Open in app

Sign in

Write

Sign in

CREATE AWS-VPC BY TERRAFORM

Knowledge Hub
7 min readJul 13, 2020

Statement: We have to create a web portal for our company with all the security as much as possible.

So here are the steps for proper understanding!

Steps:

1) Write a Infrastructure as code using terraform, which automatically create a VPC.

2) In that VPC we have to create 2 subnets:

a) public subnet [ Accessible for Public World! ]

b) private subnet [ Restricted for Public World! ]

3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.

Also attach the key to instance for further login into it.

6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.

Also attach the key with the same.

Note: Wordpress instance has to be part of public subnet so that our client can connect our site and mysql instance has to be part of private subnet so that outside world can’t connect to it.

Don’t forgot to add auto ip assign and auto dns name assignment option to be enabled.

Some important terms of this task:

  • VPC:- A virtual private cloud (VPC) is a secure, isolated private cloud hosted within a public cloud. VPC customers can run code, store data, host websites, and do anything else they could do in an ordinary private cloud, but the private cloud is hosted remotely by a public cloud provider. (Not all private clouds are hosted in this fashion.) VPCs combine the scalability and convenience of public cloud computing with the data isolation of private cloud computing.
    VPC is like a office or a private space in which we can setup our labs/subnet for launching instances inside it.
AWS VPC
  • SUBNET:- Each computer, or host, on the internet has at least one IP address as a unique identifier. Organizations will use a subnet to subdivide large networks into smaller, more efficient subnetworks. One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.
AWS SUBNET
  • INTERNET GATEWAY:- An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
    An internet gateway serves two purposes:
    — To provide a target in your VPC route tables for internet-routable traffic — To perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
  • ROUTING TABLE:- A routing table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
AWS Route-table

Step by step process for better understanding:

So, now we are going to perform this task with the help of terraform code, so we have created a notepad file task3.tf for writing all the codes.

Step 1: WRITE THE NAME OF YOUR PROVIDER (AWS ) FROM WHOM YOUR TERRAFORM WILL CONTACT.

provider "aws" {
     region = "ap-south-1"
     profile = "anish"
}

Step 2: WRITE A TERRAFORM CODE , WHICH AUTOMATICALLY CREATE VPC .

resource "aws_vpc" "vpc" {
  cidr_block       = "192.168.0.0/16"
  instance_tenancy = "default"tags = {
    Name = "task3-vpc"
  }
}

Step 3: WRITE A TERRAFORM CODE, WHICH CREATE 2 SUBNETS:

a.)Public Subnet[ Accessible for Public World! ]

resource "aws_subnet" "public" {
  vpc_id     = aws_vpc.vpc.id
  cidr_block = "192.168.10.0/24"
  availability_zone = "ap-south-1b"
  map_public_ip_on_launch = "true"tags = {
    Name = "public-subnet"
  }
}

b.)Private subnet [ Restricted for Public World! ]

resource "aws_subnet" "private" {
  vpc_id     = aws_vpc.vpc.id
  cidr_block = "192.168.20.0/24"
  availability_zone = "ap-south-1a"tags = {
    Name = "private-subnet"
  }
}

Step 3: WRITE A TERRAFORM CODE TO CREATE A PUBLIC FACING INTERNET GATEWAY FOR CONNECT OUR VPC TO INTERNET WORLD AND ATTACH THIS GATEWAY TO VPC.

resource "aws_internet_gateway" "gateway" {
       vpc_id = aws_vpc.vpc.idtags = {
    Name = "vpc-gateway"
  }
}

STEP 4: Write a Terraform code to Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

resource "aws_route_table" "route" {
      vpc_id = aws_vpc.vpc.id
           route {
              cidr_block = "0.0.0.0/0"
              gateway_id = aws_internet_gateway.gateway.id
          }tags = {
                 Name = "gatewayroute"
          }
       }resource "aws_route_table_association" "public"
 {
   subnet_id   = aws_subnet.public.id
   route_table_id = aws_route_table.route.id
}

STEP 5: Write a terraform code to configure security groups allowing SSH, HTTP and TCP.

resource "aws_security_group" "task3-sg" {
  name        = "task3-sg"
  description = "Allow traffic SSH,TCP, HTTP"
  vpc_id      = aws_vpc.vpc.idingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
 ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }ingress {
    description = "TCP"
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }tags = {
    Name = "task3-sg"
  }
}

STEP 6: Write a terraform code to Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.

resource "aws_instance" "wordpress" {
   ami = "ami-004a955bfb611bf13"
   instance_type = "t2.micro"
   associate_public_ip_address = true
   subnet_id = aws_subnet.public.id
   vpc_security_group_ids = [ aws_security_group.task3-sg.id]
   key_name = "vpc-key"tags = { 
         Name = "Wordpress"
     }
}

STEP 7: Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.

resource "aws_instance" "mysql" {
   ami = "ami-08706cb5f68222d09"
   instance_type = "t2.micro"
   subnet_id = aws_subnet.private.id
   vpc_security_group_ids = [ aws_security_group.task3-sg.id ]
   key_name = "vpc-key"tags = { 
         Name = "mysql"
     }
}

So, our code is ready. By running the above program our setup will create automatically in aws. Now, for applying the Terraform code that we have created , we have to first initilaize it by using this command terraform init

And, now run this single command everything will create automatically terraform apply --auto-approve

So, our setup is launched successfully🥳🥳. We can see every service is created in AWS.

  • Our VPC (task3-vpc) is created successfully.
  • TWO SUBNETS IS SUCCESSFULLY CREATED.
  • INTERNET-GATEWAY AND ROUTE TABLE IS SUCCESSFULLY CREATED.
  • SECURITY-GROUPS IS CREATED SUCCESSFULLY.
  • OUR INSTANCES IS CREATED SUCCESSFULLY.

Now, by using the public IP of wordpress instance we can connect to the wordpress website.

So, now if we want to destroy complete setup, then by using this command terraform destroy it will destroy everything automatically.

So, our setup is destroyed completely. Our task is completed😎. THANKS FOR READING.😍

Here is link of my previous task of AWS EKS: https://medium.com/@anishgarg970/aws-eks-integration-of-kubernetes-and-aws-cloud-87347bd88a44

Any Suggestions and queries are most welcome .Feel free to comment below for any query or suggestions !!!

AWS
Aws Vpc
Terraform
Amazon Web Services
Technology

--

--

Knowledge Hub

Written by Knowledge Hub

6 Followers

Computer related tech, Cyber Security, Cloud Computing

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams