Creating our Own VPC/Network,Creating two subnet for word press and SQL and integrating it by using Terraform
Task:
1) Write a Infrastructure as code using terraform, which automatically create a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.
Also attach the key to instance for further login into it.
6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.
Also attach the key with the same.
Pre-Requisites:
- should have aws account for this according to the way I did the task
- terraform should be installed in your system
Process:
1: Create a new folder Task2Cloud for this task.create a profile of aws using
aws configure --profile profilename
then inside the terraform file create aws provisioner:
provider "aws" {
profile ="Asish"
region ="ap-south-1"
}
Now Create a VPC:
in AWS:
2: Now we are going to create two subnets,one running in ap-south-1a another in ap-south-1b
Notice that here I have not given build IP on launch option to subnet 2 as we do not want to assign it to any public IP,We want to make it isolated so that it cannot be hacked and accessed easily and our data remains secure.
3: Now,we need to create a internet gateway,so that the subnet Inside our VPC,so that the subnet knows the location of router and we can easily connect to other subnet and even to internet by using the router of VPC
In AWS:
We only modify auto-assign IP for subnet 1 not subnet 2 as we want to isolate subnet 2
IN Terraform:
resource "aws_internet_gateway" "task2_gw" {
vpc_id = "${aws_vpc.task2_vpc.id}"
tags = {
Name = "task2_gw"
}
}
4: Create a Routing Table and then create route 0.0.0.0/0 which allows our subnet to access the internet,then attach it only to subnet1 not subnet 2:
In aws select create routing table service after routing table is created do as mentioned above:
Now edit route table association but only for wordpress site or subnet-1a here in my case
In Terraform:
resource "aws_route_table" "task2_routetable" {
vpc_id = "${aws_vpc.task2_vpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.task2_gw.id}"
}
tags = {
Name = "task2_routetable"
}
}
resource "aws_route_table_association" "task2_route_1a"{
subnet_id= aws_subnet.task2_subnet_1a.id
route_table_id = "${aws_route_table.task2_routetable.id}"
}
5: Now,we create a private key for the instances we will launch,these key will be auto-generated and will be saved automatically in our system when we use file resource of terraform
resource "tls_private_key" "mytask2key"{
algorithm= "RSA"
}
resource "aws_key_pair" "generated_key"{
key_name= "mytask2key"
public_key= "${tls_private_key.mytask2key.public_key_openssh}"
depends_on = [
tls_private_key.mytask2key
]
}
resource "local_file" "store_key_value"{
content= "${tls_private_key.mytask2key.private_key_pem}"
filename= "mytask2key.pem"
depends_on = [
tls_private_key.mytask2key
]
}
Then,we have to create a security group for our instance which allows ssh login through port 22 and http through port 80 and tcp protocol
resource "aws_security_group" "task2_securitygrp" {
name = "task2_securitygrp"
description = "Allow TLS inbound traffic and SSH for remote login"
vpc_id = "${aws_vpc.task2_vpc.id}"
ingress{
description= "TCP from VPC"
from_port = 3306
to_port = 3306
protocol= "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress{
description = "SSH"
from_port =22
to_port=22
protocol ="tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress{
description = "HTTP"
from_port=80
to_port=80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "task2_securitygrp"
}
}
6: Now,we have to use two images one for wordpress and another for SQL to create instances using AWS/Terraform.You can use any image for wordpress and SQL,any image you want:
Terraform code for creating Instance:
resource "aws_instance" "task2_wordpressOS"{
ami= "ami-00116985822eb866a"
instance_type= "t2.micro"
key_name= "mytask2key"
vpc_security_group_ids= ["${aws_security_group.task2_securitygrp.id}"]
subnet_id="${aws_subnet.task2_subnet_1a.id}"
tags= {
name= "task2_wordpressos"
}
}
resource "aws_instance" "task2_MYSQLOS"{
ami= "ami-08706cb5f68222d09"
instance_type= "t2.micro"
key_name= "mytask2key"
vpc_security_group_ids= ["${aws_security_group.task2_securitygrp.id}"]
subnet_id="${aws_subnet.task2_subnet_1b.id}"
tags= {
name= "task2_MYSQLOS"
}
}
output "myos_ip" {
value = aws_instance.task2_wordpressOS.public_ip
}
Note that even though we provide key to the SQLOS,there is no way that anyone can connect as we didnt assign any public IP to it for access,but it can be used to store data as the two subnets are internally connected by default inside a VPC.
7: Now save the terraform file,and then initialise the terraform by using terraform init command terraform will automatically download the required plugin:
Then follow the following images and then you will that all the things we need will be automatically created by terraform:
You can see that vpc,subnets,internet gateway,routing table,required instances created by terraform very easily just by using Few command.If you follow the steps I have mentioned you too can do this task.
Use the public IP of instance of subnet 1 link to open the wordpress site:
Github Link: https://github.com/Pheonix-reaper/task3_hybridcloud
AVi
4 年Nyc bro