feat: 모니터링 시스템 인프라 구성

environment/monitoring/main.tf

@@ -1 +1,29 @@
-# TODO:: 모니터링용 EC2 인스턴스 및 보안 그룹 리소스 정의 필요
+# 기본 VPC 정보 조회
+data "aws_vpc" "default" {
+  default = true
+}
+
+module "monitoring_stack" {
+  # 기존 app_stack 모듈을 재사용하거나, 모니터링 전용 모듈이 있다면 경로 수정
+  source = "../../modules/monitoring_stack"
+
+  env_name          = "monitoring"
+  vpc_id            = data.aws_vpc.default.id
+
+  ami_id            = var.ami_id
+
+  key_name          = var.key_name
+
+  instance_type     = var.monitoring_instance_type
+
+  private_ip = var.private_ip
+
+  # Nginx 및 도메인 설정
+  domain_name = var.domain_name
+  cert_email  = var.cert_email
+  nginx_conf_name = var.nginx_conf_name
+
+
+  # Grafana(3000), Prometheus(9090), Loki(3100) 포트 개방
+  monitoring_ingress_rules = var.monitoring_ingress_rules
+}

environment/monitoring/variables.tf

@@ -1 +1,51 @@
-# TODO:: 모니터링 인스턴스용 변수 정의
+variable "ami_id" {
+  description = "AMI ID for the monitoring environment"
+  type        = string
+}
+
+variable "monitoring_instance_type" {
+  description = "Instance type for monitoring (e.g., t3.medium or larger recommended)"
+  type        = string
+}
+
+variable "key_name" {
+  description = "SSH Key pair name"
+  type        = string
+}
+
+variable "monitoring_ingress_rules" {
+  description = "Ingress rules for Grafana(3000), Prometheus(9090), Loki(3100)"
+  type = list(object({
+    from_port   = number
+    to_port     = number
+    protocol    = string
+    cidr_blocks = list(string)
+    description = string
+  }))
+}
+
+variable "private_ip" {
+  description = "Fixed private ip for alloy config"
+  type = string
+}
+
+variable "ebs_volume_size" {
+  description = "Disk size for Prometheus TSDB (GB)"
+  type        = number
+  default     = 50
+}
+
+variable "domain_name" {
+  description = "Domain name for Grafana dashboard (e.g., monitor.example.com)"
+  type        = string
+}
+
+variable "cert_email" {
+  description = "email for Domain Name Certbot"
+  type        = string
+}
+
+variable "nginx_conf_name" {
+  description = "Nginx conf name for the prod environment"
+  type        = string
+}

modules/app_stack/ec2.tf

@@ -6,7 +6,7 @@ data "cloudinit_config" "app_init" {
   # [Part 1] Docker 설치 스크립트
   part {
     content_type = "text/x-shellscript"
-    content      = file("${path.module}/scripts/docker_setup.sh")
+    content      = file("${path.module}/../common/scripts/docker_setup.sh")
     filename     = "1_docker_install.sh"
   }
 

modules/monitoring_stack/ec2.tf

@@ -0,0 +1,56 @@
+data "cloudinit_config" "app_init" {
+  gzip          = true
+  base64_encode = true
+
+  # [Part 1] Docker 설치 스크립트
+  part {
+    content_type = "text/x-shellscript"
+    content      = file("${path.module}/../common/scripts/docker_setup.sh")
+    filename     = "1_docker_install.sh"
+  }
+
+  # [Part 2] Nginx 설정 스크립트 파일 생성 (실행 안 함, 파일만 생성)
+  part {
+    content_type = "text/cloud-config"
+    content = <<EOF
+write_files:
+  - path: /home/ubuntu/setup_nginx.sh
+    owner: ubuntu:ubuntu
+    permissions: '0755'
+    content: |
+${indent(6, templatefile("${path.module}/scripts/nginx_setup.sh.tftpl", {
+      domain_name    = var.domain_name
+      email          = var.cert_email
+      conf_file_name = var.nginx_conf_name
+    }))}
+EOF
+  }
+}
+
+resource "aws_instance" "monitoring_server" {
+  ami           = var.ami_id
+  instance_type = var.instance_type
+  key_name      = var.key_name
+
+  associate_public_ip_address = true
+
+  vpc_security_group_ids = [aws_security_group.monitoring_sg.id]
+
+  user_data_base64 = data.cloudinit_config.app_init.rendered
+
+  user_data_replace_on_change = false
+
+  private_ip = var.private_ip
+
+  tags = {
+    Name = "solid-connection-monitoring"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      user_data,
+      user_data_base64,
+      ami
+    ]
+  }
+}

