AWS VPC WITH INTERNET GATEWAY BY TERRAFORM
What is VPC?
A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. (Not all private clouds are hosted in this fashion.) VPCs combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.
VPC is like a office or a private space in which we can setup our labs/subnet for launching instances inside it.
What is Subnet?
Each computer, or host, on the internet has at least one IP address as a unique identifier. Organizations will use a subnet to subdivide large networks into smaller, more efficient sub-networks. One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.
What is Internet Gateway?
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes:-
-> To provide a target in your VPC route tables for internet-routable traffic
->perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
What is Routing Table?
A routing table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
Here is the task which we are going to perform
1) Write a Infrastructure as code using terraform, which automatically create a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5) Launch an EC2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.
Also attach the key to instance for further login into it.
6) Launch an EC2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress VM can connect with the same. Also attach the key with the same.
Note: Wordpress instance has to be part of public subnet so that our client can connect our site and mysql instance has to be part of private subnet so that outside world can’t connect to it.
Don’t forgot to add auto ip assign and auto dns name assignment option to be enabled.
Let’s do some practical.
Prerequisite for this task are:
We are going to perform all the task with the help of terraform code, and I make this terraform code in a directory because after write the code we apply the terraform on the directory.
So, we create a directory and in this directory I am going to create a task3.tf file.
Before writing any code we have to give the provider-name (AWS) from where the terraform code will contact.
provider "aws" {
region = "ap-south-1"
profile = "kunal1"
}
Creating key-pair
resource "aws_key_pair" "task2_key" {
key_name = "task_key"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA5r5/mcM......"
}
Step 1: Creating the terraform code for the VPC.
resource "aws_vpc" "vpc" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"tags = {
Name = "task3_vpc"
}
}
Step 2: Creating 2 subnets for 2 different VM
a.) Public Subnet [ Accessible for Public World ]
resource "aws_subnet" "public" {
vpc_id = aws_vpc.vpc.id
cidr_block = "192.168.10.0/24"
availability_zone = "ap-south-1b"
map_public_ip_on_launch = "true"tags = {
Name = "public_subnet"
}
}
b.) Private Subnet [ Restricted for Public World ]
resource "aws_subnet" "private" {
vpc_id = aws_vpc.vpc.id
cidr_block = "192.168.20.0/24"
availability_zone = "ap-south-1a"tags = {
Name = "private_subnet"
}
}
Step 3: Creating a Internet gateway and attach this gateway with the VPC.
resource "aws_internet_gateway" "gateway" {
vpc_id = aws_vpc.vpc.idtags = {
Name = "vpc_gateway"
}
}
Step 4: Creating a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
resource "aws_route_table" "route" {
vpc_id = aws_vpc.vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gateway.id
}tags = {
Name = "gatewayroute"
}
}resource "aws_route_table_association" "public" {
subnet_id = aws_subnet.public.id
route_table_id = aws_route_table.route.id
}
Step 5:
a.) Creating security group for the VM wordpress.
resource "aws_security_group" "wordpress-sg" {
name = "wordpress-sg"
description = "Allow ssh and httpd inbound traffic"
vpc_id = "${aws_vpc.vpc.id}"ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}tags = {
Name = "wordpress-sg"
}
}
b.) Launch an EC2 instance for the VM Wordpress.
resource "aws_instance" "wordpress" {
ami = "ami-004a955bfb611bf13"
instance_type = "t2.micro"
associate_public_ip_address = true
subnet_id = aws_subnet.public.id
vpc_security_group_ids = [ aws_security_group.wordpress-sg.id]
key_name = "task_key"tags = {
Name = "Wordpress"
}
}
Step 6:
a.) Creating security group for the MYSQL.
resource "aws_security_group" "mysql-sg" {
name = "mysql-sg"
description = "Allow only ssh inbound traffic"
vpc_id = "${aws_vpc.vpc.id}"ingress {
description = "SSH"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}tags = {
Name = "mysql-sg"
}
}
b.) Launch an EC2 instance for the VM MYSQL.
resource "aws_instance" "mysql" {
ami = "ami-08706cb5f68222d09"
instance_type = "t2.micro"
subnet_id = aws_subnet.private.id
vpc_security_group_ids = [ aws_security_group.mysql-sg.id ]
key_name = "task_key"tags = {
Name = "mysql"
}
}
So, finally our code is ready. For apply this code(task3.tf) first we have to plugin terraform by using the below command in the CLI.
terraform init
Now, run the command with the below command.
terraform apply --auto-approve
If there is no error in your code then it will successfully launch everything.
RESULTS:
Now, by using the public IP of wordpress instance we can connect to the wordpress website.
Now, we are going to destroy complete setup by using the below command.
terraform destroy --auto-approve