Provisioning of Instances in Different Subnets(i.e. Private & Public) in AWS (implementing VPC,EC2,Bastion Host) using Terraform.
What is Terraform ?
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
Configuration files describe to Terraform the components needed to run a single application or your entire datacenter. Terraform generates an execution plan describing what it will do to reach the desired state, and then executes it to build the described infrastructure. As the configuration changes, Terraform is able to determine what changed and create incremental execution plans which can be applied.
The infrastructure Terraform can manage includes low-level components such as compute instances, storage, and networking, as well as high-level components such as DNS entries, SaaS features, etc.
What is AWS ?
Amazon Web Services (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. In aggregate, these cloud computing web services provide a set of primitive abstract technical infrastructure and distributed computing building blocks and tools. One of these services is Amazon Elastic Compute Cloud (EC2), which allows users to have at their disposal a virtual cluster of computers, available all the time, through the Internet.
What is Bastion Host ?
A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server , and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers.Bastion hosts are related to multi-homed hosts and screened hosts.
Problem Statement / Task :
We have to create a web portal for our company with all the security as much as possible.
So, we use Wordpress software with dedicated database server.
We apply internet connection in database server by using bastion host security group in that instance
We only need to public the WordPress to clients.
So here are the steps for proper understanding !!!!
Procedure:
Write a Infrastructure as code using terraform for AWS.
provider "aws" {
region = "ap-south-1"
profile = "nikhil"
}
Now we have to create a VPC.
In these VPC we have to create 2 subnets listed below:
-> Public Subnet [ Accessible for Public World !]
-> Private Subnet [ Restricted for Public World! ]
Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
.Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
Create a NAT gateway for connect our VPC /Network to the internet world and attach this gateway to our VPC in the public network.
Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet.
Create a key pair which we use to login into instances.
Now we create some security groups for our instances & bastion host.
Launch an EC2 instance which has WordPress setup already having the security group allowing port 80 so that our client can connect to our WordPress site. Also attach the key to instance for further login into it.
Launch an EC2 instance which has MySQL setup already with security group allowing port 3306 in private subnet so that our WordPress instances can connect with the same. Also attach the key with the same.
Add Elastic IP
Now Run some terraform commands :
At first initialize the terraform
terraform init
Now validate the code
terraform validate
Now Run the code
terraform apply — auto-approve
Output Images
Destroy the complete infrastructure after solving use case.
terraform destroy
Thank You for viewing the article.
