Open in app

Sign in

Write

Sign in

* What will we be doing?

--

1) Write an Infrastructure as code using Terraform, which automatically creates a VPC.

2) Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

3) In that VPC we have to create 2 subnets:

a) public subnet [ Accessible for Public World! ]

b) private subnet [ Restricted for Public World! ].

4) Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5) Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.

Also, attach the key to the instance for further login into it.

6) Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in private subnet so that our WordPress VM can connect with the same.

Also, attach the key with the same.

Note: WordPress instance has to be part of the public subnet so that our client can connect our site.

MySQL instance has to be part of a private subnet so that the outside world can’t connect to it.

Don’t forget to add auto IP assign and auto DNS name assignment option to be enabled.

* Before moving to the solution part let’s see some main terminologies in this task

  • What is aws?

Amazon web service is a platform that offers flexible, reliable, scalable, easy-to-use, and cost-effective cloud computing solutions.

AWS is a comprehensive, easy to use computing platform offered Amazon. The platform is developed with a combination of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings.

  • 7 Best Benefits of AWS (Amazon Web Services)
  1. Comprehensive
  2. Cost-Effective
  3. Adaptable
  4. Security
  5. Innovation
  6. Global leader
  7. Improved Productivity
  • It’s service

VPC

Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

The following are the key concepts for VPCs:

  • Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
  • Subnet — A range of IP addresses in your VPC.
  • Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
  • Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.

Subnet

Subnet, or subnetwork, is a network inside a network. Subnets make networks more efficient. Through subnetting, network traffic can travel a shorter distance without passing through unnecessary routers to reach its destination.

Each computer, or host, on the internet, has at least one IP address as a unique identifier. Organizations will use a subnet to subdivide large networks into smaller, more efficient subnetworks. One goal of a subnet is to split a large network into a grouping of smaller, interconnected networks to help minimize traffic.

Route Table

Route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

Internet Gateway

Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

An internet gateway supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic.

EC2

Elastic Block Store (EBS) is an easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale. A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

Key Pairs and Security Group

Key pair, consisting of a private key and a public key, is a set of security credentials that you use to prove your identity when connecting to an instance. Amazon EC2 stores the public key, and you store the private key. You use the private key, instead of a password, to securely access your instances.

Security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. … If you don’t specify a security group, Amazon EC2 uses the default security group.

  • What is terraform?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.

Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.

The infrastructure Terraform can manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc.

The key features of Terraform are

  1. Execution Plans
  2. Infrastructure as Code
  3. Change Automation
  4. Resource Graph

* Solution

  1. Creating VPC.
# — Creating vpcresource “aws_vpc” “ak-vpc” {
 cidr_block = “192.168.0.0/16”
 instance_tenancy = “default”
 enable_dns_hostnames = “true”tags = {
 Name = “ak-vpc”
 }
}

192.168.0.0/16: Ranges between 192.168.0.0 and 192.168.255.255 with 65,534 possible hosts.This means almost 65,520 instances can be launched under this vpc.

VPC

2. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to this VPC.

# — Creating internet-gatewayresource “aws_internet_gateway” “ak-igw” {
 vpc_id = “${aws_vpc.ak-vpc.id}”tags = {
 Name = “ak-igw”
 }
}

Moreover, nothing to explain.

Internet Gateway

3. In this VPC creating 2 subnets:

a) public subnet [ Accessible for Public World! ]

b) private subnet [ Restricted for Public World! ].

# — Creating subnetdata “aws_availability_zones” “zones” {
 state = “available”
}# — Creating public subnetresource ”aws_subnet” “public-subnet-1a” {
 availability_zone = “${data.aws_availability_zones.zones.names[0]}”
 cidr_block = “192.168.0.0/24”
 vpc_id = “${aws_vpc.ak-vpc.id}”
 map_public_ip_on_launch = “true”
 
 tags = {
 Name = “public-subnet-1a”
 }
}# — Creating private subnetresource ”aws_subnet” “private-subnet-1b” {
 availability_zone = “${data.aws_availability_zones.zones.names[1]}”
 cidr_block = “192.168.1.0/24”
 vpc_id = “${aws_vpc.ak-vpc.id}”tags = {
 Name = “private-subnet-1b”
 }
}

192.168.0.0/24: Ranges between 192.168.0.0 and 192.168.0.255 with 254 possible hosts.

Here, data “aws_availability_zones” means getting all the available zones under our region(ap-south-1). For “0” means “ap-south-1a” subnet and “1” means “ap-south-1b” subnet.

Public and Private subnet

4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

# — Create route tableresource “aws_route_table” “ak-route-igw” {
 vpc_id = “${aws_vpc.ak-vpc.id}”route {
 cidr_block = “0.0.0.0/0”
 gateway_id = “${aws_internet_gateway.ak-igw.id}”
 }
 
 tags = {
 Name = “ak-route-igw”
 }
}

Simple as cutting your nails.

Now, updating it to the public subnet.

# — Subnet Associationresource “aws_route_table_association” “subnet-1a-asso” {
 subnet_id = “${aws_subnet.public-subnet-1a.id}”
 route_table_id = “${aws_route_table.ak-route-igw.id}”
}
Route Table

5. Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in private subnet so that our WordPress VM can connect with the same.

