Fully secured and automated setup for WordPress , MySQL using AWS and Terraform
Welcome back guys! so , in this task we have created one wordpress site using mysql database with the help of aws and terraform code. Here we have launch two subnet labs one private and one public and attached one vpc to it. This setup is yet more powerfull , automated and fully secured too !! Before heading towards setup let me explain you few concepts related to this task.
What is Amazon VPC? Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. It provides the virtual or private space or data center inside the AWS DataCenter.
What is Subnet? Subnet is “part of the network”, or part of entire availability zone. A subnet is a range of IP addresses in your VPC.
So, here we go! below is stepwise explaination of my task so that it would be easy for you to understand and deploy your own too!
1) Write a Infrastructure as code using terraform, which automatically create a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5) Create two security group for WordPress and MySql instance.
6) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site also attach the key to instance for further login into it.
7) Launch an ec2 instance which has MySQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same and also attach the key with the same.
And here you go for more simpler graphical deployment explanation and my code also!
- Code for creating VPC:
For using AWS as a provide in terraform, we need to login first...
provider "aws" {
region = "ap-south-1"
profile = "mohak"
}
Code for creating vpc:
resource "aws_vpc" "myvpc" {
cidr_block = "10.5.0.0/16"
enable_dns_hostnames = true
tags = {
Name = "main"
}
}
2. Creating two subnet - Public and Private
resource "aws_subnet" "wp-subnet" {
vpc_id = "${aws_vpc.myvpc.id}"
availability_zone = "ap-south-1a"
cidr_block = "10.5.1.0/24"
map_public_ip_on_launch = true
tags = {
Name = "wp-subnet"
}
}
resource "aws_subnet" "sql-subnet" {
vpc_id = "${aws_vpc.myvpc.id}"
availability_zone = "ap-south-1b"
cidr_block = "10.5.2.0/24"
tags = {
Name = "sql-subnet"
}
}
3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC:
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.myvpc.id}"
tags = {
Name = "wp-gw"
}
}
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet:
resource "aws_route_table" "rtable" {
vpc_id = "${aws_vpc.myvpc.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.gw.id}"
}
tags = {
Name = "wp-rtable"
}
}
resource "aws_route_table_association" "routea" {
subnet_id = aws_subnet.wp-subnet.id
route_table_id = aws_route_table.rtable.id
}
5) Create two security group for WordPress and MySql instance:
resource "aws_security_group" "allow_http_wordpress" {
name = "allow_http_wordpress"
description = "Allow HTTP inbound traffic"
vpc_id = "${aws_vpc.myvpc.id}"
ingress {
description = "Http from VPC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
ingress {
description = "SSH from VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
ingress {
description = "HTTPS"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "sgroup"
}
}
resource "aws_security_group" "mysql-sg" {
name = "mysql-sg"
description = "MYSQL-setup"
vpc_id = "${aws_vpc.myvpc.id}"
ingress {
description = "MYSQL from VPC"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
ingress {
description = "SSH from VPC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "sgroup"
}
}
5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site also attach the key to instance for further login into it:
resource "aws_instance" "wordpress" {
ami = "ami-0979674e4a8c6ea0c"
instance_type = "t2.micro"
key_name = "task_key"
availability_zone = "ap-south-1a"
subnet_id = "${aws_subnet.wp-subnet.id}"
security_groups = [ "${aws_security_group.allow_http_wordpress.id}" ]
tags = {
Name = "Wordpress"
}
}
6. Launch an ec2 instance which has MySQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same and also attach the key with the same:
resource "aws_instance" "mysql" {
ami = "ami-76166b19"
instance_type = "t2.micro"
key_name = "task_key"
availability_zone = "ap-south-1b"
subnet_id = "${aws_subnet.sql-subnet.id}"
security_groups = [ "${aws_security_group.mysql-sg.id}" ]
tags = {
Name = "MYSQL"
}
}
Run these commands for run the code:-
- terraform init
- terraform apply
So, after all this here is our final infrastructure :
Thankyou for reading. ??