Create a VPC And Deploy Public WordPress Site With Private MYSQL Database Using Terraform

Virtual Private Cloud

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including a selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

Subnet

If a subnet’s traffic is routed to an internet gateway, the subnet is known as a public subnet. In this diagram, subnet 1 is a public subnet. If you want your instance in a public subnet to communicate with the internet over IPv4, it must have a public IPv4 address or an Elastic IP address (IPv4). For more information about public IPv4 addresses, see Public IPv4 addresses. If you want your instance in the public subnet to communicate with the internet over IPv6, it must have an IPv6 address.

Internet Gateway

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.

Problem Statement

We have to create a web portal for our company with all the security as much as possible.

provider "aws" {
region = "ap-south-1"
profile = "iamuser"
}
terraform init
terraform apply

Follow the below procedure in order to create an entire environment

Step1

Create VPC using terraform.

resource "aws_vpc" "myvpc" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = true
tags = {
Name = "myvpc"
}
}

Step2

Creating Public Subnet using terraform:

resource "aws_subnet" "public" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "192.168.0.0/24"
availability_zone = "ap-south-1a"
tags = {
Name = "publicsubnet"
}
}

Step3

Create Private Subnet using terraform.

resource "aws_subnet" "private" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"
tags = {
Name = "privatesubnet"
}
}

Step4

Create an Internet Gateway using terraform.

resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "myigw"
}
}

Routing Table

A Route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

Step5

Create a Routing Table using terraform code.

resource "aws_route_table" "forig" {
vpc_id = aws_vpc.myvpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
tags = {
Name = "igroutetable"
}
}

Routing Table Association

Provides a resource to create an association between a Route table and a subnet or a Route table and an internet gateway or virtual private gateway.

Step6

Create a Routing Table Association using terraform code.

resource "aws_route_table_association" "asstopublic" {
subnet_id = aws_subnet.public.id
route_table_id = aws_route_table.forig.id
}

Step7

Create a WordPress Security Group using terraform.

resource "aws_security_group" "webserver" {
name = "wordpress"
description = "Allow http and ssh"
vpc_id = aws_vpc.myvpc.id
ingress {
description = "http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "web_sg"
}
}

Step8

Create a Database Security Groups using terraform.

resource "aws_security_group" "database" {
name = "for_sql"
description = "Allow sql and ssh"
vpc_id = aws_vpc.myvpc.id
ingress {
description = "mysql"
from_port = 3306
to_port = 3306
security_groups = [aws_security_group.webserver.id]
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "db_sg"
}
}

Step9

Create a WordPress Instance with Public Subnet using terraform.

resource "aws_instance" "wordpress" {
ami = "ami-000cbce3e1b899ebd"
instance_type = "t2.micro"
subnet_id = aws_subnet.public.id
vpc_security_group_ids = [aws_security_group.webserver.id]
associate_public_ip_address = true
key_name = "mykey"
tags = {
Name = "wordpress"
}
}

Step 10

Create a Database Instance with Private Subnet using terraform.

resource "aws_instance" "mysql" {
ami = "ami-0019ac6129392a0f2"
instance_type = "t2.micro"
subnet_id = aws_subnet.private.id
vpc_security_group_ids = [aws_security_group.database.id]
key_name = "mykey"
tags = {
Name = "mysql"
}
}