Automating the Deployment of a Secure AWS VPC with Public and Private EC2 Instances Using Terraform

Automating AWS VPC and EC2 Deployment with Terraform 

Introduction :

Terraform is an advanced Infrastructure as Code (IaC) tool that allows efficient cloud resource AWS VPC provisioning and management. This instructional document showcases deploying an AWS Virtual Private Cloud (VPC) with Terraform to automatically set up two EC2 instances: one positioned in a public subnet and the other within a private subnet. 

Project Overview:

The Terraform configuration consists of three key components: 

1. VPC and Subnets: Define a custom VPC with one public and one private subnet. 
2. EC2 Instances: Deploy two EC2 instances, each in its respective subnet. 
3. Security Groups: Configure security rules to allow SSH access and manage communication between instances. 

Objective:

Manually setting up cloud infrastructure can be time-consuming and error-prone. With Terraform, we can automate the creation of an AWS vpc with public and private subnets, launch EC2 instances, and configure networking in just a few steps.
In this article, we’ll use Terraform to: 

• Create a VPC with public and private subnets 
• Launch EC2 instances in both subnets 
• Set up Security Groups for access control 
• Configure an Internet Gateway and Route Tables 

Prerequisites:

• An AWS account
• Terraform installed on your local machine 
• AWS CLI configured with the necessary credentials 

ALSO READ:

• How to Launch an EC2 Instance: Create a Key Pair and Configure Security Group.
• How to install Linux Server Monitoring tool Nagios XI and NCPA
• Step-by-Step Git Workflow: Managing a Project with Git and GitHub 2024

Terraform Configuration: 

1. Defining the AWS VPC and Subnets:

The vpc.tf file contains the Terraform code to create the VPC, subnets, internet gateway, and route table. 

resource "aws_vpc" "tr-vpc" { 
  cidr_block       = "10.0.0.0/16" 
  instance_tenancy = "default" 
 
  tags = { 
    Name = "my-terraform-vpc" 
  } 
} 
 
resource "aws_subnet" "public-sub" { 
  vpc_id                  = aws_vpc.tr-vpc.id 
  cidr_block              = "10.0.1.0/24" 
  availability_zone       = "us-east-1a" 
  map_public_ip_on_launch = true 
 
  tags = { 
    Name = "Public-subnet" 
  } 
} 
 
resource "aws_subnet" "private-sub" { 
  vpc_id            = aws_vpc.tr-vpc.id 
  cidr_block        = "10.0.2.0/24" 
  availability_zone = "us-east-1b" 
 
  tags = { 
    Name = "Private-subnet" 
  } 
} 
 
resource "aws_internet_gateway" "my-igw-tr" { 
  vpc_id = aws_vpc.tr-vpc.id 
 
  tags = { 
    Name = "my-igw-tr" 
  } 
} 
 
resource "aws_route_table" "public-rt" { 
  vpc_id = aws_vpc.tr-vpc.id 
 
  route { 
    cidr_block = "0.0.0.0/0" 
    gateway_id = aws_internet_gateway.my-igw-tr.id 
  } 
 
  tags = { 
    Name = "Public-RT" 
  } 
} 
 
resource "aws_route_table_association" "public_assoc" { 
  subnet_id      = aws_subnet.public-sub.id 
  route_table_id = aws_route_table.public-rt.id 
} 
 

2. Configuring EC2 Instances

The ec2.tf file provisions the EC2 instances within the defined subnets. 

resource "aws_instance" "public-ins" { 
  ami                         = "ami-071226ecf16aa7d96" 
  instance_type               = "t2.micro" 
  subnet_id                   = aws_subnet.public-sub.id 
  vpc_security_group_ids      = [aws_security_group.public-sg.id] 
  key_name                    = "vpc-ec2" 
  associate_public_ip_address = true 
 
  tags = { 
    Name = "public-ins" 
  } 
} 
 
resource "aws_instance" "private-ins" { 
  ami                    = "ami-071226ecf16aa7d96" 
  instance_type          = "t2.micro" 
  subnet_id              = aws_subnet.private-sub.id 
  vpc_security_group_ids = [aws_security_group.private-sg.id] 
  key_name               = "vpc-ec2" 
 
  tags = { 
    Name = "private-ins" 
  } 
} 
 

3. Security Groups

The security group configurations in ec2.tf allow specific traffic to the instances. 

resource "aws_security_group" "public-sg" { 
  name   = "public-sg" 
  vpc_id = aws_vpc.tr-vpc.id 
  description = "Allow SSH inbound traffic and all outbound traffic" 
 
  ingress { 
    from_port   = 22 
    to_port     = 22 
    protocol    = "tcp" 
    cidr_blocks = ["0.0.0.0/0"] 
    description = "Allow SSH" 
  } 
 
  egress { 
    from_port   = 0 
    to_port     = 0 
    protocol    = "-1" 
    cidr_blocks = ["0.0.0.0/0"] 
    description = "Allow all" 
  } 
 
  tags = { 
    Name = "public-sg" 
  } 
} 
 
resource "aws_security_group" "private-sg" { 
  name        = "allow_tl" 
  vpc_id      = aws_vpc.tr-vpc.id 
  description = "Allow only public EC2 instance to SSH" 
 
  ingress { 
    from_port       = 22 
    to_port         = 22 
    protocol        = "tcp" 
    security_groups = [aws_security_group.public-sg.id] 
    description     = "Allow SSH" 
  } 
 
  egress { 
    from_port   = 0 
    to_port     = 0 
    protocol    = "-1" 
    cidr_blocks = ["0.0.0.0/0"] 
    description = "Allow all" 
  } 
 
  tags = { 
    Name = "private-sg" 
  } 
} 
 

4. Output Values

The output.tf file helps retrieve key instance information post-deployment. 

output "public-ip" { 
  value = aws_instance.public-ins.public_ip 
} 
output "private-ip" { 
  value = aws_instance.private-ins.private_ip 
} 
 

Deployment Steps 

 

Output Screenshots:

Create AWS VPC
.

Create AWS VPC public and private subnets.



Internet Gateway AWS VPC – ING

Route Table 

Public and private security groups.


Public and Private Instances.

Thank you.