Deploy Wordpress+MySql on AWS in our own VPC(Task-3)
What is a VPC?
A virtual private cloud (VPC) is an on-demand configurable pool of shared computing resources allocated within a public cloud environment, providing a certain level of isolation between the different organizations using the resources.A virtual private cloud is a private cloud computing environment contained within a public cloud. Essentially, a VPC provisions logically isolated sections of a public cloud in order to provide a virtual private environment.
After creating a VPC, you can add one or more subnets in each Availability Zone. You can optionally add subnets in a Local Zone, which is an AWS infrastructure deployment that places compute, storage, database, and other select services closer to your end users. A Local Zone enables your end users to run applications that require single-digit millisecond latencies.
Task:-
We have to create a web portal for our company with all the security as much as possible.
So, we use Wordpress software with dedicated database server.
Database should not be accessible from the outside world for security purposes.
We only need to public the WordPress to clients.
So here are the steps for proper understanding!
Steps:
1) Write a Infrastructure as code using terraform, which automatically create a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.
Also attach the key to instance for further login into it.
6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.
Also attach the key with the same.
Note: Wordpress instance has to be part of public subnet so that our client can connect our site.
mysql instance has to be part of private subnet so that outside world can't connect to it.
Don't forgot to add auto ip assign and auto dns name assignment option to be enabled.
Solution:-
Step 1:-
First we will login to our AWS account using :
provider "aws" {
region = "ap-south-1"
profile = "pushkar1"
}
Step 2:-
Now create a VPC with dns_hostnames as enabled.
resource "aws_vpc" "myvpc1" {
cidr_block = "192.168.0.0/16"
enable_dns_hostnames = "true"
tags = {
Name = "MyVpc"
}
}
Step 3:-
Now we have to create 2 subnets.
(i) Public for Wordpress site.
(ii)Private for MySql .
resource "aws_subnet" "public_subnet" {
depends_on = [
aws_vpc.myvpc1,
]
vpc_id = aws_vpc.myvpc1.id
cidr_block = "192.168.2.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = "true"
tags = {
Name = "Public Subnet"
}
}
resource "aws_subnet" "private_subnet" {
depends_on = [
aws_vpc.myvpc1,
]
vpc_id = aws_vpc.myvpc1.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"
tags = {
Name = "Private Subnet"
}
}
Step 4:-
Now our Subnets are created, we have to create a Public facing Internet gateway and attach it to our VPC for outsite connectivity.
resource "aws_internet_gateway" "gw" {
depends_on = [
aws_vpc.myvpc1,
]
vpc_id = aws_vpc.myvpc1.id
tags = {
Name = "Internet gateway"
}
}
Step 5:-
Now we have to create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
resource "aws_route_table" "my_route_table1" {
depends_on = [
aws_vpc.myvpc1,
]
vpc_id = aws_vpc.myvpc1.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
tags = {
Name = "Routing Table"
}
}
resource "aws_route_table_association" "Route_association" {
depends_on = [
aws_route_table.my_route_table1,
]
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.my_route_table1.id
}
Step 6:-
we have to create a security group for Wordpress allowing port 80.
resource "aws_security_group" "Wordpress_sg" {
name = "Wordpress_sg"
description = "Allow Tcp $ Ssh inbound traffic"
vpc_id = aws_vpc.myvpc1.id
ingress {
description = "Ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_SSh_http"
}
}
also create a security group form MySql allowing port 3306 for wordpress.
resource "aws_security_group" "MySql_sg" {
name = "MySq_sg"
description = "Allow Wordpress inbound traffic"
vpc_id = aws_vpc.myvpc1.id
ingress {
description = "Allow MySql"
from_port = 3306
to_port = 3306
protocol = "tcp"
}
ingress {
description = "Ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_MySql"
}
}
Step 7:-
Now we have to deploy Mysql in private subnet.
resource "aws_instance" "mysql"{
depends_on = [
aws_vpc.myvpc1,aws_security_group.MySql_sg,
]
ami = "ami-0019ac6129392a0f2"
instance_type = "t2.micro"
vpc_security_group_ids = [ aws_security_group.MySql_sg.id]
subnet_id = aws_subnet.private_subnet.id
}
Step 8:-
Now we will deploy wordpress in public subnet for public access.
resource "aws_instance" "webpage"{
depends_on = [
aws_vpc.myvpc1,aws_security_group.Wordpress_sg,
]
ami = "ami-000cbce3e1b899ebd"
instance_type = "t2.micro"
associate_public_ip_address = "true"
availability_zone = "ap-south-1a"
key_name = var.mykey
vpc_security_group_ids = [ aws_security_group.Wordpress_sg.id]
subnet_id = aws_subnet.public_subnet.id
}
resource "null_resource" "nullremote2" {
depends_on = [
aws_instance.webpage,
]
connection{
type= "ssh"
user = "bitnami"
host = aws_instance.webpage.public_ip
private_key = file ("C:/Users/Lenovo/Desktop/mykey121.pem")
}
provisioner "remote-exec" {
inline = ["sudo /opt/bitnami/ctlscript.sh restart apache",
"sudo /opt/bitnami/ctlscript.sh status",
]
}
provisioner "local-exec" {
command = "start chrome ${aws_instance.webpage.public_ip}"
}
}
Finally with the local provisioner the wordpress site will automatically open in chrome in our machine.
To run this program first run:
terraform init
After that:
terraform apply
and to delete this complete infrastructure:
terraform destroy
Proof of Work:-
Task completed. If anyone is facing any difficulty, feel free to comment.
You can get the full code here:-