Oxla

terraform deploy vpc subnet security group

Full Tutorial On How To Deploy AWS VPC, Subnet and Route Table With Terrafom

introduction

In the previous blog post, we explored we can deploy EC2 instances with Terraform, empowering you to harness the full potential of the cloud. Now, get ready to take your knowledge further as we delve into the intricacies of deploying AWS VPC Subnet, route tables, and security group, and internet gateway with Terraform. These essential components lay the foundation for building a secure and scalable network infrastructure in the cloud.

In this tutorial, we will explore how to effectively configure VPC, and subnet, the security group with terraform. We will also learn how designing efficient routing tables can fortify your network with robust security gateways rules.

Before we dive in, I recommend you also learn how to deploy the same infrastructure using AWS console from this post here. You can also install terrafom cli tool using this documentation. Are you ready, then let’s dive in and level up your cloud engineering skills!

Create the terrform provider resources

In every terraform configuration, it is important to first let terraform know the cloud resources you want to deploy. That is why we need specify the provider and the version of the provider to use. This will ensure terraform downloads the neccessary plugins that supports our cloud provider. Terraform also allows you to use multiple providers to create you resources.

I have used the aws provider and specified the hashicorp/aws and version 4.0. Thereafter, we will specify the access_key and secret_key of the user to you will use to deploy the terraform project. You can also check out my previous post on how to create and IAM role and user. In the next step, we will create a variable file to stop our credentials.

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
  access_key = var.access_key
  secret_key = var.secret_key
}
create a variable file

In this step, we will create a variable file to store our credentials to deploy our vpc, subnet and other resources. Terraform supports two variable files. One to keeps the variable values, and one to assign the variable values. We use the auto.tfvars or tfvars files to assign variable values in terraform. While the variable.tf file is used to pass the variable values. We will create the .tfvars first and assign the secrets as stored in secret manager to the variable.

sudo nano auth.auto.tfvars
vim auth.auto.tfvars.

Pass the config below and reference the aws secrets manager

access_key = your/secret/manager/reference
secret_key = your/secret/manager/reference

Now, create the variable.tf file and paste the variable configuration inside.

sudo nano variable.tf
variable "secret_key" {
    type = string
    default = ""
}

variable "access_key" {
  type = string
  default = ""
}
Create Virtual Private Cloud and subnet

After that, we will create an infratructure.tf file. There we will create the vpc resource for terraform to deploy.

sudo nano infrastructure.tf
# Create a VPC
resource "aws_vpc" "oxla-vpc" {
  cidr_block = "10.0.0.0/16"
}

Once we are done creating the VPC, we will create the subnet resource as well next. We will reference the vpc_id of the VPC we created earlier and also specify the CIDR_BLOCK and the Availability Zone where terraform will deploy our subnet.

resource "aws_subnet" "oxla-public-subnet" {
  vpc_id     = aws_vpc.oxla-vpc.id
  cidr_block = "10.0.1.0/24"
  availability_zone = "us-east-1a"

  tags = {
    Name = "public-subnet"
  }
}
create route table and internet gateway

Further into creating our infrastructure with terraform, we will deploy the Route Table and Internet Gateway in the same VPC we created earlier and associate it with the subnet we also created earlier. We will also link both the route table and IGW using the id of the two resources.

First create the Route Table. Place the script below in the same infrastructure file that was created for the VPC and subnet.

resource "aws_route_table" "oxla-route-table" {
  vpc_id = aws_vpc.oxla-vpc.id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.oxla-internet-gateway.id
  }

  tags = {
    Name = "oxla-route-table"
  }
}

resource "aws_route_table_association" "oxla-route-table-association" {
  subnet_id      = aws_subnet.oxla-public-subnet.id
  route_table_id = aws_route_table.oxla-route-table.id
}

Next, we will create the internet gateway.

resource "aws_internet_gateway" "oxla-internet-gateway" {
  vpc_id = aws_vpc.oxla-vpc.id

  tags = {
    Name = "oxla-internet-gateway"
  }
}
create the security group

The last of the resources that we will create is the Security Group. The security group will allow inbound traffic for allow 443, 80, and 22 which are the traffic for HTTPS, HTTP, and SSH traffic. These are the basic traffic we need to run any server.

For this resources, create another file called the security-group.tf and paste the configuration file below.

resource "aws_security_group" "oxla-security-group" {
  name        = "bastion-allow-public-traffic"
  description = "Allow TLS inbound traffic"
  vpc_id      = aws_vpc.oxla-vpc.id

  ingress {
    description      = "Public-Traffic-TLS"
    from_port        = "443"
    to_port          = "443"
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  ingress {
    description      = "Public-Traffic-TLS"
    from_port        = "22"
    to_port          = "22"
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

    ingress {
    description      = "Public-Traffic-TLS"
    from_port        = "80"
    to_port          = "80"
    protocol         = "tcp"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "allow_tls"
  }
}
deploy the resources

Now that you have created all the resources. You can use the terraform plan and apply command to deploy the resources. Terraform plan will show you the resources that terraform will creat including the metadata of each. Also, the terraform apply will deploy the resources, which in this case is the VPC, Subnet, IGW, Route Table, and Security Group.

terraform plan

Enter the apply command in your cli also. You will be asked to enter ‘yes’ to continue. Once you confirm the deployment, terraform will run all the codes and deploy your VPC, Subnet, Security Group. Route Table, and Internet Gateway.

terraform apply
conclusion

In conclusion, mastering the deployment of AWS VPC subnet, route tables, and security gateways with Terraform opens up a world of possibilities for new cloud engineers. You can build a robust and secure network infrastructure that can seamlessly support your applications and services in the cloud. Terraform empowers you to take control of your cloud network architecture. So, continue exploring this technology and continue expanding our cloud engineering skills.

Posted

in

,

by

oxla

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *