insights by infactory in-factory GmbH Building an AWS VPC with Terraform
Badge AWS Certified Cloud Practitioner, Issued by Amazon Web Services Training and Certification

With Terraform as an Infrastructure as Code (IaC) tool, IT infrastructures (such as virtual servers, networks, containers, storage, etc.) can be configured in an infrastructure code. This makes it possible to implement changes in existing IT infrastructures quickly, securely and automatically.

Terraform is a vendor-agnostic tool and can manage IT infrastructures at many established resource providers, including Google Cloud, Amazon Web Service (AWS), Oracle Cloud, Azure, etc.

This article uses a use case to show how to build a virtual private cloud (VPC) (Figure 1) in AWS with Terraform “at the push of a button”. In this example, the VPC consists of a private and a public subnet. The instances on the public subnet can send outbound traffic directly to the Internet through an Internet gateway, while the instances on the private subnet must be connected to a “network address translation” (NAT) gateway to be reachable outside the VPC. Defined routing tables are used to route and coordinate network traffic.

Übersicht VPC - Instanzen im öffentlichen Subnetz können ausgehenden Verkehr direkt über ein Internet Gateway ins Internet senden.

Requirements

  • AWS Konto
  • Access and secret key from Identity and Access Management-user (IAM) in AWS
  • Terrafort (here is v1.1.6 at windows_amd64 used)
  • Code-Editor

Create Terraform configuration file

First, a directory “terraform-vpc”, in which the configuration file terraform.exe and all scripts for this project are stored, is created. This directory must not contain any other files that are not relevant to the project.

mkdir terraform-vpc

cd ./terraform-vpc

In provider.tf, the provider “AWS” is specified. This allows access to Amazon resources. This file also contains the region in which the virtual private server (VPS) is to be created and the access or secret key.

provider "aws" {
 	region = "eu-central-1"
 	access_key = "AKIAYXXXXXFCIHHPFU"
 	secret_key = "ZklG6coEXuOBKXXXXXXXXdLTgqOUtdWQLsFaZQT"
}

After that, the following lines of code are added to vpc.tf and saved to terraform-vpc.

# Create VPC
resource "aws_vpc" "test" {
 	cidr_block           = "10.10.0.0/16"
 	instance_tenancy     = "default"
 	enable_dns_support   = "true"
 	enable_dns_hostnames = "true"
 	enable_classiclink   = "false"
  tags = {
 	Name = "test"
  }
}

# Create public subnet
 resource "aws_subnet" "test-public" {
 	vpc_id                  = aws_vpc.test.id
 	cidr_block              = "10.10.1.0/24"
 	map_public_ip_on_launch = "true"
 	availability_zone       = "eu-central-1a"
  tags = {
 	Name = "test-public"
  }
}

# Create private subnet
resource "aws_subnet" "test-privat" {
 	vpc_id                  = aws_vpc.test.id
 	cidr_block              = "10.10.2.0/24"
 	map_public_ip_on_launch = "false"
 	availability_zone       = "eu-central-1a"
  tags = {
 	Name = "test-privat"
  }
}

# Create internet gateway
resource "aws_internet_gateway" "test-gw" {
 	vpc_id = aws_vpc.test.id
  tags = {
 	Name = "test"
  }
}

# Create public route table
resource "aws_route_table" "test-public" {
 	vpc_id = aws_vpc.test.id
  route {
 	cidr_block = "0.0.0.0/0"
 	gateway_id = aws_internet_gateway.test-gw.id
  }
  tags = {
 	Name = "test-public"
  }
}

# Association route table with public subnet
resource "aws_route_table_association" "test-public" {
 	subnet_id      = aws_subnet.test-public.id
 	route_table_id = aws_route_table.test-public.id
} 

# Create nat gateway
resource "aws_eip" "nat" {
 	vpc = true
}
resource "aws_nat_gateway" "nat" {
 	allocation_id = aws_eip.nat.id
 	subnet_id     = aws_subnet.test-public.id
 	depends_on    = [aws_internet_gateway.test-gw]
}

# Create private route table
resource "aws_route_table" "test-privat" {
 	vpc_id = aws_vpc.test.id
  route {
 	cidr_block     = "0.0.0.0/0"
 	nat_gateway_id = aws_nat_gateway.nat.id
  }
  tags = {
 	Name = "test-privat"
  }
}

# Association route table with private subnet
resource "aws_route_table_association" "test-privat" {
 	subnet_id      = aws_subnet.test-privat.id
 	route_table_id = aws_route_table.test-privat.id
}

Running Terraform to create the AWS VPC

After the Terraform configuration file is created, Terraform is started in three steps to create the VPC-test.

Step 1: terraform init

In the terraform-vpc folder, the first command terraform init is executed. This initializes the working directory and downloads all the required plugins:
PS C:\terraform-vpc> terraform init
Initializing the backend…
Initializing provider plugins…

Terraform has been successfully initialized!

Step 2: terraform plan

Shows how the VPC-test is to be built. Here there is the possibility to adjust the configuration files accordingly if necessary.

Step 3: terraform apply

This is the last step to deploy the desired configuration of the VPC to AWS. After executing the command, the system asks for confirmation and starts the deployment. In a few seconds, the new VPC test is ready in AWS.

Neue VPC test in AWS nach Ausführung der drei Schritte

Author: Strahil Gigov

ANY QUESTIONS? WE HAVE THE ANSWERS!

Write us. We are looking forward to your message!

MAIL TO