Also, attach the key with the same.

  • Creating a key pair.
# — Creating Key Pairs for mySqlresource “tls_private_key” “key4” {
 algorithm = “RSA”
 rsa_bits = 4096
}resource “local_file” “key5” {
 content = “${tls_private_key.key4.private_key_pem}”
 filename = “mysql_key.pem”
 file_permission = 0400
}resource “aws_key_pair” “key6” {
 key_name = “mysql_key”
 public_key = “${tls_private_key.key4.public_key_openssh}”
}
  • Creating security groups.
# — Creating Security Groups for mySqlresource “aws_security_group” “sg-db” {
 depends_on = [
 aws_security_group.sg-wp,
 ]
 name = “mySql-sg”
 description = “Allow TLS inbound traffic”
 vpc_id = “${aws_vpc.ak-vpc.id}”ingress {
 description = “MYSQL/Aurora”
 from_port = 3306
 to_port = 3306
 protocol = “tcp”
 security_groups = [ “${aws_security_group.sg-wp.id}” ]
 }egress {
 from_port = 0
 to_port = 0
 protocol = “-1”
 cidr_blocks = [“0.0.0.0/0”]
 }tags = {
 Name = “mySql-sg”
 }
}

Here, security_groups = [ “${aws_security_group.sg-wp.id}” ] means that security group of MySql will only allow to Wordpress instance to connect securely in the private space.

Allowing only MySql port 3306 and ssh 22.

  • Launching instance.
# — Creatig Ec2 instance for mySqlresource “aws_instance” “database_server” {
 ami = “ami-08706cb5f68222d09”
 subnet_id = “${aws_subnet.private-subnet-1b.id}”
 availability_zone = “${data.aws_availability_zones.zones.names[1]}”
 instance_type = “t2.micro”
 root_block_device {
 volume_type = “gp2”
 delete_on_termination = true
 }
 key_name = “${aws_key_pair.key6.key_name}”
 vpc_security_group_ids = [ “${aws_security_group.sg-db.id}” ]
 
 tags = {
 Name = “MySql”
 }
}

Successfully, launching MySql instance in the private subnet without any public IP and DNS hostname.

MySql

6. Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.

Also, attach the key to an instance for further login into it.

  • Creating a key pair.
# — Creating Key Pairs for wordpressresource “tls_private_key” “key1” {
 algorithm = “RSA”
 rsa_bits = 4096
}resource “local_file” “key2” {
 content = “${tls_private_key.key1.private_key_pem}”
 filename = “wordpress_key.pem”
 file_permission = 0400
}resource “aws_key_pair” “key3” {
 key_name = “wordpress_key”
 public_key = “${tls_private_key.key1.public_key_openssh}”
}
  • Creating a security group.
# — Creating Security Groups for wordpressresource “aws_security_group” “sg-wp” {
 name = “wordpress-sg”
 description = “Allow TLS inbound traffic”
 vpc_id = “${aws_vpc.ak-vpc.id}”ingress {
 description = “SSH”
 from_port = 22
 to_port = 22
 protocol = “tcp”
 cidr_blocks = [ “0.0.0.0/0” ]
 }ingress {
 description = “HTTP”
 from_port = 80
 to_port = 80
 protocol = “tcp”
 cidr_blocks = [ “0.0.0.0/0” ]
 }egress {
 from_port = 0
 to_port = 0
 protocol = “-1”
 cidr_blocks = [“0.0.0.0/0”]
 }tags = {
 Name = “wordpress-sg”
 }
}

Allowing only port 80 and ssh port 22.

  • Launching instance.
# — Creating Ec2 instance for wordpressresource “aws_instance” “web_server” {
 depends_on = [
 aws_instance.database_server,
 ]
 
 ami = “ami-004a955bfb611bf13”
 subnet_id = “${aws_subnet.public-subnet-1a.id}”
 availability_zone = “${data.aws_availability_zones.zones.names[0]}”
 instance_type = “t2.micro”
 root_block_device {
 volume_type = “gp2”
 delete_on_termination = true
 }
 key_name = “${aws_key_pair.key3.key_name}”
 vpc_security_group_ids = [ “${aws_security_group.sg-wp.id}” ]
 associate_public_ip_address = true
 
 tags = {
 Name = “Wordpress”
 }
}

Successfully, launched on public subnet having public IP and DNS hostname.

WordPress

*For running all the above commands or running any desired setup

terraform init
# to install desired plugins for that provider used.
Note/- Use the above command only once after creating the codeterraform validate 
# to check any error in the code.terraform plan 
# to see what you are going to create.terraform apply
# to run the code or whole infrastructure at once.terraform destroy
# to destroy whole infrastructure at once.

* Final Outcome

WordPress site

For whole code refer to my Github

Akashdeep-47/cloud_task3

Launching Wordpress and MySql in public and private subnet under our own VPC Amazon web service is a platform that…

github.com

Thanks for reading!!

A warm welcome for claps and suggestions.

Vpc
Subnet
Internet Gateway
Route Table
Ec2

--

--

Akashdeep Gupta
Analytics Vidhya

Written by Akashdeep Gupta

5 Followers
Writer for

Teams