Task 4: NAT gateway | Outside connectivity to MySQL

In this task we have to do following activities:

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create 2 subnets:

  a ). public subnet [ Accessible for Public World! ] 

  b ). private subnet [ Restricted for Public World! ]

3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5. Create a Security Group in our created VPC in public subnet for wordpress instance which allow only HTTP port 80. So that only our clint can visit wordpress site and no one can do ssh to wordpress instance. Then our wordpress instance will be highly secure.

6. Create a Security Group in our created VPC in private subnet for MySQL DataBase instance which allow only TCP port 3306 and in source type we give wordpress security group id insted of all ip. So if any clint come to our wordpress site then wordpress connect to MySQL and get data. And no one can access our DataBase from public world. So our MySQL DataBase will be highly secure.

7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.

8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.

9. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network. First we create Elastic IP because for creating NAT gateway we have to allocate Elastic IP.

10. Create a route table and Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet.

// Step 9 and 10 for future use. Suppose if we want to go to MySQL instance and want to update something then there is no option for ssh in MySQL so we do step 9 and 10 which provide internate gateway to MySQL instance but still no one from public world can go inside.

11. We create bastion host from this instance we can login to MySQL instance before that we create 1 security group which has ssh port 22 and source IP anywhere. This SG we allocate to bastion host instance and one more security group which which has ssh port 22 and source IP of bastion host security group. This SG we allocate to MySQL instance. So that only those can login to MySQL who come from Bastion Host.

• AWS Configure:

The AWS CLI stores this information in a profile (a collection of settings) named default in the credentials file. By default, the information in this profileis used when you run an AWS CLI command that doesn't explicitly specify a profile to use

• After create the terraform file whose extension must be .tf and it create everything as mentioned avove:

>> Bpply create the resourses apply terraform init command to download required plugins:

>> Now apply terraform apply to create entire infrastructure:

1] VPC :

VPC is a network which keeps our infrastructure isolated from outside world known as virtual us a virtual space to create an infrastructure which looks like real. so other company can’t see what’s happening over here.

2]Create Subnet:

3]Internet Gateway

Now we create one Internet gateway. We create this gateway because all the traffic of VPC goes out and comes in using this internet gateway. We only attach one internet gateway to one VPC. Without the Internet getaway, we can’t connect to the outside world.

4]Rout Table and Rout Table Association

Now we create Route table. Route tables provide the path through which our packet travels from the private world to the public world and vice-versa.

Here we attach our route table to only subnet 1 because we make subnet 1 public and subnet 2 private

5] Creating Security Group For Wordpress and Launching Os in that same security group:

Here we create a security group for wordpress instance because without security group we can't assecc our instance.

6]Creating Security group for MySQL Database and launching Mysql os in that private security group:

Here we create a private secuurity group for MySQL instance because outside world can't access it.

>>Paste your WordPress DNS IP in browser to access the Wordpress

7]Nat gateway:

NAT gateway also known as Network Address Translation Gateway, is used to enable instance present in private subnet to help connect to the internet but prevent the internet from initiating a connection with those instances. Every NAT gateway has to be created in a specific reason or availability zone.

>>>Also adding routing table for nat gateway

8] Creating security group for bastionhost os and launching bastionhost os:

A bastion-host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally host a single application, for example a proxy server, and all other service are removed or limited to reduce the threat to the computer.

>>>>Now you can login to MySQL (For outside connectivity)by using bastion host os for that you have to need kye that you used at the time of launching . Copy that key to bastion host instance.

>>>> We used WinSCP software for copying the key into the bastion host os.

>>>> Here i used mykey1122.pem key so i have copied it to in my bastion host instance

>>>>Connect your bastion host os and check it

>>>>>Yes this kye is located in bastion host os now login to your MySQL os using this key and private ip of MySQL .

>>>>If your facing error in login then run this command chmod 400 <Key_Name.pem>

>>>>Now you can connect to outside world ,you can download any app,ping to google and many more.

Here I have download the MariaDB database just check for internet connectivity.

>>> Now by single command "terraform destroy" entire infrastructure is deleted.

Thank you for reading my article.I hope it will help you understand the whole task .If there is any improvement , then please suggest me.

GitHub:https://github.com/Nilesh1206/10th-july-task