modules/monitoring_stack/output.tf

@@ -0,0 +1,7 @@
+output "monitoring_instance_public_ip" {
+  value = aws_instance.monitoring_server.public_ip
+}
+
+output "monitoring_sg_id" {
+  value = aws_security_group.monitoring_sg.id
+}

modules/monitoring_stack/scripts/nginx_setup.sh.tftpl

@@ -0,0 +1,77 @@
+#!/bin/bash
+set -e
+
+# --- 변수 설정 (Terraform에서 주입) ---
+DOMAIN="${domain_name}"
+EMAIL="${email}"
+CONF_NAME="${conf_file_name}"
+
+echo ">>> [수동 실행] $DOMAIN 에 대한 Nginx 및 SSL 설정을 시작합니다."
+
+# 1. 패키지 설치
+sudo apt-get update
+sudo apt-get install -y nginx python3 python3-venv libaugeas0
+
+# 2. Certbot 설치 및 링크
+sudo python3 -m venv /opt/certbot/
+sudo /opt/certbot/bin/pip install --upgrade pip
+sudo /opt/certbot/bin/pip install certbot certbot-nginx
+sudo ln -sf /opt/certbot/bin/certbot /usr/bin/certbot
+
+# 3. SSL 인증서 발급
+sudo systemctl stop nginx
+sudo certbot certonly --standalone \
+  --non-interactive \
+  --agree-tos \
+  --email "$EMAIL" \
+  -d "$DOMAIN"
+
+# 4. Nginx 설정 파일 작성
+sudo tee /etc/nginx/sites-available/$CONF_NAME > /dev/null <<EOF
+server {
+    listen 80;
+    server_name $DOMAIN;
+    location / {
+        return 301 https://\$host\$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name $DOMAIN;
+
+    ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
+
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
+    location / {
+        proxy_pass http://127.0.0.1:3000;
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
+EOF
+
+# 5. 설정 활성화
+sudo ln -sf /etc/nginx/sites-available/$CONF_NAME /etc/nginx/sites-enabled/$CONF_NAME
+sudo rm -f /etc/nginx/sites-enabled/default
+
+# 6. 자동 갱신 크론탭 등록
+if ! crontab -l 2>/dev/null | grep -q "certbot renew"; then
+  (crontab -l 2>/dev/null; echo "0 0,12 * * * /usr/bin/certbot renew --quiet --post-hook 'systemctl reload nginx'") | crontab -
+fi
+
+# 7. Nginx 재시작
+sudo nginx -t
+sudo systemctl restart nginx
+
+echo "Nginx setup complete!"

modules/monitoring_stack/security_groups.tf

@@ -0,0 +1,27 @@
+resource "aws_security_group" "monitoring_sg" {
+  name        = "sc-${var.env_name}-sg"
+  description = "Security group for Monitoring Stack (Grafana, Prometheus, Loki)"
+  vpc_id      = var.vpc_id
+
+  dynamic "ingress" {
+    for_each = var.monitoring_ingress_rules
+    content {
+      from_port   = ingress.value.from_port
+      to_port     = ingress.value.to_port
+      protocol    = ingress.value.protocol
+      cidr_blocks = ingress.value.cidr_blocks
+      description = ingress.value.description
+    }
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "${var.env_name}-sg"
+  }
+}

modules/monitoring_stack/variables.tf

@@ -0,0 +1,56 @@
+variable "env_name" {
+  description = "환경 이름"
+  type        = string
+}
+
+variable "vpc_id" {
+  description = "배포할 VPC ID"
+  type        = string
+}
+
+variable "ami_id" {
+  description = "EC2 AMI ID"
+  type        = string
+}
+
+variable "key_name" {
+  description = "EC2 Key Pair 이름"
+  type        = string
+}
+
+variable "instance_type" {
+  description = "EC2 인스턴스 타입"
+  type        = string
+}
+
+variable "private_ip" {
+  description = "alloy 설정을 위한 private ip 고정"
+  type = string
+}
+
+variable "monitoring_ingress_rules" {
+  description = "모니터링 도구(Grafana, Prometheus, Loki)를 위한 보안 규칙"
+  type = list(object({
+    from_port   = number
+    to_port     = number
+    protocol    = string
+    cidr_blocks = list(string)
+    description = string
+  }))
+}
+
+# [Nginx 관련 추가 변수]
+variable "domain_name" {
+  description = "Domain name for Nginx"
+  type        = string
+}
+
+variable "cert_email" {
+  description = "Email for Let's Encrypt"
+  type        = string
+}
+
+variable "nginx_conf_name" {
+  description = "Nginx config filename"
+  type        = string
+}