Virtual Private Cloud (VPC)

What is VPC?

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

You can easily customize the network configuration of your Amazon VPC. For example, you can create a public-facing subnet for your web servers that have access to the internet. You can also place your backend systems, such as databases or application servers, in a private-facing subnet with no internet access. You can use multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

Statement-

We have to create a web portal for our company with all the security as much as possible. So, we use the WordPress software with a dedicated database server. The database should not be accessible from the outside world for security purposes. We need only the WordPress site to be accessed by our clients.

Prerequisites-

1. AWS Account https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/
2. 2. Configure AWS CLI https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html
3. It's recommended that we have an IAM User account https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
4. Terraform download = https://www.terraform.io/downloads.html
5. AWS cliv2 download = https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html
6. Use AWS configure (setup for AWS users in the AWS CLI)

Commands to Run the Code-

"terraform init" - it will initialize all the plugins.

"terraform plan" - it will create an execution plan.

"terraform apply" - the apply command is used to execute the plan and the -auto-approve option tells terraform not to require interactive approval of the plan before applying it.

"terraform destroy" - the destroy command is used to destroy the infrastructure and the -auto-approve option tells terraform not to require interactive approval of the plan before destroying it.

Proposed Solution-

First will configure the AWS

Now we will Configure the VPC using the below code-

Run “terraform apply”

Now we will be creating two Subnets in this VPC

1. Public Subnet- For hosting WordPress site which will be accessed to Clients
2. Private Subnet- For hosting the MySQL DataBase of WordPress Site which will not be accessed by the public as its confidential data.

What is subnet?

A subnetwork or subnet is a logical subdivision of an IP network. It is a range of IP addresses in your VPC. You can launch AWS resources into a specified subnet. If the user wants to launch an instance, directly user cannot launch an instance in Data Center they require subnet and while launching an instance they internally create a DHCP server.

Types of Subnet-

Public Subnet: A public subnet for resources that must be connected to the internet world

Private Subnet: A private subnet for resources that won't be connected to the internet.

For creating Subnet we will use the following code:

1. Public Subnet for hosting WordPress

Run “terraform apply”

2. Private Subnet for hosting DataBase

Run “terraform apply”

Now after creating the subnets, we will create an internet gateway to provide a path for communication

What is Internet Gateway?

An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.

For creating Internet Gateway we will use the following code:

Run “terraform apply”

Now we will create the routing table and associating it with Subnet.

What are the Route table and its association?

A routing table contains a set of rules, called routes, that are used to determine where network traffic from your VPC is directed. You can explicitly associate a subnet with a particular route table. Otherwise, the subnet is implicitly associated with the main route table. Each route in a routing table specifies the range of IP addresses where you want the traffic to go (the destination) and the gateway, network interface, or connection through which to send the traffic (the target).

#Creating a Routing Table

For creating Route Table we will use the following code:

Run “terraform apply”

#Associating Routeing Table to Subnet

For associating Route Table we will use the following code:

Run “terraform apply”

Now to access or communicate to the webserver and database server we need some protocols, that will be assigned to the security group within the VPC.

What is the Security Group?

Security Groups provide a modular way to define and compose firewall rules. The rules are managed at the hypervisor level in order to restrict incoming and outgoing network traffic. Ingress gateway operates at the edge of a service mesh, receiving incoming HTTP/TCP connections while configuring ports, protocols, and virtual services. Firewalls are designed to decline the request unless there are specific policy and configuration that allows ingress connections. Here according to our need, we have taken HTTP and SSH. By default, AWS creates an ALLOW ALL egress rule when creating a new Security Group inside of a VPC.

Here is the Security Group for Public Subnet (WordPress WebServer)-

# To create a Security Group for Public Subnet we will use the following code:

Run “terraform apply”

Here is the Security Group for Private Subnet (DataBase) -

# To create a Security Group for Private Subnet we will use the following code:

Run “terraform apply”

Now we will create instances to host our WebSever and DataBase Server Respectively in this VPC

# To create instances we will use the below code:

Run “terraform apply”

You can now use your WordPress Server Public IP to access your WordPress-

To use the WordPress image of AWS we use the following link:

Enter here the WordPress Instance ID

Set your password here

Now you are ready for hosting your WordPress:

Please find the code using the below link-

Thanks!!!!

From:

Adnan A. Shaikh