AWS networking with Infrastructure as Code

1

AWS Networking using Terraform.

Creating VPC, subnets, Internet Gateway, Route Table, EC2

What do we want to do?

Statement: We have to create a web portal for our company with all the security as much as possible. So, we use the WordPress software with a dedicated database server.

The database should not be accessible from the outside world for security purposes. We only need public WordPress for clients. So here are the steps for proper understanding!

Steps:

1. Write an Infrastructure as code using Terraform, which automatically creates a VPC.
2. In that VPC we have to create 2 subnets:

a) public subnet [ Accessible for Public World! ]

b) private subnet [ Restricted for Public World! ]

3. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5. Launch an EC2 instance that has WordPress setup already having the security group allowing port 80 .so that our client can connect to our WordPress site.

Also, attach the key to the instance for further login into it.

6. Launch an EC2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.

Note: WordPress instance has to be part of the public subnet so that our client can connect our site. MySQL instance has to be part of a private subnet so that the outside world can’t connect to it.

Don’t forget to add auto IP assign and auto DNS name assignment options to be enabled.

I have used Code snippets images for better visualization. You can find code this code file in this Github repository.

Pre-requisite :

1. AWS account.
2. Download AWS CLI and Configure it.
3. Download terraform. Download

Let’s Start…

1. Configure the Provider

2. Create VPC

Below code creates VPC with given cider block, the tenancy is default and we want DNS hostname URL for that we are enabling it. VPC will create in the region you have mentioned in the above provider resource.

2. Create two subnets in VPC

Here we are just creating two subnets and we named public and private. A VPC spans all of the Availability Zones in the Region. After creating a VPC, we want to add subnets in two different Availability Zone.

above code will create two subnets named ‘public_subnet’ and ‘private_subnet’ in ‘ap-south-1a’ and ‘ap-south-1b’

3. Create Internet Gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. Read More

we want to connect our VPC to the internet so that’s why we need to create Internet Gateway.

4. Create a Route Table

A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

to create route table we have used aws_route_table resource. We want to access the internet so add cider_block to 0.0.0.0/0 , (quad-zero route) and use the internet gateway that we create above. The destination for the route is 0.0.0.0/0 , which represents all IPv4 addresses. The target is the internet gateway that's attached to your VPC.

To read more about the Route table you can refer to this. ROUTE_TABLE

5. Associate Route table with Public Subnet

Now we want to use the internet only for public subnet so associate route table with that subnet only. To do this we will use aws_route_table_association resource in terraform which takes subnet id and route table id.

Now we have created VPC and created two subnets in different Availability Zones in the region and given Internet connection by creating an Internet gateway for VPC. Now lets launch instances of WordPress and MySQL.

6.Create Key Pair 🔑

We are using here tls_private_key for creating two resources and resource local_file is used to store this key locally. aws_key_pair is used to create key-pair in AWS and will attach this key in AWS.

7. Create a Security Group for WordPress

Ingress rules are for the traffic that enters the boundary of a network. Egress rules imply to traffic exits instance or network.

We want to manage and configure this instance so we are giving the ssh ingress/inbound rule and we are launching WordPress so access it so we are enabling HTTP inbound traffic for all. You can notice we have create a security group in myvpc.

8. Launch WordPress EC2 instance 🌍

we use the Linux EC2 instance, public subnet in our VPC and attach key-pair that we have created above. Also, we have attached the security group. We want IP address that’s why we need to give associate_public_ip_address value true.

9. Create a Security Group for MySQL

Create a Security group allowing SSH and MySQL port.

10. Launch MySQL EC2 instance 🌍

We launch MySQL instance in a private subnet with the Security group that we have created for MySQL.

11. Installation

Using null_resource and remote-exec provisioner we install WordPress using docker in EC2 instance that we have created for WordPress. Copy WordPress instance IP and paste in the browser you will see below output.

12.Configuration MYSQL

You can connect MYSQL instance using SSH from WordPress instance and install and configure MySQL server. OR You can directly select MySQL ami.

You can refer to this link on How to Installing and Configuring MySQL on Linux.

after configuration MySQL, you can give hostname and database name to WordPress, and your website will be ready.

Conclusion

We have created VPC, two subnets, internet gateway, route table,ec2 instances as per need. You can find this code in this repository.

Don’t forget to give clap if you like and feel helpful.

This task was given by Mr.Vimal Daga sir. I thank Vimal sir for mentoring me.