AWS CLOUD INFRASTRUCTURE USING TERRAFORM-TASK HYBRID MULTI CLOUD

AIM AND THE STEPS IN THE TASK:

This is a modification of task-3 with an additional feature that is NAT Gateway to provide the internet access to instances running in the private subnet.

Performing the following steps:

1. Write an Infrastructure as code using Terraform, which automatically creates a VPC.

2. In that VPC we have to create 2 subnets:

  a) public subnet [ Accessible for Public World ] 

  b)  private subnet [ Restricted for Public World ]

3. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5. Create a NAT gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network.

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to the instance for further login into it.

8. Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our wordpress VM can connect with the same. Also, attach the key with the same.

Note: Wordpress instance has to be part of the public subnet so that our client can connect our site. MySQL instance has to be part of a private subnet so that the outside world can't connect to it. Add auto IP assign and auto DNS name assignment option to be enabled.

Write the Terraform code for the same.

Detailed Steps are there in the following article of task 3 :

Modifications to be done to the terraform code:

 1) Add Elastic IP and NAT Gateway:

2) Bastion Host Security Group:

3) Bastion Host Instance:

4) MariaDB-Bastion Host Security Group:

5) Updating MariaDB Security Group:

On running the code:

terraform init
terraform validate
terraform apply --auto-approve

Now follow the following steps:

We can see our 3 instances running on AWS

We can see that Wordpress isn't accessible since the Database isn't connected, using WordPress Public IP.

Connect to WordPress instance via SSH on the terminal and update DB_HOST_URL to the MariaDB instance's PrivateIP:3306 in the wp-config.php file.

Now restart httpd:

systemctl restart httpd

WordPress is successfully accessible now.

If you wish to access MariaDB instance ---> Login into the ec2-bastion host using WinSCP, key.ppk file, and public IP of instance:

Now after copying the key.pem file from the local system to the bastion host instance login into this instance via SSH. This key.pem file is the key to the MariaDB instance,

While inside this bastion-host instance, login into MariaDB instance.

We can see that the database is accessible via bastion host, how cool right!

That's all! Thank you.

Here's the link to my GitHub repository for this task:

https://github.com/TanyaChetnaVaish/Hybridtask4