TASK-4:AWS VPC with public, private subnets, internet gateway and NAT gateway

Task Overview:

1. Write an Infrastructure as code using terraform, which automatically create a VPC.

  1. MySQL instance has to be part of a private subnet so that the outside world can’t connect to it.
  2. Don’t forget to add auto IP assign and auto DNS name assignment option to be enabled
  1. AWS CLI , Terraform associated with Command line .
  2. You must Configure Your IAM profile to Command line .
  1. NAT Gateway :-It is highly available AWS managed service that makes it easy to connect to the Internet from instances within a private subnet in an Amazon Virtual Private Cloud (Amazon VPC).
  2. Internet Gateway :-An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses. An internet gateway supports IPv4 and IPv6 traffic.
  3. Elastic IP :- An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account.
provider "aws" {
region = "ap-south-1"
profile = "aman"
}
resource "aws_vpc" "myvpc" {
cidr_block = "192.168.0.0/16"
instance_tenancy = "default"
enable_dns_hostnames = "true"
tags = {
Name = "myvpc"
}
}
resource "aws_subnet" "subnet1" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "192.168.0.0/24"
availability_zone = "ap-south-1a"
map_public_ip_on_launch = truetags = {
Name = "public-subnet"
}
}
resource "aws_subnet" "subnet2" {
vpc_id = aws_vpc.myvpc.id
cidr_block = "192.168.1.0/24"
availability_zone = "ap-south-1b"tags = {
Name = "private-subnet"
}
}
resource "aws_nat_gateway" "natgw" {
allocation_id = aws_eip.eip.id
subnet_id = aws_subnet.subnet1.idtags = {
Name = "nat-gateway"
}
}resource "aws_internet_gateway" "igw" {
vpc_id = aws_vpc.myvpc.idtags = {
Name = "igw"
}
}
resource "aws_route_table" "rt1" {
vpc_id = aws_vpc.myvpc.idroute {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.igw.id
}tags = {
Name = "rt1"
}
}resource "aws_route_table_association" "associate1" {
subnet_id = aws_subnet.subnet1.id
route_table_id = aws_route_table.rt1.id
}resource "aws_route_table" "rt2" {
vpc_id = aws_vpc.myvpc.idroute {
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.natgw.id
}tags = {
Name = "rt2"
}
}resource "aws_route_table_association" "associate2" {
subnet_id = aws_subnet.subnet2.id
route_table_id = aws_route_table.rt2.id
}
provider "tls" {}
resource "tls_private_key" "t" {
algorithm = "RSA"
}
resource "aws_key_pair" "test" {
key_name = "mykey"
public_key = tls_private_key.t.public_key_openssh
}
provider "local" {}
resource "local_file" "key" {
content = tls_private_key.t.private_key_pem
filename = "mykey.pem"

}
resource "aws_security_group" "wp_sg" {
name = "wp"
description = "Allow TLS inbound traffic"
vpc_id = aws_vpc.myvpc.idingress {
description = "http"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}ingress {
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}tags = {
Name = "wp_sg"
}
}
resource "aws_security_group" "mysql_sg" {
name = "basic"
description = "Allow MySQL"
vpc_id = aws_vpc.myvpc.idingress {
description = "mysql"
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}ingress {
description = "ssh"
from_port = 22
to_port = 22
protocol = "tcp"
security_groups = [ aws_security_group.wp_sg.id ]
}tags = {
Name = "mysql_sg"
}
}
resource "aws_instance" "wp_os" {
ami = "ami-7e257211"
instance_type = "t2.micro"
key_name = "mykey123"
subnet_id = aws_subnet.subnet1.id
vpc_security_group_ids = [ aws_security_group.wp_sg.id ]
tags = {
Name = "wp_os"
}
}resource "aws_instance" "mysql_os" {
ami = "ami-08706cb5f68222d09"
instance_type = "t2.micro"
key_name = "mykey123"
subnet_id = aws_subnet.subnet2.id
vpc_security_group_ids = [ aws_security_group.mysql_sg.id ]
tags = {
Name = "mysql_os"
}
}
terraform init
terraform validate terraform plan
terraform apply --auto-approve
terraform destroy --auto-approve

Finally! After completing the last step ,we can successfully access the WordPress site.