          + "Name" = "annyang-ssh-user"
        }
      + tags_all       = {
          + "Name" = "annyang-ssh-user"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.alb.aws_lb.main will be created
  + resource "aws_lb" "main" {
      + arn                                                          = (known after apply)
      + arn_suffix                                                   = (known after apply)
      + client_keep_alive                                            = 3600
      + desync_mitigation_mode                                       = "defensive"
      + dns_name                                                     = (known after apply)
      + drop_invalid_header_fields                                   = false
      + enable_deletion_protection                                   = false
      + enable_http2                                                 = true
      + enable_tls_version_and_cipher_suite_headers                  = false
      + enable_waf_fail_open                                         = false
      + enable_xff_client_port                                       = false
      + enable_zonal_shift                                           = false
      + enforce_security_group_inbound_rules_on_private_link_traffic = (known after apply)
      + id                                                           = (known after apply)
      + idle_timeout                                                 = 60
      + internal                                                     = false
      + ip_address_type                                              = (known after apply)
      + load_balancer_type                                           = "application"
      + name                                                         = "annyang-alb"
      + name_prefix                                                  = (known after apply)
      + preserve_host_header                                         = false
      + security_groups                                              = (known after apply)
      + subnets                                                      = (known after apply)
      + tags                                                         = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-alb"
        }
      + tags_all                                                     = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-alb"
        }
      + vpc_id                                                       = (known after apply)
      + xff_header_processing_mode                                   = "append"
      + zone_id                                                      = (known after apply)
    }

  # module.alb.aws_lb_listener.http will be created
  + resource "aws_lb_listener" "http" {
      + arn                                                                   = (known after apply)
      + id                                                                    = (known after apply)
      + load_balancer_arn                                                     = (known after apply)
      + port                                                                  = 80
      + protocol                                                              = "HTTP"
      + routing_http_request_x_amzn_mtls_clientcert_header_name               = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name        = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name          = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_subject_header_name       = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_validity_header_name      = (known after apply)
      + routing_http_request_x_amzn_tls_cipher_suite_header_name              = (known after apply)
      + routing_http_request_x_amzn_tls_version_header_name                   = (known after apply)
      + routing_http_response_access_control_allow_credentials_header_value   = (known after apply)
      + routing_http_response_access_control_allow_headers_header_value       = (known after apply)
      + routing_http_response_access_control_allow_methods_header_value       = (known after apply)
      + routing_http_response_access_control_allow_origin_header_value        = (known after apply)
      + routing_http_response_access_control_expose_headers_header_value      = (known after apply)
      + routing_http_response_access_control_max_age_header_value             = (known after apply)
      + routing_http_response_content_security_policy_header_value            = (known after apply)
      + routing_http_response_server_enabled                                  = (known after apply)
      + routing_http_response_strict_transport_security_header_value          = (known after apply)
      + routing_http_response_x_content_type_options_header_value             = (known after apply)
      + routing_http_response_x_frame_options_header_value                    = (known after apply)
      + ssl_policy                                                            = (known after apply)
      + tags_all                                                              = (known after apply)
      + tcp_idle_timeout_seconds                                              = (known after apply)

      + default_action {
          + order = (known after apply)
          + type  = "redirect"

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "443"
              + protocol    = "HTTPS"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
        }
    }

  # module.alb.aws_lb_listener.https will be created
  + resource "aws_lb_listener" "https" {
      + arn                                                                   = (known after apply)
      + certificate_arn                                                       = "arn:aws:acm:ap-northeast-2:124951343483:certificate/64fa3405-11c5-43c8-bfe2-1fe137310eb5"
      + id                                                                    = (known after apply)
      + load_balancer_arn                                                     = (known after apply)
      + port                                                                  = 443
      + protocol                                                              = "HTTPS"
      + routing_http_request_x_amzn_mtls_clientcert_header_name               = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_issuer_header_name        = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_leaf_header_name          = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_serial_number_header_name = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_subject_header_name       = (known after apply)
      + routing_http_request_x_amzn_mtls_clientcert_validity_header_name      = (known after apply)
      + routing_http_request_x_amzn_tls_cipher_suite_header_name              = (known after apply)
      + routing_http_request_x_amzn_tls_version_header_name                   = (known after apply)
      + routing_http_response_access_control_allow_credentials_header_value   = (known after apply)
      + routing_http_response_access_control_allow_headers_header_value       = (known after apply)
      + routing_http_response_access_control_allow_methods_header_value       = (known after apply)
      + routing_http_response_access_control_allow_origin_header_value        = (known after apply)
      + routing_http_response_access_control_expose_headers_header_value      = (known after apply)
      + routing_http_response_access_control_max_age_header_value             = (known after apply)
      + routing_http_response_content_security_policy_header_value            = (known after apply)
      + routing_http_response_server_enabled                                  = (known after apply)
      + routing_http_response_strict_transport_security_header_value          = (known after apply)
      + routing_http_response_x_content_type_options_header_value             = (known after apply)
      + routing_http_response_x_frame_options_header_value                    = (known after apply)
      + ssl_policy                                                            = "ELBSecurityPolicy-2016-08"
      + tags_all                                                              = (known after apply)
      + tcp_idle_timeout_seconds                                              = (known after apply)

