Creating the Public Wordpress and Private SQL database in AWS using terraform.

In this article, I am going to demonstrate how to create a public subnet for wordpress and a private subnet for SQL server using terraform.

What is Terraform?

Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions. By using the teraform we can manage the multiple clouds. By knowing 1 language we can create infrastructure in all clouds. Terraform provides the CAAS(Code As A Service) which provides the code for creating and destroying the infrastructure in just 1 click.

Statement:

We have to create a web portal for our company with all the security as much as possible.

So, we use Wordpress software with dedicated database server.

Database should not be accessible from the outside world for security purposes.

We only need to public the WordPress to clients.

So here are the steps for proper understanding!

Steps:

1) Write a Infrastructure as code using terraform, which automatically create a VPC.

2) In that VPC we have to create 2 subnets:

a) public subnet [ Accessible for Public World! ]

b) private subnet [ Restricted for Public World! ]

3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.

Also attach the key to instance for further login into it.

6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.

Also attach the key with the same.

Note: Wordpress instance has to be part of public subnet so that our client can connect our site.

mysql instance has to be part of private subnet so that outside world can’t connect to it.

Don’t forgot to add auto ip assign and auto dns name assignment option to be enabled.

Try each step first manually and write Terraform code for the same.

This will give u proper understanding of workflow of task.

And the task is complete.

Procedure:

We are creating this infrastructure using terraform.

Step-1:

In this project we are using the AWS cloud so we are using the provider “AWS”.

provider “aws” {
profile = “prasanth”
region = “ap-south-1”
}

Here profile is used for security for the access key and secret key.

Creating the profile:

aws configure — — profile user

Then it will prompt for access key and secret key.

Creating the VPC

resource “aws_vpc” “main” {
cidr_block = “192.168.0.0/16”
instance_tenancy = “default”
enable_dns_hostnames=”true”
tags = {
Name = “main”
}
}

Step2:

Create the subnets in the vpc.

resource “aws_subnet” “public_subnet” {
vpc_id = “${aws_vpc.main.id}”
cidr_block = “192.168.1.0/24”
availability_zone = “ap-south-1a”
map_public_ip_on_launch=”true”
}
resource “aws_subnet” “private_subnet” {
vpc_id = “${aws_vpc.main.id}”
cidr_block = “192.168.2.0/24”
availability_zone = “ap-south-1b”
}

Here we are launching 2 instances public in 1a and private in 1b data centers.

Step3:

Creating the internet gateway and attaching to vpc.

resource “aws_internet_gateway” “main” {
vpc_id = “aws_vpc.main.id”
tags= {
Name = “main”
}
}

Step4:

Creating the routing table for public and private subnets and associating with it.

//routing table for public subnet

resource “aws_route_table” “public_subnet” {
vpc_id = “aws_vpc.main.id”
route {
cidr_block = “0.0.0.0/0”
gateway_id = “aws_internet_gateway.main.id”
}
}
resource “aws_route_table_association” “public_subnet” {
subnet_id = “aws_subnet.public_subnet.id”
route_table_id = “${aws_route_table.public_subnet.id}”
}

//routing table for private subnet

resource “aws_route_table” “private_subnet” {
vpc_id = “aws_vpc.main.id”
route {
cidr_block = “0.0.0.0/0”
instance_id = “aws_instance.MYSQL.id”
}
tags ={
Name = “Public Subnet”
}
}
resource “aws_route_table_association” “private_subnet” {
subnet_id = “${aws_subnet.private_subnet.id}”
route_table_id = “${aws_route_table.private_subnet.id}”
}

Step5:

For creating the ec2 instance we need a keypair and security groups.

//creating the keypair

resource “tls_private_key” “key” {
algorithm = “RSA”
rsa_bits = 4096
}
resource “aws_key_pair” “MykeyPair” {
key_name = “MykeyPair”
public_key = tls_private_key.key.public_key_openssh
}

//Creating the Security groups

resource “aws_security_group” “WP_Security_Group” {
name = “Security_Group”
description = “Allow TLS inbound traffic”
vpc_id = “${aws_vpc.main.id}”
ingress {
description = “TLS from VPC”
from_port = 443
to_port = 443
protocol = “tcp”
cidr_blocks =[“0.0.0.0/0”]
}
ingress {
description = “incoming http”
from_port = 80
to_port = 80
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}
ingress {
description = “incoming ssh”
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}
egress{
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}
tags= {
Name = “Security_Group”
}
}

//Creating the wordpress instance

resource “aws_instance” “WordPress”{
ami= “ami-00116985822eb866a”
instance_type= “t2.micro”
key_name= “${aws_key_pair.MykeyPair.id}”
vpc_security_group_ids= [“${aws_security_group.WP_Security_Group.id}”]
subnet_id=”${aws_subnet.public_subnet.id}”
tags= {
name= “wordpress”
}
}

Step6:

Creating the SQL server

resource “aws_security_group” “SQL_Security_Group” {
name = “Security_Group”
description = “Allow TLS inbound traffic”
vpc_id = “${aws_vpc.main.id}”
ingress{
from_port=3306
to_port=3306
protocol=”tcp”
security_groups=[“${aws_security_group.WP_Security_Group.id}”]
}
egress{
from_port = 0
to_port = 0
protocol = “-1”
cidr_blocks = [“0.0.0.0/0”]
}
tags= {
Name = “Security_Group”
}
}

//MySQL instance

resource “aws_instance” “MYSQL”{
ami= “ami-08706cb5f68222d09”
instance_type= “t2.micro”
depends_on = [
aws_key_pair.MykeyPair
]
vpc_security_group_ids= [“${aws_security_group.SQL_Security_Group.id}”]
subnet_id=”${aws_subnet.private_subnet.id}”
tags= {
name= “MYSQL”
}
}

For printing Wordpress IP:

output “myos_ip” {
value = aws_instance.WordPress.public_ip
}

Conclusion:

That’s all we have successfully created the infrastructure.

For testing, use

“terraform plan”

It shows the list of services added to the infrastucture.

After that, use “terraform apply — auto-approve”

for applying the terraform code.

It will create the entire infrastucture for you.

Here is some screenshots of created infrastructure.

That’s all guys we have done it.

“Thank you for reading my article by giving your valuable time”

Hope it helped you.

MLOps| Hybrid Cloud | DevOps | Hadoop | Kubernets | Data Science| AWS | GCP |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Photism — Making Music from Pictures

BigQuery vs Snowflake: The Definitive Guide

What Is Client-Side Storage?

Trell Cash: The new age social commerce gamification engine | Architecture Design

From Distributed to Virtual PI Planning: How We Successfully Adapted Our Approach

From Kentucky Mule to faster Scala compiler— project brief

Serverless Feature Flags 🚀

[CTF Series #7] FlareOn-6 bmphide In LOL Way

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sriramadasu Prasanth Kumar

Sriramadasu Prasanth Kumar

MLOps| Hybrid Cloud | DevOps | Hadoop | Kubernets | Data Science| AWS | GCP |

More from Medium

Adding SSL/TLS to a Web Application using AWS Application Load Balancer

AWS CloudWatch ile Logları Kontrol Etme ( VPC Trafiği İzleme )

Microservices Architecture (Cloud Native Apps) #AWS

Automated Static Site Deployment in AWS Using Terraform