Create AWS VPC with Public Subnet, Private Subnet, Internet Gateway and NAT Gateway then deploy WordPress and Database Server

Problem Statement: Perform task-3 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet.

Performing the following steps:

1. Write an Infrastructure as code using Terraform, which automatically creates a VPC.

2. In that VPC we have to create 2 subnets:

  1.  public subnet [ Accessible for Public World! ] 

  2.  private subnet [ Restricted for Public World! ]

3. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5. Create a NAT gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to an instance for further login into it.

8. Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.

Note: WordPress instance has to be part of the public subnet so that our client can connect our site. MySQL instance has to be part of a private subnet so that the outside world can't connect to it. Don't forget to add auto IP assign and auto DNS name assignment options to be enabled.

Pre- Requisites and Installation Part: Please see the installation part for this task.

https://www.dhirubhai.net/pulse/create-vpc-deploy-public-wordpress-server-private-database-kumar/

Virtual Private Cloud (VPC):

VPC is like an office or a private space in which we can set up our labs/subnet for launching instances inside it.

This space looks real but it is virtual. This space is our means private that is isolated from other spaces/office that’s the reason it is known as VPC- Virtual Private Computing.

Practical Part: To perform this task we follow these given instructions step by step.

Step 1: To start with terraform to create a complete Infrastructure, first we have to give AWS credentials:

provider "aws" {
  region = "ap-south-1"
  access_key = "your_access_key"
  secret_key = "your_secret_key"
  profile = "sachin"
}

Use this command to run the above file and initialize the plugins.

Step 2: Create a VPC using a terraform code.

resource "aws_vpc" "skvpc" {
  cidr_block       = "192.168.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames  = true


  tags = {
    Name = "task4_vpc"
  }
}

Output:

Subnet: A portion of a network that shares a common address component. On TCP/IP networks, subnets are defined as all devices whose IP Addresses have the same prefix. For example, all devices with IP addresses that start with 100.100.100. would be part of the same subnet. Dividing a network into subnets is useful for both security and performance reasons. IP networks are divided using a subnet mask. if you want more about subnet then visit this URL.

Public Subnet: A public subnet is a subnet that's associated with a routeing table that has a route to an internet gateway from where the outside world can connect to the Subnet.

Step 3: Creating Public Subnet using terraform code.

resource "aws_subnet" "sksubnet1-1a" {
  vpc_id     = "${aws_vpc.skvpc.id}"
  cidr_block = "192.168.0.0/24"
  availability_zone = "ap-south-1a"


  tags = {
    Name = "Subnet1-1a"
  }
}

Output:

Private Subnet: A private subnet is that where there is no association of subnet to the routing table. They don't know about the Internet Gateway, that's the reason no one can connect from the outside world to this Subnet.

Step 4: Create Private Subnet using terraform code.

resource "aws_subnet" "sksubnet2-1b" {
  vpc_id     = "${aws_vpc.skvpc.id}"
  cidr_block = "192.168.1.0/24"
  availability_zone = "ap-south-1b"


  tags = {
    Name = "Subnet2-1b"
  }
}

Output:

Internet Gateway: Internet Gateway is simply a physical place where the data stops for either transporting or reading/using. (A computer or modem is a node; a computer cable isn't.) Here are a few node notes:

• On the Internet, the node that's a stopping point can be a gateway or a host node.
• A computer that controls the traffic your Internet Service Provider (ISP) receives is a node.

Step 5: Create an Internet Gateway using terraform code.

resource "aws_internet_gateway" "sk_internet_gateway" {
  vpc_id = "${aws_vpc.skvpc.id}"


  tags = {
    Name = "Internet_Gateway"
  }
}

Output:

Routing Table: A Route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

Step 6: Create a Routing Table for WordPress server using terraform code.

resource "aws_route_table" "sk_route_table" {
  vpc_id = "${aws_vpc.skvpc.id}"


  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.sk_internet_gateway.id}"
  }


  tags = {
    Name = "sk_route_table"
  }
}

Output:

Routing Table Association: Provides a resource to create an association between a Route table and a subnet or a Route table and an internet gateway or virtual private gateway.

Step 7: Create a Routing Table Association using terraform code.

resource "aws_route_table_association" "sk_route_association" {
  subnet_id      = aws_subnet.sksubnet1-1a.id
  route_table_id = aws_route_table.sk_route_table.id
}

Output:

Security Groups: A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.

Step 8: Create a WordPress Security Group using the terraform code.

resource "aws_security_group" "webserver" {
  name        = "for_wordpress"
  description = "Allow hhtp"
  vpc_id      = "${aws_vpc.skvpc.id}"


  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }


  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }


  tags = {
    Name = "sk_sg"
  }
}

Output:

NAT Gateway: A NAT gateway in a device forwards the traffic from instances present in the private subnet to the internet/AWS services, and sends back the response from the server back to the instance. When the traffic moves to the internet, and IPV4 address gets replaced with the NAT’s device address. Once the response is obtained, it has to be sent to the instance, and in this case, the NAT device translates the address back to the IPV4 and it is given to the IPV4 address.

Step 9: Create a NAT Gateway using terraform code.

resource "aws_eip" "nat" {
  vpc=true
  
}
resource "aws_nat_gateway" "nat-gw" {
  allocation_id = "${aws_eip.nat.id}"
  subnet_id     = "${aws_subnet.sksubnet1-1a.id}"
  depends_on = [aws_internet_gateway.sk_internet_gateway]


  tags = {
    Name = "Nat_Gateway"
  }
}

Output:

Step10: Create a Route for MySQL server using terraform code.

resource "aws_route_table" "private_route" {
  vpc_id = "${aws_vpc.skvpc.id}"


  route {
    cidr_block = "0.0.0.0/0"
    nat_gateway_id = "${aws_nat_gateway.nat-gw.id}"
  }


 


  tags = {
    Name = "fordatabase"
  }
}

Output:

Step 11: Create a Route Association table for MySQL server using terraform code.

resource "aws_route_table_association" "nat" {
  subnet_id      = aws_subnet.sksubnet2-1b.id
  route_table_id = aws_route_table.private_route.id
}

Output:

Step12: Create a Security Group for MySQL server using terraform code.

resource "aws_security_group" "database" {
  name        = "for_MYSQL"
  description = "Allow MYSQL"
  vpc_id      = "${aws_vpc.skvpc.id}"


  ingress {
    description = "MYSQL"
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    security_groups = [aws_security_group.webserver.id]
   
  }


  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "MySQL_sg"
  }
}

Output:

Step 13: Create a WordPress instance using a terraform code.

resource "aws_instance" "wordpress" {
  ami           = "ami-000cbce3e1b899ebd"
  instance_type = "t2.micro"
  associate_public_ip_address = true
  subnet_id = aws_subnet.sksubnet1-1a.id
  vpc_security_group_ids = [aws_security_group.webserver.id]
  key_name = "eks"
  


  tags = {
    Name = "wordpress_server"
  }


}

Output:

Step 14: Create a MySQL instance using terraform code.

resource "aws_instance" "mysql" {
  ami           = "ami-0019ac6129392a0f2"
  instance_type = "t2.micro"
  subnet_id = aws_subnet.sksubnet2-1b.id
  vpc_security_group_ids = [aws_security_group.database.id]
  key_name = "eks"
  


 tags = {
    Name = "mysql_server"
  }


}

Output:

Here we give the instance Id of WordPress which was launched with Public Subnet. then you will get this type of result.

We can destroy the complete infrastructure in one-click.

This is my GitHub Link. if you face any difficulty in the above steps then you can visit this link and take help from this code.

thanks for reading...