      + default_action {
          + order            = (known after apply)
          + target_group_arn = (known after apply)
          + type             = "forward"
        }
    }

  # module.alb.aws_lb_listener_certificate.wildcard_cert will be created
  + resource "aws_lb_listener_certificate" "wildcard_cert" {
      + certificate_arn = "arn:aws:acm:ap-northeast-2:124951343483:certificate/180cc689-0225-4b47-9ddb-c23c8b6c7954"
      + id              = (known after apply)
      + listener_arn    = (known after apply)
    }

  # module.alb.aws_lb_target_group.main will be created
  + resource "aws_lb_target_group" "main" {
      + arn                                = (known after apply)
      + arn_suffix                         = (known after apply)
      + connection_termination             = (known after apply)
      + deregistration_delay               = "300"
      + id                                 = (known after apply)
      + ip_address_type                    = (known after apply)
      + lambda_multi_value_headers_enabled = false
      + load_balancer_arns                 = (known after apply)
      + load_balancing_algorithm_type      = (known after apply)
      + load_balancing_anomaly_mitigation  = (known after apply)
      + load_balancing_cross_zone_enabled  = (known after apply)
      + name                               = "annyang-target-group"
      + name_prefix                        = (known after apply)
      + port                               = 8080
      + preserve_client_ip                 = (known after apply)
      + protocol                           = "HTTP"
      + protocol_version                   = (known after apply)
      + proxy_protocol_v2                  = false
      + slow_start                         = 0
      + tags                               = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-target-group"
        }
      + tags_all                           = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-target-group"
        }
      + target_type                        = "instance"
      + vpc_id                             = (known after apply)

      + health_check {
          + enabled             = true
          + healthy_threshold   = 3
          + interval            = 30
          + matcher             = "200-299"
          + path                = "/health"
          + port                = "traffic-port"
          + protocol            = "HTTP"
          + timeout             = 5
          + unhealthy_threshold = 3
        }
    }

  # module.alb.aws_lb_target_group_attachment.main will be created
  + resource "aws_lb_target_group_attachment" "main" {
      + id               = (known after apply)
      + port             = 8080
      + target_group_arn = (known after apply)
      + target_id        = (known after apply)
    }

  # module.codedeploy.aws_codedeploy_app.server-app will be created
  + resource "aws_codedeploy_app" "server-app" {
      + application_id      = (known after apply)
      + arn                 = (known after apply)
      + compute_platform    = "Server"
      + github_account_name = (known after apply)
      + id                  = (known after apply)
      + linked_to_github    = (known after apply)
      + name                = "annyang-server-app"
      + tags_all            = (known after apply)
    }

  # module.codedeploy.aws_codedeploy_deployment_config.custom_config will be created
  + resource "aws_codedeploy_deployment_config" "custom_config" {
      + arn                    = (known after apply)
      + compute_platform       = "Server"
      + deployment_config_id   = (known after apply)
      + deployment_config_name = "annyang-deploy-config"
      + id                     = (known after apply)

      + minimum_healthy_hosts {
          + type  = "HOST_COUNT"
          + value = 0
        }
    }

  # module.codedeploy.aws_codedeploy_deployment_group.ai_server_deploy_group will be created
  + resource "aws_codedeploy_deployment_group" "ai_server_deploy_group" {
      + app_name                    = "annyang-server-app"
      + arn                         = (known after apply)
      + compute_platform            = (known after apply)
      + deployment_config_name      = "CodeDeployDefault.OneAtATime"
      + deployment_group_id         = (known after apply)
      + deployment_group_name       = "annyang-ai-server-group"
      + id                          = (known after apply)
      + outdated_instances_strategy = "UPDATE"
      + service_role_arn            = (known after apply)
      + tags_all                    = (known after apply)
      + termination_hook_enabled    = false

      + auto_rollback_configuration {
          + enabled = true
          + events  = [
              + "DEPLOYMENT_FAILURE",
            ]
        }

      + deployment_style {
          + deployment_option = "WITHOUT_TRAFFIC_CONTROL"
          + deployment_type   = "IN_PLACE"
        }

      + ec2_tag_set {
          + ec2_tag_filter {
              + key   = "Name"
              + type  = "KEY_AND_VALUE"
              + value = "annyang-ai-server-ec2"
            }
        }
    }

  # module.codedeploy.aws_codedeploy_deployment_group.api_server_deploy_group will be created
  + resource "aws_codedeploy_deployment_group" "api_server_deploy_group" {
      + app_name                    = "annyang-server-app"
      + arn                         = (known after apply)
      + compute_platform            = (known after apply)
      + deployment_config_name      = "CodeDeployDefault.OneAtATime"
      + deployment_group_id         = (known after apply)
      + deployment_group_name       = "annyang-api-server-group"
      + id                          = (known after apply)
      + outdated_instances_strategy = "UPDATE"
      + service_role_arn            = (known after apply)
      + tags_all                    = (known after apply)
      + termination_hook_enabled    = false

