Create our Personal VPC using NAT Gateway and Integrate it with EC2.
What is AWS?
Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud platform, offering over 175 fully featured services from data centers globally. Millions of customers — including the fastest-growing startups, largest enterprises, and leading government agencies — are using AWS to lower costs, become more agile, and innovate faster.
What is EC2?
Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows you to obtain and configure capacity with minimal friction. It provides you with complete control of your computing resources and lets you run on Amazon’s proven computing environment.
What is VPC?
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
What is NAT GATEWAY?
NAT Gateway is a highly available AWS managed service that makes it easy to connect to the Internet from instances within a private subnet in an Amazon Virtual Private Cloud (Amazon VPC). Previously, you needed to launch a NAT instance to enable NAT for instances in a private subnet.
What is EIP?
An Elastic IP address is a reserved public IP address that you can assign to any EC2 instance in a particular region, until you choose to release it. To allocate an Elastic IP address to your account in a particular region, see Allocating an Elastic IP Address.
Problem Statement……
1. Write an Infrastructure as code using terraform, which automatically create a VPC.
2. In that VPC we have to create 2 subnets, a- public subnet [ Accessible for Public World! ] b- private subnet [ Restricted for Public World! ]
3. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.
4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.
5. Create a NAT gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network
6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet
7. Launch an ec2 instance which has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to the instance for further login into it.
8. Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.
Here the Task begins….
- First we have to make one folder in which we have to init the terraform.
Open a notepad with file extension .tf
Inside the file first we have to write..
provider “aws” {
region = “ap-south-1”
profile = “testing”
}
2. Creating the VPC
resource “aws_vpc” “my_new_vpc” {
cidr_block = “192.168.0.0/16”
instance_tenancy = “default”
enable_dns_hostnames = “true”
tags = {
Name = “myvpc”
}
}
3. Creating the subnets..
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.my_new_vpc.id
cidr_block = "192.168.0.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = "true"tags = {
Name = "subnet1public"
}
}resource "aws_subnet" "private_subnet" {
vpc_id = aws_vpc.my_new_vpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"tags = {
Name = "subnet2private"
}
}
4. Creation of internet gateway…
resource "aws_internet_gateway" "internet_gateway" {
vpc_id = aws_vpc.my_new_vpc.idtags = {
Name = "my_internetgateway"
}
}
5. Creation of EIP…
resource "aws_eip" "tf_eip" {
depends_on = [ aws_instance.wordpress_os , aws_instance.database , aws_instance.bastionhost ]
vpc = true
}
6. Creation of NAT Gateway..
resource "aws_nat_gateway" "nat_gateway" {
depends_on = [ aws_eip.tf_eip ]
allocation_id = aws_eip.tf_eip.id
subnet_id = aws_subnet.public_subnet.idtags = {
Name = "my_Nat_gateway"
}
}
7. Creation of Routing Tables….
resource "aws_route_table" "route_table" {
vpc_id = aws_vpc.my_new_vpc.idroute {
gateway_id = aws_internet_gateway.internet_gateway.id
cidr_block = "0.0.0.0/0"
}tags = {
Name = "my_rt2"
}
}resource "aws_route_table_association" "association" {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.route_table.id
}
resource "aws_route_table" "nat_route_table" {
depends_on = [ aws_nat_gateway.nat_gateway ]
vpc_id = aws_vpc.my_new_vpc.id
route {
gateway_id = aws_nat_gateway.nat_gateway.id
cidr_block = "0.0.0.0/0"
}
tags = {
Name = "my_nat_route_table"
}
}resource "aws_route_table_association" "association2" {
depends_on = [ aws_route_table.nat_route_table ]
subnet_id = aws_subnet.private_subnet.id
route_table_id = aws_route_table.nat_route_table.id
}
8. Creation of security groups…
resource "aws_security_group" "mysql_sg" {
depends_on = [ aws_vpc.my_new_vpc ]
name = "mysql_sg"
vpc_id = aws_vpc.my_new_vpc.idingress {
description = "MYSQL"
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [ aws_security_group.wp_sg.id ]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}tags = {
Name = "mysql_sg"
}
}
resource "aws_security_group" "bh_sg" {
depends_on = [ aws_vpc.my_new_vpc ]
name = "bh_sg"
vpc_id = aws_vpc.my_new_vpc.idingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0"]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}tags = {
Name = "bh_sg"
}
}
resource "aws_security_group" "wp_sg" {
depends_on = [ aws_vpc.my_new_vpc ]
name = "wpos_sg"
vpc_id = aws_vpc.my_new_vpc.idingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0"]
}ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}ingress {
description = "ICMP"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}tags = {
Name = "wpos_sg"
}
}
Output of the following code….
After Saving the file first we have to run this cmd…..
Then ,
terraform apply — auto-appprove
And for destroy all the setup we use this…
terraform destroy — auto-approve