Fully Secured and Automated setup of WordPress with MySQL using AWS and Terraform

In this article, we will deploy a Web-App (like WordPress) with the database. And the web-app will be in the public subnet whereas the database server will be in the private subnet Where it should not be accessible from the outside world for security purposes.

So Lets' begin with understanding the meaning of a few terms:-

What is Terraform?

Terraform is an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision a data centre infrastructure using a high-level configuration language known as Hashicorp Configuration Language, or optionally JSON.

What is VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data centre, with the benefits of using the scalable infrastructure of AWS. The isolation between one VPC user and all other users of the same cloud (other VPC users as well as other public cloud users) is achieved normally through the allocation of a private IP subnet and a virtual communication construct (such as a VLAN or a set of encrypted communication channels) per user. In a VPC, the previously described mechanism, providing isolation within the cloud, is accompanied with a VPN function (again, allocated per VPC user) that secures, by means of authentication and encryption, the remote access of the organization to its VPC resources.

How Amazon VPC works

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. It is logically isolated from other virtual networks in the AWS Cloud. ... You can specify an IP address range for the VPC, add subnets, associate security groups, and configure route tables. A subnet is a range of IP addresses in your VPC.

Objective:-

Task-3 of Hybrid Multi-Cloud.

Statement: We have to create a web portal for our company with all the security as much as possible.

So, we use the WordPress software with a dedicated database server.

The database should not be accessible from the outside world for security purposes.

We only need the public WordPress to clients.

So here are the steps for proper understanding!

Steps:

1) Write an Infrastructure as code using Terraform, which automatically create a VPC.

2) In that VPC we have to create 2 subnets:

  a) public subnet [ Accessible for Public World! ] 

  b) private subnet [ Restricted for Public World! ]

3) Create a public-facing internet gateway for connecting our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5) Launch an ec2 instance which has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.

Also, attach the key to the instance for further login into it.

6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same.

Also, attach the key with the same.

Note:

WordPress instance has to be part of public subnet so that our client can connect our site. 

MySQL instance has to be part of private subnet so that the outside world can't connect to it.

Don't forget to add auto IP assign and auto DNS name assignment option to be enabled. Try each step first manually and write Terraform code for the same. This will give u proper understanding of the workflow of the task. And the task is complete. 

Let's start with Practical.

Configure AWS CLI

After that make a terraform file. I am creating task3.tf

VPC

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. 

SUBNET

We will create two Subnets one private( for MySQL database) and one public subnet (for WordPress)

Hence, Public Subnet (for WordPress) is created.

Hence, Private subnet (for Database) is created.

Internet Gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

An internet gateway supports IPv4 and IPv6 traffic. It does not cause availability risks or bandwidth constraints on your network traffic.

Route Table

A route table contains a set of rules, called routes, that are used to determine where network traffic from our subnet or gateway is directed. This route table is for inbound traffic to VPC through an internet gateway.

Security Group

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When we launch an instance in a VPC, we can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in our VPC can be assigned to a different set of security groups. We will create two security groups, one for WordPress EC2 instance and the other for Database EC2 instance.

The above is for WordPress security group.

The above is for MySQL security group.

EC2 instance for WordPress

EC2 instance for MYSQL

Now, we have the whole code so let's run it using terraform command. but first, initialize it

Now we will use command terraform validate

Now to run the whole infrastructure run command terraform apply or terraform apply -auto-approve

Now, let's see the final Output

Enter your WordPress instance ID.

Now set the WordPress password and submit as shown below:-

Enter the details and login

This is Fully automated infrastructure which we created.

Now to delete the whole infrastructure with a single command run terraform destroy or terraform destroy -auto-approve

Thank you for reading and giving your time.

You can find my code on Github- https://github.com/Mansi-cloud/Fully-secured-and-automated-setup-.git