      + auto_rollback_configuration {
          + enabled = true
          + events  = [
              + "DEPLOYMENT_FAILURE",
            ]
        }

      + deployment_style {
          + deployment_option = "WITHOUT_TRAFFIC_CONTROL"
          + deployment_type   = "IN_PLACE"
        }

      + ec2_tag_set {
          + ec2_tag_filter {
              + key   = "Name"
              + type  = "KEY_AND_VALUE"
              + value = "annyang-api-server-ec2"
            }
        }
    }

  # module.codedeploy.aws_iam_role.codedeploy_role will be created
  + resource "aws_iam_role" "codedeploy_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "codedeploy.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "annyang-codedeploy-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.codedeploy.aws_iam_role_policy_attachment.codedeploy_policy will be created
  + resource "aws_iam_role_policy_attachment" "codedeploy_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole"
      + role       = "annyang-codedeploy-role"
    }

  # module.ec2.aws_iam_instance_profile.ec2_profile will be created
  + resource "aws_iam_instance_profile" "ec2_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = "annyang-api-server-ec2-profile"
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = "annyang-api-server-ec2-role"
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.ec2.aws_iam_role.ec2_role will be created
  + resource "aws_iam_role" "ec2_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "annyang-api-server-ec2-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.ec2.aws_iam_role_policy_attachment.ec2_codedeploy_policy will be created
  + resource "aws_iam_role_policy_attachment" "ec2_codedeploy_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy"
      + role       = "annyang-api-server-ec2-role"
    }

  # module.ec2.aws_iam_role_policy_attachment.ec2_s3_policy will be created
  + resource "aws_iam_role_policy_attachment" "ec2_s3_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
      + role       = "annyang-api-server-ec2-role"
    }

  # module.ec2.aws_iam_role_policy_attachment.ec2_ssm_policy will be created
  + resource "aws_iam_role_policy_attachment" "ec2_ssm_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
      + role       = "annyang-api-server-ec2-role"
    }

  # module.ec2.aws_instance.main will be created
  + resource "aws_instance" "main" {
      + ami                                  = "ami-0a463f27534bdf246"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = true
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + enable_primary_ipv6                  = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = "annyang-api-server-ec2-profile"
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t2.medium"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "annyang-key"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-api-server-ec2"
        }
      + tags_all                             = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-api-server-ec2"
        }
      + tenancy                              = (known after apply)
      + user_data                            = "d16150dfa2f366161254f87d3bd1c83cbaa98020"
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)
    }

  # module.ec2.aws_key_pair.key_pair will be created
  + resource "aws_key_pair" "key_pair" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "annyang-key"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }

  # module.ec2.aws_ssm_parameter.ec2_connection_info will be created
  + resource "aws_ssm_parameter" "ec2_connection_info" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "API 서버 접속 정보"
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/ec2/connection/info"
      + tags           = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-api-server-connection-info"
        }
      + tags_all       = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-api-server-connection-info"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.ec2.aws_ssm_parameter.ec2_private_key will be created
  + resource "aws_ssm_parameter" "ec2_private_key" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "API 서버 SSH 프라이빗 키"
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/ec2/ssh/private-key"
      + tags           = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-api-server-ssh-key"
        }
      + tags_all       = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-api-server-ssh-key"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.ec2.tls_private_key.ssh will be created
  + resource "tls_private_key" "ssh" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 4096
    }

  # module.ec2-ai.aws_iam_instance_profile.ec2_profile will be created
  + resource "aws_iam_instance_profile" "ec2_profile" {
      + arn         = (known after apply)
      + create_date = (known after apply)
      + id          = (known after apply)
      + name        = "annyang-ai-server-ec2-profile"
      + name_prefix = (known after apply)
      + path        = "/"
      + role        = "annyang-ai-server-ec2-role"
      + tags_all    = (known after apply)
      + unique_id   = (known after apply)
    }

  # module.ec2-ai.aws_iam_role.ec2_role will be created
  + resource "aws_iam_role" "ec2_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ec2.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "annyang-ai-server-ec2-role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)
    }

  # module.ec2-ai.aws_iam_role_policy_attachment.ec2_ecr_policy will be created
  + resource "aws_iam_role_policy_attachment" "ec2_ecr_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
      + role       = "annyang-ai-server-ec2-role"
    }

  # module.ec2-ai.aws_iam_role_policy_attachment.ec2_s3_policy will be created
  + resource "aws_iam_role_policy_attachment" "ec2_s3_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess"
      + role       = "annyang-ai-server-ec2-role"
    }

  # module.ec2-ai.aws_iam_role_policy_attachment.ec2_ssm_policy will be created
  + resource "aws_iam_role_policy_attachment" "ec2_ssm_policy" {
      + id         = (known after apply)
      + policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
      + role       = "annyang-ai-server-ec2-role"
    }

