Manage AWS VPC as Infrastructure as Code with Terraform by@mlabouardy

Manage AWS VPC as Infrastructure as Code with Terraform

October 27th 2017 25,503 reads
Read on Terminal Reader
react to story with heart
react to story with light
react to story with boat
react to story with money
image
Mohamed Labouardy HackerNoon profile picture

Mohamed Labouardy

image

In this tutorial, I will show you how to setup a VPC as described in the network diagram below in less than 1 min using Terraform:

image

The VPC topology above is the best demonstration of what will be implemented:

  • The private subnet is inaccessible to the internet (both in and out)
  • The public subnet is accessible and all traffic (0.0.0.0/0) is routed directly to the internet Gateway

Before we dive in, all the code used in this demo is available at my Github.

Note: I already did a tutorial on how to get started with Terraform so make sure to read it for more details.

1 — Global variables

This file contains environment specific configuration like region name, CIDR blocks, and AWS credentials …

2 — Configure the AWS provider

3 — Create a VPC

4 — Create Subnets

To make the public subnet addressable by the Internet, we need an Internet Gateway:

5 — Internet Gateway

To allow traffics from the public subnet to the internet throught the NAT Gateway, we need to create a new Route Table.

6 — Route Table

Next, we will create a security group for each subnet.

7 — Security Groups

7 .1 — WebServer SG

This Security Group allows HTTP/HTTPS and SSH connections from anywhere.

7.2 — Database SG

This Security Group enable MySQL 3306 port, ping and SSH only from the public subnet.

Now we will deploy the EC2 instances, but before that we need to create a key pair in order to connect later to the instances via SSH.

8 — Key Pair

9 — EC2 Instances

9.1 — WebServer Instance

This instance will play the role of a webserver. Therefore, we pass to the instance userdata a shell script install.sh which contains commands to install an Apache Server:

9.2 — Database Instance

Once you’ve defined all the required templates, make sure to set the AWS credentials variables as an envrionment variables:


|export AWS_ACCESS_KEY_ID=”YOUR ACCESS KEY ID”|export AWS_SECRET_ACCESS_KEY=”YOUR SECRET ACCESS KEY”

Note: You can always use your root user which has access permission to everything, but for security perspective, its recommended to use only a limited permissions user account. So create a new one using AWS IAM.

To see how terraform plans to create the resources type “terraform plan“. To create the infrastructure type “terraform apply“:

image

That will bring up the VPC, and all the necessary resources. Now in your AWS Management Console you should see the resources created:

image

If you click on the “Subnets” menu, you should see the public & private subnets:

image

The same goes for the Route Tables:

image

And the Internet Gateway:

image

Security Groups also:

image

WebServer Security group:

image

Database Security Group:

image

And finally the EC2 Instances:

image

WebServer Instance:

image

Database Instance:

image

Don’t forget to destroy the resources if they are not needed by typing “terraform destroy“:

image

react to story with heart
react to story with light
react to story with boat
react to story with money
L O A D I N G
. . . comments & more!