docs: MOA 브랜딩 통일 + 첫날 스텁 문서 현행화

[yeounhyeok]

개요

문서가 실제 인프라를 제대로 못 드러내던 문제를 정리합니다. 첫날(5/18) 만든 스텁 문서들이 그대로 남아 placeholder/draft/기초공사 단계라고 적혀 있어, 실제로 완성된 인프라(GitOps·OIDC·Cloudflare Tunnel·IMDSv2 등)를 미완성처럼 보이게 만들고 있었습니다. + 브랜딩을 MOA로 통일합니다.

변경 사항

• 루트 README 깔끔하게 재작성 — 아키텍처 다이어그램을 앞에 두어 구축 내용이 바로 보이게, MOA 브랜딩, 네이밍 노트 추가
• terraform/README — ec2/rds: 아직 placeholder, 다음 단계 예정(사실과 반대) 표현 제거, 실제 4개 모듈·state·드리프트 처리 반영. 누락돼 있던 s3 모듈 추가
• docs/architecture — 첫날 Infrastructure Draft / shallow scaffold 스텁을 현재 dev 실제 아키텍처(다이어그램 + 컴포넌트별 설명)로 교체
• CLAUDE.md — 기초공사 단계 / 깊게 구현하지 말 것, 존재하지 않는 modules/compute·bastion 등 옛 전제를 운영 중 인프라 기준으로 재작성

비고

• 실제 AWS 리소스명(sw-hub-*, swhub)은 운영 중(state 버킷·IAM role·RDS 등)이라 개명하지 않음 — 문서/브랜딩만 MOA로 통일하고, 리소스 prefix의 MOA 통일은 별도 마이그레이션(destroy/재생성 동반)으로 분리.
• 코드 변경 없음. 문서만 변경.

[github-actions]

