{{category.text}}
{{section.heading.text}}
Mohamed Labouardy

@mlabouardy

Manage AWS VPC as Infrastructure as Code with Terraform

October 27th 2017

In this tutorial, I will show you how to setup a VPC as described in the network diagram below in less than 1 min using Terraform:

The VPC topology above is the best demonstration of what will be implemented:

  • The private subnet is inaccessible to the internet (both in and out)
  • The public subnet is accessible and all traffic (0.0.0.0/0) is routed directly to the internet Gateway

Before we dive in, all the code used in this demo is available at my Github.

Note: I already did a tutorial on how to get started with Terraform so make sure to read it for more details.

1 — Global variables

This file contains environment specific configuration like region name, CIDR blocks, and AWS credentials …

2 — Configure the AWS provider

3 — Create a VPC

4 — Create Subnets

To make the public subnet addressable by the Internet, we need an Internet Gateway:

5 — Internet Gateway

To allow traffics from the public subnet to the internet throught the NAT Gateway, we need to create a new Route Table.

6 — Route Table

Next, we will create a security group for each subnet.

7 — Security Groups

7 .1 — WebServer SG

This Security Group allows HTTP/HTTPS and SSH connections from anywhere.

7.2 — Database SG

This Security Group enable MySQL 3306 port, ping and SSH only from the public subnet.

Now we will deploy the EC2 instances, but before that we need to create a key pair in order to connect later to the instances via SSH.

8 — Key Pair

9 — EC2 Instances

9.1 — WebServer Instance

This instance will play the role of a webserver. Therefore, we pass to the instance userdata a shell script install.sh which contains commands to install an Apache Server:

9.2 — Database Instance

Once you’ve defined all the required templates, make sure to set the AWS credentials variables as an envrionment variables:

|export AWS_ACCESS_KEY_ID=”YOUR ACCESS KEY ID”
|export AWS_SECRET_ACCESS_KEY=”YOUR SECRET ACCESS KEY”

Note: You can always use your root user which has access permission to everything, but for security perspective, its recommended to use only a limited permissions user account. So create a new one using AWS IAM.

To see how terraform plans to create the resources type “terraform plan“. To create the infrastructure type “terraform apply“:

That will bring up the VPC, and all the necessary resources. Now in your AWS Management Console you should see the resources created:

If you click on the “Subnets” menu, you should see the public & private subnets:

The same goes for the Route Tables:

And the Internet Gateway:

Security Groups also:

WebServer Security group:

Database Security Group:

And finally the EC2 Instances:

WebServer Instance:

Database Instance:

Don’t forget to destroy the resources if they are not needed by typing “terraform destroy“:

Terraform Aws Infrastructure Iac Vpc

More by Mohamed Labouardy
Add new users to EC2 and give SSH Key access
Deployment
Building an Alexa-Based GitHub Follower Counter
Aws
Architecting a Highly Scalable Golang API with Docker Swarm & Traefik
Docker
Attach an IAM Role to an EC2 Instance with CloudFormation
Aws
AWS CloudWatch Monitoring with Grafana
Aws
AWS Events Analysis with ELK
Aws
Topics of interest

More Related Stories
An in-depth look at 100% Zero Downtime deployments with Terraform | Checkly
Terraform
10 disruptive DevOps trends of 2018
Docker
19/01/2018: Biggest Stories in the Cryptosphere
Infrastructure
Demystified: 5 Myths of DevOps Services
Devops
Manage AWS VPC as Infrastructure as Code with Terraform
Terraform
Help About Start Writing Sponsor: Brand-as-Author Sitewide Billboard
Contact Us Privacy Terms