In this post, I’m going to detail my journey building out this infrastructure.
Here’s the goal:
- VPC in us-west-2
- 4 subnets:
- Availability Zone 1: 1 public subnet, 1 private subnet
- Availability Zone 2: 1 public subnet, 1 private subnet
- 1 Route Table associated with public, pointing to…
- 1 Internet Gateway
- 1 Security Group attached to…
- 1 EC2 Instance
The goal is to practice a few things besides the deployment of these resources:
- practice subnettting
- usage of User Data to bootstrap EC2 instance
- Better understanding of how the failover public and private subnets can be situated for readiness.
- Practice implementation of bash scripts on the instance
INTRO: There’s a lot of directions that this project can grow, but the scope for this particular project is limited in scope: the ability for a user from any IP address (0..0.0.0/0) can SSH into the EC2 instance. Also, for the EC2 instance to be able to access the internet for potential updates and security patches. Subsequent posts will build upon this, but of equal interest, as part of this project, is being able to spin up these exact resources using Terraform. But one thing at a time- first up is to build these out, by hand, using the AWS Management Console.
VPC
CONSOLE: I select N. Virginia region, and head over to the VPC dashboard. I select ‘Create VPC’ and since I want to learn the details of building infrastructure, select ‘VPC only’ instead of the wizard. I give it a name tag, ‘my-tf-aws-vpc’, and give it a IPv4 CIDR block of 10.0.0.0/16. This will give us lots of room for subnets and expansion. I’m not going to implement IPv6 on this run. Default tenancy is fine for me, too -no need for the increased expenses around having dedicated hosting, and no need for it either.
TERRAFORM. I created a project folder and create a README file and a .gitignore file. I’m going to keep track of changes using VCS (Github), so that’s really important to dial into. I implement the file needed to connect with, and authenticate witth, AWS services using VSC – this includes the credentials (key-value keypair) created from building out an IAM identity that has powerful, yet non-root, user permissions. I will be building this project in us-west-2 (Oregon), to keep the two projects separate (Console and TF implementations). With that in place, I create the start of working with Terraform with:
$ terraform initThen, I create a file titled resources.tf that gives the same parameters to build a VPC as I had with the Management Console. Here’s the code:
This is looking good, let’s start TF to build this first stage.
$ terraform planTF considers all that will be built and then presents that for approval:
This looks good, so I give approval with:
$ terraform applyTF asks if I’m sure (“yes”) and then builds it out. At the end, I have both VPCs, with the same parameters, running.
davethemaker 