  # module.ec2-ai.aws_instance.ai_server will be created
  + resource "aws_instance" "ai_server" {
      + ami                                  = "ami-0a463f27534bdf246"
      + arn                                  = (known after apply)
      + associate_public_ip_address          = true
      + availability_zone                    = (known after apply)
      + cpu_core_count                       = (known after apply)
      + cpu_threads_per_core                 = (known after apply)
      + disable_api_stop                     = (known after apply)
      + disable_api_termination              = (known after apply)
      + ebs_optimized                        = (known after apply)
      + enable_primary_ipv6                  = (known after apply)
      + get_password_data                    = false
      + host_id                              = (known after apply)
      + host_resource_group_arn              = (known after apply)
      + iam_instance_profile                 = "annyang-ai-server-ec2-profile"
      + id                                   = (known after apply)
      + instance_initiated_shutdown_behavior = (known after apply)
      + instance_lifecycle                   = (known after apply)
      + instance_state                       = (known after apply)
      + instance_type                        = "t3.large"
      + ipv6_address_count                   = (known after apply)
      + ipv6_addresses                       = (known after apply)
      + key_name                             = "annyang-ai-key"
      + monitoring                           = (known after apply)
      + outpost_arn                          = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      + placement_partition_number           = (known after apply)
      + primary_network_interface_id         = (known after apply)
      + private_dns                          = (known after apply)
      + private_ip                           = (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      + secondary_private_ips                = (known after apply)
      + security_groups                      = (known after apply)
      + source_dest_check                    = true
      + spot_instance_request_id             = (known after apply)
      + subnet_id                            = (known after apply)
      + tags                                 = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-ec2"
        }
      + tags_all                             = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-ec2"
        }
      + tenancy                              = (known after apply)
      + user_data                            = "687c5ebbc060ae9ce9c2fcf9f3a1b4c7833f471b"
      + user_data_base64                     = (known after apply)
      + user_data_replace_on_change          = false
      + vpc_security_group_ids               = (known after apply)

      + root_block_device {
          + delete_on_termination = true
          + device_name           = (known after apply)
          + encrypted             = true
          + iops                  = 3000
          + kms_key_id            = (known after apply)
          + tags_all              = (known after apply)
          + throughput            = 125
          + volume_id             = (known after apply)
          + volume_size           = 30
          + volume_type           = "gp3"
        }
    }

  # module.ec2-ai.aws_key_pair.key_pair will be created
  + resource "aws_key_pair" "key_pair" {
      + arn             = (known after apply)
      + fingerprint     = (known after apply)
      + id              = (known after apply)
      + key_name        = "annyang-ai-key"
      + key_name_prefix = (known after apply)
      + key_pair_id     = (known after apply)
      + key_type        = (known after apply)
      + public_key      = (known after apply)
      + tags_all        = (known after apply)
    }

  # module.ec2-ai.aws_ssm_parameter.ai_server_connection_info will be created
  + resource "aws_ssm_parameter" "ai_server_connection_info" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "AI 서버 접속 정보"
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/ec2-ai/connection/info"
      + tags           = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-connection-info"
        }
      + tags_all       = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-connection-info"
        }
      + tier           = (known after apply)
      + type           = "String"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.ec2-ai.aws_ssm_parameter.ai_server_private_key will be created
  + resource "aws_ssm_parameter" "ai_server_private_key" {
      + arn            = (known after apply)
      + data_type      = (known after apply)
      + description    = "AI 서버 SSH 프라이빗 키"
      + has_value_wo   = (known after apply)
      + id             = (known after apply)
      + insecure_value = (known after apply)
      + key_id         = (known after apply)
      + name           = "/annyang/ec2-ai/ssh/private-key"
      + tags           = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-ssh-key"
        }
      + tags_all       = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-ssh-key"
        }
      + tier           = (known after apply)
      + type           = "SecureString"
      + value          = (sensitive value)
      + version        = (known after apply)
    }

  # module.ec2-ai.tls_private_key.ssh will be created
  + resource "tls_private_key" "ssh" {
      + algorithm                     = "RSA"
      + ecdsa_curve                   = "P224"
      + id                            = (known after apply)
      + private_key_openssh           = (sensitive value)
      + private_key_pem               = (sensitive value)
      + private_key_pem_pkcs8         = (sensitive value)
      + public_key_fingerprint_md5    = (known after apply)
      + public_key_fingerprint_sha256 = (known after apply)
      + public_key_openssh            = (known after apply)
      + public_key_pem                = (known after apply)
      + rsa_bits                      = 4096
    }

