Launching a VPC with Public & Private subnet in AWS using Terraform!

This blog will guide you to create a VPC &2 subnets in it, one is public & another one is private. Then WordPress ec2 instance will be created in the public subnet, & a MySQL instance in the Private subnet. The MySQL instance will only allow the WordPress instance to connect and that too only for the database. Therefore to do any updates in the MySQL instance, one more ec2 instance known as Bastion Host or Jump Box will be created to access the MySQL instance. Multiple Security groups are also created in this complete process to provide optimal security!

Image for post
Image for post

Prerequisite for this Pipeline to Implement

Explanation of Terraform

Terraform works on declarative language, i.e. we just have to tell it what has to be done, it will automatically look into the situation & do that thing for us.

Terraform is intelligent because of the plugins for each of the providers it has, using them as API, it can interact with any of its providers.

List of steps in the Pipeline

Code of the End-to-End Pipeline

Step 1: Creating a Provider for AWS!

Sample Code to create a provider for the Terraform!

Step 2: Creating an AWS keypair!

Code to create a Key Pair!
Image for post
Image for post
Key Pair created in AWS! [Image by Author]

Step 3: Create a VPC (Virtual Private Cloud in AWS)!

Code to create a VPC!
Image for post
Image for post
Custom VPC created in AWS! [Image by Author]

Step 4: Create a Public Subnet with auto public IP Assignment enabled in custom VPC!

Code to create Public Subnet!
Image for post
Image for post
Public Subnet created in AWS! [Image by Author]

Step 5: Create a Private Subnet in customer VPC!

Code to create the Private subnet!
Image for post
Image for post
Private subnet created! [Image by Author]

Step 6: Creating an Internet Gateway!

Code to create Internet Gateway!
Image for post
Image for post
Internet Gateway is created in AWS! [Image by Author]

Step 7: Create a routing table for Internet Gateway!

Code to create the route-table!
Image for post
Image for post
Route Table created in AWS! [Image by Author]
Code to associate the routing table to the Subnet!
Image for post
Image for post
Route Table Associated to Subnet! [Image by Author]

Step 9: Create a Security Group for the WordPress instance!

Code to create the Security Group for the WordPress!
Image for post
Image for post
Security group created! [Image by Author]

Step 10: Create a Security Group for Mysql instance!

Code to create a security group for MySQL!
Image for post
Image for post
Security group created at AWS! [Image by Author]

Step 11: Creating a Security Group for the Bastion Host!

Code to create the security group for Bastion Host!
Image for post
Image for post
Bastion Host Security Group Created! [Image by Author]

Step 12: Creating a Security Group for the MySQL Instance which allows only bastion host to connect & do the updates!

Code to create the MySQL Bastion Host Security Group!
Image for post
Image for post
SG created at AWS! [Image by Author]

Step 13: Launching a Webserver Instance hosting WordPress in it in public subnet!

Code to launch a WordPress Instance by the support of Apache Webserver!
Image for post
Image for post
Instance created at AWS! [Image by Author]

Step 14: Launching a MySQL instance in the private subnet!

Code to launch the MySQL instance!
Image for post
Image for post
Instance created at AWS! [Image by Author]

Step 15: Launching a Bastion Host instance in the public subnet!

Code to launch a Bastion Host!
Image for post
Image for post
Instance created at AWS! [Image by Author]

Step 16: Remote access to the bastion host, from there access MySQL remotely, & perform some configuration!

ssh -i <Bastion host login Key Path> <username>@<IP of the bastion Host>Note: Generally username of the amazon linux 2 is ec2-user
scp -i <MySQL Login key pair path> <path of file to copy> <Path where to copy>Note: The path where you copying the file should be accessible by the user. In my case command looks like this:cp -i MyKeyFinal.pem MyKeyFinal.pem ec2-user@<Bastion host IP>:/home/ec2-user/
grant all privileges on wordpress.* to "wordpressUser"@"%" identified by "wordpressPassword";Note: This command will set the username & passowrd for WordPress as "wordpressUser" & "wordpressPassword" respectively.
service mysqld start
chkconfig mysqld on
Note: The above will work in centos version <= 7 or any other equivalent Linux flavor. If any other version is used, then in some of them like RHEL 8, Amazon Linux 2, systemctl command will work.

Step 17: Remote access to WordPress and perform some final configuration to complete the setup!

cd /var/www/html/wordpress/
Image for post
Image for post
Fields edited in the Wordpress File!
mv wp-config-sample.php wp-config.php
systemctl restart httpd
Image for post
Image for post
WordPress setup Page! [Image by Author]

If the code shown till here is combined in one single file and been executed then it becomes the complete infrastructure as a code (IAAC).

Important Commands & Facts to run this code!

Written by

Big Data Enthusiast, have a demonstrated history of delivering large and complex projects. Interested in working in the field of AI and Data Science.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store