Create VPC and Deploy Public WordPress Server with Private Database Server using Terraform.
Problem Statement: We have to create a web portal for our company with all the security as much as possible. So, we use the WordPress software with a dedicated database server. The database should not be accessible from the outside world for security purposes. We only need the public WordPress for clients.
So here are the steps for proper understanding!
Steps:
1) Write an Infrastructure as code using Terraform, which automatically creates a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with the public subnet.
5) Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.
Also, attach the key to an instance for further login into it.
6) Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same.
Also, attach the key with the same.
Note: WordPress instance has to be part of the public subnet so that our client can connect our site. MySQL instance has to be part of a private subnet so that the outside world can't connect to it. Don't forget to add auto IP assign and auto DNS name assignment options to be enabled. Try each step first manually and write Terraform code.
PRE-REQUISITES AND INSTALLATION PART:
- An account on AWS.
- IAM User with Admin Access.if don't want to about IAM user then follow the IAM part of this Article.
- AWS CLI installed and configured. to install AWS CLI, follow this URL.
- Terraform installed. to install terraform, follow this URL.
- Knowledge of AWS VPC, Security Groups, Subnets, etc.
FlowChart of Given Problem Statement:
Virtual Private Cloud (VPC): Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
PRACTICAL PART: To perform this task we follow these given instructions step by step.
Step 1: To start with terraform to create a complete Infrastructure, first we have to give AWS credentials:
provider "aws" {
region = "ap-south-1"
access_key = "your_access_key"
secret_key = "your_secret_key"
profile = "sachin"
}
Use this command to run the above file and initialize the plugins.
Step 2: Create VPC using terraform.
resource "aws_vpc" "skvpc" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = "true"
tags = {
Name = "skvpc"
}
}
Output:
Subnet: A portion of a network that shares a common address component. On TCP/IP networks, subnets are defined as all devices whose IP Addresses have the same prefix. For example, all devices with IP addresses that start with 100.100.100. would be part of the same subnet. Dividing a network into subnets is useful for both security and performance reasons. IP networks are divided using a subnet mask. if you want more about subnet then visit this URL.
Public Subnet: A public subnet is a subnet that's associated with a Route table that has a route to an internet gateway from where the outside world can connect to the Subnet.
Step 3: Creating Public Subnet using terraform:
resource "aws_subnet" "sksubnet1-1a" {
vpc_id = aws_vpc.skvpc.id
cidr_block = "192.168.0.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = "true"
tags = {
Name = "sksubnet1-1a"
}
}
Private Subnet: A private subnet is that where there is no association of subnet to the routing table. They don't know about the Internet Gateway, that's the reason no one can connect from the outside world to this Subnet.
Step 4: Create Private Subnet using terraform.
resource "aws_subnet" "sksubnet2-1b" {
vpc_id = aws_vpc.skvpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"
tags = {
Name = "sksubnet2-1b"
}
}
Output:
Internet Gateway: Internet Gateway is simply a physical place where the data stops for either transporting or reading/using. (A computer or modem is a node; a computer cable isn't.) Here are a few node notes:
- On the Internet, the node that's a stopping point can be a gateway or a host node.
- A computer that controls the traffic your Internet Service Provider (ISP) receives is a node.
Step 5: Create an Internet Gateway using terraform.
resource "aws_internet_gateway" "sk-internet-gateway" {
vpc_id = aws_vpc.skvpc.id
tags = {
Name = "sk-internet-gateway"
}
}
Routing Table: A Route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
Step 6: Create a Routing Table using terraform code.
resource "aws_route_table" "sk-route" {
vpc_id = aws_vpc.skvpc.id
route {
gateway_id = aws_internet_gateway.sk-internet-gateway.id
cidr_block = "0.0.0.0/0"
}
tags = {
Name = "sk-route"
}
}
Output:
Routing Table Association: Provides a resource to create an association between a Route table and a subnet or a Route table and an internet gateway or virtual private gateway.
Step 7: Create a Routing Table Association using terraform code.
resource "aws_route_table_association" "sk-route-table" {
subnet_id = aws_subnet.sksubnet1-1a.id
route_table_id = aws_route_table.sk-route.id
}
Output:
Security Groups: A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.
Step 8: Create a WordPress Security Group using terraform.
resource "aws_security_group" "sg1" {
depends_on = [ aws_vpc.skvpc ]
name = "wpos_sg"
vpc_id = aws_vpc.skvpc.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
egress {
from_port = 0
to_port = 0
Creation of WordPress Security Group using terraform protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "wpos_sg"
}
}
Step 9: Create a Database Security Groups using terraform.
resource "aws_security_group" "sg2" {
depends_on = [ aws_vpc.skvpc ]
name = "mysql_sg"
vpc_id = aws_vpc.skvpc.id
ingress {
description = "MYSQL"
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [ aws_security_group.sg1.id ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "mysql_sg"
}
}
Output:
Step 10: Create a WordPress Instance with Public Subnet using terraform.
resource "aws_instance" "wordpress_os" {
ami = "ami-000cbce3e1b899ebd"
instance_type = "t2.micro"
subnet_id = aws_subnet.sksubnet1-1a.id
vpc_security_group_ids = [ aws_security_group.sg1.id ]
key_name = "eks"
tags = {
Name = "wordpress"
}
}
Output:
Step 11: Create a Database Instance with Private Subnet using terraform.
resource "aws_instance" "database" {
ami = "ami-0019ac6129392a0f2"
instance_type = "t2.micro"
subnet_id = aws_subnet.sksubnet2-1b.id
vpc_security_group_ids = [ aws_security_group.sg2.id ]
key_name = "eks"
tags = {
Name = "database"
}
}
Output:
Here we give the instance Id of WordPress which was launched with Public Subnet. then you will get this type of result.
We can destroy the complete infrastructure in one-click.
This is my GitHub Link. if you face any difficulty in the above steps then you can visit this link and take help from this code.
thank you for reading...