Terraform Plan success

plan 상세

module.ec2.tls_private_key.this: Refreshing state... [id=35a5bb52f7a663dd07bd6a683ab633d918df27bb]
data.cloudflare_zone.moa: Reading...
random_id.cloudflare_tunnel_secret: Refreshing state... [id=Jj3wfVN3wQvAYoNfJrqNZwHe4kaX5BfvoDEYgwxTWd8]
module.rds.random_password.db: Refreshing state... [id=none]
module.ec2.local_sensitive_file.private_key: Refreshing state... [id=dc2b1688c4ecf264ef497f0621b825cf769990d2]
cloudflare_zero_trust_tunnel_cloudflared.moa: Refreshing state... [id=7e214e22-c418-4735-9311-2e340551dbf1]
local_sensitive_file.ansible_secrets: Refreshing state... [id=78caa92aa3b6856a8e2cdcd3badb6c5768f63b37]
data.cloudflare_zone.moa: Read complete after 0s [id=6fd90af1d5f578cc4ebcfda4c5a1dd25]
data.aws_caller_identity.current: Reading...
data.aws_iam_policy_document.ec2_assume: Reading...
module.network.data.aws_availability_zones.available: Reading...
module.ec2.aws_key_pair.this: Refreshing state... [id=sw-hub-dev-key]
module.network.aws_vpc.this: Refreshing state... [id=vpc-0d0c0b3865566d128]
data.aws_iam_policy_document.ec2_assume: Read complete after 0s [id=2851119427]
module.ec2.data.aws_ami.ubuntu: Reading...
aws_iam_role.app: Refreshing state... [id=sw-hub-dev-app-role]
aws_iam_instance_profile.app: Refreshing state... [id=sw-hub-dev-app-profile]
data.aws_caller_identity.current: Read complete after 0s [id=850919911012]
module.s3["uploads"].aws_s3_bucket.this: Refreshing state... [id=sw-hub-dev-uploads-850919911012]
module.s3["backups"].aws_s3_bucket.this: Refreshing state... [id=sw-hub-dev-backups-850919911012]
cloudflare_record.moa_hostname: Refreshing state... [id=8e371bb1117b727747287690283413ad]
cloudflare_zero_trust_tunnel_cloudflared_config.moa: Refreshing state... [id=7e214e22-c418-4735-9311-2e340551dbf1]
module.network.data.aws_availability_zones.available: Read complete after 1s [id=ap-northeast-2]
module.ec2.data.aws_ami.ubuntu: Read complete after 1s [id=ami-09a72717a566d88fa]
module.network.aws_internet_gateway.this: Refreshing state... [id=igw-0c0046e95fcdf54a4]
module.network.aws_subnet.private[0]: Refreshing state... [id=subnet-04075fc372936edb5]
module.network.aws_subnet.public[0]: Refreshing state... [id=subnet-0b9f213f0ec40c775]
module.network.aws_subnet.private[1]: Refreshing state... [id=subnet-0dfff48c6fcb65f8e]
module.network.aws_subnet.public[1]: Refreshing state... [id=subnet-00ac26cf16b904e54]
module.network.aws_route_table.private: Refreshing state... [id=rtb-071916e258e0f8543]
module.network.aws_route_table.public: Refreshing state... [id=rtb-063a31231e5c9c80b]
module.network.aws_route_table_association.private[1]: Refreshing state... [id=rtbassoc-09c19314be8fb3861]
module.network.aws_route_table_association.private[0]: Refreshing state... [id=rtbassoc-055bb8f7431f193e0]
module.rds.aws_db_subnet_group.this: Refreshing state... [id=sw-hub-dev-db-subnet-group]
module.ec2.aws_security_group.this: Refreshing state... [id=sg-0ad8add3d38300814]
module.network.aws_route_table_association.public[1]: Refreshing state... [id=rtbassoc-0e9d371d632d5b1ac]
module.network.aws_route_table_association.public[0]: Refreshing state... [id=rtbassoc-0e429d4723cd5a767]
module.rds.aws_security_group.this: Refreshing state... [id=sg-06d151aff52ec211a]
module.ec2.aws_instance.this[0]: Refreshing state... [id=i-0fa0e4a4342acb626]
module.s3["uploads"].aws_s3_bucket_server_side_encryption_configuration.this: Refreshing state... [id=sw-hub-dev-uploads-850919911012]
module.s3["backups"].aws_s3_bucket_versioning.this: Refreshing state... [id=sw-hub-dev-backups-850919911012]
module.s3["uploads"].aws_s3_bucket_versioning.this: Refreshing state... [id=sw-hub-dev-uploads-850919911012]
module.s3["backups"].aws_s3_bucket_server_side_encryption_configuration.this: Refreshing state... [id=sw-hub-dev-backups-850919911012]
module.s3["uploads"].aws_s3_bucket_public_access_block.this: Refreshing state... [id=sw-hub-dev-uploads-850919911012]
module.s3["backups"].aws_s3_bucket_public_access_block.this: Refreshing state... [id=sw-hub-dev-backups-850919911012]
module.s3["backups"].aws_s3_bucket_lifecycle_configuration.this[0]: Refreshing state... [id=sw-hub-dev-backups-850919911012]
module.rds.aws_db_instance.this: Refreshing state... [id=db-KAC2ZLYDLRTDU65OGQ5E6DJEAM]
data.aws_iam_policy_document.s3_access: Reading...
data.aws_iam_policy_document.s3_access: Read complete after 0s [id=2628098098]
aws_iam_role_policy.s3_access: Refreshing state... [id=sw-hub-dev-app-role:s3-access]
local_file.ansible_hosts: Refreshing state... [id=db6661ffa28a84f2bddfa42780bea36daddb0300]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the
last "terraform apply" which may have affected this plan:

  # module.ec2.local_sensitive_file.private_key has been deleted
  - resource "local_sensitive_file" "private_key" {
      - filename             = "../../modules/ec2/../../../sw-hub-dev.pem" -> null
        id                   = "dc2b1688c4ecf264ef497f0621b825cf769990d2"
        # (9 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.

─────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # local_sensitive_file.ansible_secrets will be created
  + resource "local_sensitive_file" "ansible_secrets" {
      + content              = (sensitive value)
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0700"
      + file_permission      = "0600"
      + filename             = "./../../../ansible/inventories/dev/group_vars/all/secrets.yml"
      + id                   = (known after apply)
    }

  # module.ec2.local_sensitive_file.private_key will be created
  + resource "local_sensitive_file" "private_key" {
      + content              = (sensitive value)
      + content_base64sha256 = (known after apply)
      + content_base64sha512 = (known after apply)
      + content_md5          = (known after apply)
      + content_sha1         = (known after apply)
      + content_sha256       = (known after apply)
      + content_sha512       = (known after apply)
      + directory_permission = "0700"
      + file_permission      = "0600"
      + filename             = "../../modules/ec2/../../../sw-hub-dev.pem"
      + id                   = (known after apply)
    }

Plan: 2 to add, 0 to change, 0 to destroy.

Warning: Argument is deprecated

  with cloudflare_record.moa_hostname,
  on cloudflare.tf line 47, in resource "cloudflare_record" "moa_hostname":
  47:   value   = cloudflare_zero_trust_tunnel_cloudflared.moa.cname

`value` is deprecated in favour of `content` and will be removed in the next
major release.

─────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't
guarantee to take exactly these actions if you run "terraform apply" now.
Releasing state lock. This may take a few moments...