  # module.frontend.aws_cloudfront_distribution.frontend will be created
  + resource "aws_cloudfront_distribution" "frontend" {
      + aliases                         = [
          + "hi-meow.kro.kr",
        ]
      + arn                             = (known after apply)
      + caller_reference                = (known after apply)
      + comment                         = "annyang frontend distribution"
      + continuous_deployment_policy_id = (known after apply)
      + default_root_object             = "index.html"
      + domain_name                     = (known after apply)
      + enabled                         = true
      + etag                            = (known after apply)
      + hosted_zone_id                  = (known after apply)
      + http_version                    = "http2"
      + id                              = (known after apply)
      + in_progress_validation_batches  = (known after apply)
      + is_ipv6_enabled                 = true
      + last_modified_time              = (known after apply)
      + price_class                     = "PriceClass_200"
      + retain_on_delete                = false
      + staging                         = false
      + status                          = (known after apply)
      + tags                            = {
          + "Name" = "annyang-frontend-distribution"
        }
      + tags_all                        = {
          + "Name" = "annyang-frontend-distribution"
        }
      + trusted_key_groups              = (known after apply)
      + trusted_signers                 = (known after apply)
      + wait_for_deployment             = true

      + custom_error_response {
          + error_caching_min_ttl = 10
          + error_code            = 400
          + response_code         = 200
          + response_page_path    = "/index.html"
        }
      + custom_error_response {
          + error_caching_min_ttl = 10
          + error_code            = 403
          + response_code         = 200
          + response_page_path    = "/index.html"
        }
      + custom_error_response {
          + error_caching_min_ttl = 10
          + error_code            = 404
          + response_code         = 200
          + response_page_path    = "/index.html"
        }
      + custom_error_response {
          + error_caching_min_ttl = 10
          + error_code            = 500
          + response_code         = 200
          + response_page_path    = "/index.html"
        }

      + default_cache_behavior {
          + allowed_methods        = [
              + "GET",
              + "HEAD",
              + "OPTIONS",
            ]
          + cached_methods         = [
              + "GET",
              + "HEAD",
            ]
          + compress               = true
          + default_ttl            = 3600
          + max_ttl                = 86400
          + min_ttl                = 0
          + target_origin_id       = "S3-annyang-frontend"
          + trusted_key_groups     = (known after apply)
          + trusted_signers        = (known after apply)
          + viewer_protocol_policy = "redirect-to-https"

          + forwarded_values {
              + headers                 = (known after apply)
              + query_string            = false
              + query_string_cache_keys = (known after apply)

              + cookies {
                  + forward           = "none"
                  + whitelisted_names = (known after apply)
                }
            }
        }

      + origin {
          + connection_attempts = 3
          + connection_timeout  = 10
          + domain_name         = "annyang-frontend.s3.ap-northeast-2.amazonaws.com"
          + origin_id           = "S3-annyang-frontend"

          + s3_origin_config {
              + origin_access_identity = (known after apply)
            }
        }

      + restrictions {
          + geo_restriction {
              + locations        = (known after apply)
              + restriction_type = "none"
            }
        }

      + viewer_certificate {
          + acm_certificate_arn            = "arn:aws:acm:us-east-1:124951343483:certificate/7199e1d7-472a-4f28-bab0-fe52b5bed8ca"
          + cloudfront_default_certificate = false
          + minimum_protocol_version       = "TLSv1.2_2021"
          + ssl_support_method             = "sni-only"
        }
    }

  # module.frontend.aws_cloudfront_origin_access_identity.frontend_oai will be created
  + resource "aws_cloudfront_origin_access_identity" "frontend_oai" {
      + arn                             = (known after apply)
      + caller_reference                = (known after apply)
      + cloudfront_access_identity_path = (known after apply)
      + comment                         = "annyang frontend OAI"
      + etag                            = (known after apply)
      + iam_arn                         = (known after apply)
      + id                              = (known after apply)
      + s3_canonical_user_id            = (known after apply)
    }

  # module.frontend.aws_s3_bucket_policy.frontend will be created
  + resource "aws_s3_bucket_policy" "frontend" {
      + bucket = "annyang-frontend"
      + id     = (known after apply)
      + policy = (known after apply)
    }

