Auto Creating Web portal on Cloud by creating VPC and configuring it for better security.

5 min readJul 16, 2020

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.

What is EC2?

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment.

What is VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Problem Statement…

We have to create a web portal for our company with all the security as much as possible. So, we use Wordpress software with dedicated database server. Database should not be accessible from the outside world for security purposes. We only need to public the WordPress to clients.

1) Write a Infrastructure as code using Terraform, which automatically creates a VPC.

2) In that VPC we have to create 2 subnets: a- public subnet b-private subnet

3) Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5) Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.

Also, attach the key to the instance for further login into it.

6) Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. We will add auto IP assign and auto DNS name assignment options to be enabled.

Here the Task starts..

First we have to make one folder in which we have to init the terraform.

Open a notepad with file extension .tf

Inside the file first we have to write..

provider “aws” {
region = “ap-south-1”
profile = “testing”
}

2. Creating the VPC

resource "aws_vpc" "myvpc" {
  cidr_block       = "192.168.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = "true"
  tags = {
    Name = "abhivpc"
  }
}

3. Creating the subnets..

resource "aws_subnet" "publicSubnet" {
  vpc_id     = aws_vpc.myvpc.id
  cidr_block = "192.168.0.0/24"
  availability_zone = "ap-south-1a"
  map_public_ip_on_launch = "true"tags = {
    Name = "subnet1"
  }
}
resource "aws_subnet" "privateSubnet" {
  vpc_id     = aws_vpc.myvpc.id
  cidr_block = "192.168.1.0/24"
  availability_zone = "ap-south-1b"tags = {
    Name = "subnet2"
  }
}

4. Creation of internet gateway…

resource "aws_internet_gateway" "internetGateway" {
  vpc_id = aws_vpc.myvpc.idtags = {
    Name = "my_internetgateway"
  }
}

5. Creation of Routing Tables….

resource "aws_route_table" "routingTable" {
  vpc_id = aws_vpc.myvpc.idroute {
    
gateway_id = aws_internet_gateway.internetGateway.id
    cidr_block = "0.0.0.0/0"
  }tags = {
    Name = "myRoutingTable"
  }
}
resource "aws_route_table_association" "association" {
  subnet_id      = aws_subnet.publicSubnet.id
  route_table_id = aws_route_table.routingTable.id
}

6. Creation of security groups…

This is for wordpress

resource "aws_security_group" "wordpress_sg" {
  depends_on = [ aws_vpc.myvpc ]
  name        = "wordpress_sg"
  vpc_id      = aws_vpc.myvpc.idingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [ "0.0.0.0/0"]
  }ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = [ "0.0.0.0/0" ]
  }egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }tags = {
    Name = "wordpress_sg"
  }
}

And this is for mysql

resource "aws_security_group" "mysql_sg" {
  depends_on = [ aws_vpc.myvpc ]
  name        = "mysql_sg"
  vpc_id      = aws_vpc.myvpc.idingress {
    description = "MYSQL"
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    security_groups = [ aws_security_group.wordpress_sg.id ]
  }egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }tags = {
    Name = "mysql_sg"
  }
}

7. Creation of instances for wordpress and mysql and final open in chrome browser.

resource "aws_instance" "wordpress_os" {
  ami= "ami-7e257211"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.publicSubnet.id
  vpc_security_group_ids = [ aws_security_group.wordpress_sg.id ]
  key_name = "mykeys"
tags = {
    Name = "wordpress"
    }
}
resource "aws_instance" "database" {
  ami= "ami-0447a12f28fddb066"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.privateSubnet.id
  vpc_security_group_ids = [ aws_security_group.mysql_sg.id ]
  key_name = "mykeys"
tags = {
    Name = "database"
    }
}
resource "null_resource" "nulllocal1"  {
depends_on = [
    aws_instance.wordpress_os ,
    aws_instance.database ,
  ]
 provisioner "local-exec" {
     command = "start chrome  ${aws_instance.wordpress_os.public_ip}"
   }
}