Task 4 -> Creating a VPC with the help of public and private subnet and provisioning of NAT gateway for private subnets using Terraform.

ABOUT THIS TASK -

We Perform this TASK with same use case of WordPress and mysql but with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet .

In these task we are going to implement same use case using terraform code as we done in previous TASK i.e TASK 3 ,but in these task we have to provision one gateway which gives access to private subnet to connect to public internet world for any update purpose but nobody from public world cannot go inside .These gateway that we are provisioning for private subnet is called NAT gateway .

TASK 4 is nothing but just an upgraded version of TASK 3 .

As it includes the update of provisioning NAT gateway for private subnet connectivity to public world .

LET'S START -

1)First we have to login through aws CLI using aws configure command .

2)We have to create one VPC for our entire networking setup of infrastructure . But before running our terraform code we have to initialize it for downloading necessary plugins using terraform init command .

#terraform init

By running terraform code using terraform apply VPC is created for our infrastructure .

#terraform apply

3)After creating VPC , we have to write terraform code for creating two types of subnets like public subnet for WordPress and private subnet for mysql database server .

resource "aws_subnet" "public" 
{
           vpc_id = "$faws_vpc.myvpc.idl" 
           cidr block = "192.168.0.0/124"  
           map_public_ip_on_launch = true 
           tags = 
           { 
                   Name = "subnets1" 
           } 
}
resource "aws_subnet" "private" 
{ 
            vpc_id = "Sfaws_vpc.myvpc.idl" 
            cidr block = "192.168.1.0/124" 
           tags = 
           { 
                 Name = "subnets2" 

           }
}

4)Now for the connectivity of the subnets like to go in and go out we have to create one public facing gateway called internet gateway . By which outside clients can connect to our WordPress application .

resource "aws internet_gateway"
{
        "gw" vpc_id = "Slaws_vpc.myvpc.idl" 
         tags = 
         {
                 Name = "mygwl"
         }
} 

5)For internet gateway we have to configure one routing table which provides ip range to DHCP internally and attaching these routing table to public subnet .

resource "aws_route_table" "r" 
{ 
         vpc_id = "$
        {
                 aws_vpc.myvpc.id
        }" 
        route 
        {
                 cidr_block = "0.0.0.0/0" 
                gateway_id = "$
                {
                      aws_internet_gateway.gw.id
                }" 
        } 
        tags = 
        { 
                 Name = "routel" 
         }  
} 
resource "aws_route_table_association" "a" 
{ 
          subnet_id = aws_subnet.public.id 
          route_table_id = awsroutetable.r.id 

}

6)To permit outside connectivity and also to do SSH to WordPress instance we have to create one security group for WordPress instance in public subnet which allows SSH on port22 , WordPress server on port 80 and ICMP . Also for mysql database instance we have to create one security group which allows only port 3306 of mysql database server and security group of WordPress instance for their internal connectivity.

7)Now we have to create the WordPress and mysql instances using precreated AMI that has already WordPress and mysql set up ready .

resource aws_instance web
{
         ami = "ami-7e257211" 
         instance_type = "t2.micro" 
          key_name = "pritam" 
          vpc_security_group_ids = 
          [ "
          $
           {
                    aws_security_group.sgl.id
            }
           " 
           ] 
           subnet_id = aws_subnet.public.id tags =
          {
                   Name = "wordpress" 
           } 
} 
resource "aws_instance" "web2" 
{ 
          ami = "ami-08706cb5f68222d09" 
          instance_type = "t2.micro" 
          key_name = "pritam" 
          vpc_security_group_ids = 
          [ "
             $
                  {
                          aws_security_group.sg2.id
                  }
              " 
           ] 
           subnet_id = aws_subnet.private.id tags =
           {
                   Name = "mysql"
           } 
}

8)Finally we do all the terraform code setup and successfully implemented also .We can see whole setup of WordPress and mysql using terraform state list command .

#terraform state list

9)By using public ip of which is auto assigned to WordPress instance we can access WordPress application running under fully secured own created network setup using terraform.

10)Till these step the workflow is same as like TASK 3 .Now we have to create one instance in public subnet which has main provision of going inside the mysql instance in private subnet via SSH . These instance is known as Bastion_Host . But before creating bastion_host we have to create one security group for it for SSH . Another security group we have to create for mysql instance in private subnet which allows only Bastion_Host instance to go inside .

Security groups for Bastion_Host and for mysql which allows Bastion_Host login :-

Creating Bastion_Host instance in public subnet :-

11)For creating NAT gateway we require one static ip which is Elastic IP . It is a public ip given to NAT gateway by using these IP our database instance in private subnet can go outside to public world .

12)Now , we have to create NAT gateway for mysql instance running in private subnet .

13)At last we create routing table for NAT gateway and attaching it to mysql instance .Now our mysql instance can go outside to internet .

14)By running one single terraform code entire setup of the task is created . It is nothing but we are creating Netoworking As A Service (NAAS) by using terraform .

#terraform state list

TASK 4 COMPLETED OF HYBRID MULTI CLOUD.

THANK YOU!!