Task-3
Statement: We have to create a web portal for our company with all the security as much as possible.
So, we use the WordPress software with a dedicated database server.
The database should not be accessible from the outside world for security purposes.
We only need the public WordPress for clients.
So here are the steps for proper understanding!
Steps:
1) Write an Infrastructure as code using Terraform, which automatically creates a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.
5) Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.
Also, attach the key to the instance for further login into it.
6) Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same.
Also, attach the key with the same.
Note: WordPress instance has to be part of the public subnet so that our client can connect our site.
MySQL instance has to be part of a private subnet so that the outside world can’t connect to it.
Don’t forget to add auto IP assign and auto DNS name assignment options to be enabled.
NOW LET’S START!!
ABBREVIATIONS-
AWS — AMAZON WEB SERVICES
EC2- ELASTIC COMPUTE CLOUD
VPC- VIRTUAL PRIVATE CLOUD
DNS- DOMAIN NAME SERVER
VM- VIRTUAL MACHINE
IAAS — INFRASTRUCTURE AS A SERVICE
PAAS — PLATFORM AS A SERVICE
SAAS — SOFTWARE AS A SERVICE
IAM — IDENTITY ACCESS MANAGEMENT
AWS — AWS is a Public Cloud which provides IaaS, PaaS, SaaS. It works on the pay-as-we-go model.
VPC — VPC gives you an isolated place where you can work without the interference of others. It provides you a virtual place where you can set up your lab.
Subnet- Subnet is a kind of lab where you can launch your instance and make the connections with other devices.
So let’s get learning!!
THE BEST PART IS WE WILL BE DOING EVERYTHING BY TERRAFORM CODE.
I am creating a folder and all files will be present here. Also, I am configuring AWS in starting.
So, let’s start coding.
GIVE PROFILE AND REGION -
The default region set to “Mumbai” and my IAM Profile is “mymanali”.
As I configured AWS on my cmd so I used here profile, as to show access key and the secret key is pretty dangerous.
KEY PAIRS-
To access the instance I need a key-pair value.
Here you can see the key is created.
CREATE VPC-
Now it’s time to create your own virtual data center.”aws_vpc” is a resource and “main” is a unique keyword.DNS Hostname is enabled so when instance will be created it will give DNS to that instance.
CREATE PUBLIC SUBNET-
This is a public subnet in the VPC. When we create Subnet the best part is we can select our Availability Zone. I am creating a public subnet so enabled public IP, depends on is used so that first VPC will create and then this subnet will form.
CREATE PRIVATE SUBNET-
This is a private subnet in the VPC. we can select our Availability Zone. I am creating a private subnet so disabled public IP, depends on is used so that first VPC will create and then this subnet will form.
In the below image you can see that the public subnet and private subnet is created.
CREATE INTERNET GATEWAY-
It creates communication between VPC and the Internet.
In this image, you can see that the internet gateway is formed.
CREATE ROUTE TABLE-
Route Table forward the packet according to the destination given.
In the Image, the routing table is created.
ASSOCIATE ROUTER TABLE WITH PUBLIC SUBNET AND VPC-
The public subnet can connect to the outside world so we need a connection.
SECURITY GROUP OF PUBLIC SUBNET-
Security Group will decide who can access this instance and who can be accessed by this instance. This is the Security Group for WordPress.
SECURITY GROUP OF PRIVATE SUBNET-
Security Group will decide who can access this instance and who can be accessed by this instance. This is the Security Group for MySQL.
In the image, you can see the security group for WordPress, and MySQL is created.
This is a security group for MySQL.
This is the security group for WordPress.
This image shows the network interface. It is a network interface card (NIC) which is an interconnection between a computer and public/private networks.
WORDPRESS AMI-
This is the pre-created WordPress AMI.
WORDPRESS INSTANCE-
The instance is a kind of operating system but here this is publicly accessible.
MYSQL INSTANCE-
This instance is in private subnet and not accessible by everyone.
See the instances are launched -
When we create the instance it creates volume and allocates it to the instance.
OUTPUT-
Write the DNS or IP and the WordPress created.
POWERFUL COMMANDS-
Now the best part after writing whole code it becomes so easy to start/terminate it .just one command and the whole setup ready and just one command will destroy everything.
Here the following terraform commands are used-
- terraform init- this command will initialize terraform and also install the required plugins.
- terraform apply — this command will create the whole setup.
- terraform destroy — auto-approve — this command will destroy the whole setup without asking yes/no.
GitHub URL — https://github.com/manali1230/AWS-VPC.git
