We all are aware today, we no more create server or infrastructure manually from console rather use some or the other IaC (Infrastructure as Code) tool. So that repetition of work is minimal and so are the error that come along with manual work.
Terraform is one of the most used Infrastructure as Code(IaC) open-source tool from HashiCorp using which we can define, manage and update our infrastructure resource in HCL code(HashiCorp Configuration Language) and provision any of the cloud or on premises component with ease.
Terraform is not just limited to cloud, it have multiple provider for it which can understand API and support them very well, few of popular provider are AWS,Azure,GCP,Alibaba Cloud,Akamai, Chef, Docker, Vultr, OpenStack, OpenStack, GitHub, Datadog, Consul, Okta and many other. With the long list of provider it support it popularity not hard to guess in industry.
If you just starting with terraform with AWS, it might be a mess to understand how to put everything together to make your terrafrom code work and there are very limited resource online that tell you in simple way how to start.
So i will show you how we will write terraform code for below architecture, which is a typical architecture is cooperate setup with a bastion server is accessible from outside remaining sensitive infrastructure like database, application server and so on remain in private subnet which not accessible from out side.
AWS architecture diagram that we will code in Terraform
If you look at the architecture diagram you will realize, we will need multiple AWS component to work together to make this work as a single setup.
Below are AWS main component will be provisioned using Terraform code(refer architecture diagram above):
- VPC (Virtual Private Cloud)
- Subnet (Public facing and Private, both)
- Internet Gateway — IGW
- NAT Gateway (network address translation)
- EIP — Elastic IP (for NAT in this case)
- Routing Table — RT
- Security Group — SG
- EC2 Instance
Clone this GitHub repository it have the terraform code that will, setup above architecture in once click.
Prerequisite for Terraform
1 Terraform installed
2 IAM user with admin privileges (access to AmazonEC2FullAccess)
3 IAM user programmatic key’s created above in terraform code/AWS config setup(with Access & Secret key setup)
Let’s clone this ready to use terraform repository and get started with setup.
Link: https://github.com/iamraj007/aws_public-priviate_terraform_infra.git
Note: The above code have been tested in Terraform 0.11.
Let’s review each of terraform file one by one in this repository
All the terraform file end with extension .tf and are written in HCL(Hashicorp Configuration Language), we could either write the entire code single file or in multiple file or even write module (for repeatability) it up to us. For sake of simplicity i have written terraform code in individual files.
VPC which is our virtual private cloud where we define our custom desired CIDR range, our entire servers and network will be with in this range.
Subnet are defined within VPC and we may have many subnets(each with finite number of IP’s), subnet cab be a public facing (with a IGW attached to it’s RT) or a Private with no direct access to internet.
Internet Gateway are required for server to have access to internet, they are attached to route table (RT) which are part of Public subnet (because of this any server launched in public subnet are accessible over internet)
NAT Gateway provide a secure way of connecting to instances in private subnet to Internet. We need this because instance launched in Private subnet don’t have a public IP and can’t be reached to and from internet directly. Instead we use NAT to map private IP to public for incoming requests and map public IP back to private address with response to make it work.
Routing table(RT) enable us to route the traffic as per need of infrastructure, if we associate a Subnet with routing table that have internet gateway (IGW) like below it will become public else it will remain private.
Security group(SG) will act as our firewall (virtual) for you instance to control inbound and outbound traffic, its advised to open traffic wisely as too many open ports increase the attach vector.
Terraform Output block very useful as after terraform finish running, with so many output its not easy to find more relevant details to us. Like if we create a simple EC2, we might be only intrested in EC2 IP address, we can use output block in such case.
So now that our code have finish and we can check in AWS console the resource created as defined in our terraform code.
We can use terraform state show {resource.name} to check for any specific resource so created like below
You can use state list command to list all the resource crated by terraform (under terraform mangment)
