Hosting Wordpress on AWS with maximum Security

Task

• Write a Infrastructure as code using terraform, which automatically create a VPC.
• In that VPC we have to create 2 subnets: - Public subnet [ Accessible for Public World! ] - Private subnet [ Restricted for Public World! ]
• Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
• Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
• Launch one instance using wordpress AMI in public subnet and another instance of MySQL for database in private subnet.

Prerequisites:

• An AWS account.
• IAM user in AWS with Admin Access power.
• Installation of AWS CLI on your base os.
• Installation of Terraform in your base OS.
• Now add AWS account using aws configure then enter access key ID, Secret key and region.

Lets Start

VPC

To Create VPC , we have to give a range of IP address . This Range is also known as CIDR Here I gave CIDR_block    = "192.168.0.0/16"

provider "aws" {
  region     = "us-east-1"
}
resource "aws_vpc" "myvpc_resourcename" {
  cidr_block       = "192.168.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = true
 tags = {
    Name = "Web Portal Deployment"
         }
}
output "printvpc_id" {
      value = aws_vpc.myvpc_resourcename.id


                 }

To run the code, We have to type terraform apply. And terraform will automatically run all the .tf files located in the Workspace

Subnet

Now, In the same terraform file, we will add code to create public and private Subnet. In public subnet we have given public ip for ssh so that we can go inside instance and make the changes and in private subnet there is no public ip (because our database is in private subnet )so that no one can login to our database instance and access our data.

resource "aws_subnet" "Public" {
  vpc_id     = aws_vpc.myvpc_resourcename.id
  cidr_block = "192.168.0.0/24"
  map_public_ip_on_launch = true
  availability_zone = "us-east-1a"
  tags = {
    Name = "Public Subnet"
  }
}
resource "aws_subnet" "Private" {
  vpc_id     = aws_vpc.myvpc_resourcename.id
  cidr_block = "192.168.1.0/24"
  availability_zone = "us-east-1b"
  tags = {
    Name = "Private Subnet"
  }
}

Terraform will give us the in detail information of the resources it will create and ask for our confirmation.

Internet Gateway

Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet.

resource "aws_internet_gateway" "WP_Net_Gateway" {
  vpc_id = aws_vpc.myvpc_resourcename.id
tags = {
    Name = "Wordpress Internet Gateway"
  }


}

Routing Table

Routing table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

resource "aws_route_table" "wproutingtable" {
  vpc_id = aws_vpc.myvpc_resourcename.id
 tags = {
    Name = "Wordpress Routing Table"
  }

}

Attaching routing table with Public Subnet:

resource "aws_route_table_association" "rt_attach_subnet" {
  subnet_id      = aws_subnet.Public.id
  route_table_id = aws_route_table.wproutingtable.id
}

Attaching routing table to Private Subnet:

resource "aws_route_table_association" "rt_attach_subnet2" {
  subnet_id      = aws_subnet.Private.id
  route_table_id = aws_route_table.wproutingtable.id
}

Security Groups

Wordpress

resource "aws_security_group" "securitygroup" {                      
  name        = "launch-wizard-1"
  description = "this security group will allow traffic at port 80"
    vpc_id = aws_vpc.myvpc_resourcename.id
      
  ingress {
    description = "http is allowed"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
ingress {
    description = "ssh is allowed"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
	egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
 }
  tags = {
    Name = "Wordpress Security Group"                   
  }
}

MySQL

 resource  "aws_security_group" "securitygroup2" {                      
  name        = "launch-wizard-2"
  description = "this security group will allow traffic at port 80"
    vpc_id = aws_vpc.myvpc_resourcename.id


  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    }
   ingress {
    description = "mysql"
    from_port   = 0
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }


	egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    }
  tags = {
    Name = "MySQL Security Group"                   
  }

}

Launching Instances

I used Wordpress and MySQL AMI's from Bitnami.

Wordpress

resource "aws_instance" "myinstance" {
  ami           = "aami-01d50ebc11ce4a9f9"
  instance_type = "t2.micro"
  key_name = "credits"
  vpc_security_group_ids = [ aws_security_group.securitygroup.id ]                
  subnet_id      = aws_subnet.Public.id
tags = {
   	  Name = "Wordpress"
       	        }

}

MySQL

resource "aws_instance" "mysqlinstance_rn" {
  ami           = "ami-0054cff8bcd7a1b3a"
  instance_type = "t2.micro"
  key_name = "credits"
      
  vpc_security_group_ids = [ aws_security_group.securitygroup2.id ]               
  subnet_id = aws_subnet.Private.id 
tags = {
   	  Name = "MySQL"
       	        }

}

Now, Copy the public DNS name of Wordpress instance and paste it in browser.

If you want to get the username & password or manage Wordpress you can click on the bottom right option.

We can access the password by seeing system logs of our Wordpress AMI.

Now , Let's login to admin console using given username and password.

We can also destroy the complete Infrastructure using command terraform destroy