In this tutorial, I will show you how to setup a as described in the network diagram below in less than using : VPC 1 min Terraform The topology above is the best demonstration of what will be implemented: VPC The is inaccessible to the internet (both in and out) private subnet The is accessible and all traffic (0.0.0.0/0) is routed directly to the public subnet internet Gateway Before we dive in, all the code used in this demo is available at my . Github Note: I already did a on how to get started with so make sure to read it for more details. tutorial Terraform 1 — Global variables This file contains environment specific configuration like region name, CIDR blocks, and AWS credentials … 2 — Configure the AWS provider 3 — Create a VPC 4 — Create Subnets To make the addressable by the , we need an : public subnet Internet Internet Gateway 5 — Internet Gateway To allow traffics from the to the internet throught the , we need to create a new . public subnet NAT Gateway Route Table 6 — Route Table Next, we will create a security group for each subnet. 7 — Security Groups 7 .1 — WebServer SG This allows and connections from . Security Group HTTP/HTTPS SSH anywhere 7.2 — Database SG This enable port, and only from the . Security Group MySQL 3306 ping SSH public subnet Now we will deploy the instances, but before that we need to create a in order to connect later to the instances via . EC2 key pair SSH 8 — Key Pair 9 — EC2 Instances 9.1 — WebServer Instance This instance will play the role of a Therefore, we pass to the instance a shell script which contains commands to install an : webserver. userdata install.sh Apache Server 9.2 — Database Instance Once you’ve defined all the required templates, make sure to set the variables as an : AWS credentials envrionment variables |export AWS_ACCESS_KEY_ID=”YOUR ACCESS KEY ID”|export AWS_SECRET_ACCESS_KEY=”YOUR SECRET ACCESS KEY” Note: You can always use your which has access permission to everything, but for security perspective, its recommended to use only a limited permissions user account. So create a new one using . root user AWS IAM To see how terraform plans to create the resources type “ “. To create the infrastructure type “ “: terraform plan terraform apply That will bring up the , and all the necessary resources. Now in your you should see the resources created: VPC AWS Management Console If you click on the “ ” menu, you should see the & : Subnets public private subnets The same goes for the : Route Tables And the : Internet Gateway also: Security Groups WebServer Security group: Database Security Group: And finally the EC2 Instances: WebServer Instance: Database Instance: Don’t forget to destroy the resources if they are not needed by typing “ “: terraform destroy