Creating VPC and integrating it with Ec2

STEPS:

1) Write a Infrastructure as code using terraform, which automatically create a VPC.

2) In that VPC we have to create 2 subnets:

a) public subnet [ Accessible for Public World! ] 

  b) private subnet [ Restricted for Public World! ]

3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.

Also attach the key to instance for further login into it.

6) Launch an EC2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.

Also attach the key with the same.

Here we have created a multi-tier architecture of Wordpress and MySQL where our Wordpress is running on public subnet and MySql is running on private subnet.

we have implemented the whole scenario by using terraform code.

Commands to run the code are:-

"terraform init" - it will initialize all the plugins.

"terraform plan" - it will create an execution plan.

"terraform apply --auto-approve" - the apply command is used to execute the plan and the -auto-approve option tells terraform not to require interactive approval of the plan before applying it.

"terraform destroy --auto-approve" - the destroy command is used to destroy the infrastructure and the -auto-approve option tells terraform not to require interactive approval of the plan before destroying it.

Let's see how it works: -

First we will configure the AWS.

After configuring the AWS we will create our vpc

What is VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Now we will create a public subnet and private subnet in our own created VPC.

What is subnet?

A subnetwork or subnet is a logical subdivision of an IP network. It is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. If user wants to launch an instance , directly user cannot launch instance in Data Center they require subnet and while launching an instance they internally create a DHCP server.

what is public and private subnet?

Public Subnet: A public subnet for resources that must be connected to the internet world

Private Subnet: A private subnet for resources that won't be connected to the internet .

In the code of public subnet, I have used "map_public_ip_on_launch " this command will provide public ip to the instance at the time of launch.

Now after creating the subnets , we will create a internet gateway to provide a path for commmunication

What is internet Gateway?

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

Now we will create the route table and associating it with subnet.

what is route table and its association?

A route table contains a set of rules, called routes , that are used to determine where network traffic from your VPC is directed. You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table.Each route in a route table specifies the range of IP addresses where you want the traffic to go (the destination) and the gateway, network interface, or connection through which to send the traffic (the target).

Now to access or communicate to web server and database server we need some protocols, that will be assigned to security group within the vpc.

what is security group?

Security Groups provide a modular way to define and compose firewall rules. The rules are managed at the hypervisor level in order to restrict incoming and outgoing network traffic.Ingress gateway operate at the edge of a service mesh, receiving incoming HTTP/TCP connections while configuring ports, protocols and virtual services.Firewalls are designed to decline the request unless there are specific policy and configuration that allows ingress connections.Here according to our need we have taken HTTP and SSH .By default, AWS creates an ALLOW ALL egress rule when creating a new Security Group inside of a VPC.

Here is the Security Group for Public Subnet .

and here is the Security Group for Private Subnet.

Now we have successfully configured our VPC and we are ready to launch our instances containing Wordpress and MySQL.

here is the our Wordpress instance

and this is our Mysql instance

and we know our Wordpress site is open to public clients , so people can access it using internet.

Thank You..!