Hybrid Cloud Computing Task 4

Hybrid Cloud Computing Task 4

Hey fellas, presenting you my Hybrid Cloud Computing Task 4, which I am doing under the mentorship of Vimal Daga Sir. Have completed Task 4, or not enrolled in the Hybrid Cloud Computing course? stick to this page because I am solving a real problem statement that you might need later.

The problem statement is:

  • Write an Infrastructure as code using Terraform, which automatically creates a VPC.
  • In that VPC we have to create 2 subnets:
  1. public subnet [ Accessible for Public World! ]
  2. private subnet [ Restricted for Public World! ]
  • Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.
  • Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.
  • Create a NAT gateway for connecting our VPC/Network to the internet world and attach this gateway to our VPC in the public network
  • Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet
  • Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to the instance for further login into it.
  • Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.

Note: WordPress instance has to be part of the public subnet so that our client can connect to our site. MySql instance has to be part of a private subnet so that the outside world can't connect to it. Don't forget to add auto IP assign and auto DNS name assignment options to be enabled.

Before moving forward, let's first see what is WordPress?

WordPress (WP, WordPress.org) is a free and open-source content management system (CMS) written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes. WordPress was originally created as a blog-publishing system but has evolved to support other types of web content including more traditional mailing lists and forums, media galleries, membership sites, learning management systems (LMS), and online stores. WordPress is used by more than 60 million websites, including 33.6% of the top 10 million websites as of April 2019, WordPress is one of the most popular content management system solutions in use. WordPress has also been used for other application domains such as pervasive display systems (PDS).

Next, let's see what is Bastion Host?

A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example, a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers. A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attacks, a bastion host must minimize the chances of penetration. For example, you can use a bastion host to mitigate the risk of allowing SSH

So, excited about the problem statement solving? Let's head towards it.

Step 1: If you have used AWS CLI before, you might know that the first and foremost step of using AWS CLI is AWS configure, so type the below command:

aws configure --profile naitik2
              AWS Access Key ID [****************AHNK]:
              AWS Secret Access Key [****************n/lk]:
              Default region name [ap-south-1]:
              Default output format [None]:

Step 2: In this step, we will create a VPC. We will create Amazon VPC (which stands for Amazon Virtual Private Cloud), which lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including a selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

The Terraform code for the same is given below:

resource "aws_vpc" "naitik2_vpc" {
            cidr_block = "192.168.0.0/16"
            instance_tenancy = "default"
            enable_dns_hostnames = true
            tags = {
              Name = "naitik2_vpc"
            }
          }

Step 3: Now we will create two subnets:

  1. public subnet [ Accessible for Public World! ]
  2. private subnet [ Restricted for Public World! ]

A subnet is “part of the network”, in other words, part of the entire availability zone. Each subnet must reside entirely within one Availability Zone and cannot span zones. I am giving the Terraform code for creating two subnets, private and public below:

resource "aws_subnet" "naitik2_public_subnet" {
            vpc_id = "${aws_vpc.naitik2_vpc.id}"
            cidr_block = "192.168.0.0/24"
            availability_zone = "ap-south-1a"
            map_public_ip_on_launch = "true"
            tags = {
              Name = "naitik2_public_subnet"
            }
          }
          
          
          
          resource "aws_subnet" "naitik2_private_subnet" {
            vpc_id = "${aws_vpc.naitik2_vpc.id}"
            cidr_block = "192.168.1.0/24"
            availability_zone = "ap-south-1a"
            tags = {
              Name = "naitik2_private_subnet"
            }
          }

Step 4: In step 4, we will create a public-facing gateway. An internet gateway is a VPC component that is horizontally scalable, redundant, and highly accessible allowing connectivity between your VPC and the internet.

The Terraform code is:

resource "aws_internet_gateway" "naitik2_gw" {
            vpc_id = "${aws_vpc.naitik2_vpc.id}"
            tags = {
              Name = "naitik2_gw"
            }
          }

Step 5: Then, we create a routing table and connect the Public Subnet with it. A routing table (RIB) is an electronic file or database-type item that is stored on a router or networked device which contains the routes (which, in some cases, the metrics associated with such routes) to various destinations on the network. The topology of the network close to it is included in these results.

The Terraform code can be found below:

resource "aws_route_table" "naitik2_rt" {
            vpc_id = "${aws_vpc.naitik2_vpc.id}"

            route {
              cidr_block = "0.0.0.0/0"
              gateway_id = "${aws_internet_gateway.naitik2_gw.id}"
            }

            tags = {
              Name = "naitik2_rt"
            }
          }


          resource "aws_route_table_association" "naitik2_rta" {
            subnet_id = "${aws_subnet.naitik2_public_subnet.id}"
            route_table_id = "${aws_route_table.naitik2_rt.id}"
          }

Step 6: Now we are building our protection community that will be used as WordPress is released. This security group has External Communication rights. To control incoming and outgoing traffic, a security group acts as a virtual firewall for your EC2 instances. Inbound rules control your example's incoming traffic, and outbound rules control your example's outgoing traffic. The network interfaces are aligned with the security classes.

