Create AWS VPC using Terraform - AWS Cloud Provisioning

Admin September 09, 2024
Create AWS VPC using Terraform - AWS Cloud Provisioning

This post will help you with How to Create AWS VPC using Terraform from basics. In the previous posts, we have covered below topics which are very important for this topic in order to create such AWS cloud provisioning.


If you are interested in learning, Request you to go through the below recommended tutorial.

How to Create AWS VPC using Terraform?

If you want to create AWS VPC using terraform, We must have proper cloud infrastrcuture architecture diagram or documents that should show the resources that are required for our AWS Cloud infrastructure. Based on it, we can start creating the Terraform manifests files one by one to provision AWS Cloud.



Lets take an example of above architecture diagram for creating AWS VPC architecture with Terraform..

First, List all the resources that are required to achieve the tasks easily.

1. AWS VPC (Virtual Private Cloud)
2. AWS Internet Gateway (IGW)
3. AWS Public Subnet 1
4. AWS Private Subnet 1
5. AWS Public Route table 1
6. AWS Private Route table 1
7. AWS Public Route table 1 association with Public Subnet 1
8. AWS Private Route table 1 association with Private Subnet 1
9. AWS Security Group 1
10. AWS EC2 - Web1 (Public Subnet 1)
11. AWS EC2 - DB1 (Private Subnet 1)

Second, Identify the correct terraform resources from terraform registry and go through each resources and its example. Copy the example block from each resources.

Adjust the values and fields as per our requirement.

Here is the complete terraform manifest files that will create AWS VPC architecture as per the diagram.

Note: AWS Secret Key and Access Key are configured through AWS CLI, so it will not be available in manifests files, Please use similar approach for AWS authentication.

vpc.tf

# 1. VPC
resource "aws_vpc" "vpc1" {
  cidr_block = "10.0.0.0/16"

  tags = {
    Name       = "${var.client_name}-vpc"
    Managed_by = "${var.managed_by}"
  }
}


# 2. Internet Gateway

resource "aws_internet_gateway" "igw1" {
  vpc_id = aws_vpc.vpc1.id

  tags = {
    Name       = "${var.client_name}-igw1"
    Managed_by = "${var.managed_by}"
  }
}

# 3. Public Subnet 1

resource "aws_subnet" "pub_subnet1" {
  vpc_id     = aws_vpc.vpc1.id
  cidr_block = "10.0.1.0/24"

  tags = {
    Name       = "${var.client_name}-pub_subnet1"
    Managed_by = "${var.managed_by}"
  }
}

# 4. Private Subnet 1

resource "aws_subnet" "pri_subnet1" {
  vpc_id     = aws_vpc.vpc1.id
  cidr_block = "10.0.2.0/24"

  tags = {
    Name       = "${var.client_name}-pri_subnet1"
    Managed_by = "${var.managed_by}"
  }
}

# 5. Public RT 1

resource "aws_route_table" "pub_rt1" {
  vpc_id = aws_vpc.vpc1.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw1.id
  }

  tags = {
    Name       = "${var.client_name}-pub_rt1"
    Managed_by = "${var.managed_by}"
  }
}
# 6. Private RT 1

resource "aws_route_table" "pri_rt1" {
  vpc_id = aws_vpc.vpc1.id

  tags = {
    Name       = "${var.client_name}-pri_rt1"
    Managed_by = "${var.managed_by}"
  }
}

# 7. Public subnet 1 association
resource "aws_route_table_association" "pubsub1_rt1" {
  subnet_id      = aws_subnet.pub_subnet1.id
  route_table_id = aws_route_table.pub_rt1.id
}

# 8. Private Subnet 1 association

resource "aws_route_table_association" "prisub1_rt1" {
  subnet_id      = aws_subnet.pri_subnet1.id
  route_table_id = aws_route_table.pri_rt1.id
}

# 9. Security Group 1

resource "aws_security_group" "sg1" {
  name = "${var.client_name}-sg1"
  #   description = "Allow TLS inbound traffic and all outbound traffic"
  vpc_id = aws_vpc.vpc1.id

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["115.99.14.198/32", aws_vpc.vpc1.cidr_block]

  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]

  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }



  tags = {
    Name       = "${var.client_name}-sg1"
    Managed_by = "${var.managed_by}"
  }
}

# 10. Ec2 - web1

resource "aws_instance" "web1" {
  ami                         = "ami-0e86e20dae9224db8"
  instance_type               = var.my-instance-type
  subnet_id                   = aws_subnet.pub_subnet1.id
  key_name                    = "demov1"
  associate_public_ip_address = "true"
  vpc_security_group_ids      = [aws_security_group.sg1.id]


  tags = {
    Name       = "${var.client_name}-web1"
    Managed_by = "${var.managed_by}"
  }
}

# 11. Ec2 - DB1

resource "aws_instance" "db1" {
  ami           = "ami-0e86e20dae9224db8"
  instance_type = var.my-instance-type
  subnet_id     = aws_subnet.pri_subnet1.id
  key_name      = "demov1"

  vpc_security_group_ids = [aws_security_group.sg1.id]


  tags = {
    Name       = "${var.client_name}-db1"
    Managed_by = "${var.managed_by}"
  }
}

output "my_web1_public_ip" {
  value = aws_instance.web1.public_ip

}

output "my_web1_private_ip" {
  value = aws_instance.web1.private_ip

}

output "my_db1_private_ip" {
  value = aws_instance.db1.private_ip

}

Above vpc.tf manifest file is provided each resources and blocks to create all AWS VPC resources that is listed earlier.

Also I have used the advatanges of variables and updated the variable.tf and terraform.tfvars accordingly.

provider.tf

provider "aws" {
  region = "us-east-1"
}

variable.tf

variable "my-instance-type" {
  type    = string
  default = "t2.micro"
}

variable "client_name" {
  default = "my-default"
}
variable "managed_by" {
  default = "devops"
}

terraform.tfvars


my-instance-type = "t2.micro"
client_name      = "coke"
managed_by       = "terraform"

Once all these terraform manifests files are ready, we can plan and apply the terraform codes as below.

terraform plan
terraform apply --auto-approve

After terraform apply is completed, you can see the output of IP address as we have used output blocks in vpc.tf. Also you can login into AWS Cloud and verify all the resources are created as expected.

That's it for this post. Keep practicing and have fun. Leave your comments if any.

Tags:

Post a Comment

0 Comments