Launch Public and Private Subnet in a VPC using Terraform

In this article, we will discuss how to launch a website(WordPress site) by considering the security measures. This project has the following key points:

  1. Deploying a WordPress site in a Public Subnet
  2. Deploying a MySQL database in a Private Subnet

Let’s start the project by writing a Terraform code in a file.

  • Configuring AWS:

Specifying the provider we are going to use(in my case AWS), default region, and the profile. The profile contains all of the credentials to log in to the AWS.

Crating new Profile: Run the following command and follow the steps.

  • Creating Private EC2 Key-Pair:

Above code will create a private EC2 Key-Pair named Terraform_vpc

  • Creating a VPC:

Creating a VPC with the CIDR block length

  • Creating Subnet:

Now, we will create two subnets in a VPC named my-vpc. Out of these two subnets, one subnet is a public subnet and another is a private subnet. The public subnet have access to the internet where the private subnet is isolated.

Let's create a public subnet named my-subnet1

In this public subnet, we will launch the WordPress site.

Now, create private subnet named my-subnet2

In this private subnet, we will launch the MySQL database.

  • Creating an Internet Gateway and Route table:

Until now, we had set up labs(Subnet) for our WordPress site. For providing Internet connectivity inside public subnet we required to create an Internet Gateway. So, let’s create Internet Gateway inside the my-vpc.

The above code will create an Internet Gateway named my-internet-gateway.

After that create a Route Table and associate this Route table with the public subnet(my-subnet1).

Now, the Route Table named my-route-table is created.

Associate this route table with the public subnet.

Finally, the complete lab for launching a WordPress site is set up successfully.

  • Creating Security Groups for WordPress and MySQL Instances:

Security Group for WordPress Instance:

As we know, WordPress works on port 80 by default. So, we will allow inbound traffic from port 80. Also, for management purposes, we required to login inside the instance. So, we will allow port 22 for SSH.

Security Group for MySQL instance:

As we are running MySQL instance in a private subnet, we required that MySQL can only be accessed by the WordPress instance. So, we will only allow the inbound traffic from port 3306 on which MySQL works by default.

Launching MySQL Instance:

The WordPress required MySQL database to be set up first. So, we will launch a MySQL instance first.

Launching WordPress Instance:

Finally, we will launch the WordPress Instance and this will successfully launch the WordPress site.

Finally, the Terraform code for launching the WordPress site using public and private subnet in the same VPC is completed.

Run the Terraform Code:

Step 1: Initializing the modules

Step 2: Validating the Terraform code

Step 3: Run the Terraform code

Step 4: Check if the WordPress and MySQL instances are launched successfully by login into the AWS Console.

As we can see in the above image, the WordPress instance has public IP allocated. So, WordPress can be accessed from the public world using public IP.

But, the MySQL instance doesn’t have any public IP assigned. So, there is no way we can access the MySQL instance from the public world.

Step 5: Accessing the WordPress Site

Now, open the public IP of the WordPress instance form the browser.

The WordPress site is launched successfully and can be accessed by using the public IP of the WordPress instance.

Removing all of the Infrastructure:

Deleting all of the infrastructure managed by Terraform is pretty easy. With just a single command we can take down the whole infrastructure.

If you liked this article, please applaud it.

You can also follow me on Twitter at @cankush625 or find me on LinkedIn.

Tech blogger, researcher and integrator