Again the Terraform code can be found below:

resource "aws_security_group" "naitik2_sg" {

            name        = "naitik2_sg"
            vpc_id      = "${aws_vpc.naitik2_vpc.id}"


            ingress {
            
              description = "allow_http"
              from_port   = 80
              to_port     = 80
              protocol    = "tcp"
              cidr_blocks = [ "0.0.0.0/0"]

            }


               ingress {
             
               description = "allow_ssh"
               from_port   = 22
               to_port     = 22
               protocol    = "tcp"
               cidr_blocks = ["0.0.0.0/0"]
             }
             
             ingress {
             
               description = "allow_icmp"
               from_port   = 0
               to_port     = 0
               protocol    = "tcp"
               cidr_blocks = ["0.0.0.0/0"]
             }
             
             ingress {
             
               description = "allow_mysql"
               from_port   = 3306
               to_port     = 3306
               protocol    = "tcp"
               cidr_blocks = ["0.0.0.0/0"]
             }

             egress {
               from_port   = 0
               to_port     = 0
               protocol    = "-1"
               cidr_blocks = ["0.0.0.0/0"]
             }
             
             
              tags = {

              Name = "naitik2_sg"
            }
          }

Bastion Host for this security group -

resource "aws_security_group" "bastion_ssh_only" {
          depends_on=[aws_subnet.naitik2_public_subnet]
          name        = "bastion_ssh_only"
          description = "It allows bastion ssh inbound traffic"
          vpc_id      =  aws_vpc.naitik2_vpc.id



        ingress {
            description = "allow bastion with ssh only"
            from_port   = 22
            to_port     = 22
            protocol    = "tcp"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks =  ["::/0"]
          }


        egress {
            from_port   = 0
            to_port     = 0
            protocol    = "-1"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks =  ["::/0"]
          }


          tags = {
            Name = "bastion_ssh_only"
          }
        }

Step 7: In this step, we will be creating another security group for launching MySQL. This security group will keep MySQL accessible only through WordPress and not through outside world.

The Terraform code for the same is:

resource "aws_security_group" "naitik2_sg_private" {

            name        = "naitik2_sg_private"
            vpc_id      = "${aws_vpc.naitik2_vpc.id}"
          
            ingress {
            
             description = "allow_mysql"
             from_port   = 3306
             to_port     = 3306
             protocol    = "tcp"
             security_groups = [aws_security_group.naitik2_sg.id]
             
           }


           ingress {
           
             description = "allow_icmp"
             from_port   = -1
             to_port     = -1
             protocol    = "icmp"
             security_groups = [aws_security_group.naitik2_sg.id]
             
           }

           egress {
           
            from_port   = 0
            to_port     = 0
            protocol    = "-1"
            cidr_blocks = ["0.0.0.0/0"]
            ipv6_cidr_blocks =  ["::/0"]
          }
          
          
          tags = {

              Name = "naitik2_sg_private"
            }
          }

Bastion Host for this security group -

resource "aws_security_group" "bastion_host_sql_only" {
            depends_on=[aws_subnet.naitik2_public_subnet]
            name        = "bastion_with_ssh_only"
            description = "It allows bastion host with ssh only"
            vpc_id      =  aws_vpc.naitik2_vpc.id



          ingress {
              description = "bastion host ssh only "
              from_port   = 22
              to_port     = 22
              protocol    = "tcp"
              security_groups=[aws_security_group.bastion_ssh_only.id]

          }


          egress {
              from_port   = 0
              to_port     = 0
              protocol    = "-1"
              cidr_blocks = ["0.0.0.0/0"]
            }


            tags = {
              Name = "bastion_with_ssh_only"
            }
          }

Step 8: Next, we will be creating a NAT gateway to connect our VPC/Network to the internet world. NAT Gateway is a highly available AWS managed service that makes it easy to connect to the Internet from instances within a private subnet in an Amazon Virtual Private Cloud (Amazon VPC). But first, you need to launch a NAT instance in order to enable NAT for instances in a private subnet.

resource "aws_eip" "naitik2-ip" {
        vpc              = true
        public_ipv4_pool = "amazon"
      }
      output "new_output" {
          value=  aws_eip.naitik2-ip
      }


      resource "aws_nat_gateway" "naitik2_nat_gw" {
        depends_on    = [aws_eip.naitik2-ip]
        allocation_id = aws_eip.naitik2-ip.id
        subnet_id     = aws_subnet.naitik2_public_subnet.id


        tags = {
          Name = "naitik2_nat_gw"
        }
      }


      resource "aws_route_table" "vp_private_subnet_for_rt" {
        depends_on = [aws_nat_gateway.naitik2_nat_gw]
        vpc_id = aws_vpc.naitik2_vpc.id
        route {
          cidr_block = "0.0.0.0/0"

          gateway_id = aws_nat_gateway.naitik2_nat_gw.id
        }
        tags = {
          Name = "vp_private_subnet_for_rt"
        }
      }

      resource "aws_route_table_association" "vp_private_subnet_for_rt_association" {
        depends_on = [aws_route_table.vp_private_subnet_for_rt]
        subnet_id      = aws_subnet.naitik2_private_subnet.id
        route_table_id = aws_route_table.vp_private_subnet_for_rt.id
      }

Step 9: Now, we are ready to go. We launch our WordPress and MySQL instances using all the resources that we have created above.

