Terraform code to create a VPC , Subnet , EC2 Instance , keypairs , Security group and Nat Gateway with Website Hosting in AWS

In a DevOps scenario, building AWS services via tools like Terraform is a more scalable and automated approach to cloud resource provisioning.

Understanding AWS VPCs

An AWS VPC is a single network that allows you to launch AWS services within a single isolated network. Technically, an AWS VPC is almost the same as owning a datacenter but with built-in additional benefits of scalability, fault-tolerance, unlimited storage, etc.

Building the Terraform Configuration for an AWS VPC

1. To start, create a folder to store your Terraform configuration files in. This tutorial will create a folder called terraform-ec2 in your home directory.

The Terraform configuration below:

Creates a VPC
Creates an Internet Gateway and attaches it to the VPC to allow traffic within the VPC to be reachable by the outside world.
Creates a public and private subnet

Subnets are networks within networks. They are designed to help network traffic flow be more efficient and provide smaller, more manageable ‘chunks’ of IP addresses

Creates a route table for the public and private subnets and associates the table with both subnets
Creates a NAT Gateway to enable private subnets to reach out to the internet without needing an externally routable IP address assigned to each resource.
Creates two server/instance [ public and private ]
Deploy a website inside public server with the help of scripting file [.sh].

Create a file inside ~/terraform-ec2 directory, paste in the following code, and name it as provider.tf to define the AWS provider

Vars.tf is a Terraform variables file that contains all the variables that the configuration file references.
You can see variables references in the configuration file by:

variable "region" {}
 variable "main_vpc_cidr" {}
 variable "public_subnets" {}
 variable "private_subnets" {}

Create one more file inside the ~/terraform-ec2 directory, name it terraform.tfvars, and paste the code below. This variables file contains the values that Terraform will use to replace the variable references inside of the configuration file.

main_vpc_cidr = "11.0.0.0/16"
 public_subnets = "11.0.1.0/24"
 private_subnets = "11.0.2.0/24"

The instance.tf file contains all the resources which are required to be provisioned such as vpc subnets and instance.

Creating VPC & Internet Gateway.

Creating public and private subnets

Creating routes table for public and private subnets

Subnets association and Creating Nat gateway

Creating keypairs for Ec2 instances
To create a key inside our folder we need to type following commands

ssh-keygen -t rsa
./id_rsa

It will create two files id_rsa[private] and id_rsa.pub[public]

Creating a web_server.sh file for Website deployment

Creating EC2 public server with keys pair

Creating EC2 private server

Creating Security Groups and assign it to EC2 instance

Run the terraform init command in the same directory. The terraform init command initializes the plugins and providers which are required to work with resources.

Now, run the terraform plan command. This is an optional, yet recommended action to ensure your configuration’s syntax is correct and gives you an overview of which resources will be provisioned in your infrastructure

Next, tell Terraform actually to provision the AWS VPC and resources using terraform apply. When you invoke terraform apply, Terraform will read the configuration (instance.tf) and the other files to compile a configuration. It will then send that configuration up to AWS as instructions to build the VPC and other components.

Now our resources are created successfully lets verify it in aws console

VPC

Subnets

Routes tables

Internet gateway

Nat Gateway

Public & private servers

Put your public server ip in browser and check your website

You can also try to ssh into public server

As private server don't have any public ip...so inorder to ssh into it we can either use openvpn or a jump server [ so here public server acts like a jump server]

Now we are in private server.. we can't able ping as there is no internet inside this server

Using Nat gateway we can go to internet from this server
A NAT gateway is a Network Address Translation (NAT) service. You can use a NAT gateway so that instances in a private subnet can connect to services outside your VPC but external services cannot initiate a connection with those instances.

Now you can delete all resources at a time using terraform destroy commands.

The terraform destroy command is a convenient way to destroy all remote objects managed by a particular Terraform configuration.