  # module.rds.aws_db_instance.main will be created
  + resource "aws_db_instance" "main" {
      + address                               = (known after apply)
      + allocated_storage                     = 20
      + apply_immediately                     = false
      + arn                                   = (known after apply)
      + auto_minor_version_upgrade            = true
      + availability_zone                     = (known after apply)
      + backup_retention_period               = (known after apply)
      + backup_target                         = (known after apply)
      + backup_window                         = (known after apply)
      + ca_cert_identifier                    = (known after apply)
      + character_set_name                    = (known after apply)
      + copy_tags_to_snapshot                 = false
      + database_insights_mode                = (known after apply)
      + db_name                               = "hi_meow"
      + db_subnet_group_name                  = "annyang-db-subnet-group"
      + dedicated_log_volume                  = false
      + delete_automated_backups              = true
      + domain_fqdn                           = (known after apply)
      + endpoint                              = (known after apply)
      + engine                                = "mariadb"
      + engine_lifecycle_support              = (known after apply)
      + engine_version                        = "10.6"
      + engine_version_actual                 = (known after apply)
      + hosted_zone_id                        = (known after apply)
      + id                                    = (known after apply)
      + identifier                            = "annyang-db"
      + identifier_prefix                     = (known after apply)
      + instance_class                        = "db.t3.micro"
      + iops                                  = (known after apply)
      + kms_key_id                            = (known after apply)
      + latest_restorable_time                = (known after apply)
      + license_model                         = (known after apply)
      + listener_endpoint                     = (known after apply)
      + maintenance_window                    = (known after apply)
      + master_user_secret                    = (known after apply)
      + master_user_secret_kms_key_id         = (known after apply)
      + monitoring_interval                   = 0
      + monitoring_role_arn                   = (known after apply)
      + multi_az                              = false
      + nchar_character_set_name              = (known after apply)
      + network_type                          = (known after apply)
      + option_group_name                     = (known after apply)
      + parameter_group_name                  = "annyang-db-params"
      + password                              = (sensitive value)
      + performance_insights_enabled          = false
      + performance_insights_kms_key_id       = (known after apply)
      + performance_insights_retention_period = (known after apply)
      + port                                  = (known after apply)
      + publicly_accessible                   = false
      + replica_mode                          = (known after apply)
      + replicas                              = (known after apply)
      + resource_id                           = (known after apply)
      + skip_final_snapshot                   = true
      + snapshot_identifier                   = (known after apply)
      + status                                = (known after apply)
      + storage_encrypted                     = true
      + storage_throughput                    = (known after apply)
      + storage_type                          = "gp2"
      + tags                                  = {
          + "Name" = "annyang-db"
        }
      + tags_all                              = {
          + "Name" = "annyang-db"
        }
      + timezone                              = (known after apply)
      + username                              = "admin"
      + vpc_security_group_ids                = (known after apply)
    }

  # module.rds.aws_db_parameter_group.main will be created
  + resource "aws_db_parameter_group" "main" {
      + arn          = (known after apply)
      + description  = "Custom parameter group for annyang database"
      + family       = "mariadb10.6"
      + id           = (known after apply)
      + name         = "annyang-db-params"
      + name_prefix  = (known after apply)
      + skip_destroy = false
      + tags         = {
          + "Name" = "annyang-db-params"
        }
      + tags_all     = {
          + "Name" = "annyang-db-params"
        }

      + parameter {
          + apply_method = "immediate"
          + name         = "character_set_client"
          + value        = "utf8mb4"
        }
      + parameter {
          + apply_method = "immediate"
          + name         = "character_set_connection"
          + value        = "utf8mb4"
        }
      + parameter {
          + apply_method = "immediate"
          + name         = "character_set_database"
          + value        = "utf8mb4"
        }
      + parameter {
          + apply_method = "immediate"
          + name         = "character_set_results"
          + value        = "utf8mb4"
        }
      + parameter {
          + apply_method = "immediate"
          + name         = "character_set_server"
          + value        = "utf8mb4"
        }
      + parameter {
          + apply_method = "immediate"
          + name         = "collation_server"
          + value        = "utf8mb4_unicode_ci"
        }
    }

  # module.rds.aws_db_subnet_group.main will be created
  + resource "aws_db_subnet_group" "main" {
      + arn                     = (known after apply)
      + description             = "Managed by Terraform"
      + id                      = (known after apply)
      + name                    = "annyang-db-subnet-group"
      + name_prefix             = (known after apply)
      + subnet_ids              = (known after apply)
      + supported_network_types = (known after apply)
      + tags                    = {
          + "Name" = "annyang-db-subnet-group"
        }
      + tags_all                = {
          + "Name" = "annyang-db-subnet-group"
        }
      + vpc_id                  = (known after apply)
    }

  # module.sg.aws_security_group.ai_server will be created
  + resource "aws_security_group" "ai_server" {
      + arn                    = (known after apply)
      + description            = "Security group for AI Server instances"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow all outbound traffic"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "20.161.58.226/32",
                ]
              + description      = "Allow SSH access from admin IP"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
          + {
              + cidr_blocks      = []
              + description      = "Allow traffic from API Server to AI Server"
              + from_port        = 5000
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = (known after apply)
              + self             = false
              + to_port          = 5000
            },
        ]
      + name                   = "annyang-ai-server-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-sg"
        }
      + tags_all               = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-ai-server-sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.sg.aws_security_group.alb will be created
  + resource "aws_security_group" "alb" {
      + arn                    = (known after apply)
      + description            = "Security group for ALB"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow all outbound traffic"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow HTTP traffic"
              + from_port        = 80
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 80
            },
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow HTTPS traffic"
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "annyang-alb-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-alb-sg"
        }
      + tags_all               = {
          + "Application" = "annyang"
          + "ManagedBy"   = "terraform"
          + "Name"        = "annyang-alb-sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.sg.aws_security_group.ec2 will be created
  + resource "aws_security_group" "ec2" {
      + arn                    = (known after apply)
      + description            = "Security group for EC2 instances"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = "Allow all outbound traffic"
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = [
                  + "20.161.58.226/32",
                ]
              + description      = "Allow SSH access from admin IP"
              + from_port        = 22
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 22
            },
          + {
              + cidr_blocks      = []
              + description      = "Allow traffic from ALB to EC2 instance"
              + from_port        = 8080
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = (known after apply)
              + self             = false
              + to_port          = 8080
            },
        ]
      + name                   = "annyang-api-server-ec2-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "annyang-api-server-ec2-sg"
        }
      + tags_all               = {
          + "Name" = "annyang-api-server-ec2-sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.sg.aws_security_group.rds will be created
  + resource "aws_security_group" "rds" {
      + arn                    = (known after apply)
      + description            = "Security group for RDS instances"
      + egress                 = (known after apply)
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = "Allow MariaDB connections only from the EC2 instances"
              + from_port        = 3306
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = (known after apply)
              + self             = false
              + to_port          = 3306
            },
        ]
      + name                   = "annyang-rds-sg"
      + name_prefix            = (known after apply)
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Name" = "annyang-rds-sg"
        }
      + tags_all               = {
          + "Name" = "annyang-rds-sg"
        }
      + vpc_id                 = (known after apply)
    }

