Creating VPC using Terraform
What is Terraform ?
Use Infrastructure as Code to provision and manage any cloud, infrastructure, or service. Terraform users define infrastructure in a simple, human-readable configuration language called HCL (HashiCorp Configuration Language). Users can write unique HCL configuration files or borrow existing templates from the public module registry.
What is VPC ?
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
Task details to be performed are as follows :-
Statement: We have to create a web portal for our company with all the security as much as possible. So, we use Wordpress software with dedicated database server. Database should not be accessible from the outside world for security purposes. We only need to public the WordPress to clients. So here are the steps for proper understanding.
1) Write a Infrastructure as code using terraform, which automatically create a VPC
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.
Also attach the key to instance for further login into it.
6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.
Also attach the key with the same.
Note: Wordpress instance has to be part of public subnet so that our client can connect our site.
mysql instance has to be part of private subnet so that outside world can’t connect to it.
Don’t forgot to add auto ip assign and auto dns name assignment option to be enabled.
Try each step first manually and write Terraform code for the same.
This will give u proper understanding of workflow of task.
And the task is complete.
So stepwise explanation and output from the above task details is below :-
Firstly, we would be creating Iam User on AWS website, if you dont know how to create this user, kindly refer to this medium story, here I have breifly explained how to create Iam user, as it is used to access AWS in CLI amd configure it using “aws configure” command.
After logging in using CLI, now we have to write a code for our deployment, I have written this and will be sharing the github link for this terraform code file named “task3.tf”.
Create a folder with your desired name and in this folder, create a file with any name but with an extension as .tf . and usind cd commands take your cmd to the folder where you created it.
→ Initially, in this file, we have to add a provider like here we are using AWS as our provider as AWS is providing resources to us and we are accessing theirs.
→ Now, we will create a key pair, which will be used for authentication for our instance, if we try to do ssh and access this instance.
→ Now, we will create a VPC which is NAAS in AWS and our instanve will be created in this customized VPC created accordind to our used cases.
- In this VPC, all instance created will be in cidr_block’s IP Range, no instance can go out of this range in terms of IP; these IP, we will be specifying more when we create subnets in this VPC.
→ Now, we will create 2 subnets in this VPC , one private and one public
- Wordpress Instance will be created in public subnet and mysql instance will be created in private subnet.
- Public Subnet means that all instances in this subnet will be available in world and accessible to internet with both SNATing and DNATing. Here, IP range in this subnet is specified with 192.168.1.0 to 192.168.1.255 , but AWS uses 5 IP’s for its own use, so only 51 IP’s are available to us. We have specified availability zone in this subnet like all instances must be ap-south-1a.
- Whereas Private Subnet means that all instances in this subnet will only accessible to a team or organization and we will be hidden from outside world, it means that anyone from outside world will be unable to access the instances created in this subnet. Here, IP range in this subnet is specified with 192.168.2.0 to 192.168.2.255 , here also only 51 IP’s are available to us. We have specified availability zone in this subnet like all instances must be ap-south-1b.
→ Now, we will create a Internet Gateway for network connection in public subnet, like all instances in this subnet can connect to outside world and can get public IP.
→ Now, Routing Table is used to connect this Internet Gateway to our subnet, hence we will now create a Routing Table which keeps all the information of the source and destination of the packets.
- Resource “aws_route_table” creates the routing table in the given VPC.
- Resource “aws_route” keeps the information of the packet like from where the packet will go and where it will be received. In our case,
Destination is set to 0.0.0.0/0 means packet can goto anywhere without any exception IP.
And Internet Gateway ID is provided, as packet will be sent from this router.
- Resource “aws_route_table_association” is used to attach/associate the required subnet to this table.
Now, Network setup is done and the only setup left is “Creating a Instance and accordingly a Security Group for this instance”.
So now creating Wordpress Instance and a security group for this to set rules for this instance :
- We have given ssh and http (for webserver).
— Instance for Webserver
- We created this instance in public subnet
→ Now, same case for Mysql Instance and its security group
- We have allowed 3306 port to access mysql instance.
- This Instance will be created in private subnet.
So, now we have created our code and now we will deploy it.
- Use command
- This will install plugins for terraform, so that it can check the commands and code format.
2. Now, we will deploy code, so use command-
# terraform apply
So, now you can see all services are created in AWS Console :
As we can see all resources are created, we can see output as wordpress uses webserver and it’s working :
→ So, now we will destroy our terraform code using command
— All resources have been destroyed from AWS also.
— Github Link to see code file(See task3.tf for reference) :
— Link for Terraform Docs for reference and more detailed knowledge :
- For VPC
AWS: aws_vpc - Terraform by HashiCorp
Provides a VPC resource. Basic usage: Basic usage with tags: The following arguments are supported: instance_tenancy …
2. For Subnets
AWS: aws_subnet - Terraform by HashiCorp
Provides an VPC subnet resource. When managing subnets in one of a VPC's secondary CIDR blocks created using a…
3. For Intenet Gateway
AWS: aws_internet_gateway - Terraform by HashiCorp
Provides a resource to create a VPC Internet Gateway. The following arguments are supported: - (Required) The VPC ID to…
4. For Routing Table
AWS: aws_route_table - Terraform by HashiCorp
Provides a resource to create a VPC routing table. NOTE on Route Tables and Routes: Terraform currently provides both a…
5. For Security Groups
AWS: aws_security_group - Terraform by HashiCorp
Provides a security group resource. NOTE on Security Groups and Security Group Rules: Terraform currently provides both…
6. For Instance
AWS: aws_instance - Terraform by HashiCorp
Provides an EC2 instance resource. This allows instances to be created, updated, and deleted. Instances also support…
“I practiced and gained knowledge of this project(task) under the mentorship of Mr. VIMAL DAGA Sir during the Hybrid Multi Cloud Training by Linux World India.”
I hope this article is Informative and Explanatory. Hope you like it !!!
For any suggestions or if any reader find any flaw in this article, please email me to “firstname.lastname@example.org”
Thank You Readers!!!