Launch Instances in Public & Private Subnets Using Terraform
Amazon Web Services (AWS) provides the Networking tools and resources that enable you to securely connect to the cloud and then isolate, control, and distribute your applications across EC2 compute resources and all other relevant services in AWS.
What is the VPC in AWS?
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
What is the IGW in AWS?
An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
If a gateway associates with routing table then it is known as gateway routing table.
Route Tables
A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
Overview
- I’ve created a customize VPC in which I’ve created two subnets in the region ap-south-1a and ap-south-1b.
- I’ve created one public subnet(1a) and one private subnet (1b) so that I can launch my wordpress site in public subnet and mysql in private subnet for security.
- For doing ssh from the public IP Adddress to Private IP we’ve to do Destination Network Address Translation (DNAT) for that I’ve created a Internete Gateway and attached it to the VPC.
- We also have to set a rule in the routing table that are used to determine where network traffic from your subnet or gateway is directed.
- Also I’ve created a security group and mentioned inbound rules.
Let’s see how to do it!
Initialize Provider (AWS)
- First you have to mention provider which could be AWS, Azure , gcp etc and then you have to initialize using terraform init as mention below.
terraform init
VPC Creation
2. Now comes creation of VPC in which you have to mention IP range. I’ve also enabled DNS hostname so that while launching an instance it automatically provide one DNS name to our site and the name of my VPC is “myvpc1”. After this you can write a command
terraform apply -auto-approve
Subnet Creation
3. Created two subnets one public and other private. Also we have to mention the IP address range. Here I’ve mention 192.168.1.0/24 which means it 32–24 = 8. ²⁸ = 256 IP address . But we get only 251 because First and Last IP Addresses are Network name and Broadcast IP . (192.168.1.0 & 192.168.1.255). The third one is for the Gateway (192.168.1.1) and remaining two are reserved by AWS for future use. Also I’ve mentioned the AZ.
Internet Gateway (IGW)
4. Create IGW and attached it to VPC.
Routing Table
5. Also now we have to create a routing table and associate it with the two subnets so that we can log in to the instance and both the instances can ping to each other. I’ve also provided CIDR block as 0.0.0.0/0 which means anyone from anywhere can connect which is not a good practise but just for the sake of testing I’ve done it.
Security Group
6. Now I’ve created a security group which would allow traffic from outiside to access my website. I’ve mentioned port number ‘3306’ which is by default port for mysql db.
Launch Instance
7. Create Instances and launch. I’ve used AMI and lauched wordpress AMI in the public subnet and mysql AMI in private subnet and that’s it. By one simple command command our Infrastructure will launch.
terraform validate
terraform apply -auto-approve
Thanks for reading. I hope this article is helpful.
My GitHub for the code.
Let’s connect on Linkedln.
