HYBRID MULTI-CLOUD TASK-4



Hello everyone!!
Now I want to share the detail of  task-4 assigned by our mentor, Vimal Daga sir. All thanks to Vimal sir for giving the right education and mentoring me. 
Here I completed my task-4:

discription of task-4:
Perform task-3 with an additional feature to be added that is NAT Gateway to provide the internet access to instances running in the private subnet.

Performing the following steps:
1.  Write an Infrastructure as code using terraform, which automatically create a VPC.
2.  In that VPC we have to create 2 subnets:
    1.   public  subnet [ Accessible for Public World! ] 
    2.   private subnet [ Restricted for Public World! ]
3. Create a public facing internet gateway for connect our VPC/Network to the internet world and attach this gateway to our VPC.
4. Create  a routing table for Internet gateway so that instance can connect to outside world, update and associate it with public subnet.
5.  Create a NAT gateway for connect our VPC/Network to the internet world  and attach this gateway to our VPC in the public network
6.  Update the routing table of the private subnet, so that to access the internet it uses the nat gateway created in the public subnet
7.  Launch an ec2 instance which has Wordpress setup already having the security group allowing  port 80 sothat our client can connect to our wordpress site. Also attach the key to instance for further login into it.
8.  Launch an ec2 instance which has MYSQL setup already with security group allowing  port 3306 in private subnet so that our wordpress vm can connect with the same. Also attach the key with the same.


Prerequisties:
AWS account
Create IAM user and download credentails
Download AWS CLI and set the path in the environment varaible
Download Puttygen and install it
Download Putty and install it

Now lets begin:
Step 1:
Configure the AWS and create a profile and copy the credentials 

Step 1
Provide the provider which is AWS

provider "aws" {
  region     = "ap-south-1"
  profile = "saba1121"
}

Step 2
creation of VPC

resource "aws_vpc" "myvpc_resourcename" {
  cidr_block       = "192.168.0.0/16"
  instance_tenancy = "default"
  enable_dns_hostnames = true

  tags = {
    Name = "myvpc1"
         }
}
output "printvpc_id" {
      value = aws_vpc.myvpc_resourcename.id
                 }


Step 3
Creating internet gateway

resource "aws_internet_gateway" "resource_igw" {
  vpc_id = aws_vpc.myvpc_resourcename.id

  tags = {
    Name = "myvpc1_internet_gateway"
  }
}



Step 4
Public Subnet

resource "aws_subnet" "resourcename_publicsubnet" {
  vpc_id     = aws_vpc.myvpc_resourcename.id
  cidr_block = "192.168.0.0/24"
  map_public_ip_on_launch = true
  availability_zone = "ap-south-1a"
  
 tags = {
    Name = "mysubnet1"
  }
}


Step 5
 Creating Routing table

resource "aws_route_table" "routingtable" {
  vpc_id = aws_vpc.myvpc_resourcename.id

   tags = {
    Name = "routing_table"
  }
}


Step 6
Attaching routing table with subnet1

resource "aws_route_table_association" "rt_attach_subnet" {
  subnet_id      = aws_subnet.resourcename_publicsubnet.id
  route_table_id = aws_route_table.routingtable.id
}

resource "aws_route" "r" {
  route_table_id            = aws_route_table.routingtable.id
  destination_cidr_block    = "0.0.0.0/0"
  
    gateway_id = aws_internet_gateway.resource_igw.id
}

Step 7
Creating keypairs

resource "tls_private_key" "pkey" {
  algorithm   = "RSA"
                                  }

resource "aws_key_pair" "resource_key" {
  key_name   = "tabu123"
  public_key = tls_private_key.pkey.public_key_openssh 
       }

resource "local_file" "key_file" {
  content = tls_private_key.pkey.private_key_pem
  filename = "tabu123.pem"
     }


Step 8
Creating Security group for my instance

resource "aws_security_group" "securitygroup" {                      
  name        = "launch-wizard-1"
  description = "this security group will allow traffic at port 80"
    vpc_id = aws_vpc.myvpc_resourcename.id
      
  ingress {
    description = "http is allowed"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
ingress {
    description = "ssh is allowed"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }
egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    }
  tags = {
    Name = "security_group"                   
  }
}

variable "enter_your_security_group" {
 type = string
  default = "launch-wizard-1"
     }     

                                          
Step 9
Launching my wordpress instance instance

resource "aws_instance" "myinstance" {
  ami           = "ami-7e257211"
  instance_type = "t2.micro"
  key_name = aws_key_pair.resource_key.key_name
  vpc_security_group_ids = [ aws_security_group.securitygroup.id ]                
  subnet_id      = aws_subnet.resourcename_publicsubnet.id
tags = {
      Name = "wordpress_os"
                }
}


Step 10
Elastic IP

resource "aws_eip" "lb" {
  
  vpc      = true
}

 
Step 11
NAT gateway

resource "aws_nat_gateway" "gw" {
  allocation_id = aws_eip.lb.id
  subnet_id     = aws_subnet.resourcename_publicsubnet.id

  tags = {
    Name = "gw NAT"
  }
}

Step 12
Creating private subnet

resource "aws_subnet" "resourcename_privatesubnet2" {
  vpc_id     = aws_vpc.myvpc_resourcename.id
  cidr_block = "192.168.1.0/24"
  availability_zone = "ap-south-1b"

  tags = {
    Name = "mysubnet2"
  }
}

 


