Isolated Multi-tenant architecture via Terraform ( IaaC ). v2

Isolated Multi-tenant architecture via Terraform ( IaaC ). v2


Perform task-3 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet.

The private route via how private instances go to the internet ( via IGW )

 Performing the following steps:

1. Write an Infrastructure as code using Terraform, which automatically creates a VPC.

2. In that VPC we have to create 2 subnets:

   1.  public subnet [ Accessible for Public World! ]

   2.  private subnet [ Restricted for Public World! ]

3. Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5. Create a NAT gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance which has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also, attach the key to the instance for further login into it.

8. Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. Also, attach the key with the same.


NAT Gateway:

We can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services but prevent the internet from initiating a connection with those instances.

So here our whole infrastructure will be the same except one more resource we need to add to create NAT gateway in Public Subnet and associate Private Subnet with NAT GW. Always remember that a NAT GW should always be created in Public Subnet that already has IGW, else it won't get the internet access and there will be no means to create a NAT GW.

So if you all go through my below link you will get an idea of how to create custom VPC and launch WP-MySQL servers, all codes will be the same except the below.

## creating the EIP for NAT Gateway

resource "aws_eip" "nat-eip" {
  vpc = true

  depends_on = [ aws_internet_gateway.custom_igww ]

## Creating the NAT Gateway

resource "aws_nat_gateway" "natgw" {
  allocation_id = "${}"
  subnet_id = "${}"

  depends_on = [ aws_internet_gateway.custom_igww ]

  tags = {
    Name = "my-natgw"

## To associate the route table with the private subnet for public access

resource "aws_route_table_association" "private_sn_assoc" {
  subnet_id =
  route_table_id =

Version1- Link:

Here we will create one EIP using TF code that will be attached to NAT-GW, then Create a Private Route table where we write to routes and finally associate Private Subnet with NAT-GW.

Rest all codes will be the same as the previous one.

No alt text provided for this image

As soon as codes deployed, it will automatically launch the WordPress site.

Via: public-ip/wp-admin

No alt text provided for this image
No alt text provided for this image

Now we will have a look at the VPC to check whether NAT Gateway created or not and if the private subnet is associated with it.......

No alt text provided for this image

The Private route via how private instances go to the internet ( via NGW )

No alt text provided for this image

The Public route via how public instances go to the internet ( via IGW )

No alt text provided for this image

So all done!!!!

Now in the last task, we have seen that we are not able to connect to the internet from MySQL instance as no gateway was defined. Here we will see that we can also be able to connect to the internet from MySQL instance but from the outside world, it won't happen.

So our infrastructure is so secure !!!!!!!

We have connected to WordPress Instance.

No alt text provided for this image

Transferred the .pem file to MySQL Instance and connect to it to check if internet connectivity is there or not.

No alt text provided for this image

So finally this one is also accomplished!!!!

You can get the complete code from my Git Hub repo:



Mohamed Afrid的更多文章

