Here is some information about this architecture.
Here are the steps you can follow to build this solution on your own.
In this lesson, we'll be developing a comprehensive AWS VPC configuration using Terraform. This configuration consists of a VPC, both public and private subnets across two availability zones, and all the required resources for internet connectivity.
Here's a breakdown of what we'll be working on:
Terraform Block: To set the required versions for Terraform and AWS provider.
AWS Provider Block: To define the region and profile.
VPC (Virtual Private Cloud): The isolated virtual network within AWS.
Public Subnets: Subnets with access to the internet, available in two availability zones.
Private Subnets: Subnets without direct access to the internet, also in two zones.
Internet Connectivity Resources: Includes an Internet Gateway, Route Tables, and more to enable public subnets' internet access.
Now, let's explore each of these AWS resources:
We'll be using Terraform version 1.5.0 or higher and the AWS provider version 5.11.0 or higher, ensuring compatibility and expected behavior.
VPCs allow you to launch AWS resources into a virtual network, providing isolation, security, and customization.
These subnets can connect directly to the internet via an Internet Gateway, allowing resources within them to reach the external world.
Private subnets lack direct internet access, suitable for resources that don't need to be directly accessed from the outside.
This acts as a bridge between an AWS VPC and the internet, essential for enabling internet access for public subnets.
They direct traffic based on destination IP ranges, allowing you to define how the traffic should be routed within the VPC or to the internet.
Now, let's proceed to the code:
If you're using the Skillmix Labs feature, open the lab settings (the beaker icon) on the right side of the code editor. Then, click the Start Lab button to start hte lab environment.
Wait for the credentials to load. Then run this in the terminal:
$ aws configure --profile smx-lab
AWS Access Key ID [None]: AKIA3E3W34P42CSHXDH5
AWS Secret Access Key [None]: vTmqpOqefgJfse8i6QwzgpjgswPjHZ6h/oiQq4zf
Default region name [None]: us-west-2
Default output format [None]: jsonBe sure to name your credentials profile 'smx-lab'.
Note: If you're using your own AWS account you'll need to ensure that you've created and configured a named AWS CLI profile named smx-lab.
We'll do all of our work in a file called main.tf. Create that file in your root project directory now and open it for editing.
Next, we'll create the Terraform block. Append the following code to the main.tf file:
terraform {
required_version = ">= 1.5.0"
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 5.11.0"
}
}
}
Explanation: This code sets the minimum required versions for Terraform and the AWS provider, ensuring that our code is executed with the correct versions.
Next, we'll create the AWS provider block. Append the following code to the main.tf file:
provider "aws" {
region = "us-west-2"
profile = "smx-lab"
}
Explanation: This code configures the AWS provider to use the us-west-2 region and the smx-lab profile for authentication and authorization.
Next, we'll create the VPC resource. Append the following code to the main.tf file:
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
}
Explanation: This creates the VPC with the CIDR range 10.0.0.0/16, providing a virtual networking environment.
Next, we'll create the public subnet resources in zones A & B. Append the following code to the main.tf file:
resource "aws_subnet" "public_subnet_a" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.1.0/24"
availability_zone = "us-west-2a"
map_public_ip_on_launch = true
}
resource "aws_subnet" "public_subnet_b" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.2.0/24"
availability_zone = "us-west-2b"
map_public_ip_on_launch = true
}
Explanation: These code blocks create two public subnets in availability zones us-west-2a and us-west-2b respectively, with automatic public IP assignment for launched instances.
Next, we'll create the private subnet resources in zones A & B. Append the following code to the main.tf file:
resource "aws_subnet" "private_subnet_a" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.3.0/24"
availability_zone = "us-west-2a"
}
resource "aws_subnet" "private_subnet_b" {
vpc_id = aws_vpc.my_vpc.id
cidr_block = "10.0.4.0/24"
availability_zone = "us-west-2b"
}
Explanation: These blocks create two private subnets in availability zones us-west-2a and us-west-2b. Instances in these subnets won't have direct access to the internet.
Next, we'll create the Internet Gateway. Append the following code to the main.tf file:
resource "aws_internet_gateway" "my_gateway" {
vpc_id = aws_vpc.my_vpc.id
}
Explanation: This code creates an Internet Gateway and associates it with the VPC, enabling internet access for public subnets.
Next, we'll create the Route Table for the public subnets. Append the following code to the main.tf file:
resource "aws_route_table" "public_route_table" {
vpc_id = aws_vpc.my_vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.my_gateway.id
}
}
Explanation: This code creates a route table within the VPC, directing all outbound traffic (0.0.0.0/0) to the Internet Gateway, enabling internet access for the associated subnets.
Finally, we'll associate the route table with the public subnets. Append the following code to the main.tf file:
resource "aws_route_table_association" "public_subnet_a_association" {
subnet_id = aws_subnet.public_subnet_a.id
route_table_id = aws_route_table.public_route_table.id
}
resource "aws_route_table_association" "public_subnet_b_association" {
subnet_id = aws_subnet.public_subnet_b.id
route_table_id = aws_route_table.public_route_table.id
}
Explanation: These code blocks associate the previously created route table with the public subnets, allowing the instances in those subnets to reach the internet.
And that's it! With these resources, we have constructed a VPC that contains both public and private subnets, with internet connectivity provided to the public subnets. Feel free to reach out with any questions as you explore this configuration!