WordPress and MySQL Deployment on AWS with Custom VPC, Subnet, NAT Gateway and Security Groups using Terraform
What is NAT gateway?
NAT is a networking technique commonly used to give an entire private network access to the internet without assigning each host a public IPv4 address. The hosts can initiate connections to the internet and receive responses, but not receive inbound connections initiated from the internet.
When a host in the private network initiates an internet-bound connection, the NAT device’s public IP address becomes the source IP address for the outbound traffic. The response traffic from the internet therefore uses that public IP address as the destination IP address. The NAT device then routes the response to the host in the private network that initiated the connection.
Task Description:
1. Write an Infrastructure as code using terraform, which automatically create a VPC.
2. In that VPC we have to create 2 subnets:
1. public subnet [ Accessible for Public World! ]
2. private subnet [ Restricted for Public World! ]
3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4. Create a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5. Create a NAT gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC in the public network
6. Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet
7. Launch an ec2 instance which has Wordpress setup already having the security group allowing port 80 so that our client can connect to our wordpress site. Also attach the key to instance for further login into it.
8. Launch an ec2 instance which has MYSQL setup already with security group allowing port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.
Note: Wordpress instance has to be part of public subnet so that our client can connect our site.
mysql instance has to be part of private subnet so that outside world can’t connect to it.
Let’s begin.
STEP1: Adding AWS provider and creating VPC
STEP2: Creating public and private subnet
STEP3: Creating a public facing Internet Gateway
Internet gateway is a component of VPC which allows communication between internet world and VPC via routes.
STEP4: Creating a route table and associating it with Internet Gateway as well as with public subnet
A route table contains a set of rules, called routes, that are used to determine where network traffic from your subnet or gateway is directed.
STEP5: a] Creating NAT Gateway and a permanent Public IP for it
To create a permanent public IP, in AWS we have to use EIP (Elastic IP) service.
NOTE: Amazon will charge you $0.005/hr for each EIP that you reserve and do not use.
NAT is a networking technique commonly used to give an entire private network access to the internet without assigning each host a public IPv4 address. The instances/hosts can have connectivity to the Internet and receive responses but if someone from Internet tries to connect to the hosts then it is possible to do so because of NAT gateway.
STEP6: Creating a routing table for NAT gateway and also associating with it the and also with private subnet
STEP7: Creating security group for WordPress
Here I have created a security group allowing port 80 so that our client can connect to our WordPress site.
STEP8: Creating security group for MySQL
Here I have created a security group allowing port 3306 and in inbound rules I have mentioned that only instances having security group that we created above for WordPress can connect to the database.
STEP9: Launching WordPress Instance in public subnet
Here I have launched an ec2 instance which has WordPress setup already having the security group which we created earlier, also attach a private key to instance for further login. This instance is a part of public subnet because we want outside world to have access.
STEP10: Launching MySQL Instance in private subnet
Here I have launched an ec2 instance which has MySQL setup already having the security group which we created earlier, also attach a private key to instance for further login. This instance is a part of private subnet because all the data stored in database is critical and only WordPress instance has access to it.
STEP11: FINAL OUTPUT
After instances are launched, we can use the Public IP of WordPress instance to login and get started.
Note: In the whole code I have used multiple variables which are loaded from another file.
To run the above code and setup the infrastructure we can run the following commands in terminal:
1. terraform init : this command will install all the required plugins.
2. terraform plan : this command will virtually set up the desired infrastructure without actually doing it. This will give you an idea whether what you did is working or not.
3. terraform apply : this command scans the current directory for the configuration and applies the changes appropriately.
To remove the complete infrastructure we can use “terraform destroy” command.
GitHub Link: https://github.com/ther1chie/nat_gateway_setup