Creating VPC in AWS Cloud with NAT Gateway.
* Task-4 *
Perform task-3 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet.
Note: I have attach my task-3 link at the end.go throw task 3 and then perform task-4.
Performing the following steps:
1. Write an Infrastructure as code using terraform, which automatically create a VPC.
2. In that VPC we have to create 2 subnets:
1. public subnet [ Accessible for Public World! ]
2. private subnet [ Restricted for Public World! ]
3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network
6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet
7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.
8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.
Prerequisite:
- Account on AWS
- Install AWS CLI → https://s3.amazonaws.com/aws-cli/AWSCLISetup.exe
- Install Terraform → https://www.terraform.io/downloads.html
so let’s get started……..
Firstly we have to mention the provider. The Terraform AWS provider is a plugin for Terraform that allows for the full lifecycle management of AWS resources and we can do by using the following code:
create vpc: VPC(Virtual Private Network)
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
Now we have to create our vpc and for doing so we have to provide a range of IP addresses which is also known as CIDR. Here I am providing cidr_block=”192.168.0.0/16”.
We can check form the AWS console that it has been created.
Next we have to create two subnets in that VPC one is private and another one is public.
Subnets are a logical partition of an IP network into multiple, smaller network segments. They are like labs in which we can launch AWS resources in any of the specified subnet.
Public Subnet-It is the subnet which is connected to the internet. I have created this subnet in ap-south-1b region. We will launch our WordPress in this subnet and for connectivity we have to assign public IP to the instance and for doing so I have enabled auto assigning of public IP.
Private subnet-This subnet cannot connect to the internet. I have created this subnet in ap-south-1b region. We will launch our MySQL database in this subnet.
Now After creating the subnets we will create an Elastip IP for NAT Gateway.
Elastic IP: An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account.
Now elastic IP create Nate gateway for you.
NAT Gateway: Network Address Translation Gateway is used to enable instances present in a private subnet to help connect to the internet or AWS services. In addition to this, the gateway makes sure that the internet doesn’t initiate a connection with the instances.
Next we have to create an Internet gateway. Internet gateway is a VPC component that helps in establishing a connection between VPC
and internet.
Route Table- A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed. To put it simply, a route table tells network packets which way they need to go to get to their destination. We have to associate the route tables with the subnets for controlling the routing of the subnets.
Next we have to launch two instances of WordPress and MySQL . For launching these instances we have to first create a key-pair
Key-pair-A key pair is a combination of a public key that is used to encrypt data and a private key that is used to decrypt data.
Security group-A security group acts as a virtual firewall for your instance to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance.
Security group for WordPress instance- In this security group I have added two inbound rules, one for port 22(ssh) so that we can connect to our instance through ssh and another of port 80(HTTP) so that we can connect to WordPress through internet. I have allowed all the outbound traffic.
create security group for mysql and launch
Bastion Host: A bastion host is a server whose purpose is to provide access to a private network from an external network. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration.
so here i have created bastion host
for running use following command
terraform init
terrfaorm validate
terraform apply -auto-approve
For connecting to our mysql instance through wordpress instance we have to first transfer our key to that instance and for doing so I have used WinSCP.
After transferring the key we can connect to our instance but before connecting we have to give the permission to our key to execute and we can do so using the following command:
chmod 400 “key_name”
Now we can login to our mysql instance which is in private subnet and can check the outside connectivity.
and finally for destroying everything you have to use one command:
terrform destroy -auto-approve
Thanks for Reading!!!!!
task3 link → https://www.linkedin.com/feed/update/urn:li:activity:6689071708965605376/
#AWS #Vimal_Daga_sir #terraform #Hybrid_Multi_cloud