Terraform Automation To Setup VPC, Subnets and NAT Gateway:-
Task-
1. Write an Infrastructure as code using terraform, which automatically create a VPC.
2. In that VPC we have to create 2 subnets:
a. public subnet [ Accessible for Public World! ]
b. private subnet [ Restricted for Public World! ]
3. Create a public facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.
4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network
6. Update the routing table of the private subnet, to allow access to the internet, it uses the nat gateway created in the public subnet
7. Create a Bastion Host with wordpress in it to connect to mysql instance through it via ssh. Also attach the key and the security group allowing port 80 so that our client can connect to our wordpress site.
8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet and ssh via cidr block of public subnet so that our wordpress vm can connect with the same. Also attach the key with the same.
FOLLOW THESE STEPS:-
Step1 - First of all, we have to create VPC (Virtual Private Cloud) on AWS.
Output of Step1-
* A Virtual Private Cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud.
* The terraform init command is used to initialize a working directory containing Terraform configuration file.
Step2 - Now, we have to create two Subnets into our VPC. One is Public Subnet and the other is Private Subnet.
For Subnet1-
For Subnet2 -
Output of Step2-
* Subnet is a logical subdivision of an IP network.
*A public subnet has a route table that says, “send all outbound traffic (anything to the CIDR block 0.0.0.0/0) via this internet gateway.”
*A private subnet either does not allow outbound traffic to the internet or has a route that says, “send all outbound traffic via this NAT gateway.”
Step3 - Now, we have to create an internet gateway into our VPC.
Output of Step3 -
* Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
Step4 - We have to create a routing table for Internet gateway so that instance can connect to the outside/internet world.
Output of Step4 -
* A route table contains a set of rules called routes, that are used to determine where network traffic from your subnet or gateway is directed.
Step5 - Now we have to associate the route table created by us in the previous step to the public subnet.
Output of Step5 -
Step6 - For creating NAT gateway we have to first create an Elastic IP.
Output of Step6 -
*An Elastic IP address is a static IPv4 address designed for dynamic cloud computing.
Step7 - Now we can create a NAT Gateway using terraform code.
Output of Step7 -
* A NAT gateway gives cloud resources without public IP addresses access to the internet without exposing those resources to incoming internet connections.
Step8 - Now, create a route table for NAT gateway.
Output Of Step8 -
* A route table contains a set of rules called routes, that are used to determine where network traffic from your subnet or gateway is directed.
Step9 - Now we have to associate the route table created by us in the previous step to the private subnet.
Output of Step9 -
Step10 - Here, we have to create a Key-pair by using terraform code.
Output of Step10 -
* AWS uses Key-Pair to encrypt and decrypt login information.
Step11- Now create Security Groups for launching instances using terraform code.
For Security Group1 -
For Security Group2-
For Security Group3-
For Security Group4-
Output of Step11-
*A security group acts as a virtual firewall for your instance to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance.
Step12 - Now we have to launch instances using the key-pair and security groups created by us in the previous steps.
Output of Step12-
*An EC2 instance is a virtual server in Amazon's Elastic Compute Cloud (EC2) for running applications on the Amazon Web Services (AWS) infrastructure.
Step 13 - Here if we type the IP of Wordpress instance on browser then it shows like-
Step14 - If we wan't to connect to the MYSQL instance then we cann't because MYSQL instance doesn't have Public IP to connect. But even if we want to connect then we have to first create a Bastion Host.
*A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet
Step15- Using Bastion Host public ip, we can go inside the Bastion Host.
Step16 - Now we have to transfer the Keypair to bastion host from windows. For the transfer of Key-pair, we have to use WinSCP. But WinSCP only supports .ppk format of key. So for this we have to first convert .pem format to .ppk format using Puttygen. Now, follow the steps for transfer key using WinSCP.
- Open WinSCP and then click on new session and then put the IP and username-
- Click on Advanced and then click on Authentication and after that browse the key-pair (.ppk format). Then click on OK.
- Then click on login.
- Now, transfer the key-pair (.pem format) to the Bastion Host.
Step17 - Follow the commands shown in the screenshot.
Step18 - Now use the private IP of SQL instance with ssh so that we can go inside the MYSQL instance.
*SSH, or Secure Shell, is a network protocol that allows one computer to securely connect to another computer over an unsecured network, like the internet
Step19 - In the last step, we can destroy the complete environment using the command given below.
