Create a web portal with all security on AWS through terraform

Problem Statement:

So here are the steps that we need to follow :

Terraform Code:

1. We are using aws as provider so we need to setup region and profile.

provider “aws” {
region = “ap-south-1”
profile = “myadi”
}

2. Create the key pair.

resource “tls_private_key” “web_key” {
algorithm = “RSA”
}

resource “aws_key_pair” “task_key” {
key_name = “mytaskkey”
public_key = tls_private_key.web_key.public_key_openssh
}

resource “local_file” “key-file” {
content = tls_private_key.web_key.private_key_pem
filename = “task_key.pem”
}

3. Create the VPC.

resource “aws_vpc” “main” {
cidr_block = “10.10.0.0/16”
enable_dns_hostnames=true
enable_dns_support =true
tags = {
Name = “myvpc”
}
}

4. Create two subnets.

// 1-Public Subnet

resource “aws_subnet” “public-subnet” {
vpc_id = aws_vpc.main.id
cidr_block = “10.10.0.0/24”
map_public_ip_on_launch = true
availability_zone = “ap-south-1a”
tags = {
Name = “public-subnet-1a”
}
}

// 2-private subnet

resource “aws_subnet” “private-subnet” {
vpc_id = aws_vpc.main.id
cidr_block = “10.10.1.0/24”
map_public_ip_on_launch = false
availability_zone =”ap-south-1b”
tags = {
Name = “private-subnet-1b”
}
}

5. Create the Internet Gateway

resource “aws_internet_gateway” “gw” {
vpc_id = aws_vpc.main.id

tags = {
Name = “mygw1”
}
}

6. Create the route table.

resource “aws_route_table” “r” {
vpc_id = aws_vpc.main.id

route {
cidr_block = “0.0.0.0/0”
gateway_id = aws_internet_gateway.gw.id
}

tags = {
Name = “route1”
}
}

7. Connect the route table to public subnet.

resource “aws_route_table_association” “a” {
subnet_id = aws_subnet.public-subnet.id
route_table_id = aws_route_table.r.id
}

8. Create Security group for wordpress and MySql instance.

//Create wordpress security group

resource “aws_security_group” “wp-sg” {
name = “wordpress-SG”
description = “Allow HTTP and SSH inbound traffic”
vpc_id = aws_vpc.main.id

ingress {
description = “HTTP”
from_port = 80
to_port = 80
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}

ingress {
description = “SSH”
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}
egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}

tags = {
Name = “wordpressSG”
}
}

//Create mysql security group

resource “aws_security_group” “db-sg” {
name = “mysql-SG”
description = “Allow webserver-SG inbound traffic”
vpc_id = aws_vpc.main.id

ingress {
description = “MYSQL”
security_groups = [aws_security_group.wp-sg.id]
from_port = 3306
to_port = 3306
protocol = “tcp”

}

egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}

tags = {
Name = “mysqlSG”
}
}

9. Launch mysql and wordpress instances.

//Launch mysql instance in private subnet

resource “aws_instance” “mysql” {
ami = “ami-08706cb5f68222d09”
instance_type = “t2.micro”
associate_public_ip_address = false
subnet_id = aws_subnet.private-subnet.id
vpc_security_group_ids = [aws_security_group.db-sg.id]

tags ={
Name = “mysql”
}
}

//Launch wordpress instance

resource “aws_instance” “wordpress” {
ami = “ami-000cbce3e1b899ebd”
instance_type = “t2.micro”
associate_public_ip_address = true
subnet_id = aws_subnet.public-subnet.id
vpc_security_group_ids = [aws_security_group.wp-sg.id]
key_name = aws_key_pair.task_key.key_name

tags ={
Name = “wordpress”
}
}

terraform init

terraform apply -auto-approve

VPC, Subnet and Internet Gateway:

Route Table:

Security Group:

EC2 Instance:

Thank You !!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store