Day 66 : Terraform Hands-on Project - Build Your Own AWS Infrastructure with Ease using Infrastructure as Code (IaC) Techniques(Interview Questions) ☁
Welcome back to your Terraform journey! In this hands-on project, we will dive deeper into Terraform's capabilities by building a robust AWS infrastructure using Infrastructure as Code (IaC) techniques. By the end of this project, you'll have a solid understanding of how Terraform can streamline the creation and management of cloud resources, saving you time and effort in your infrastructure provisioning tasks.
Task Overview:
Let's outline the tasks we'll be tackling in this project:
Create a VPC with specific CIDR blocks.
Set up public and private subnets within the VPC.
Attach an Internet Gateway to enable internet access.
Configure route tables for the subnets.
Launch an EC2 instance in the public subnet with a specific configuration.
Associate an Elastic IP with the EC2 instance.
Verify the hosted website on the EC2 instance.
Getting Started: Understanding Terraform
Before we dive into the tasks, let's recap some essential concepts about Terraform. Terraform is an open-source infrastructure as code software tool created by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL), or optionally JSON.
The key benefits of using Terraform include:
Declarative Syntax: Describe the desired state of your infrastructure, and Terraform will figure out how to create and manage it.
Version Control: Store your infrastructure configuration files in version control systems like Git for collaboration and history tracking.
Automation: Automate the provisioning and scaling of infrastructure, reducing manual errors and improving efficiency.
Multi-Cloud Support: Terraform supports multiple cloud providers, including AWS, Azure, Google Cloud, and more, making it a versatile choice for cloud-agnostic deployments.
Task Breakdown:
Creating a VPC (Virtual Private Cloud): We'll start by defining a VPC with a specific CIDR block (10.0.0.0/16) using Terraform's syntax.
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "main"
}
}
This will create a new VPC in your AWS account with the specified CIDR block and a name tag of "main".
Go to the VPC console and check new VPC with the name 'main' is successfully created.
Create a public subnet with CIDR block 10.0.1.0/24 in the above VPC.
To create a public subnet with CIDR block 10.0.1.0/24 in the VPC that you created in the previous step, you can use the following Terraform code:
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
tags = {
Name = "Public Subnet"
}
}
Go to VPC console then go to Subnets.
Check that "Public Subnet" is created successfully.
Create a private subnet with CIDR block 10.0.2.0/24 in the above VPC.
This Terraform code creates a private subnet with CIDR block 10.0.2.0/24 in the VPC with ID aws_vpc.main.id, and tags it with the name "Private Subnet".
resource "aws_subnet" "private_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.2.0/24"
tags = {
Name = "Private Subnet"
}
}
Go to VPC console then go to Subnets.
Check that "Private Subnet" is created successfully.
Create an Internet Gateway (IGW) and attach it to the VPC.
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.main.id
tags = {
Name = "igw"
}
}
This Terraform code creates an internet gateway in the VPC with ID aws_vpc.main.id, and tags it with the name "igw".
Go to VPC then go to Internet gateways
Check new internet gateway is created with the name 'igw'.
Create a route table for the public subnet and associate it with the public subnet. This route table should have a route to the Internet Gateway.
COPY
COPY
resource "aws_route_table" "public" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
tags = {
Name = "route-table"
}
}
resource "aws_route_table_association" "public" {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.public.id
}
First create a route table for public subnet.
aws_route_table block creates a new route table in the VPC specified by vpc_id attribute. It also defines a route that sends all traffic with destination CIDR 0.0.0.0/0 to the internet gateway specified by gateway_id attribute. The tags attribute sets a name for the route table for easy identification.
Then associate the route table with the public subnet.
aws_route_table_association block associates the newly created route table with a public subnet specified by the subnet_id attribute. The route_table_id attribute refers to the ID of the route table created in the previous block.
In Route tables, new route table is successfully created.
Route table routes with internet gateway.
Launch an EC2 instance in the public subnet with the following details:
AMI
Instance type: t2.micro
aws_instance block creates a new EC2 instance in the public subnet specified by subnet_id attribute. It uses the Amazon Machine Image (AMI) ID ami-0f8ca728008ff5af4, which is a Ubuntu 18.04 LTS image. The key_name attribute specifies the name of the key pair used to SSH into the instance. The vpc_security_group_ids attribute specifies a list of security groups to attach to the instance, in this case, it refers to the ID of the security group created in the next block.
resource "aws_instance" "web_server" {
ami = "ami-0f8ca728008ff5af4"
instance_type = "t2.micro"
key_name = "terraform-key"
subnet_id = aws_subnet.public_subnet.id
vpc_security_group_ids = [
aws_security_group.ssh_access.id
]
}
Security group: Allow SSH access from anywhere
aws_security_group block creates a new security group that allows inbound traffic on ports 22 (SSH) and 80 (HTTP) from any source (0.0.0.0/0). The name_prefix attribute sets a name prefix for the security group, and the vpc_id attribute specifies the ID of the VPC where the security group will be created.
resource "aws_security_group" "ssh_access" {
name_prefix = "ssh_access"
vpc_id = aws_vpc.main.id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
User data: Use a shell script to install Apache and host a simple website
The user_data attribute specifies the script to run when the instance is launched. This script updates the package manager, installs Apache web server, creates a basic HTML file, and restarts Apache.
user_data = <<-EOF
#!/bin/bash
sudo apt-get update -y
sudo apt-get install apache2 -y
sudo systemctl start apache2
sudo systemctl enable apache2
echo "<html><body><h1>Welcome to my website!</h1></body></html>" > /var/www/html/index.html
sudo systemctl restart apache2
EOF
Create an Elastic IP and associate it with the EC2 instance.
aws_eip block creates a new Elastic IP address and associates it with the instance created in the first block by specifying the instance ID in the instance attribute. The tags attribute sets a name for the Elastic IP for easy identification.
resource "aws_eip" "eip" {
instance = aws_instance.web_server.id
tags = {
Name = "test-eip"
}
}
Run terraform apply to create the EC2 instance in your AWS account.
Verification:
Once Terraform has successfully provisioned our infrastructure, we can verify the hosted website by accessing the public IP or domain associated with the Elastic IP in a web browser.
Conclusion:
Congratulations on completing this Terraform hands-on project! You've gained valuable experience in using Terraform to define, create, and manage AWS infrastructure as code. Remember, Terraform's power lies in its ability to automate and scale infrastructure deployments, making it an indispensable tool for modern cloud architectures.
Keep exploring Terraform's capabilities, experiment with more complex configurations, and continue honing your skills in infrastructure as code. Happy coding! ☁️
I'm confident that this article will prove to be valuable, helping you discover new insights and learn something enriching .
thank you : )