In this article we will imagine that you were assigned to develop a non-production environment that provides logical network isolation to test a group of resources, such a fleet of AWS Elastic Compute Cloud (EC2) instances that will be hosting web applications.
- Internet access
- Security groups
Following the scenario, the Cloud Solutions Architect team provided you with the diagram below to be used as a reference. The main goal for this infrastructure is to build it as a code (IaaC) using Terraform.
Diagram 1: VPC.
"Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.”
Terraform is a powerful declarative tool that helps us to manage a vast majority of cloud services as well as provides consistency and visibility of infrastructure changes happening across different workspace and environments. This functionality not only serves as an important improvement to the quality of the project lifecycle but also keeps software engineers and others on the same team informed.
Please note that we can create or configure any AWS server through the AWS management console, but the problem is that it takes time if you do the same thing again and again. By using Terraform, we don't need to sign in on the AWS management console and can finish our work with the command-line alone.
In this project you will encounter one module. This module will help you to deploy one or multiple VPCs in one go.
Terraform templates previous
Now that you have your Terraform templates ready let's describe each networking component briefly
What is a VPC?
"Amazon Virtual Private Cloud (Amazon VPC) is a service that lets you launch AWS resources in a logically isolated virtual network that you define."
What is an EC2?
"Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers."
What is an Internet gateway?
"An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet."
What is a Subnet?
"A subnet is a segment of a VPC that resides entirely within a single Available Zone."
What is a Security group?
"A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance."
Another important note is that this infrastructure can be more robust by adding other servers such as AWS Auto Scaling Groups, AWS ELB's, AWS Natgateway, or Network Access Control List (NACL's) which I will probably be adding in a later article 😊.
Having Terraform in the mix facilitates the creation, destruction of resources, testing and debugging of your projects.
This Terraform project is dynamically designed to deploy the following services and associations:
EC2 with Apache installed. This include a simple HTML file accessible from the internet. Please observe the Terraform outputs to obtain public DNS and public IP to complete your test.
Route Table associate with the IGW and public subnets.
Security group rules give permission to accept Ip Protocol "tcp" connection from port "80" and to port "80" and also is open to internet using the CidrIp: "0.0.0.0/0". This means that this SG accepts connections from the internet using these two ports. Please note that in a production environment we would never use an open CidrIP "0.0.0.0/0".
Functions, arguments and expressions of Terraform that were used in the above project:
I would like to give a big shout out to my mentor Derek Morgan. Thank you for all of your support all these months and for the amazing course "More Than Certified in Terraform" the best course out there. Link to the course here. If you want to connect with him and ask questions about his course, contact him via LinkedIn Derek Morgan or you can join the Discord channel here.