With Terraform as an Infrastructure as Code (IaC) tool, IT infrastructures (such as virtual servers, networks, containers, storage, etc.) can be configured in an infrastructure code. This makes it possible to implement changes in existing IT infrastructures quickly, securely and automatically.
Terraform is a vendor-agnostic tool and can manage IT infrastructures at many established resource providers, including Google Cloud, Amazon Web Service (AWS), Oracle Cloud, Azure, etc.
This article uses a use case to show how to build a virtual private cloud (VPC) (Figure 1) in AWS with Terraform “at the push of a button”. In this example, the VPC consists of a private and a public subnet. The instances on the public subnet can send outbound traffic directly to the Internet through an Internet gateway, while the instances on the private subnet must be connected to a “network address translation” (NAT) gateway to be reachable outside the VPC. Defined routing tables are used to route and coordinate network traffic.
Requirements
- AWS Konto
- Access and secret key from Identity and Access Management-user (IAM) in AWS
- Terrafort (here is v1.1.6 at windows_amd64 used)
- Code-Editor
Create Terraform configuration file
First, a directory “terraform-vpc”, in which the configuration file terraform.exe and all scripts for this project are stored, is created. This directory must not contain any other files that are not relevant to the project.
mkdir terraform-vpc
cd ./terraform-vpc
In provider.tf, the provider “AWS” is specified. This allows access to Amazon resources. This file also contains the region in which the virtual private server (VPS) is to be created and the access or secret key.
provider "aws" {
region = "eu-central-1"
access_key = "AKIAYXXXXXFCIHHPFU"
secret_key = "ZklG6coEXuOBKXXXXXXXXdLTgqOUtdWQLsFaZQT"
}
After that, the following lines of code are added to vpc.tf and saved to terraform-vpc.
# Create VPC
resource "aws_vpc" "test" {
cidr_block = "10.10.0.0/16"
instance_tenancy = "default"
enable_dns_support = "true"
enable_dns_hostnames = "true"
enable_classiclink = "false"
tags = {
Name = "test"
}
}
# Create public subnet
resource "aws_subnet" "test-public" {
vpc_id = aws_vpc.test.id
cidr_block = "10.10.1.0/24"
map_public_ip_on_launch = "true"
availability_zone = "eu-central-1a"
tags = {
Name = "test-public"
}
}
# Create private subnet
resource "aws_subnet" "test-privat" {
vpc_id = aws_vpc.test.id
cidr_block = "10.10.2.0/24"
map_public_ip_on_launch = "false"
availability_zone = "eu-central-1a"
tags = {
Name = "test-privat"
}
}
# Create internet gateway
resource "aws_internet_gateway" "test-gw" {
vpc_id = aws_vpc.test.id
tags = {
Name = "test"
}
}
# Create public route table
resource "aws_route_table" "test-public" {
vpc_id = aws_vpc.test.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.test-gw.id
}
tags = {
Name = "test-public"
}
}
# Association route table with public subnet
resource "aws_route_table_association" "test-public" {
subnet_id = aws_subnet.test-public.id
route_table_id = aws_route_table.test-public.id
}
# Create nat gateway
resource "aws_eip" "nat" {
vpc = true
}
resource "aws_nat_gateway" "nat" {
allocation_id = aws_eip.nat.id
subnet_id = aws_subnet.test-public.id
depends_on = [aws_internet_gateway.test-gw]
}
# Create private route table
resource "aws_route_table" "test-privat" {
vpc_id = aws_vpc.test.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.nat.id
}
tags = {
Name = "test-privat"
}
}
# Association route table with private subnet
resource "aws_route_table_association" "test-privat" {
subnet_id = aws_subnet.test-privat.id
route_table_id = aws_route_table.test-privat.id
}
Running Terraform to create the AWS VPC
After the Terraform configuration file is created, Terraform is started in three steps to create the VPC-test.
Step 1: terraform init
In the terraform-vpc folder, the first command terraform init is executed. This initializes the working directory and downloads all the required plugins:
PS C:\terraform-vpc> terraform init
Initializing the backend…
Initializing provider plugins…
…
Terraform has been successfully initialized!
…
Step 2: terraform plan
Shows how the VPC-test is to be built. Here there is the possibility to adjust the configuration files accordingly if necessary.
Step 3: terraform apply
This is the last step to deploy the desired configuration of the VPC to AWS. After executing the command, the system asks for confirmation and starts the deployment. In a few seconds, the new VPC test is ready in AWS.
Author: Strahil Gigov