Auto Creating Web portal on Cloud by creating VPC and configuring it for better security

Task Description:

We have to create a web portal for our company with all the security as much as possible. So, we use Wordpress software with dedicated database server. Database should not be accessible from the outside world for security purposes. We only need to public the WordPress to clients.

So here are the steps for proper understanding!

Steps:

1) Write a Infrastructure as code using Terraform, which automatically creates a VPC.

2) In that VPC we have to create 2 subnets: a- public subnet b-private subnet

3) Create a public-facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to the outside world, update and associate it with the public subnet.

5) Launch an ec2 instance that has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site.

Also, attach the key to the instance for further login into it.

6) Launch an ec2 instance that has MYSQL setup already with security group allowing port 3306 in a private subnet so that our WordPress VM can connect with the same. We will add auto IP assign and auto DNS name assignment options to be enabled.

A provider is responsible for understanding API interactions and exposing resources.

Amazon Virtual Private Cloud (Amazon VPC) enables to launch AWS resources into a virtual network that is defined by the user. This virtual network closely resembles a traditional network that is to be operated in own data center, with the benefits of using the scalable infrastructure of AWS providing a virtual boundary to isolate it from other VPC for security aspects.

#VPC_creationresource "aws_vpc" "myvpc" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = "true"
tags = {
Name = "shailjavpc"
}
}

Subnet is a basically logical subdivision of an IP network.

When we divide the network ranges in small chunks of ranges in called Subnetting i.e. subnet1,subnet2, etc

We are using Private Subnet for launching WordPress, which is our frontend application.

A public subnet is a subnet that’s associated with a route table that has a route to an Internet gateway.

#public_subnetresource "aws_subnet" "publicSubnet" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "192.168.0.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = "true"
tags = {
Name = "subnet1"
}
}

A private subnet is a subnet that is isolated from the public world

#private_subnetresource "aws_subnet" "privateSubnet" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"
tags = {
Name = "subnet2"
}
}

A gateway is a node (router) in a computer network, a key for data on its way to or from other networks.

For basic Internet connections at home, the gateway is the Internet Service Provider that gives access to the entire Internet.

#internet_gatewayresource "aws_internet_gateway" "internetGateway" {
vpc_id = aws_vpc.myvpc.id
tags = {
Name = "my_internetgateway"
}
}

A routing table contains a set of rules, called , that are used to determine where network traffic from your subnet or gateway is directed.

#routing_tableresource "aws_route_table" "routingTable" {
vpc_id = aws_vpc.myvpc.id
route {

gateway_id = aws_internet_gateway.internetGateway.id
cidr_block = "0.0.0.0/0"
}
tags = {
Name = "myRoutingTable"
}
}
#association_of_route_tableresource "aws_route_table_association" "association" {
subnet_id = aws_subnet.publicSubnet.id
route_table_id = aws_route_table.routingTable.id
}

We will create a separate security group for both WordPress and MySQL.

  1. WordPress SG
#WordPress_Security_Groupresource "aws_security_group" "wordpress_sg" {
depends_on = [ aws_vpc.myvpc ]
name = "wp_sg"
vpc_id = aws_vpc.myvpc.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = [ "0.0.0.0/0" ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "wp_sg"
}
}

2. MySQL SG

#MySql_Security_groupresource "aws_security_group" "mysql_sg" {
depends_on = [ aws_vpc.myvpc ]
name = "mysql_sg"
vpc_id = aws_vpc.myvpc.id
ingress {
description = "MYSQL"
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [ aws_security_group.wordpress_sg.id ]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "mysql_sg"
}
}
  1. WordPress Instance
#WordPress_instanceresource "aws_instance" "wordpress_os" {
ami = "ami-7e257211"
instance_type = "t2.micro"
subnet_id = aws_subnet.publicSubnet.id
vpc_security_group_ids = [ aws_security_group.wordpress_sg.id ]
key_name = "key"
tags = {
Name = "wordpress"
}
}

2. MySql Instance

#MySql_instanceresource "aws_instance" "database" {
ami = "ami-0447a12f28fddb066"
instance_type = "t2.micro"
subnet_id = aws_subnet.privateSubnet.id
vpc_security_group_ids = [ aws_security_group.mysql_sg.id ]
key_name = "key"
tags = {
Name = "database"
}
}
#final_outputresource "null_resource" "nulllocal1"  {
depends_on = [
aws_instance.wordpress_os ,
aws_instance.database ,
]
provisioner "local-exec" {
command = "start chrome ${aws_instance.wordpress_os.public_ip}"
}
}

Run the file by using #terraform apply

OUTPUT:

To destroy this complete infrastructure #terraform destroy

Thank you for Reading!