Open in app

Sign in

Write

Sign in

Launching VPC with Public and Private subnet, provisioning of NAT gateway for private subnets for WordPress and MySQL using Terraform

Vanshita Mittal
6 min readSep 1, 2020

--

Finally , I completed Task 4 of Hybrid Multi Cloud under the mentorship of Vimal Daga Sir .

TASK Description :

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create 2 subnets:

1. public subnet [ Accessible for Public World! ]

2. private subnet [ Restricted for Public World! ]

3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.

8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.

Public Cloud :

The public cloud is a cloud service hosted by third-party cloud service providers on hardware shared by multiple customers. The cloud service provider handles all responsibilities associated with managing and maintaining cloud services.

Internet Gateway :

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

Route Table :

A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

NAT Gateway :

What is NAT Gateway in AWS can provide our private instances with access to the Internet for essential software updates while blocking incoming traffic from the outside world.

STEPS :

  1. First we need to login in AWS account :

provider “aws”{
region = “ap-south-1”
profile = “profile-name”
}

then create folder :

2. We need to create VPC :

resource "aws_vpc" "VPC" {
  cidr_block       = "10.0.0.0/16"
  enable_dns_hostnames = "true"
  tags = {
    Name = "VPC"
  }
}

3. Creating Subnet :

//Public subnet for Wordpressresource "aws_subnet" "publicSubnet" {
  vpc_id     = aws_vpc.VPC.id
  cidr_block = "10.0.0.0/24"
  availability_zone = "ap-south-1a"
  map_public_ip_on_launch = "true"
  depends_on = [aws_vpc.VPC]
  tags = {
    Name = "publicSubnet"
  }
}//Private subnet for MySQLresource "aws_subnet" "privateSubnet" {
  vpc_id     = aws_vpc.VPC.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "ap-south-1b"
  depends_on = [aws_vpc.VPC]
  tags = {
    Name = "privateSubnet"
  }
}

4. Creating Security Group :

// For Wordpress
resource "aws_security_group" "wordpressSecurityGroup" {
  name        = "wordpressSecurityGroup"
  description = "allows ssh and http"
  vpc_id      = aws_vpc.VPC.idingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  
  ingress {
    from_port = -1
    to_port = -1
    protocol  = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }depends_on = [ aws_vpc.VPC ]tags = {
    Name = "wordpressSecurityGroup"
  }
}// For MySQL
resource "aws_security_group" "MySQLSecurityGroup" {
  name        = "MySQLSecurityGroup"
  description = "Allow only wordpress"
  vpc_id      = aws_vpc.VPC.idingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = [aws_subnet.publicSubnet.cidr_block]
  }ingress {
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = [aws_subnet.publicSubnet.cidr_block]
  }ingress {
    from_port = -1
    to_port = -1
    protocol  = "icmp"
    cidr_blocks = [aws_subnet.publicSubnet.cidr_block]
  }
  
   egress {
    from_port   = 0
    to_port     = 0
    protocol    = -1
    cidr_blocks = ["0.0.0.0/0"]
  }depends_on = [
    aws_vpc.VPC,
    aws_security_group.wordpressSecurityGroup,
  ]tags = {
    Name = "MySQLSecurityGroup"
  }
}

5. Creating Internat Gateway :

//Internet Gateway for VPC
resource "aws_internet_gateway" "InternetGateway" {
  vpc_id = aws_vpc.VPC.id
  depends_on = [aws_vpc.VPC]tags = {
    Name = "InternetGateway"
  }
}

6. NAT Gateway and Elastic IP :

//Elastic  IP for NATGateway
resource "aws_eip" "ElasticIP"{
  vpc = true
  tags = {
    Name = "ElasticIP"
  }
}//NAT Gateway
resource "aws_nat_gateway" "NATGateway" {
  allocation_id = aws_eip.ElasticIP.id
  subnet_id     = aws_subnet.publicSubnet.id
  tags = {
    Name = "NATGateway"
  }
}

7. Route Table :

// Route Table for NAT
resource "aws_route_table" "NATRouteTable" {
  vpc_id = aws_vpc.VPC.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_nat_gateway.NATGateway.id
  }
}//Route Table for Public Subnet
resource "aws_route_table" "PublicRouteTable" {
  vpc_id = aws_vpc.VPC.id
  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.InternetGateway.id
  }
   depends_on = [aws_vpc.VPC, aws_internet_gateway.InternetGateway]tags = {
    Name = "PublicRouteTable"
  }
}

8. Associating Route Table :

//Association with Public subnet
resource "aws_route_table_association" "PublicAssociation" {
  subnet_id      = aws_subnet.publicSubnet.id
  route_table_id = aws_route_table.PublicRouteTable.iddepends_on = [
    aws_subnet.publicSubnet ,aws_route_table.PublicRouteTable
  ]
}//Association with Private subnet
resource "aws_route_table_association" "privateAssociation" {
  subnet_id      = aws_subnet.privateSubnet.id
  route_table_id = aws_route_table.NATRouteTable.id
}

9. Creating Instances :

//Wordpress Instance
resource "aws_instance" "WordPressInstance" {
  ami           = "ami-000cbce3e1b899ebd"
  instance_type = "t2.micro"
  key_name      = "key-name"
  subnet_id     = aws_subnet.publicSubnet.id 
  vpc_security_group_ids = [aws_security_group.wordpressSecurityGroup.id]
  tags = {
    Name = "WordPressInstance"
  }
}//MySQL Instance
resource "aws_instance" "MySQLInstance" {
  ami           = "ami-08706cb5f68222d09"
  instance_type = "t2.micro"
  key_name      = "key-name"
  subnet_id     = aws_subnet.privateSubnet.id
  vpc_security_group_ids = [aws_security_group.MySQLSecurityGroup.id]
  tags = {
    Name = "MySQLInstance"
  }
}

10. Initialize terraform to install plugins :

OUTPUT :

Instance :

Security Group :

VPC :

Elastic IP :

NAT :

Internet Gateway :

Route :

Subnet :

Using Wordpress Ip :

Task is successfully completed !!!

Thanks !

Vimal Daga
Cloud Computing
Cloud
AWS

--

--

Vanshita Mittal
Vanshita Mittal

Written by Vanshita Mittal

2 Followers
1 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams