Day 66 Task: Terraform Hands-on Project - Build Your Own AWS Infrastructure with Ease using Infrastructure as Code (IaC)
Table of contents
- Task 1: Create a VPC
- Task 2: Create a private subnet
- Task 3: Create a public subnet
- Task 4: Create an Internet Gateway
- Task 5: Create a Route table
- Task 6: Create a security group
- Task 7: Create an Elastic IP
- Task 8: Create user data to install Apache
- Task 9: Create an EC2 instance
- Task 10: Access the website
Welcome back to your Terraform journey.Subtasks:
Pre-requisite:-
Terraform must be installed locally or on an EC2 instance. I am using an EC2 instance.
AWS CLI must be configured.
As we already know we can write terraform configuration files as a single file like all the resources in main.tf or we can create different ".tf" files for different resources.
In this challenge, I am going to create different configuration files for different resources like VPC, SG, EC2, etc instead of main.tf.
Create a terraform.tf file and provide details for the provider.
Note - Use the terraform init
command to initialize as we need to validate the script(s).
Task 1: Create a VPC
Create a VPC (Virtual Private Cloud) with CIDR block 10.0.0.0/16
Create a vpc.tf file and mention the required CIDR block with the name tag of VPC.
resource "aws_vpc" "tf_vpc" { cidr_block = "10.0.0.0/16" tags = { Name = "tf_vpc" } }
terraform { required_providers { aws = { source = "hashicorp/aws" version = "~>4.16" } } required_version = ">=1.2.0" }
Below are the prerequisites for building any aws infrastructure is to define providers.
Execute terraform apply to build the VPC.
We can check in the AWS console for the new VPC created with name as "main".
Task 2: Create a private subnet
Create a private subnet with CIDR block 10.0.1.0/24 in the above VPC.
Create a subnet.tf file to define the private subnet with the required configuration tag.
resource "aws_subnet" "tf_private_subnet" { vpc_id = aws_vpc.tf_vpc.id cidr_block = "10.0.2.0/24" tags = { Name = "tf_private_subnet" } }
Use terraform apply to create the private subnet.
We can verify the private subnet in the subnet section in AWS management console.
Task 3: Create a public subnet
Create a public subnet with CIDR block 10.0.2.0/24 in the above VPC.
Similarly, in the subnet.tf file that we created above define the public subnet block.
resource "aws_subnet" "tf_public_subnet" { vpc_id = aws_vpc.tf_vpc.id cidr_block = "10.0.1.0/24" tags = { Name = "tf_public_subnet" } } resource "aws_subnet" "tf_private_subnet" { vpc_id = aws_vpc.tf_vpc.id cidr_block = "10.0.2.0/24" tags = { Name = "tf_private_subnet" } }
Use terraform apply to create the public subnet.
We can verify the subnet creation in the AWS console.
Task 4: Create an Internet Gateway
Create an Internet Gateway (IGW) and attach it to the VPC.
Create a internetgateway.tf file and define the internet gateway with the required configurations to attach it to VPC
resource "aws_internet_gateway" "tf_igw" { vpc_id = aws_vpc.tf_vpc.id tags = { Name = "tf_igw" } }
Use terraform apply to create the internet gateway.
We can verify the internet gateway that is created in AWS console.
Task 5: Create a Route table
Create a route table for the public subnet and associate it with the public subnet. This route table should have a route to the Internet Gateway.
Create a routetable.tf file to define the route table configuration in association with the public subnet.
resource "aws_route_table" "tf_routetable" { vpc_id = aws_vpc.tf_vpc.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.tf_igw.id } tags = { Name = "tf_routetable" } } resource "aws_route_table_association" "public_subnet_association" { subnet_id = aws_subnet.tf_public_subnet.id route_table_id = aws_route_table.tf_routetable.id } resource "aws_route_table_association" "private_subnet_association" { subnet_id = aws_subnet.tf_private_subnet.id route_table_id = aws_route_table.tf_routetable.id }
Use terraform apply to create the route table.
We can verify the route table in AWS console along with the public subnet which is associated in the subnet association section.
Task 6: Create a security group
- Security group: Allow SSH access and HTTP access from anywhere
Task 7: Create an Elastic IP
- Create an Elastic IP and associate it with the EC2 instance.
Task 8: Create user data to install Apache
- User data: Use a shell script to install Apache and host a simple website
Task 9: Create an EC2 instance
Launch an EC2 instance in the public subnet with the following details:
AMI: ami-0557a15b87f6559cf
Instance type: t2.micro
Open the website URL in a browser to verify that the website is hosted successfully.
create
ec2.tf
resource "aws_security_group" "tf_sg" {
name_prefix = "tf_sg"
vpc_id = aws_vpc.tf_vpc.id
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
}
resource "aws_instance" "tf_ec2instance" {
ami = "ami-0fe8bec493a81c7da"
instance_type = "t3.micro"
key_name = "terraform"
subnet_id = aws_subnet.tf_public_subnet.id
security_groups = [
aws_security_group.tf_sg.id
]
user_data = <<-EOT
#!/bin/bash
sudo apt-get update -y
sudo apt install apache2 -y
sudo systemctl start apache2
sudo systemctl enable apache2
echo "<html><body><h1> Welcome to my website my self Nilesh Sahare </h1></body></html> "
< /var/www/html/index.html
EOT
}
resource "aws_eip" "tf_eip" {
instance = aws_instance.tf_ec2instance.id
vpc = true
tags = {
Name = "terraform_elastic_ip"
}
}
Use terraform apply to spin up the infrastructure.
Now, we can see in the AWS console for the new EC2 instance which is created.
We can verify the security group along with the rules created.
We can verify the elastic IP which is created.
Task 10: Access the website
- We can verify the website that is created through Apache web server.
Don't forget to use the
terraform destroy
command. to destroy ur all your resources.Happy Learning :)
If you find my blog valuable, I invite you to like, share, and join the discussion. Your feedback is immensely cherished as it fuels continuous improvement. Let's embark on this transformative DevOps adventure together! ๐ #devops #90daysofdevop #AWS