Performingtask-4 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet
Divya Raj Lavti
Experienced IT Project Manager | Expert in Agile & Scrum, Risk Management, IT Infrastructure | Cloud Migration Specialist
Perform task-3 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet.
NAT Gateway :
You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.
You are charged for creating and using a NAT gateway in your account. NAT gateway hourly usage and data processing rates apply. Amazon EC2 charges for data transfer also apply.
NAT gateways are not supported for IPv6 traffic—use an outbound-only (egress-only) internet gateway instead.
here is the link of task 3 : -
In this link I briefly described this task and in this task i just updating my previous task code and additing security group for Bastion Host and adding additonal feature of NAT Gateways
Problem Statement :
1. Write an Infrastructure as code using terraform, which automatically create a VPC.
2. In that VPC we have to create 2 subnets:
1. public subnet [ Accessible for Public World! ]
2. private subnet [ Restricted for Public World! ]
3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network
6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet
7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.
8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.
Solution :
- Creation of security group for Bastion Host and for MySQL instance Management.
# Creating Security Group for Bastion Host resource "aws_security_group" "allow_traffic_3" { name = "allowed_traffic_3" vpc_id = ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = [""] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = [""] } } # Creating Security Group for MySQL instance Management resource "aws_security_group" "allow_traffic_4" { name = "allowed_traffic_4" vpc_id = ingress { from_port = 22 to_port = 22 protocol = "tcp" security_groups = [] } ingress { from_port = 7 to_port = 7 protocol = "tcp" security_groups = [] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = [""] } }
- Launching Instances for Wordpress ,Bastion Host and MySql
# Instance for wordpress resource "aws_instance" "ins1"{ depends_on = [ aws_key_pair.t4_key, aws_security_group.allow_traffic_1, aws_subnet.subnet1-1a, ] ami = "ami-000cbce3e1b899ebd" instance_type = "t2.micro" subnet_id = key_name = aws_key_pair.t4_key.key_name vpc_security_group_ids = [] tags = { Name = "WordpressOS" } } # Instance for mysql resource "aws_instance" "ins2"{ depends_on = [ aws_key_pair.t4_key, aws_security_group.allow_traffic_2, aws_subnet.subnet2-1b, ] ami = "ami-0019ac6129392a0f2" instance_type = "t2.micro" subnet_id = key_name = aws_key_pair.t4_key.key_name vpc_security_group_ids = [, ] tags = { Name = "MySQL_OS" } } # Bastion host instance resource "aws_instance" "ins3"{ depends_on = [ aws_key_pair.t4_key, aws_security_group.allow_traffic_3, aws_subnet.subnet1-1a, ] ami = "ami-005956c5f0f757d37" instance_type = "t2.micro" subnet_id = key_name = aws_key_pair.t4_key.key_name vpc_security_group_ids = [] tags = { Name = "Bastion host" } }
- Creating NAT Gateway and Route table fot NAT Gateway
# Creating NAT Gateway resource "aws_nat_gateway" "gw" { depends_on = [ ] allocation_id = subnet_id = } # Route table for NAT Gateway resource "aws_route_table" "route2" { depends_on = [ aws_vpc.t4VPC,, ] vpc_id = route { cidr_block = "" nat_gateway_id = } tags = { Name = "MyRouteTable" } }
- Associating route table created above to subnet2-1b
# Associating route table created above to subnet2-1b resource "aws_route_table_association" "b" { depends_on = [ aws_subnet.subnet2-1b, aws_route_table.route, ] subnet_id = route_table_id = }
So, Code is ready to deploy this setup over the AWS cloud platform.
Note : After infrastructure is ready, copy the key to bastion host so that it can login to mysql instance for management purposes. Also change key permissions to "r--------". For this, use command "sudo chmod 400 key_full_path".
to make this code work :
- Go to command prompt and change directory to the directory containing the code file.
- Now, first validate syntax of your code by command "terraform validate" .
- After validating syntax, initialize the code using command "terraform init", it will download all the necessary plugins required by this code to perform task.
- Once these plugins are downloaded, you can apply the code and your complete infrastructure will be deployed by using command "terraform apply".
Note : If you want to take down the whole infrastructure in one click you can do that by command "terraform destroy", the only condition would be that the infrastructure must have been created using terraform code only.
Once this infrastructure is deployed, you can use public IP or DNS name of wordpress instance to search in browser for using it's services.
finally our wordpress service is ready to use
guys thanks for reading, open for all your suggestions
github link :