Create a web portal with all security on AWS through terraform

Problem Statement:

So here are the steps that we need to follow :

  1. Write a Infrastructure as code using terraform, which automatically create a VPC.
  2. In that VPC we have to create 2 subnets:

Terraform Code:

1. We are using aws as provider so we need to setup region and profile.

provider “aws” {
region = “ap-south-1”
profile = “myadi”
}

2. Create the key pair.

resource “tls_private_key” “web_key” {
algorithm = “RSA”
}

resource “aws_key_pair” “task_key” {
key_name = “mytaskkey”
public_key = tls_private_key.web_key.public_key_openssh
}

resource “local_file” “key-file” {
content = tls_private_key.web_key.private_key_pem
filename = “task_key.pem”
}

3. Create the VPC.

resource “aws_vpc” “main” {
cidr_block = “10.10.0.0/16”
enable_dns_hostnames=true
enable_dns_support =true
tags = {
Name = “myvpc”
}
}

4. Create two subnets.

// 1-Public Subnet

resource “aws_subnet” “public-subnet” {
vpc_id = aws_vpc.main.id
cidr_block = “10.10.0.0/24”
map_public_ip_on_launch = true
availability_zone = “ap-south-1a”
tags = {
Name = “public-subnet-1a”
}
}

// 2-private subnet

resource “aws_subnet” “private-subnet” {
vpc_id = aws_vpc.main.id
cidr_block = “10.10.1.0/24”
map_public_ip_on_launch = false
availability_zone =”ap-south-1b”
tags = {
Name = “private-subnet-1b”
}
}

5. Create the Internet Gateway

resource “aws_internet_gateway” “gw” {
vpc_id = aws_vpc.main.id

tags = {
Name = “mygw1”
}
}

6. Create the route table.

resource “aws_route_table” “r” {
vpc_id = aws_vpc.main.id

route {
cidr_block = “0.0.0.0/0”
gateway_id = aws_internet_gateway.gw.id
}

tags = {
Name = “route1”
}
}

7. Connect the route table to public subnet.

resource “aws_route_table_association” “a” {
subnet_id = aws_subnet.public-subnet.id
route_table_id = aws_route_table.r.id
}

8. Create Security group for wordpress and MySql instance.

//Create wordpress security group

resource “aws_security_group” “wp-sg” {
name = “wordpress-SG”
description = “Allow HTTP and SSH inbound traffic”
vpc_id = aws_vpc.main.id

ingress {
description = “HTTP”
from_port = 80
to_port = 80
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}

ingress {
description = “SSH”
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}
egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}

tags = {
Name = “wordpressSG”
}
}

//Create mysql security group

resource “aws_security_group” “db-sg” {
name = “mysql-SG”
description = “Allow webserver-SG inbound traffic”
vpc_id = aws_vpc.main.id

ingress {
description = “MYSQL”
security_groups = [aws_security_group.wp-sg.id]
from_port = 3306
to_port = 3306
protocol = “tcp”

}

egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}

tags = {
Name = “mysqlSG”
}
}

9. Launch mysql and wordpress instances.

//Launch mysql instance in private subnet

resource “aws_instance” “mysql” {
ami = “ami-08706cb5f68222d09”
instance_type = “t2.micro”
associate_public_ip_address = false
subnet_id = aws_subnet.private-subnet.id
vpc_security_group_ids = [aws_security_group.db-sg.id]

tags ={
Name = “mysql”
}
}

//Launch wordpress instance

resource “aws_instance” “wordpress” {
ami = “ami-000cbce3e1b899ebd”
instance_type = “t2.micro”
associate_public_ip_address = true
subnet_id = aws_subnet.public-subnet.id
vpc_security_group_ids = [aws_security_group.wp-sg.id]
key_name = aws_key_pair.task_key.key_name

tags ={
Name = “wordpress”
}
}

terraform init

terraform apply -auto-approve

VPC, Subnet and Internet Gateway:

Route Table:

Security Group:

EC2 Instance:

Thank You !!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya Raj

I'm passionate learner diving into the concepts of computing 💻