AWS Automation With Terraform

Hello and welcome to all.In this article we will be getting some hands on knowledge over some of the leading technology and that is Cloud Computing with Automation by Terraform. Before moving on further with the task let us first understand the agenda.

This is the hands on task which will do following things -

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create 2 subnets:

1. public subnet [ Accessible for Public World! ]

2. private subnet [ Restricted for Public World!

3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the NAT gateway created in the public subnet

7. Launch an ec2 instance which has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also attach the key to instance for further login into it.

8. Launch an ec2 instance which has MySQL setup already with security group allowing port 3306 in private subnet so that our WordPress VM can connect with the same. Also attach the key with the same.

Note: WordPress instance has to be part of public subnet so that our client can connect our site.MySQL instance has to be part of private subnet so that outside world can’t connect to it.

Don’t forgot to add auto IP assign and auto DNS name assignment option to be enabled.

What is Public Cloud?

The public cloud is a cloud service hosted by third-party cloud service providers on hardware shared by multiple customers. The cloud service provider handles all responsibilities associated with managing and maintaining cloud services.

Benefits of the Public Cloud

For companies using the public cloud, outsourcing cloud management and infrastructure saves time and uses fewer resources than building, owning, and operating their own cloud infrastructure. Other perks include scalability and ease of access.

What Is AWS?

AWS (Amazon Web Services) is a comprehensive, evolving cloud computing platform provided by Amazon that includes a mixture of infrastructure as a service (IaaS), platform as a service (PaaS) and packaged software as a service (SaaS) offerings. AWS services can offer an organization tools such as compute power, database storage and content delivery services.More than 100 services comprise the Amazon Web Services including -

  • Compute
  • Storage databases
  • Data management
  • Hybrid cloud
  • Networking
  • Security
  • Big data management
  • Artificial intelligence (AI)

What Is Terraform?

Terraform (https://www.terraform.io/) is an open source project by Hashicorp written in golang (https://golang.org/). It lets you define cloud resources (servers, s3 buckets, lambda functions, IAM policies, etc.) in code and check them into a source control. You can then “execute” the configuration and create/modify/delete all the cloud resources with a single command.

If you have any resources in AWS/Google Cloud/Azure, etc. its a high likelihood that terraform can improve your workflow and make management of your cloud resources a breeze! I have used it with AWS, so, most of this post will discuss terraform in context of AWS. But, it works fine with Google Cloud, Azure, Alibaba cloud, etc.

Using Terraform:

  • terraform init : Creates a .terraform directory
  • terraform plan : Outputs how terraform interprets the main.tf file and what resources it will create/modify/delete. Its a dry-run. Which is very critical because you would like know exactly what changes it will do your cloud resources. Surprises are bad!
  • terraform apply : Reads the main.tf and makes all the changes to the cloud. This step outputs a .tfstate file that contains identifiers of cloud resources. This generated file is very important and you should never edit this manually(Recommended).

A best practice is to set up a terraform role in IAM on AWS, use that to manage resource access to terraform and then execute it on the machine with that role.

Steps toward our work -

Before proceeding ahead with terraform use your Command Prompt to configure IAM role as Profile in your AWS CLI.

  1. Plugins Initialization :-Now Create a file with Extension .tf in separate folder and run the following command to initialize with Terraform Environment and downloading and Installing Terraform Plugins.

2. Creating Key-Pairs :- This is the Snippet of Code which will Create Key Pair and will download and save in the current working directory .Which will the be used it future when launching instance.

3. Creating VPC :- Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.

You can easily customize the network configuration of your Amazon VPC. For example, you can create a public-facing subnet for your web servers that have access to the internet. You can also place your backend systems, such as databases or application servers, in a private-facing subnet with no internet access. You can use multiple layers of security, including security groups and network access control lists, to help control access to Amazon EC2 instances in each subnet.

4. Security Group :- A security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Inbound rules control the incoming traffic to your instance, and outbound rules control the outgoing traffic from your instance. When you launch an instance, you can specify one or more security groups. If you don’t specify a security group, Amazon EC2 uses the default security group. You can add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time. New and modified rules are automatically applied to all instances that are associated with the security group. When Amazon EC2 decides whether to allow traffic to reach an instance, it evaluates all of the rules from all of the security groups that are associated with the instance.

When you launch an instance in a VPC, you must specify a security group that’s created for that VPC. After you launch an instance, you can change its security groups. Security groups are associated with network interfaces. Changing an instance’s security groups changes the security groups associated with the primary network interface (eth0)

4.a — Creating Security Group for WordPress Instance :-

4.b — Creating Security Group for Bastion Host :-

4.c Creating Security Group for MySQL :-

5. Creating Subnets :- Subnetwork or subnet is a logical subdivision of an IP network. The practice of dividing a network into two or more networks is called subnetting. AWS provides two types of subnetting one is Public which allow the internet to access the machine and another is private which is hidden from the internet.

For reference-https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Scenario2.html

5.a Create Public Subnet For WordPress :- This Code Snippet will Create a subnet for WordPress and will add internet gateway , edit route table and all .

5.b Creating Private Subnet For MySQL Instance :- This Snippet will Create a subnet for MySQL.

6. Adding Elastic IP :-

7. Creating Nat Gateway and editing route table and associate it :-

8. Launch All the instances :- If you face any difficulty in launching instance,it is probably because of subscription for the WordPress from the AWS Market Place. Do subscribe it and then run it.

Time to Run our Terraform Script —

1.Initialize terraform :- terraform init

It will install plugin required for our code.

2. Run the Script :- terraform apply --auto-approve

It will add all resources listed in our code.

Output:-

After following all the steps, we are more likely to see -

On Successful terraform apply
VPC Created — myVPC
Subnets Created My_Public_Subnet & my_subnet_private
Route Table & NAT Gateway Route Table created !!
My_IG Internet Gateway Created !!
Nat Gateway Created !!
MySQL, WordPress & BastionHost Instances created !!
Logging in to Word Press OS by its Public IP and Instance ID(one-time) as verification !!
Finally WordPress is Here !!

Our Task has been done! Now to shut all resources down-

terraform destroy --auto-approve
# It will destroy our entire environment that we created !!
Use this command to destroy !!
All 19 resources created earlier is now destroyed !!

And we can also do some more things in this task like i have created for this code in this way that our MySQL database is on private world meas inside this instance no one from public world can go inside and so for this i have created one bastion host instance using this only we can go inside the MySQL OS and can modify it and WordPress is running in public world so that anyone from anywhere can access our website .

All the codes discussed earlier can be found on my Github Repo & connect with me on Linkedin !!

Thank you Everyone for reading .!! Bella Ciao