  # module.vpc.aws_internet_gateway.main will be created
  + resource "aws_internet_gateway" "main" {
      + arn      = (known after apply)
      + id       = (known after apply)
      + owner_id = (known after apply)
      + tags     = {
          + "Name" = "annyang-igw"
        }
      + tags_all = {
          + "Name" = "annyang-igw"
        }
      + vpc_id   = (known after apply)
    }

  # module.vpc.aws_route_table.private will be created
  + resource "aws_route_table" "private" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = (known after apply)
      + tags             = {
          + "Name" = "annyang-private-rt"
        }
      + tags_all         = {
          + "Name" = "annyang-private-rt"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.aws_route_table.public will be created
  + resource "aws_route_table" "public" {
      + arn              = (known after apply)
      + id               = (known after apply)
      + owner_id         = (known after apply)
      + propagating_vgws = (known after apply)
      + route            = [
          + {
              + carrier_gateway_id         = ""
              + cidr_block                 = "0.0.0.0/0"
              + core_network_arn           = ""
              + destination_prefix_list_id = ""
              + egress_only_gateway_id     = ""
              + gateway_id                 = (known after apply)
              + ipv6_cidr_block            = ""
              + local_gateway_id           = ""
              + nat_gateway_id             = ""
              + network_interface_id       = ""
              + transit_gateway_id         = ""
              + vpc_endpoint_id            = ""
              + vpc_peering_connection_id  = ""
            },
        ]
      + tags             = {
          + "Name" = "annyang-public-rt"
        }
      + tags_all         = {
          + "Name" = "annyang-public-rt"
        }
      + vpc_id           = (known after apply)
    }

  # module.vpc.aws_route_table_association.private["subnet-a"] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.private["subnet-b"] will be created
  + resource "aws_route_table_association" "private" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public["subnet-a"] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_route_table_association.public["subnet-b"] will be created
  + resource "aws_route_table_association" "public" {
      + id             = (known after apply)
      + route_table_id = (known after apply)
      + subnet_id      = (known after apply)
    }

  # module.vpc.aws_subnet.private["subnet-a"] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-2a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.3.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "AvailabilityZone" = "ap-northeast-2a"
          + "Name"             = "annyang-private-subnet-ap-northeast-2a"
          + "Type"             = "private"
        }
      + tags_all                                       = {
          + "AvailabilityZone" = "ap-northeast-2a"
          + "Name"             = "annyang-private-subnet-ap-northeast-2a"
          + "Type"             = "private"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.private["subnet-b"] will be created
  + resource "aws_subnet" "private" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-2b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.4.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = false
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "AvailabilityZone" = "ap-northeast-2b"
          + "Name"             = "annyang-private-subnet-ap-northeast-2b"
          + "Type"             = "private"
        }
      + tags_all                                       = {
          + "AvailabilityZone" = "ap-northeast-2b"
          + "Name"             = "annyang-private-subnet-ap-northeast-2b"
          + "Type"             = "private"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.public["subnet-a"] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-2a"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.1.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "AvailabilityZone" = "ap-northeast-2a"
          + "Name"             = "annyang-public-subnet-ap-northeast-2a"
          + "Type"             = "public"
        }
      + tags_all                                       = {
          + "AvailabilityZone" = "ap-northeast-2a"
          + "Name"             = "annyang-public-subnet-ap-northeast-2a"
          + "Type"             = "public"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_subnet.public["subnet-b"] will be created
  + resource "aws_subnet" "public" {
      + arn                                            = (known after apply)
      + assign_ipv6_address_on_creation                = false
      + availability_zone                              = "ap-northeast-2b"
      + availability_zone_id                           = (known after apply)
      + cidr_block                                     = "10.0.2.0/24"
      + enable_dns64                                   = false
      + enable_resource_name_dns_a_record_on_launch    = false
      + enable_resource_name_dns_aaaa_record_on_launch = false
      + id                                             = (known after apply)
      + ipv6_cidr_block_association_id                 = (known after apply)
      + ipv6_native                                    = false
      + map_public_ip_on_launch                        = true
      + owner_id                                       = (known after apply)
      + private_dns_hostname_type_on_launch            = (known after apply)
      + tags                                           = {
          + "AvailabilityZone" = "ap-northeast-2b"
          + "Name"             = "annyang-public-subnet-ap-northeast-2b"
          + "Type"             = "public"
        }
      + tags_all                                       = {
          + "AvailabilityZone" = "ap-northeast-2b"
          + "Name"             = "annyang-public-subnet-ap-northeast-2b"
          + "Type"             = "public"
        }
      + vpc_id                                         = (known after apply)
    }