Step 13

Attaching routing table with subnet2

resource "aws_route_table_association" "rt_attach_subnet2" {
  subnet_id      = aws_subnet.resourcename_privatesubnet2.id
  route_table_id = aws_route_table.routingtable.id
}

 
Step 14   
Creating Security group 1 for mysql instance

resource "aws_security_group" "securitygroup2" {                      
  name        = "launch-wizard-2"
  description = "this security group will allow traffic at port 80"
    vpc_id = aws_vpc.myvpc_resourcename.id

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    }
   ingress {
    description = "mysql"
    from_port   = 0
    to_port     = 3306
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }

egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
    }
  tags = {
    Name = "security_group_mysql"                   
  }
}

 

Step 15
security group 2 for mysql

resource "aws_security_group" "allow_tls" {
  name        = "launch-wizard-4"
  description = "ssh"
  vpc_id      = aws_vpc.myvpc_resourcename.id

  
  ingress {
    description = "ssh"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "ssh_to_mysql"
  }
}
 

 
Step 16    
creating mysql database instance



resource "aws_instance" "mysqlinstance_rn" {
  ami           = "ami-08706cb5f68222d09"
  instance_type = "t2.micro"
  key_name = aws_key_pair.resource_key.key_name
      
  vpc_security_group_ids = [ aws_security_group.securitygroup2.id,aws_security_group.allow_tls.id ]               
  subnet_id = aws_subnet.resourcename_privatesubnet2.id 
tags = {
      Name = "mysql_os"
                }

                                         }

 

Step 17
security group for bastion

resource "aws_security_group" "basition_sg" {
  name        = "launch-wizard-3"
  description = "ssh Allowed"
  vpc_id      = aws_vpc.myvpc_resourcename.id

  ingress {
    description = "ssh"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
}

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    Name = "bastion host"
  }
}

 

Step 18
launching basition host instance

resource "aws_instance" "bastioninstance" {
  ami           = "ami-08706cb5f68222d09"
  instance_type = "t2.micro"
  key_name = aws_key_pair.resource_key.key_name
      
  vpc_security_group_ids = [ aws_security_group.basition_sg.id ]               
  subnet_id = aws_subnet.resourcename_publicsubnet.id
tags = {
      Name = "bastion_os"
                }

                                         }    
     

 
Now we will download plugins for that run the command 
     terraform init

 
After downloading plugins we need to validate our code so run the command 
     terraform validate


Now we can run the code:
     terraform apply





 


 

Now copy the DNS name of your wordpress  and select wordpress option



 
In Meta select login

                                        

 
Type user name "Aurora" and password which you have set recently

 




 
Now we will login to our database system, we will enter our database system through bastion host where we have allowed ssh, we will login through putty and putty uses .ppk files so we will firsty change our key from .pem to .ppk format so we will do it using putty
Open putty key generator
 Select "Load", then browse your key and upload it and then press "save private key" 


 





Now open putty, select ssh option in right and then click Auth and there upload your key with .ppk  extension and open it

 
                                       


 
Now you are in bastion host


 
Now we will transfer our key in bastion host, using wincsp
put ip of mysql for password click advance and upload your key

 

 

now we will enter our mysql data base using ssh


At last we will destroy it, so run the command 
    terraform destroy



                                       


Github url: https://github.com/sabacs12/terraform/blob/master/task-4/aws-task4.tf

Comments

Post a Comment

Popular posts from this blog

Flutter Task-1

Image
Flutter is Google’s UI toolkit for building beautiful, natively compiled applications for mobile, web  and  desktop  from a single codebase. Main features of Flutter Framework: 1. Fast development 2. Expressive and Flexible UI 3. Native Performance Prerequisties: 1. Flutter SDK installed 2. Android SDK installed 3. VS Code(IDE) 4. Android device or AVD Task1: Flutter App Development‼️ 1.Create a flutter app. 2. Use assets (eg. audios and videos). 3. App will have to play this audios and videos from Assets. 4. Also add Features to play audio and video from Internet(Network). 5. Create buttons like play, pause and stop for audio and video both. lets get Started I will make a Media Player which is capable of playing audios and videos from the internet, Step 1: First using command line I will create flutter app cmd: flutter create <app_name> Step 2: Open vs code Slect the folder then open the main.dart file and remove all the existing code. so that we will build t...
Read more

Launching Web-app through Terraform

Image
THIS IS MY FIRST TASK OF HYBRID MULTI_CLOUD COMPUTING UNDER THE MENTORSHIP OF SIR VIMAL DAGA I have joined the linux-world to study hybrid multi-cloud. It has been now 12 days in this training and I feel overwhelmed for being the part of this training   we were assigned the first task by our mentor, sir Vimal Daga . And I successfully completed this task. Amazon Web service (Aws): Amazon web service is a platform that offers flexible, reliable, scalable, easy-to-use and cost-effective cloud computing solutions. This was the task assigned by Vimal Daga sir Task 1 : Have to create/launch Application using Terraform 1. Create the key and security group which allow the port 80. 2. Launch EC2 instance. 3. In this Ec2 instance use the key and security group which we have created in step 1. 4. Launch one Volume (EBS) and mount that volume into /var/www/html 5. Developer have uploded the code into github repo also the repo has some images. 6. Copy the github repo code into /var/www/ht...
Read more