Create a personal VPC and integrate with EC2

Uditanshu Kumar
5 min readAug 3, 2020

Statement: We have to create a web portal for our company with all the security as much as possible. So, we use Wordpress software with dedicated database server. Database should not be accessible from the outside world for security purposes. We only need to public the WordPress to clients. So here are the steps for proper understanding!

Steps : — — — — —

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create 2 subnets:

→public subnet [ Accessible for Public World! ]

→ private subnet [ Restricted for Public World! ]

3. Create a public facing internet gateway toconnect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site. Also attach the key to instance for further login into it.

6. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.

Note: Wordpress instance has to be part of public subnet so that our client can connect our site.

mysql instance has to be part of private subnet so that outside world can’t connect to it.

Let’s Start ……………………………………………

Let’s Start ……………………………………………

Step 1: We will provide our resource provider name followed by account details along with the region name.

//Provider

provider “aws”{
region = “ap-south-1”
profile = “Udit”
}

Step 2: Create a personal Virtual Private Cloud…

//creating VPC
resource “aws_vpc” “udit_vpc” {
cidr_block = “192.168.0.0/16”
instance_tenancy = “default”

tags = {
Name = “udit_vpc”
}
}

Step 3: Create 2 subsets…. public and private…

//creating subnets
resource “aws_subnet” “udit_public_subnet” {
vpc_id = “${aws_vpc.udit_vpc.id}”
cidr_block = “192.168.0.0/24”
availability_zone = “ap-south-1a”
map_public_ip_on_launch = true

tags = {
Name = “udit_public_subnet”
}
}

resource “aws_subnet” “udit_private_subnet” {
vpc_id = “${aws_vpc.udit_vpc.id}”
cidr_block = “192.168.100.0/24”
availability_zone = “ap-south-1b”

tags = {
Name = “udit_private_subnet”
}
}

Step 4: Create a public facing internet gateway to connect our VPC/Network to the internet world .

resource “aws_internet_gateway” “internet_gateway” {
vpc_id = “${aws_vpc.udit_vpc.id}”

tags = {
Name = “internet_gateway”
}
}

Step 5: Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

resource “aws_route_table” “udit_route1” {
vpc_id = “${aws_vpc.udit_vpc.id}”

route {
cidr_block = “0.0.0.0/0”
gateway_id = “${aws_internet_gateway.internet_gateway.id}”
}

tags = {
Name = “udit_route1”
}
}

resource “aws_route_table_association” “route_association1” {
subnet_id = aws_subnet.udit_public_subnet.id
route_table_id = aws_route_table.udit_route1.id
}

Step 6: We will create public and private key using tls_private_key keyword. These key pairs will be used to login to our aws instance from our local system using SSH .

//key creation
resource “tls_private_key” “udit_key_pair”{
algorithm = “RSA”
}

resource “aws_key_pair” “udit_key”{
key_name = “udit33”
public_key = tls_private_key.udit_key_pair.public_key_openssh

depends_on = [
tls_private_key.udit_key_pair
]
}

Step 7: Create Security groups for mysql, wordpress . In wordpress we will allow inbounds to port no 22 and 80 , in mysql we will allow inbounds only from wordpress.

// Wordpress Security Group

resource “aws_security_group” “wordpress_sg” {
name = “wordpress_sg”
description = “Allow ssh, http and icmp”
vpc_id = “${aws_vpc.udit_vpc.id}”

ingress {
description = “Allow Icmp”
from_port = 1
to_port = 1
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]

}

ingress {
description = “Allow SSH”
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}

ingress {
description = “Allow HTTP”
from_port = 80
to_port = 80
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}

egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}

tags = {
Name = “wordpress_sg”
}
}

resource “aws_security_group” “mysql_sg1” {
name = “mysql_sg1”
description = “Allow wordpress”
vpc_id = “${aws_vpc.udit_vpc.id}”

ingress {
description = “Allow Wordpress”
from_port = 3306
to_port = 3306
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
security_groups = [ “${aws_security_group.wordpress_sg.id}”]
}

egress {
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}

tags = {
Name = “mysql_sg1”
}
}

Step 8: Launch Word-press in the public subnet and attach respective security groups to it …

resource “aws_instance” “wordpress_instance” {
ami = “ami-01b9cb595fc660622”
instance_type = “t2.micro”
subnet_id = aws_subnet.udit_public_subnet.id
associate_public_ip_address = true
key_name = “udit33”
vpc_security_group_ids = [ “${aws_security_group.wordpress_sg.id}”]

tags = {
Name = “Wordpress Instance”
}
}

Step 9: Launch MySQL in the private subnet..

resource “aws_instance” “mysql_instance” {
ami = “ami-0025b3a1ef8df0c3b”
instance_type = “t2.micro”
subnet_id = aws_subnet.udit_private_subnet.id
key_name = “udit33”
vpc_security_group_ids = [ “${aws_security_group.mysql_sg1.id}”]
tags = {
Name = “Mysql Instance”
}
}

Finally….Launch the Wordpress site using the Wordpress instance IP….

Thank YOU….

--

--