Launching Wordpress On Cloud using VPC ,NAT gateway.

TASK:-

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

2. In that VPC we have to create 2 subnets:

1. public subnet [ Accessible for Public World! ]

2. private subnet [ Restricted for Public World! ]

3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.

4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.

5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network

6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet

7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.

8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.

Note: Wordpress instance has to be part of public subnet so that our client can connect our site.

mysql instance has to be part of private subnet so that outside world can’t connect to it.

What is Nat gateway??

Network address translation (NAT) gateway is used to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.

What is VPC ??

Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.

Amazon VPC is the networking layer for Amazon EC2.

STEP-BY-STEP IMPLEMENTATION

To do the task,First of all We have to create VPC through terraform code.

For this,we have to mention provider,

A provider is responsible for understanding API interactions and exposing resources.

And then we can write our code for VPC.

To run the code,We have to initialize it to install the plugins required and then run it.

To initialize

terraform init

to run the code

terraform apply

Now we can check if our VPC is created or not through GUI.

Yes, VPC is created.When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16. This is the primary CIDR block for your VPC.

Now i will create subnets,it is a basically logical subdivision of an IP network.

1.public subnet [ Accessible for Public World! ]

2. private subnet [ Restricted for Public World!]

For creating subnets I will use the below written code

Checking through GUI

So,My both private and public subnet is created.

Time to create a public facing internet gateway to connect our VPC/Network to the internet world and attach this gateway to our VPC.

For creating internet gateway,I am using this code

#Internet gatewayresource “aws_internet_gateway” “Natgw”{
vpc_id = “${aws_vpc.vpc1.id}”

tags = {
Name = “Internet_Gateway”
}
}

Everytime I will keep on checking through GUI,To know if everything has been created successfully or not.

Next step is to Create a routing table for Internet gateway so that instance can connect to outside world, And then update and associate it with public subnet.

Here is the code for creating routing table and associating it with public subnet.

A routing table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.

Checking through GUI.

Now I will create Elastic IP,

An Elastic IP address is a public IPv4 address, which is reachable from the internet. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the internet.

resource “aws_eip” “nat” {
vpc = true
tags = {
Name = “ElasticIp”
}
}

And now checking through GUI

Now moving to our next step where we have to,

Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet.

For this,I will create a nat gateway,using below written code

resource “aws_nat_gateway” “nat_gateway” {
depends_on =[aws_subnet.public-subnet,aws_subnet.private-subnet]
allocation_id = aws_eip.nat.id
subnet_id = “${aws_subnet.public-subnet.id}”
tags = {
Name = “gw NAT”
}
}

You can use a network address translation (NAT) gateway to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances.

Updating the routing table with private subnet,

resource “aws_route_table” “Nat-rt” {
vpc_id = “${aws_vpc.vpc1.id}”
route {
cidr_block = “0.0.0.0/0”
gateway_id = “${aws_nat_gateway.nat_gateway.id}”
}
tags = {
Name = “Nat-rt”
}
}
resource “aws_route_table_association” “b” {
depends_on =[aws_route_table.Nat-rt]
subnet_id = aws_subnet.private-subnet.id
route_table_id = aws_route_table.Nat-rt.id
}

NOw for launching EC2 instance I should have key pair and security groups.

For creating key pair,

#creating a key pairvariable “keyname” {
default = “Task4_Key”
}
resource “tls_private_key” “Key” {
algorithm = “RSA”
rsa_bits = 4096
}
module “key_pair” {
source = “terraform-aws-modules/key-pair/aws”
key_name = “Task4_Key”
public_key = tls_private_key.Key.public_key_openssh
}

To create key pair,We have to initialize it first to load the plugins it requires and then run the code using terraform apply.

My key pair is created,

Next step is to create security groups,For wordpress and mysql.

For wordpress security groups,

For mysql security groups,

Checking through GUI

This security group allow HTTP to allow port 80,SSH and HTTPS .

This security group allow port 3306 for MySql.

Just because I have created security groups so now I will create EC2 instances for wordpress and mysql.

Creating wordpress instance.

#creating wordpress instanceresource “aws_instance” “task4_ec2_instance1” {
ami = “ami-004a955bfb611bf13”
instance_type = “t2.micro”
subnet_id = “${aws_subnet.public-subnet.id}”
key_name = “Task4_Key”
vpc_security_group_ids = [“${aws_security_group.Task4_sg1.id}”]
tags = {
Name = “Web_task4”
}
}

Creating mysql instance

#creating os for mysqlresource “aws_instance” “task4_ec2_instance_2” {
ami = “ami-08706cb5f68222d09”
instance_type = “t2.micro”
subnet_id = “${aws_subnet.public-subnet.id}”
key_name = “Task4_Key”
vpc_security_group_ids = [“${aws_security_group.NewTask4_sg.id}”]
tags = {
Name = “Mysql_task4”
}
}

Checking through GUI

Now by using the public IP we can access wordpress on cloud.

To delete everything use the below given code

terraform destroy -auto-approve

Thank You!!

Hope my this blog would help

Happy learning!!😊