WordPress:

resource "aws_instance" "wordpress" {
        
        ami           = "ami-ff82f990"
        instance_type = "t2.micro"
        key_name      =  "naitik2_key"
        subnet_id     = "${aws_subnet.naitik2_public_subnet.id}"
        security_groups = ["${aws_security_group.naitik2_sg.id}"]
        associate_public_ip_address = true
        availability_zone = "ap-south-1a"


        tags = {
          Name = "naitik2_wordpress"
          }
        } 

MySQL:

resource "aws_instance" "sql" {
                    ami             =  "ami-08706cb5f68222d09"
                    instance_type   =  "t2.micro"
                    key_name        =  "naitik2_key"
                    subnet_id     = "${aws_subnet.naitik2_private_subnet.id}"
                    availability_zone = "ap-south-1a"
                    security_groups = ["${aws_security_group.naitik2_sg_private.id}"]
                    depends_on      = [aws_security_group.bastion_host_sql_only,aws_security_group.bastion_ssh_only]
                    
                    tags = {
                     Name = "naitik2_sql"
                     }
                   }

Bastion Host

resource "aws_instance" "bastion_host" {
                        depends_on=[aws_security_group.bastion_ssh_only]
                        ami             =  "ami-08706cb5f68222d09"
                        instance_type   =  "t2.micro"
                        key_name        =  "task4"
                        subnet_id= aws_subnet.naitik2_public_subnet.id 
                        vpc_security_group_ids=[aws_security_group.bastion_ssh_only.id]
                        tags = {
                          Name = "bastion_host"
                        }
                      }

Step 10: Now, we run our terraform code. For doing so, we first run the command terraform init. This will download the necessary plugins.

Then, we run the command terraform apply --auto-approve. This will run the code and create the mentioned resources on the configured AWS Cloud.

Soon, we see that all our resources are added!

Now, we go to our AWS dashboard & see our WordPress & MYSQL running in the EC2 section.

No alt text provided for this image

And congratulations, you have successfully solved the problem statement, give yourself a pat on your back, and see you next time.

Goodbye!!!

要查看或添加评论,请登录

Naitik Shah的更多文章

  • JavaScript - Journey from Zero to Hero with Vimal Daga Sir

    JavaScript - Journey from Zero to Hero with Vimal Daga Sir

    I have seen a lot of "Free" courses on YouTube, which assure you to take your basic level in JavaScript to next level…

  • Hybrid Computing Task 1

    Hybrid Computing Task 1

    Why Cloud? Many companies have a hard time maintaining their data centers. It's also inconvenient for new startups to…

    2 条评论
  • Chest X-Ray Medical Diagnosis with Deep Learning

    Chest X-Ray Medical Diagnosis with Deep Learning

    Project Name: Chest X-Ray Medical Diagnosis with Deep Learning Team Members: Naitik Shah Ashutosh Kumar Sah This…

    2 条评论
  • Top 5 Billion Dollar Companies Using AWS Cloud

    Top 5 Billion Dollar Companies Using AWS Cloud

    Hello Readers, AWS has captured a whopping 51% of the total cloud computing service providers, and their competitors…

    2 条评论
  • Multi-Cloud Project

    Multi-Cloud Project

    A quick summary of the project: The purpose is to deploy a WordPress framework using Terraform on Kubernetes. For this,…

    2 条评论
  • Data Problem of Big Tech Companies

    Data Problem of Big Tech Companies

    Every hour, 30,000 hours of videos are uploaded to YouTube, crazy isn't it? and that data is of March 2019, so, I am…

    2 条评论
  • Hybrid Cloud Computing Task 3

    Hybrid Cloud Computing Task 3

    Hey fellas, I bring you the Hybrid Cloud Computing task 3. What is this task all about? The motive is for our company…

  • Automating AWS Service(EC2, EFS, S3, Cloud Front) using Terraform

    Automating AWS Service(EC2, EFS, S3, Cloud Front) using Terraform

    So let me take you through the steps: First of all, create an IAM user by going to AWS GUI, and don't forget to…

  • Deploying Prometheus and Grafana on top of Kubernetes

    Deploying Prometheus and Grafana on top of Kubernetes

    Hello readers, this is my DevOps Task 5, and the problem statement is: Integrate Prometheus and Grafana and perform in…

  • Integrating Groovy with Kubernetes and Jenkins (DevOps Task 6)

    Integrating Groovy with Kubernetes and Jenkins (DevOps Task 6)

    Hola! so you guys might remember my DevOps Task 3 , if you haven't read it, then do give it a read, because this Task…

社区洞察

其他会员也浏览了