Fully secured WebApp deployment on AWS cloud using terraform
What is Internet gateway?
An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic, and to perform network address translation (NAT) for instances that have been assigned public IPv4 addresses.
Public and private subnets
If a subnet is associated with a route table that has a route to an internet gateway, it’s known as a public subnet. If a subnet is associated with a route table that does not have a route to an internet gateway, it’s known as a private subnet.
Task Description:
Statement: We have to create a web portal for our company with all the security as much as possible.
So, we use WordPress software with dedicated database server.
Database should not be accessible from the outside world for security purposes.
We only need to public the WordPress to clients.
STEPS:
1) Write a Infrastructure as code using terraform, which automatically create a VPC.
2) In that VPC we have to create 2 subnets:
a) public subnet [ Accessible for Public World! ]
b) private subnet [ Restricted for Public World! ]
3) Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4) Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5) Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site.
Also attach the key to instance for further login into it.
6) Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same.
Also attach the key with the same.
Note: Wordpress instance has to be part of public subnet so that our client can connect our site.
mysql instance has to be part of private subnet so that outside world can’t connect to it.
Don’t forgot to add auto ip assign and auto dns name assignment option to be enabled.
Let’s start.
STEP1: Create VPC
Here I have created a VPC having specific range of network.
STEP2: Creating Private subnet for MySQL and Public Subnet for WordPress
Here I have created two subnets inside the VPC we created namely private subnet and public subnet, both subnets are belonging to different network.
STEP3: Creating Internet Gateway
Here I have created a public facing internet gateway for connecting our VPC network to the internet world and also attached this gateway to our VPC.
STEP4: Creating routing table for our gateway and it’s association with public subnet
Here I have created routing table for Internet Gateway in which rule has been written such that the instances inside public subnet can be accessed by internet world. I also associated this routing table with public subnet.
Note: Don’t associate with private subnet as it has to be restricted from outside world access.
STEP5: Security group creation for WordPress and MySQL
Here I have created a security group for WordPress which will allow port 80 so that our client can connect to our WordPress site.
Here I have created a security group for MySQL which will allow port 3306 so that only our WordPress instance can connect to the Database.
STEP6: Launching WordPress Instance
Here I have launched an ec2 instance which has WordPress setup already having the security group which we created earlier, also attach a private key to instance for further login. This instance is a part of public subnet because we want outside world to have access.
STEP7: Launching MySQL Instance (database)
Here I have launched an ec2 instance which has MySQL setup already having the security group which we created earlier, also attach a private key to instance for further login. This instance is a part of private subnet because all the data stored in database is critical and only WordPress instance has access to it.
STEP8: FINAL OUTPUT
After instances are launched, we can use the Public IP of WordPress instance to login and get started.
Note: In the whole code I have used multiple variables which are loaded from another file.
To run the above code and setup the infrastructure we can run the following commands in terminal:
1. terraform init : this command will install all the required plugins.
2. terraform plan : this command will virtually set up the desired infrastructure without actually doing it. This will give you an idea whether what you did is working or not.
3. terraform apply : this command scans the current directory for the configuration and applies the changes appropriately.
To remove the complete infrastructure we can use “terraform destroy” command.
GitHub Link: https://github.com/ther1chie/fully_secured_webapp