Task 3- Create a vpc Infrastructure and Host a wordpress Application with Mysql
Harsh Rajotya
Technical Blogger & DevOps Engineer @ Medium & DevOpsFarm Inc | Writing, Automation, Cloud
Finally completed!!! . In this task we have to create a web portal for our company with all security as much as possible. So , we use Wordpress software with mysql database server. Mysql should not be accessible from the outside world for security purposes. we only need to public the wordpress to clients.
Task is divided in 6 steps:
1-write a Infrastructure as code using terraform, which automatically create a VPC.
2- In that VPC we have to create two subnets:-- a) Public subnet b) Private subnet
3- create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our vpc.
4- create a routing table for internet gateway so that insatnce can connect to outside world , update and associate it with public subnet.
5- Launch a EC2 instance which has wordpress setup already having the security group allowing port 80 so that our client can connect to our worddpress site.
6- Launch a EC2 instance which has Mysql setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.
* First we have to choose aws as provider.
provider "aws" region = "ap-south-1" profile = "Harsh"
* then we create our own VPC . don't forgot to enable dns hostname.
resource "aws-vpc" "coolvpc"
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_hostname = "true"
tags = {
Name = "coolvpc"
}
}
* In that VPC we have to create two subnets:-- public subnet and private subnet. And in public subnet don't forget to enable public ip .
resource "aws_subnet" "public" {
vpc_id = aws_vpc.coolvpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = "true"
tags = {
Name = "public_subnet"
}
}
resource "aws_subnet" "public" {
vpc_id = aws_vpc.coolvpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"
tags = {
Name = "private_subnet"
}
}
* then we create internet gateway for connect our vpc to internet world and attach this gateway to our vpc.
resource "aws_internet_gateway" "gw"
vpc_id = aws_vpc.coolvpc.id
tags = {
Name = "cool_gateway"
}
}
* we have to create a routing table so that our instance can connect to outside world and associate it with public subnet.
resource "aws_route_table" "coolroutingtable" {
vpc_id = aws_vpc.coolvpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
tags = {
Name = "cool_routingtable"
}
}
* we create security group for wordpress application which allowing port 80 so that our client can connect to our wordpress site. And create key which can attach to instance for login.
resource "aws_security_group" "wordpress"
name = "wordpressSG"
vpc_id = aws_vpc.coolvpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_key_pair" "task3key" {
key_name = "task-key"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHrt8EnqH9ymf2oDm9qNy"
}
* Launch an EC2 instance in public subnet which has wordpress setup and attach key to instance.
}
resource "aws_instance" "webpage"
ami = "ami-00116985822eb866a"
instance_type = "t2.micro"
key_name = aws_key_pair.task3key.key_name
vpc_security_groups_ids = [ aws_security_group.wordpressSG.id]
subnet_id = aws_subnet.public.id
tags = {
Name = "wpOS"
}
}
* create security group for Mysql which allowing port 3306. So that our wordpress instance can connect with the same .
resource "aws_security_group" "mysqlSG"
name = "mysqlSG"
vpc_id = aws_vpc.coolvpc.id
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
resource "aws_security_group" "mysqlSG"
name = "mysqlSG"
vpc_id = aws_vpc.coolvpc.id
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
* Launch an EC2 instance in private subnet which has Mysql setup and attach key with the same.
resource "aws_instance" "webserver" {
ami = "ami-08706cb5f68222d09"
instance_type = "t2.micro"
key_name = aws_key_pair.task3key.key_name
vpc_security_group_ids = [ aws_security_group.mysqlSG.id]
subnet_id = aws_subnet.private.id
tags = {
Name = "mysqlOS"
}
}
* For build this terraform code run following commands:-
1.- terraform init-- for installation of required plugins
2.- terraform apply -- which run our code
THANKS !! FOR READING