Open in app

Sign in

Write

Sign in

Hybrid cloud task 3 Automate AWS VPC with Terraform

Hiteshkoolwal
4 min readOct 18, 2020

We have to create a web portal for our company with all the security as much as possible. So, we use the WordPress software with a dedicated database server.The database should not be accessible from the outside world for security purposes. We only need the public WordPress for clients. Here, we will come across some of the terminologies. So, let’s first discuss them for better understanding.

EC2:-

EC2 stands for Elastic Compute Cloud. It is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction.

Security Groups:-

A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from our instance. If you don’t specify a security group, Amazon EC2 uses the default security group.

VPC:-

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

Subnet:-

A public subnet is a subnet that’s associated with a routeing table that has a route to an Internet gateway. Each computer, or host, on the internet, has at least one IP address as a unique identifier. Organizations will use a subnet to subdivide large networks into smaller, more efficient subnetworks. One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.

Internet Gateway:-

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

An internet gateway serves two purposes:

— To provide a target in your VPC route tables for internet-routable traffic

— To perform Network Address Translation (NAT) for instances that have been assigned public IPv4 addresses.

Routing Table:-

A routing table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

Terraform:-

Terraform is an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision a data center infrastructure using a high-level configuration language known as Hashicorp Configuration Language, or optionally JSON.

Summary of things created:

  • VPC
  • 2 Subnets

PUBLIC-PRIVATE

  • A security group for WordPress instance
  • A security group for Mysql database instance
  • Internet Gateway associated with VPC
  • Route Table inside VPC with a route that directs internet-bound traffic to the internet gateway
  • Route table associated with a subnet to make it public subnet.
  • WordPress instance launched in the public subnet with an associated security group and a key-pair to make user access WordPress blog website.
  • MySQL instance in our private subnet with an associated security group and a key-pair.

The WordPress instance is launched in the public subnet as it is to be accessed by the client.

The MySQL instance is launched in the private subnet and is made only accessible by the WordPress instance via ssh for the purpose of storing the website’s data.

First We Created VPC

resource "aws_vpc" "tf_VPC" {
    cidr_block = "192.169.0.0/16"
    instance_tenancy = "default"
    enable_dns_hostnames = true
    tags = {
        Name = "tf_VPC"
 }
}

Second Code for Subnets (Public & Private)

resource "aws_subnet" "sam-subnet-public" {
    vpc_id = "${aws_vpc.tf_VPC.id}"
    cidr_block = "192.169.0.0/24"
    availability_zone = "ap-south-1a"
    map_public_ip_on_launch = "true"
    tags = {
        Name = "aws-subnet"
  }  
}
resource "aws_subnet" "tf-subnet-private" {
    vpc_id = "${aws_vpc.tf_VPC.id}"
    cidr_block = "192.169.1.0/24"
    availability_zone = "ap-south-1b"
    map_public_ip_on_launch = "true"
    tags = {
        Name = "aws-subnet"
  }  
}

Third Code for Internet Gateway

resource "aws_internet_gateway" "aws-igw" {
    vpc_id = "${aws_vpc.tf_VPC.id}"
    tags = {
        Name = "aws-igw"
  }
}

Code for Routing Table creation and associating it with public Subnet

resource "aws_route_table" "aws-route" {
    vpc_id = "${aws_vpc.tf_VPC.id}"
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = "${aws_internet_gateway.aws-igw.id}"
    }
    tags = {
        Name = "aws-route"
    }
  
}
resource "aws_route_table_association" "rta" {
    subnet_id = "${aws_subnet.aws-subnet-public.id}"
    route_table_id = "${aws_route_table.aws-route.id}"
}

Security group for WordPress instance

resource "aws_security_group" "sg_wp" {
  name = "sg_wp"
  vpc_id = "${aws_vpc.tf_VPC.id}"
  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    description = "TCP"
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  } egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags ={
    Name= "sg_wp"
  }
}

Security group for MySQL instance

resource "aws_security_group" "sg_mysql" {
  name = "sg_mysql"
  vpc_id = "${aws_vpc.tf_VPC.id}"
  ingress {
    protocol        = "tcp"
    from_port       = 3306
    to_port         = 3306
    security_groups = ["${aws_security_group.sg_wp.id}"]
  } egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags ={
    Name= "sg_mysql"
  }
}

Code to Launch MySQL and WordPress instance

resource "aws_instance" "wp-instance" {
  ami           = "ami-000cbce3e1b899ebd"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.aws-subnet-public.id}"
  vpc_security_group_ids = ["${aws_security_group.sg_wp.id}"]
  key_name = "newaaccount"
 tags ={
    Name= "wp-instance"
  }
}
resource "aws_instance" "mysql-instance" {
  ami           = "ami-08706cb5f68222d09"
  instance_type = "t2.micro"
  subnet_id = "${aws_subnet.aws-subnet-private.id}"
  vpc_security_group_ids = ["${aws_security_group.sg_mysql.id}"]
  key_name = "newaaccount"
 tags ={
    Name= "mysql-instance"
  }
}

Screenshots of terraform execution :

$ terraform apply

Finally, WordPress is ready to use

Thank you !!

Hope you liked it!

If you have any query feel free dm me.

Cloud Terraform

--

--

Hiteshkoolwal

Written by Hiteshkoolwal

0 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams