TASK 3 : VIRTUAL PRIVATE CLOUD ( VPC )

Virtual Private Cloud (VPC):

Amazon Virtual Private Cloud (VPC) provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define . It helps a firm or a user by providing virtual cloud space for integrating the business. With AWS VPC one can completely monitor virtual networking environment, including the selection of your own IP address range, the creation of subnets, and configuration of route tables and network gateways these features helps a lot to integrate businesses.

Amazon VPC allows you to logically analyze the section of Amazon Cloud where one can launch AWS Resources in the virtual network. To provide secure and easy access fourth and sixth revision to the Internet Protocol can be used.Using VPC we can launch cloud resources called as instances of 3 types — : Compute , Storage and Networking.

Terms related to VPC :-

• Virtual private cloud (VPC) — A virtual network dedicated to your AWS account.
• Subnet — A segment of a VPC’s where you ommunication between resources in your VPC and the internet.
• VPC endpoint — Enables private connectivity for your service in AWS without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies.
• NAT Gateway: A highly available, managed Network Address Translation (NAT) service for your resources in a private subnet to access the Internet.
• Virtual private gateway: The Amazon VPC side of a VPN connection for secure transactions.
• Peering Connection: To route traffic via private IP addresses between two peered VPCs.
• Egress-only Internet Gateway: A stateful gateway that provides egress only access for IPv6 traffic from the VPC to the Internet.

Features of VPC :-

a. Flexibility:

AWS VPC is flexible to connectivity as it can get connected to the Internet, data center based on AWS resources that one can expose publically and those which one has to keep private.

b. Easy to use and setup

With the help of the AWS Management Console, one can easily and quickly set up AWS VPC. It also helps you to focus only on creating the application as the process such as Subnets, IP ranges, route tables, and security groups are automatically created.

c. Security

To enable inbound and outbound filtering at the instance level and subnet level VPC provides advanced security features. You can provide security to Amazon S3 by restricting access so that it can access from instances in your AWS VPC.

d. Scalability and Reliability

AWS VPC provides a facility of instant scalability so that you can instantly scale your resources up or down, select Amazon EC2 instances types and sizes that are right for your applications. It also helps to save the extra cost as there are no upfront costs.

Task objective →

We have to create a web portal for our company with all the security as much as possible. So, we use WordPress software with dedicated database server. Database should not be accessible from the outside world for security purposes. We only need to public the WordPress to clients. So here are the steps for proper understanding!

Steps:
1) Write a Infrastructure as code using terraform, which automatically create a VPC.

2) In that VPC we have to create 2 subnets:
 a) public subnet [Accessible for Public World! ]
 b) private subnet [ Restricted for Public World! ]

3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5) Launch an ec2 instance which has WordPress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.
Also attach the key to instance for further login into it.

6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.

Lets Begin......

First of all Creating a profile .

Profile : It is not a good practice to provide access key and secret key directly in the code as we use SCM tools like Github etc to manage the code . So we create a profile and give these keys .

What is Terraform ?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. It's an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision a datacenter infrastructure using a high-level configuration language known as Hashicorp Configuration Language (HCL), or optionally JSON. Terrafrom is the one which work on both the cloud (public and private) and also helps in Multi Cloud & Hybrid cloud concepts.

First of all we have to install Terraform in our local mahine.

Terraform download link

{ Creating Wholesetup via - }

terraform apply -auto-approve

>> Declaring cloud provider

provider "aws" {
  version = "~> 2.0"
  region  = "ap-south-1"
  profile    = "sachin"
}

>> Creating VPC

esource "aws_vpc" "vpc1" {
  cidr_block       = "192.168.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = "true"
  tags = {
    Name = "sacvpc"
  }
}

>> Creating subnets

a) public subnet :- If a subnet’s traffic is routed to an internet gateway, the subnet is known as a public subnet.

b) private subnet : If a subnet doesn’t have a route to the internet gateway, the subnet is known as a private subnet.

1.) Public subnet

resource "aws_subnet" "subnetpublic" {
  vpc_id     = "${aws_vpc.vpc1.id}"
  cidr_block = "192.168.0.0/24"
  availability_zone =  "ap-south-1a"
  map_public_ip_on_launch = true
  tags = {
    Name = "subnet-1-a"
  }
}

 map_public_ip_on_launch = true

For outside connectivity we have to assign public ip to the instance . For this we enable auto assigning of Public IP .

2.) Private subnet

resource "aws_subnet" "subnetprivate" {
  vpc_id     = "${aws_vpc.vpc1.id}"
  cidr_block = "192.168.1.0/24"
  availability_zone = "ap-south-1b"
  tags = {
    Name = "subnet-1-b"
  }
}

>> Creating Internet Gateway

resource "aws_internet_gateway" "gw" {
  vpc_id = "${aws_vpc.vpc1.id}"


  tags = {
    Name = "sac-internet-gw"
  }
}

>>Creating Route Table

Route Table :- A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

resource "aws_route_table" "rt" {
  vpc_id = "${aws_vpc.vpc1.id}"


  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = "${aws_internet_gateway.gw.id}"
  }
  tags = {
    Name = "sac-rt"
  }
}

>>Association of Route Table to the public subnet

resource "aws_route_table_association" "_1a" {
  subnet_id      = aws_subnet.subnetpublic.id
  route_table_id = aws_route_table.rt.id
}

>>Creating Key Pair

provider "tls" {}
resource "tls_private_key" "t" {
    algorithm = "RSA"
}
resource "aws_key_pair" "test" {
    key_name   = "task3-key"
    public_key = "${tls_private_key.t.public_key_openssh}"
}
provider "local" {}
resource "local_file" "key" {
    content  = "${tls_private_key.t.private_key_pem}"
    filename = "task3-key.pem"
       
}

>>Security Group for WordPress

Allow protocles: HTTP, SSH, ICMP

resource "aws_security_group" "sg-wp" {
  name        = "pub-vpc-wp-firewall"
  description = "public vpc"
  vpc_id      = "${aws_vpc.vpc1.id}"


  ingress {
    description = "SSH"
    from_port   = 22
    to_port     = 22
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }


  ingress {
    description = "ICMP"
    from_port   = 8
    to_port     = 0
    protocol    = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }


  ingress {
    description = "HTTP"
    from_port   = 80
    to_port     = 80
    protocol    = "TCP"
    cidr_blocks = ["0.0.0.0/0"]
  }


  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }


  tags = {
    Name = "wp-sg"
  }
}

>>Security Group for MySQL

resource "aws_security_group" "mysql-sg" {
  name        = "mysql"
  description = "Allow TLS inbound traffic"
  vpc_id      = "${aws_vpc.vpc1.id}"
ingress {
    description = "mysql-security_group"
    from_port   = 3306
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  tags = {
    Name = "mysql-sg"
  }
}

>> Launch my-sql Instance

resource "aws_instance" "mysql-os" {
  ami           = "ami-08706cb5f68222d09"
  instance_type = "t2.micro"
  key_name      = "task3-key"
  subnet_id =  aws_subnet.subnetprivate.id
  vpc_security_group_ids = [ aws_security_group.mysql-sg.id ]
  tags = {
    Name = "mysql-os"
  }
}

>>Launch Wordpress Instance

resource "aws_instance" "wp-os" {
  ami           = "ami-7e257211"
  instance_type = "t2.micro"
  key_name = "task3-key"
  vpc_security_group_ids = [aws_security_group.sg-wp.id ]
  subnet_id = aws_subnet.subnetpublic.id
  tags = {
    Name = "wp-os"
  }
}

Now all setup is ready.....

just we have to launch wordpress and do some setup....

>> Creating Wordpress

++ word-press password generating

++ To create own web page we have to setup Wordpress

.

Wordpress setup <<

.

.

.

>> Creating blog

.

.

>> Output :

{ Deleting Wholesetup via - }

terraform destroy -auto-approve

Github link:

That's_it_guys.....

Thanks for going through it........ ;D