Providing public access to Private instance using Nat Gateway...(AWS)

Perform task-3 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet.

Steps to be performed..to complete the task.

• Write an Infrastructure as code using terraform, which automatically create a VPC.
• In that VPC we have to create 2 subnets:

   1.  public subnet [ Accessible for Public World! ]

   2.  private subnet [ Restricted for Public World! ]

• Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
• Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
• Create a NAT gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network.
• Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet.
• Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site. Also attach the key to instance for further login into it.
• . Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.
• In addition to this, Launch a bastion host to Login to Mysql instance in private n/w and to check whether Mysql is able to connect to public world or not.

Note: Wordpress instance has to be part of public subnet so that our client can connect our site. mysql instance has to be part of private subnet so that outside world can't connect to it.

Go through my Task-3 article for learning the same concepts in detail...now let's move on to the task..

Firstly, let's login to aws using profile in terraform code and then create a create key-pair and save it locally , so that we can give it for our instances and login to them.,

Login t0 aws provider using profile..

Create a key-pair and save locally..

Now let's move on to actual things and make it step by step..

1.Create a VPC..using terraform.

Create two subnets-Public(1a) and Private(1b) subnets ...

Create Public facing -Gateway,and attach it to our VPC..

Create route table with public route and associate it with Public Subnet..

Create an Elastic ip to attach it to Nat Gateway further..

Create Nat Gateway and associate the above EIP ..

By using this Elastic ip adress which is associated to our NAT gateway will make us able to go to public world using Nat Gateway..(The instance in the private world can go to outside world..).

Create the routing table for Nat Gateway so that private instances can connect to outside world..

Associate the above the route table to private subnet..

Security Group For WordPress..application.

Security Group for Mysql Database Instance ..

This Mysql instance allow Wordpress instance to come on port 3306 to access database and whereas it should allow the bastion OS to do connect Via SSH.

Security Group for Bastion Host..

As per the Architecture we are constructing no public system can connect or access the database ..so we create a special instance within the same vpc that helps us to connect to Mysql instance and hence from Mysql instance ,using the Nat Gateway we can go to public world and make things....Here the special Instance we launch is known as Bastion Host.

Bastion Host :  A bastion is a special purpose server instance that is designed to be the primary access point from the Internet and acts as a proxy to your other EC2 instances.

Launch Mysql Database Instance..

Launch Wordpress Application using precreated ami..

Launch Bastion Host Instance..

As the instances has been created let's check the connectivity of private instance(Mysql) would be able to connect to outside world using Nat Gateway or not.

At first using the key created and attached to bastion host, login to the bastion host.

Now, from bastion host inorder to connect to Mysql , we need the key locally ...for this I uploaded the key to github and downloaded using Wget command into the bastion host and logged into the Mysql instance successfully.

Now,for checking the outside connectivity of Mysql , I tried to go to internet and download the httpd software and it's been installed sucessfully proving my connectivity.

Thus, one thing verified successfully , let's move on to next part.

Now,let's update the database information into the Wordpress config file..

Using the stream editor command (sed) ,I replaced the database information accordingly , as follows.

Now, to access the wordpress site automatically after setting up the things , use the below code.

Finally, we did everything required to set up the complete infrastructure and now to get all the outputs as mentioned step by step above we should run our terraform code using the following commands...Let's make it.

Terraform init...to initialize all the backends required..

Terraform apply --auto-approve, to set up complete infrastructure.

Thus it creates everything for us and show us the site as follows...We first asked to complete the installation as follows to access wordpress site.

Thus , it gives my final Output..Let's destroy the complete infrastructure with a single click..

Terraform destroy --auto-approve , run to destroy everything.

Finally,thus how i completed my task-4 , explaining upto the best.Hope everyone like it .Your suggestions and feedback means a lot.

Thanks for reading..signing off..

Find the code in github repo: