PROVISIONING VPC, SECURITY GROUP AND EC2 INSTANCE USING TERRAFORM AUTOMATION SCRIPT☁️👩💻 !!
👨💻 Hola cloud Learners👨💻
What is terraform 🤷♀️??
Terraform is a tool for building, changing, and versioning infrastructure safely and efficiently. Terraform can manage existing and popular service providers as well as custom in-house solutions.
How terraform works ?
Terraform Init :
terraform init command is used to initialise a working directory containing Terraform configuration files.
During init, the configuration is searched for module blocks, and the source code for referenced modules is retrieved from the locations given in their source arguments.
Terraform must initialize the provider before it can be used.
Initialization downloads and installs the provider’s plugin so that it can later be executed.
Initializes the backend configuration.
It will not create any sample files like example.tf
Terraform plan :
terraform plan command is used to create an execution plan.
It will not modify things in infrastructure.
Terraform performs a refresh, unless explicitly disabled, and then determines what actions are necessary to achieve the desired state specified in the configuration files.
This command is a convenient way to check whether the execution plan for a set of changes matches your expectations without making any changes to real resources or to the state.
Terraform Apply :
terraform apply command is used to apply the changes required to reach the desired state of the configuration.
Terraform apply will also write data to the terraform.tfstate file.
Once the application is completed, resources are immediately available.
Terraform Refresh :
terraform refresh command is used to reconcile the state Terraform knows about (via its state file) with the real-world infrastructure.
This does not modify infrastructure but does modify the state file.
Terraform Destroy :
terraform destroy command is used to destroy the Terraform-managed infrastructure.
terraform destroy command is not the only command through which infrastructure can be destroyed.
You can remove the resource block from the configuration and run
terraform apply this way you can destroy the infrastructure.
⭐ Steps required :
- Create connection between aws and terraform using “terraform provider” service.
- Create Virtual Private Cloud.
- Create internet gateway , subnets and routing table inside that VPC.
- Create security group with inbound and outbound traffic rules.
- Lastly launch EC2 instance using newly created vpc, subnets and security group.
📑 Directory Structure:
The above directory structure has the following key files:
provider.tf: Defines the provider required for the module to work properly. You can also think of it as dependencies required for the module. This module needs the AWS module from Hashicorp (creators of Terraform). The AWS module will allow us to use the resources available in the AWS to create our desired infrastructure.
variable.tf: It contains the input variables required by the module to complete its task. For the sale of this article, I have set default values to the variables but they can be easily made required by removing the default value.
vpc.tf: Defines the terraform code require to create vpc, internet gateway, subnets and routing table.
ec2_security.tf: Contain the terraform code to create security group with inbound and outbound traffic rules.
ec2_instance.td: This file maintain the code for launching the ec2 instance using newly created vpc, subnets and security group.
Create connection between aws and terraform using “terraform provider” service.
To launch ec2, terraform first need to build the connection with aws. To give the connection information to terraform “provider” keyword is used.
Create virtual private cloud, internet gateway , subnets and routing table inside that VPC.
Let’s first understand what is vpc ?
Amazon Virtual Private Cloud (Amazon VPC) enables you to launch AWS resources into a virtual network that you’ve defined. This virtual network closely resembles a traditional network that you’d operate in your own data center, with the benefits of using the scalable infrastructure of AWS.
VPC need a range of IP address which is also known as CIDR. Here, cidr_value is the variable used to define the value of CIDR and the value of this variable is added into the variable.tf file.
Now create two Subnets — one is Public and one is Private.
Public Subnet -
This Subnet is connected to the internet so any one from internet can connect to this subnet for any type of operation. This Subnet is launched in the availability zone ap-south-1a to launch the ec2-Instance. Also enable the auto public ip assign so that client can access the site.
Private Subnet -
This Subnet is not connected to internet and cannot be access by the outside for the security purpose. It is in the availability zone ap-south-1b region.
To launch the subnets the code should be same the only difference is cidr range, availability zone and name of each subnet is different. To avoid the redundancy of code count keyword, element and length function is used here.
count: Simply run the same block of code given number of times.
element function: Retrieves a single element from a variable list of cidr ranges.
length function: Determines the length of a given list of cidr ranges.
Internet Gateway -
For our VPC to have internet connectivity, we need to deploy an Internet gateway. This will allow our VPC to receive traffic from the internet and send some traffic out as well.
Here, aws_vpc.TF_VPC.id will dynamically fetch the id of newly created vpc.
We have all the major parts of the network and now it is time to create route tables. Route Tables define which traffic can flow to which resource. We will create a Route Table for public and private subnets.
Public Route Table will have the traffic flowing from Internet Gateway directly. We will also create an association record to associate the newly created route table with the public subnets.
Private Route Table will have the traffic flowing from NAT Gateway. We will also create an association record to associate the newly created route table with the private subnets.
Launching Security Group —
Let’s understand first what is security group?
A Security Group is a virtual firewall for your EC2 instance to control Inbound/Outbound traffic to/from your instance.
A Security group is made up of a set of inbound and outbound rules.
A security group belongs to a VPC and is assigned at instance level and can be shared among many instances. You can use the same Security Group in different subnets in same VPC. Subnets can also have different Security Groups.
— Some keywords to know:
Inbound/Inbound traffic: Request going into AWS server.
Outbound/Outbound traffic: Request going from AWS server outside.
Code to launch security group —
This code create the security group which can only allow the http and ssh traffic to go inside the instance. And allow all outbound traffic. In above code dynamic block concept is used to assign the inbound rules in security. Dynamic block allow to run the same block of code as many as times we want with required change.
Create EC2 Instance —
Now create the instance using the created vpc, subnets and security group.
Code to launch EC2 Instance—
After creating the complete code now run Terraform Init command to install the required plugins.
To check everything is good or not run Terraform plan command which will show all the plan.
Now to create the whole infrastructure run Terraform apply command and it will create the whole infrastructure.
To destroy the complete infrastructure use Terraform Destroy command.
THANK YOU !!