Task3,Infrastructure as code using terraform to create a secure vpc for our applications...

Automation in creating a vpc with public and private subnets ,Internet Gateway,providing routes to outside worlds...etc.

Let's start one by one .

Problem statement..

We have to create a web portal for our company with all the security as much as possible.For that we use Wordpress software with dedicated database server.

Database should not be accessible from the outside world for security purposes.We only need to make the WordPress public to clients.

Task Description -in detail..

• Write a Infrastructure as code using terraform, which automatically create a VPC.
• In that VPC we have to create 2 subnets:

a) public subnet [ Accessible for Public World! ] 

   b)private subnet [ Restricted for Public World! ]

• Create a public facing internet gateway for connecting our VPC/Network to the internet world and attach this gateway to our VPC.
• Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
• Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.Also attach the key to instance for further login into it.
• Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.Also attach the key with the same.

Note: Wordpress instance has to be part of public subnet so that our client can connect our site. 

Mysql instance has to be part of private subnet so that outside world can't connect to it.

Let's Learn something ..before implementing.

What is Amazon VPC?

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

The following are the key concepts for VPCs:

• Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
• Subnet — A range of IP addresses in your VPC.
• Route table — A set of rules, called routes, that are used to determine where network traffic is directed.
• Internet gateway — A gateway that you attach to your VPC to enable communication between resources in your VPC and the internet.

Now,let's complete the task to create an infrastructure as follows:

Let's start building one by one..

Firstly,we login to aws using profile provided .

Creating a key-pair and save locally ....for instances.

Create VPC..

Here , I'm Creating the VPC and enabling the DNS hostnames in this vpc.

Creating subnets..

1) Public Subnet :

As we are creating the public subnet , we should enable the public Ip mapping for every instance launched in this subnet so that it can connect to the outside world.

2) Private Subnet

In this subnet , no one from the outside world can connect to it's instances but it have internal connectivity within the vpc.

Creating Internet-Gateway..

We use this Internet gateway for our Public subnet to provide outside world connectivity to it.

Creating routing-table..for above I/N Gateway..

In this routing table , we create a route to go anywhere in the world..

Now , we associate the above routing table to our public net..

Creating security groups for Wordpress and Mysql Instances..

1) Security Group for Wordpress ,this should allow HTTP and SSH ports for outside world.

2) Security Group for Mysql : This mysql instance is only used by Wordpress and no other one should have connectivity with it , so it should only allow the instance with above wordpress security group coming on port 3306 , to use the database.

Upto now, we have created a secure world for our instances ,now let's deploy the Mysql and Wordpress instances and connect them to work together.

Create Mysql instance..

Create Wordpress instance..

Interesting Challenge...

Now , the challenge comes , that is whenever we try to Launch wordpress using pre-created AMI , it also have MySql set up in it .

Hence ,if we try to open the wordpress portal, no configuration details regarding the Database would be asked.And the word press bydefault use it's "localhost" as the database server.

Here , are the configuration settings of my word-press that are by default..

But, we have to update these information with respect to our Mysql database instance to connect both of them.

For updating this ,either we manually goto the wp-config.php file and update or we can automate this using the terraform itself..

Here is my solution..using remote-exec provision of terraform and stream editor command of linux ,i.e sed command...

Now , everything is done .let's get the Public of Wordpress and access our site...

That's it ..everything has been done..Let's run the code to build the infrastructure.

Terraform init:To install required plugins and backends.

terraform apply :To build complete infrastructure..

Run : terraform apply -auto-approve

After ,successful application , you will be redirected to site automatically.

Results..

Now ,let's login to the wordpress instance and check the database configurations..

Yes, we achieved everything , let's checkout the wordpress site..

Final Wordpress site..

Finally here it is..

Now,Let's Destroy everything..

terraform destroy

That's all for the task ,hope you like it.

Thanks for reading ...Feel free to connect me on Linked for any queries..

Github repo: