Day 66 - : Building an entire infrastructure through Terraform
Hello, I am Akshay Phadke I have 10 Yrs of Experience in various Technologies. Currently, I am learning a few DevOps tools. I am working on Microsoft Technologies and AWS
Build Your Own AWS Infrastructure with Ease using Infrastructure as Code (IaC) Techniques
Task 1: Create a VPC
Create a VPC (Virtual Private Cloud) with CIDR block 10.0.0.0/16
- Create a vpc.tf file and mention the required CIDR block with the name tag of VPC.
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "main"
}
}
- In this Terraform code:
resource "aws_vpc" "main" - defines an AWS VPC resource named "main."
cidr_block = "10.0.0.0/16" specifies the IP address range for the VPC, allowing you to create instances with IP addresses in the range from
10.0.0.0 to 10.0.255.255.tags = { Name = "main" } sets a tag for the VPC, giving it the name "main" for easy identification and organization within your
AWS account.
Now lets run terraform command . First we run terraform init and then terraform apply as
Task 2: Create a private subnet
Create a private subnet with CIDR block 10.0.1.0/24 in the above VPC.
- Create a subnet.tf file to define the private subnet with the required configuration tag.
resource "aws_subnet" "public_subnet" { vpc_id = aws_vpc.main.id cidr_block = "10.0.2.0/24" tags = { Name = "public_subnet" } }- In this Terraform code:
resource "aws_subnet" "public_subnet" defines an AWS subnet resource named "public_subnet" that will be created within the previously defined VPC.*
vpc_id = aws_vpc.main.id specifies the VPC in which this subnet will be created by referencing the ID of the
"aws_vpc.main"resource.cidr_block = "10.0.2.0/24" sets the CIDR block for the subnet's IP address range, allowing instances within this subnet to have IP addresses in the range from
10.0.2.0 to 10.0.2.255.tags = { Name = "public_subnet" } defines tags for the subnet resource, with a "Name" tag set to "public_subnet" to identify the purpose of this subnet.
Task 3: Create a public subnet
Create a public subnet with CIDR block 10.0.2.0/24 in the above VPC.
- Similarly, in the subnet.tf file that we created above define the public subnet block.
Task 4: Create an Internet Gateway
Create an Internet Gateway (IGW) and attach it to the VPC.
- Create a internetgateway.tf file and define the internet gateway with the required configurations to attach it to VPC
resource "aws_internet_gateway" "internet_gateway" {
vpc_id = aws_vpc.main.id
tags = {
Name = "internet_gateway_devops"
}
}
Task 5: Create a Route table
Create a route table for the public subnet and associate it with the public subnet. This route table should have a route to the Internet Gateway.
- Create a routetable.tf file to define the route table configuration in association with the public subnet.
resource "aws_route_table" "route_table" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.internet_gateway.id
}
tags = {
Name = "route_table_devops"
}
}
resource "aws_route_table_association" "public_subnet_association" {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.route_table.id
}
- In this Terraform code:
resource "aws_route_table" "route_table" defines an AWS route table resource named "route_table" within the VPC specified by referencing the ID of the "aws_vpc.main" resource.
Inside the route table resource block, a default route is defined with a cidr_block of "0.0.0.0/0," which represents all IP addresses. This default route is directed to the Internet Gateway identified by gateway_id, which is the ID of the "aws_internet_gateway.internet_gateway" resource.
tags = { Name = "route_table_devops" } defines tags for the route table resource, with a "Name" tag set to
"route_table_devops"for identification.resource "aws_route_table_association" "public_subnet_association" associates the route table with a public subnet by specifying the
subnet's IDand theroute table's ID. This association ensures that the public subnet uses the defined route table forrouting traffic.
- Verify the route table in the AWS console.
Task 6: Create a security group
- Security group: Allow SSH access and HTTP access from anywhere
resource "aws_security_group" "web_server" {
name_prefix = "web-server-sg"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
}
Task 7: Create an Elastic IP
- Create an Elastic IP and associate it with the EC2 instance.
resource "aws_eip" "ip" {
instance = aws_instance.server_terraform.id
vpc = true
tags = {
Name = "elastic-ip"
}
}
Task 8 :Create an EC2 instance
Launch an EC2 instance in the public subnet with the following details:
AMI: ami-0557a15b87f6559cf
Instance type: t2.micro
Open the website URL in a browser to verify that the website is hosted successfully.
resource "aws_security_group" "web_server" {
name_prefix = "web-server-sg"
vpc_id = aws_vpc.main.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = -1
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "server_terraform" {
ami = "ami-007855ac798b5175e"
instance_type = "t2.micro"
key_name = "instance"
subnet_id = aws_subnet.public_subnet.id
security_groups = [
aws_security_group.web_server.id
]
user_data = <<-EOF
#!/bin/bash
sudo apt-get update -y
sudo apt-get install apache2
sudo systemctl start apache2
sudo systemctl enable apache2
echo "<html><body><h1>Hello IaC Project</h1></body></html>" > /var/www/html/index.html
sudo systemctl restart apache2
EOF
tags = {
Name = "terraform_server"
}
}
resource "aws_eip" "ip" {
instance = aws_instance.server_terraform.id
vpc = true
tags = {
Name = "elastic-ip"
}
}
verify Security Groups
once you open the website browse the public access address and you wensite will load
