introduction
In the previous blog post, we explored we can deploy EC2 instances with Terraform, empowering you to harness the full potential of the cloud. Now, get ready to take your knowledge further as we delve into the intricacies of deploying AWS VPC Subnet, route tables, and security group, and internet gateway with Terraform. These essential components lay the foundation for building a secure and scalable network infrastructure in the cloud.
In this tutorial, we will explore how to effectively configure VPC, and subnet, the security group with terraform. We will also learn how designing efficient routing tables can fortify your network with robust security gateways rules.
Before we dive in, I recommend you also learn how to deploy the same infrastructure using AWS console from this post here. You can also install terrafom cli tool using this documentation. Are you ready, then let’s dive in and level up your cloud engineering skills!
Create the terrform provider resources
In every terraform configuration, it is important to first let terraform know the cloud resources you want to deploy. That is why we need specify the provider and the version of the provider to use. This will ensure terraform downloads the neccessary plugins that supports our cloud provider. Terraform also allows you to use multiple providers to create you resources.
I have used the aws
provider and specified the hashicorp/aws
and version 4.0
. Thereafter, we will specify the access_key and secret_key of the user to you will use to deploy the terraform project. You can also check out my previous post on how to create and IAM role and user. In the next step, we will create a variable file to stop our credentials.
terraform { required_providers { aws = { source = "hashicorp/aws" version = "~> 4.0" } } } # Configure the AWS Provider provider "aws" { region = "us-east-1" access_key = var.access_key secret_key = var.secret_key }
create a variable file
In this step, we will create a variable file to store our credentials to deploy our vpc, subnet and other resources. Terraform supports two variable files. One to keeps the variable values, and one to assign the variable values. We use the auto.tfvars or tfvars files to assign variable values in terraform. While the variable.tf file is used to pass the variable values. We will create the .tfvars first and assign the secrets as stored in secret manager to the variable.
sudo nano auth.auto.tfvars
vim auth.auto.tfvars. Pass the config below and reference the aws secrets manager access_key = your/secret/manager/reference secret_key = your/secret/manager/reference
Now, create the variable.tf file and paste the variable configuration inside.
sudo nano variable.tf
variable "secret_key" { type = string default = "" } variable "access_key" { type = string default = "" }
Create Virtual Private Cloud and subnet
After that, we will create an infratructure.tf file. There we will create the vpc resource for terraform to deploy.
sudo nano infrastructure.tf
# Create a VPC resource "aws_vpc" "oxla-vpc" { cidr_block = "10.0.0.0/16" }
Once we are done creating the VPC, we will create the subnet resource as well next. We will reference the vpc_id of the VPC we created earlier and also specify the CIDR_BLOCK and the Availability Zone where terraform will deploy our subnet.
resource "aws_subnet" "oxla-public-subnet" { vpc_id = aws_vpc.oxla-vpc.id cidr_block = "10.0.1.0/24" availability_zone = "us-east-1a" tags = { Name = "public-subnet" } }
create route table and internet gateway
Further into creating our infrastructure with terraform, we will deploy the Route Table and Internet Gateway in the same VPC we created earlier and associate it with the subnet we also created earlier. We will also link both the route table and IGW using the id of the two resources.
First create the Route Table. Place the script below in the same infrastructure file that was created for the VPC and subnet.
resource "aws_route_table" "oxla-route-table" { vpc_id = aws_vpc.oxla-vpc.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.oxla-internet-gateway.id } tags = { Name = "oxla-route-table" } } resource "aws_route_table_association" "oxla-route-table-association" { subnet_id = aws_subnet.oxla-public-subnet.id route_table_id = aws_route_table.oxla-route-table.id }
Next, we will create the internet gateway.
resource "aws_internet_gateway" "oxla-internet-gateway" { vpc_id = aws_vpc.oxla-vpc.id tags = { Name = "oxla-internet-gateway" } }
create the security group
The last of the resources that we will create is the Security Group. The security group will allow inbound traffic for allow 443, 80, and 22 which are the traffic for HTTPS, HTTP, and SSH traffic. These are the basic traffic we need to run any server.
For this resources, create another file called the security-group.tf and paste the configuration file below.
resource "aws_security_group" "oxla-security-group" { name = "bastion-allow-public-traffic" description = "Allow TLS inbound traffic" vpc_id = aws_vpc.oxla-vpc.id ingress { description = "Public-Traffic-TLS" from_port = "443" to_port = "443" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "Public-Traffic-TLS" from_port = "22" to_port = "22" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } ingress { description = "Public-Traffic-TLS" from_port = "80" to_port = "80" protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] ipv6_cidr_blocks = ["::/0"] } tags = { Name = "allow_tls" } }
deploy the resources
Now that you have created all the resources. You can use the terraform plan and apply command to deploy the resources. Terraform plan will show you the resources that terraform will creat including the metadata of each. Also, the terraform apply will deploy the resources, which in this case is the VPC, Subnet, IGW, Route Table, and Security Group.
terraform plan
Enter the apply command in your cli also. You will be asked to enter ‘yes’ to continue. Once you confirm the deployment, terraform will run all the codes and deploy your VPC, Subnet, Security Group. Route Table, and Internet Gateway.
terraform apply
conclusion
In conclusion, mastering the deployment of AWS VPC subnet, route tables, and security gateways with Terraform opens up a world of possibilities for new cloud engineers. You can build a robust and secure network infrastructure that can seamlessly support your applications and services in the cloud. Terraform empowers you to take control of your cloud network architecture. So, continue exploring this technology and continue expanding our cloud engineering skills.
Leave a Reply