Inside one VPC there are two subnets, One contains WordPress web server and another contains MYSQL server. "Created this infra using TERRAFORM" ...

We are going to create one VPC which will have two subnets one is public and another is private. Inside the public subnet, we will launch a pre-created WordPress instance and inside private subnet, we will launch a pre-created MySQL instance. Then we will attach one Internet gateway with our created VPC and will attach the routing table so that client can have access to our WordPress site...But will make sure nobody can access our MySQL instance...So we have to maintain security properly...

• STEPS:

1. Write an Infrastructure as code using Terraform, which automatically creates a VPC.

2. In that VPC we have to create 2 subnets:

  a) public subnet [ Accessible for Public World! ] 

b) private subnet [ Restricted for Public World! ]

3. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5. Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to the instance for further login into it.

6. Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.

NOTE:

WordPress instance has to be part of public subnet so that our client can connect our site. MySQL instance has to be part of a private subnet so that the outside world can't connect to it. Don't forget to add auto IP assign and auto DNS name assignment options to be enabled.

• Write the TERRAFORM code...

- First, configure the profile for AWS ...So that terraform can go and login to AWS to do further actions...

- Then choose your provider and region and profile...

provider "aws"{
region = "ap-south-1"
profile = "Ranjit"
}

- Now let's write the code to create one VPC...

• A virtual private cloud (VPC) is like a box which will isolate your infrastructure such that none other outside peoples can get access or can't see what's happening inside it. You need to provide one CIDR range and the subnets you gonna launch inside it should have the same network name.

resource "aws_vpc" "myvpc" {
  cidr_block       = "10.0.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = true


  tags = {
    Name = "RanjitVPC"
  }
}

- Create two subnets having the same network name and these subnets we gonna launch in different availability zones...

resource "aws_subnet" "publicsubnet" {
  vpc_id     = aws_vpc.myvpc.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "ap-south-1a"


  tags = {
    Name = "PublicSubnet"
  }
}

resource "aws_subnet" "privatesubnet" {
  vpc_id     = aws_vpc.myvpc.id
  cidr_block = "10.0.2.0/24"
  availability_zone = "ap-south-1b"
  tags = {
    Name = "PrivateSubnet"
  }
}

- Now we will create one internet gateway and will attach it with our vpc and then with our public subnet so that outside clients i.e. tenants can access our WordPress site which will be launched inside the public subnet...

resource "aws_internet_gateway" "publicfacingrouter" {
  vpc_id = aws_vpc.myvpc.id


  tags = {
    Name = "PublicFacingRouter"
  }
}

- Now we will create one route table for internet gateway and associate it with our public subnet...

resource "aws_route_table" "forpublicfacingrouter" {
  vpc_id = aws_vpc.myvpc.id


  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.publicfacingrouter.id
  }
tags = {
    Name = "InternetgatewayRouteTable"
  }
}


 resource "aws_route_table_association" "associatewithpublicsubnet" {
  subnet_id      = aws_subnet.publicsubnet.id
  route_table_id = aws_route_table.forpublicfacingrouter.id
}

- Now we will create security groups for respective instances but we have a big challenge here i.e. we need a connection or should I say interaction between WordPress and MySQL and we know that inside one vpc aws has the setup to connect all the instances running in different or same subnets, which are running inside the same vpc. However what if the WordPress instance got restarted so the IP will be changed and now the MySQL won't communicate with WordPress instances which will be a big problem for the company. So to get rid of this issue we can attach the security group id of WordPress with the security group of MySQL so now if the IP of any of this instance got changed the security group never change and both instances can communicate with each other and we gonna do the same thing here....

- Security group for WordPress instance...

resource "aws_security_group" "wordpressserver" {
  name        = "wordpress"
  description = "Allow http and ssh"
  vpc_id      = aws_vpc.myvpc.id


  ingress {
    description = "http"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
 
  ingress {
    description = "ssh"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }




  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }


  tags = {
    Name = "WordpressSG"
  }
}

- Security Group for Mysql instance...

resource "aws_security_group" "mysqlserver" {
  name        = "mysql"
  description = "Allow sql and ssh"
  vpc_id      = aws_vpc.myvpc.id


  ingress {
    description = "mysql"
    from_port   = 3306
    to_port     = 3306
    security_groups = [ "${aws_security_group.wordpressserver.id}" ]
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
 
  
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }


  tags = {
    Name = "MysqlSG"
  }
}

- Now we will launch two instances in different subnets. Here I will be using the pre-created key-pair but you can go for the TLS key creation method using terraform. Here I am associating public IP and DNS with WordPress instance but won't attach PUBLIC IP and DNS with MYSQL instance as we have to keep it as private as we can... Here I am using AMI for both instances which were inbuilt software's i.e. the WordPress is pre-made in the AMI that I will be using here and similar for MySQL too... You can create your own AMI but for the time being, I am using pre-created AMI's...

resource "aws_instance" "wordpressfrontend" {
  ami           = "ami-000cbce3e1b899ebd"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.publicsubnet.id
  vpc_security_group_ids = [ "${aws_security_group.wordpressserver.id}" ]
  associate_public_ip_address = true
  key_name = "key-1111"
  tags = {
    Name = "WordpressFrontend"
  }
}




resource "aws_instance" "mysqldatabase" {
  ami           = "ami-0019ac6129392a0f2"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.privatesubnet.id
  vpc_security_group_ids = [ "${aws_security_group.mysqlserver.id}" ]
  key_name = "key-1111"
  tags = {
    Name = "MysqlDatabase"
  }

}

• First Initialize terraform so that it can download the respective aws package. Then Validate the code. then execute...

- Now check the AWS console...

- copy The IP of WordPress instance and paste in the chrome search bar and hit enter and the result will be on your computer screen...

THANK YOU...