TERRAFORM AUTOMATION TO SETUP VPC, SUBNETS AND NAT GATEWAY

TASK4

Performing the following steps:

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create 2 subnets:

1. public subnet [ Accessible for Public World! ]

2. private subnet [ Restricted for Public World! ]

3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.

8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.

TASK4 IS SAME AS TASK3 THE ONLY DIFFERENCE IS ON SECURITY SITE AND BOSTON INSTANCE.

MYOFFICE -> VPC

BOTH PUBLIC AND PRIVATE SUBNET

INTERNET GATEWAY ATTACH TO MYOFFICE VPC

NAT GATEWAY

BOTH MYSQL AND WORDPRESS INSTANCES

wordpress security rule

sql security group contains two rule

1. to allow ssh from boston_security group instances
2. wordpress to sql connection at port 3306

allow wordpress at port 3306

allow boston security group to do ssh

provider “aws” {

region = “ap-south-1”

profile = “task2”

}

# creating vpc

resource “aws_vpc” “myvpcoffice” {

cidr_block = “192.168.0.0/16”

instance_tenancy = “default”

tags = {

Name = “myoffice”

}

}

# creating two subnets

# public subnet

resource “aws_subnet” “subpb1” {

vpc_id = “${aws_vpc.myvpcoffice.id}”

cidr_block = “192.168.0.0/24”

availability_zone = “ap-south-1a”

map_public_ip_on_launch = true // makes our subnet public

tags = {

Name = “public_subnet_1a”

}

}

# private subnet

resource “aws_subnet” “subpv2” {

vpc_id = “${aws_vpc.myvpcoffice.id}”

cidr_block = “192.168.1.0/24”

availability_zone = “ap-south-1b”

tags = {

Name = “private_subnet_1b”

}

}

#Internet Gateway

resource “aws_internet_gateway” “igw” {

vpc_id = “${aws_vpc.myvpcoffice.id}”

tags = {

Name = “Dnatting”

}

}

resource “aws_route_table” “rt” {

vpc_id = “${aws_vpc.myvpcoffice.id}”

route {

cidr_block = “0.0.0.0/0”

gateway_id = “${aws_internet_gateway.igw.id}”

}

tags = {

Name = “route_table_rule”

}

}

resource “aws_route_table_association” “rtas1” {

subnet_id = aws_subnet.subpb1.id

route_table_id = aws_route_table.rt.id

}

#Elastc IP

resource “aws_eip” “elasticip”{

vpc=true

tags = {

Name = “elasticip”

}

}

#NAT Gateway

resource “aws_nat_gateway” “nat” {

allocation_id = aws_eip.elasticip.id

subnet_id = aws_subnet.subpb1.id

tags = {

Name = “Snatting” // provides access only from one side

}

}

#Routing table for private subnet

resource “aws_route_table” “rtnat” {

vpc_id = “${aws_vpc.myvpcoffice.id}”

route {

cidr_block = “0.0.0.0/0”

nat_gateway_id = “${aws_nat_gateway.nat.id}”

}

tags = {

Name = “NAT_routing_rule”

}

}

resource “aws_route_table_association” “rtasa2” {

subnet_id = aws_subnet.subpv2.id

route_table_id = aws_route_table.rtnat.id

}

# create key manually + do chod 400 on instance sql i guess not sure

resource “aws_security_group” “sg1” {

name = “wordpress_security_group”

vpc_id = aws_vpc.myvpcoffice.id

ingress {

description = “http”

from_port = 80

to_port = 80

protocol = “tcp”

cidr_blocks = [“0.0.0.0/0”]

}

ingress {

description = “ssh”

from_port = 22

to_port = 22

protocol = “tcp”

cidr_blocks = [“0.0.0.0/0”]

}

tags = {

name = “wordpress_SG”

}

}

#MYSQL Security Group

resource “aws_security_group” “sg2” {

name = “sql_security_group”

vpc_id = aws_vpc.myvpcoffice.id

ingress {

description = “MYSQL”

from_port = 3306

to_port = 3306

protocol = “tcp”

security_groups = [aws_security_group.sg1.id]

}

tags = {

name = “sql_SG”

}

}

resource “aws_security_group” “sg3” {

name = “bstn_security_group”

vpc_id = aws_vpc.myvpcoffice.id

ingress {

description = “ssh”

from_port = 22

to_port = 22

protocol = “tcp”

cidr_blocks = [“0.0.0.0/0”]

}

tags = {

name = “bstn_sg3”

}

}

resource “aws_security_group” “sg4” {

name = “allow_bstn_security_group”

vpc_id = aws_vpc.myvpcoffice.id

ingress {

description = “ssh”

from_port = 22

to_port = 22

protocol = “tcp”

security_groups = [aws_security_group.sg3.id]

}

tags = {

name = “allow ssh from bstn_sg3”

}

}

#EC2 Instance#For Wordpress

resource “aws_instance” “OS1”{

ami = “ami-000cbce3e1b899ebd”

instance_type = “t2.micro”

associate_public_ip_address = true

key_name = “keytask”

security_groups = [aws_security_group.sg1.id]

subnet_id = aws_subnet.subpb1.id

tags = {

Name = “WordPress_Instance”

}

}

#For MySql

resource “aws_instance” “OS2”{

ami = “ami-0019ac6129392a0f2”

instance_type = “t2.micro”

key_name = “keytask”

security_groups = [aws_security_group.sg2.id,aws_security_group.sg3.id]

subnet_id = aws_subnet.subpv2.id

tags = {

Name = “MYSQL_Instance”

}

}

TERRAFORM APPLY RESULT

TASK4 COMPLETED