  # module.vpc.aws_vpc.main will be created
  + resource "aws_vpc" "main" {
      + arn                                  = (known after apply)
      + cidr_block                           = "10.0.0.0/16"
      + default_network_acl_id               = (known after apply)
      + default_route_table_id               = (known after apply)
      + default_security_group_id            = (known after apply)
      + dhcp_options_id                      = (known after apply)
      + enable_dns_hostnames                 = true
      + enable_dns_support                   = true
      + enable_network_address_usage_metrics = (known after apply)
      + id                                   = (known after apply)
      + instance_tenancy                     = "default"
      + ipv6_association_id                  = (known after apply)
      + ipv6_cidr_block                      = (known after apply)
      + ipv6_cidr_block_network_border_group = (known after apply)
      + main_route_table_id                  = (known after apply)
      + owner_id                             = (known after apply)
      + tags                                 = {
          + "Name" = "annyang-vpc"
        }
      + tags_all                             = {
          + "Name" = "annyang-vpc"
        }
    }

Plan: 64 to add, 0 to change, 0 to destroy.

Changes to Outputs:
  + ai_server_private_ip       = (known after apply)
  + ai_server_private_key_pem  = (sensitive value)
  + ai_server_public_ip        = (known after apply)
  + alb_dns_name               = (known after apply)
  + ec2_private_key_pem        = (sensitive value)
  + ec2_public_ip              = (known after apply)
  + frontend_cloudfront_domain = (known after apply)
  + frontend_s3_bucket         = "annyang-frontend"
  + mysql_connection_command   = (known after apply)
  + ssh_access_guide           = {
      + ai_server_access  = {
          + cleanup = "rm -f ai_server.pem"
          + step1   = "aws ssm get-parameter --name '/annyang/ec2-ai/ssh/private-key' --with-decryption --query 'Parameter.Value' --output text > ai_server.pem"
          + step2   = "chmod 600 ai_server.pem"
          + step3   = (known after apply)
        }
      + api_server_access = {
          + cleanup = "rm -f api_server.pem"
          + step1   = "aws ssm get-parameter --name '/annyang/ec2/ssh/private-key' --with-decryption --query 'Parameter.Value' --output text > api_server.pem"
          + step2   = "chmod 600 api_server.pem"
          + step3   = (known after apply)
        }
      + connection_info   = {
          + ai_server  = "aws ssm get-parameter --name '/annyang/ec2-ai/connection/info' --query 'Parameter.Value' --output text | jq ."
          + api_server = "aws ssm get-parameter --name '/annyang/ec2/connection/info' --query 'Parameter.Value' --output text | jq ."
        }
      + message           = "SSH 키가 SSM Parameter Store에 안전하게 저장되었습니다."
      + note              = "Session Manager를 사용하면 SSH 키 없이도 접속 가능합니다."
      + session_manager   = {
          + ai_server  = (known after apply)
          + api_server = (known after apply)
        }
    }
  + ssm_parameters             = {
      + cloudfront_distribution_id = "/annyang/frontend/cloudfront-distribution-id"
      + codedeploy_app             = "/annyang/server-deploy/app_name"
      + codedeploy_group           = "/annyang/server-deploy/api-server/group_name"
      + db_password                = "/annyang/db/password"
      + db_url                     = "/annyang/db/url"
      + db_username                = "/annyang/db/username"
      + deployment_bucket          = "/annyang/server-deploy/bucket"
    }

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.

Pusher: @chisanahn, Action: pull_request

fix: RDS 인스턴스에 암호화 설정 추가

a899633

chisanahn self-assigned this Nov 2, 2025

chisanahn merged commit c112de5 into main Nov 2, 2025
1 check passed

chisanahn deleted the fix/storage_encrypt branch November 2, 2025 12:42

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: RDS 인스턴스에 암호화 설정 추가#31

fix: RDS 인스턴스에 암호화 설정 추가#31
chisanahn merged 1 commit intomainfrom
fix/storage_encrypt

chisanahn commented Nov 2, 2025

Uh oh!

github-actions bot commented Nov 2, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

chisanahn commented Nov 2, 2025

Uh oh!

github-actions bot commented Nov 2, 2025

🏗️ Terraform Plan

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant