Launching a VPC with Public & Private subnet in AWS using Terraform!

Prerequisite for this Pipeline to Implement

  • Some knowledge of AWS & Github.
  • It would be a plus point for you if you are having the knowledge of JSON, because, in this Pipeline, HCL (Hashi Configuration Language) has been used which is the native language for Terraform, & it is very similar to JSON.

Explanation of Terraform

Terraform works on declarative language, i.e. we just have to tell it what has to be done, it will automatically look into the situation & do that thing for us.

Terraform is intelligent because of the plugins for each of the providers it has, using them as API, it can interact with any of its providers.

List of steps in the Pipeline

  1. Create a Provider for AWS.
  2. Create an AWS key pair.
  3. Create a VPC (Virtual Private Cloud in AWS).
  4. Create a Public Subnet with auto public IP Assignment enabled in custom VPC.
  5. Create a Private Subnet in customer VPC.
  6. Create an Internet Gateway for Instances in the public subnet to access the Internet.
  7. Create a routing table consisting of the information of Internet Gateway.
  8. Associate the routing table to the Public Subnet to provide the Internet Gateway address.
  9. Create a Security Group for the WordPress instance, so that anyone in the outside world can access the instance by SSH.
  10. Create a Security Group for Mysql instance which allows database access to only those instances who are having the WordPress security group created in step 9.
  11. Creating a Security Group for the Bastion Host which allows anyone in the outside world to access the Bastion Host by SSH.
  12. Creating a Security Group for the MySQL Instance which allows only bastion host to connect & do the updates.
  13. Launch a Webserver Instance hosting WordPress in it.
  14. Launch a MySQL instance.
  15. Launch a Bastion Host.
  16. Remote access to bastion host & from there access MySQL remotely and perform configuration.
  17. Remote access to WordPress and perform some configuration.

Code of the End-to-End Pipeline

Step 1: Creating a Provider for AWS!

Sample Code to create a provider for the Terraform!

Step 2: Creating an AWS keypair!

Code to create a Key Pair!
Key Pair created in AWS! [Image by Author]

Step 3: Create a VPC (Virtual Private Cloud in AWS)!

Code to create a VPC!
Custom VPC created in AWS! [Image by Author]

Step 4: Create a Public Subnet with auto public IP Assignment enabled in custom VPC!

Code to create Public Subnet!
Public Subnet created in AWS! [Image by Author]

Step 5: Create a Private Subnet in custom VPC!

Code to create the Private subnet!
Private subnet created! [Image by Author]

Step 6: Creating an Internet Gateway!

Code to create Internet Gateway!
Internet Gateway is created in AWS! [Image by Author]

Step 7: Create a routing table for Internet Gateway!

Code to create the route-table!
Route Table created in AWS! [Image by Author]
Code to associate the routing table to the Subnet!
Route Table Associated to Subnet! [Image by Author]

Step 9: Create a Security Group for the WordPress instance!

Code to create the Security Group for the WordPress!
Security group created! [Image by Author]

Step 10: Create a Security Group for Mysql instance!

Code to create a security group for MySQL!
Security group created at AWS! [Image by Author]

Step 11: Creating a Security Group for the Bastion Host!

Code to create the security group for Bastion Host!
Bastion Host Security Group Created! [Image by Author]

Step 12: Creating a Security Group for the MySQL Instance which allows only bastion host to connect & do the updates!

Code to create the MySQL Bastion Host Security Group!
SG created at AWS! [Image by Author]

Step 13: Launching a Webserver Instance hosting WordPress in it in public subnet!

Code to launch a WordPress Instance by the support of Apache Webserver!
Instance created at AWS! [Image by Author]

Step 14: Launching a MySQL instance in the private subnet!

Code to launch the MySQL instance!
Instance created at AWS! [Image by Author]

Step 15: Launching a Bastion Host instance in the public subnet!

Code to launch a Bastion Host!
Instance created at AWS! [Image by Author]

Step 16: Remote access to the bastion host, from there access MySQL remotely, & perform some configuration!

ssh -i <Bastion host login Key Path> <username>@<IP of the bastion Host>Note: Generally username of the amazon linux 2 is ec2-user
scp -i <MySQL Login key pair path> <path of file to copy> <Path where to copy>Note: The path where you copying the file should be accessible by the user. In my case command looks like this:cp -i MyKeyFinal.pem MyKeyFinal.pem ec2-user@<Bastion host IP>:/home/ec2-user/
grant all privileges on wordpress.* to "wordpressUser"@"%" identified by "wordpressPassword";Note: This command will set the username & passowrd for WordPress as "wordpressUser" & "wordpressPassword" respectively.
service mysqld start
chkconfig mysqld on
Note: The above will work in centos version <= 7 or any other equivalent Linux flavor. If any other version is used, then in some of them like RHEL 8, Amazon Linux 2, systemctl command will work.

Step 17: Remote access to WordPress and perform some final configuration to complete the setup!

cd /var/www/html/wordpress/
Fields edited in the Wordpress File!
mv wp-config-sample.php wp-config.php
systemctl restart httpd
WordPress setup Page! [Image by Author]

If the code shown till here is combined in one single file and been executed then it becomes the complete infrastructure as a code (IAAC).

Important Commands & Facts to run this code!

  • You should have Terraform installed in your system!
  • After copying this code in a file, save that file with the “.tf” extension.
  • Run “terraform init” command.
  • Then run “terraform apply” to create your complete infrastructure!
  • Finally, when your work is completed, destroy your environment with the command “terraform destroy”.

--

--

Get the Medium app