CREATING VPC WITH PUBLIC AND PRIVATE SUBNET(without nat gateway) USING TERRAFORM
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.So by the use of this we can create create a web portal for our company with all the security as much as possible.So, we use Wordpress software with dedicated database server.Database should not be accessible from the outside world for security purposes.We only need to public the WordPress to clients.
Here are the steps for proper understanding!
1) Write a Infrastructure as code using terraform, which automatically create a VPC. 2) In that VPC we have to create 2 subnets: a) public subnet [ Accessible for Public World! ] b) private subnet [ Restricted for Public World! ] 3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC. 4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet. 5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site. Also attach the key to instance for further login into it. 6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.
First we have to settle up the basic requirements or prerequisite for this general terraform code and prerequisite is [You should have terraform and aws profile configured in your laptop and that`s it] . Now We can do this in some steps
SO LET`S BEGIN::|
Step 1:) Creating a Vpc :: For creating a Vpc we have to assign a cidr block so that we can make a network and in this network we can create subnets . In this case i set up the dns hostnames and i give Vpc a tag so i can differentiate easily between default vpc and my personally created vpc.
Step 2:) Creating two subnets : For creating the subnets we modify them into the public and private subnet. First i created a public one .Here i use a depends on so that this resource came just after the vpc is created,so that i can use the vpc id where we create our subnet , here i also want that this subnet must allocate a public ip automatically to the instance so i use map_public_ip_on_launch argument and for differentiating two subnets here i use a tag again.
Creating a private subnet :This step is same as creating a public subnet but the difference is here i dont use any argument for the allocation for the public ip to instances, and here also i created another tag for this subnet.
Meanwhile , i have created a key for the instance which i have to launch for wordpress and MYSQL
Step 3:) Creating a internet gateway:Gateway creation is very easy we only need one vpc id (which we can retrieve from the vpc made earlier).
Step 4:) Now we just need to create a route table and associate it to the public subnet so that we can connect the instances with the internet and the outside world can connect to our instance . I have retrieved the subnet id from the public subnet i made . I use the attribute reference in the docs for this data . Here for association resource i used depends on keyword so that our route table has been made before the association.
Step 5:) Now we have to create instances but for increasing the security first we have to create security groups and a key . We have made a key earlier so now we just only have to make a security group . Security groups for Wp and MYSQL must be different so that the inbound conditions and rules must be according to the instance use. So we want our wp instance to be connected from anywhere using a web site so we enable port 80 for the inbound from any ip in the world , we open port 22 for ssh and we open all outbound ports .
For the MYSQL security group we have to make inbound very carefully for not even the other subnets instances or same substance instances . Ip of my wordpress keeps changing so i have two option eithere i take ip from the instance after making the instance using the terraform or we have another option of taking inbound a security group of our wp instance .
Now the last step of creating the instances . Here we use associate_public_ip_address for associating the public ip address to the instance Here we can also use ami-7e257211 as an ami for our wordpress.
EXTRAS:
NOTE FOR UPDATING AND MANAGING THE MYSQL INSTANCES:: We can launch one more instance with the same security group as of wordpress. Or we have another option of creating another security group for both MYSQL and new instance and again we create a new inbound rule in new security group allowing the security group of new instance. This instance is also known as the BASTION HOST. Here we dont need this but this is for extras.For this you must have to open port 22 in the inbound rules in security group for mysql,but here we dont need this much more.
NOTE t2.micro is not available for ap-south-1c so we have to make sure that subnet is not launching on 1c or our we have to change instance type so for this i have selected the availability zone as 1a and 1 b for this .
HOW TO APPLY :
It is simple to apply first you have to make a folder and in this folder you have to make a tf file for doing this run the command notepad terraform.tf name can be anything but the extention must be tf , and then we have to finally paste the code /make the code in this file and after completing if we run the terraform for the first time we need to run a command terraform init this downloads the necessary plug ins in our folder and then we have to run terraform apply this will make our code run and for destroying the code we have to run terraform destroy NOTE:: We can add some option for ex:-auto-approve so that these commands does not needs an approval of yes or no , we can run command terraform validate to check that the code is written in the write syntax or not.
THANKS FOR READING!!!
FULL CODE IS IN THE GITHUB URL MENTIONED BELOW.