Saturday, May 8, 2021

Create VPC [Virtual Private Cloud] on AWS using Terraform

Description: Here I have explained, How to Create VPC along with subnet and Network ACL on AWS using Terraform

Below is the Terraform project and variable file, using this we create VPC with subnet and Network ACL 

  • Below is the VPC terraform project file 

# vi VPC.tf

# Create VPC/Subnet/Security Group/Network ACL
provider "aws" {
  access_key = var.access_key 
  secret_key = var.secret_key 
  region     = var.region
}
# create the VPC
resource "aws_vpc" "Tech_VPC" {
  cidr_block           = var.vpcCIDRblock
  instance_tenancy     = var.instanceTenancy 
  enable_dns_support   = var.dnsSupport 
  enable_dns_hostnames = var.dnsHostNames
tags = {
    Name = "Tech VPC"
}
} # end resource
# create the Subnet
resource "aws_subnet" "Tech_VPC_Subnet" {
  vpc_id                  = aws_vpc.Tech_VPC.id
  cidr_block              = var.subnetCIDRblock
  map_public_ip_on_launch = var.mapPublicIP 
  availability_zone       = var.availabilityZone
tags = {
   Name = "Tech VPC Subnet"
}
} # end resource
# Create the Security Group
resource "aws_security_group" "Tech_VPC_Security_Group" {
  vpc_id       = aws_vpc.Tech_VPC.id
  name         = "Tech VPC Security Group"
  description  = "Tech VPC Security Group"
  
  # allow ingress of port 22
  ingress {
    cidr_blocks = var.ingressCIDRblock  
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
  } 
  
  # allow egress of all ports
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
tags = {
   Name = "Tech VPC Security Group"
   Description = "Tech VPC Security Group"
}
} # end resource
# create VPC Network access control list
resource "aws_network_acl" "Tech_VPC_Security_ACL" {
  vpc_id = aws_vpc.Tech_VPC.id
  subnet_ids = [ aws_subnet.Tech_VPC_Subnet.id ]
# allow ingress port 22
  ingress {
    protocol   = "tcp"
    rule_no    = 100
    action     = "allow"
    cidr_block = var.destinationCIDRblock 
    from_port  = 22
    to_port    = 22
  }
  
  # allow ingress port 80 
  ingress {
    protocol   = "tcp"
    rule_no    = 200
    action     = "allow"
    cidr_block = var.destinationCIDRblock 
    from_port  = 80
    to_port    = 80
  }
  
  # allow ingress ephemeral ports 
  ingress {
    protocol   = "tcp"
    rule_no    = 300
    action     = "allow"
    cidr_block = var.destinationCIDRblock
    from_port  = 1024
    to_port    = 65535
  }
  
  # allow egress port 22 
  egress {
    protocol   = "tcp"
    rule_no    = 100
    action     = "allow"
    cidr_block = var.destinationCIDRblock
    from_port  = 22 
    to_port    = 22
  }
  
  # allow egress port 80 
  egress {
    protocol   = "tcp"
    rule_no    = 200
    action     = "allow"
    cidr_block = var.destinationCIDRblock
    from_port  = 80  
    to_port    = 80 
  }
 
  # allow egress ephemeral ports
  egress {
    protocol   = "tcp"
    rule_no    = 300
    action     = "allow"
    cidr_block = var.destinationCIDRblock
    from_port  = 1024
    to_port    = 65535
  }
tags = {
    Name = "Tech VPC ACL"
}
} # end resource
# Create the Internet Gateway
resource "aws_internet_gateway" "Tech_VPC_GW" {
 vpc_id = aws_vpc.Tech_VPC.id
 tags = {
        Name = "Tech VPC Internet Gateway"
}
} # end resource
# Create the Route Table
resource "aws_route_table" "Tech_VPC_route_table" {
 vpc_id = aws_vpc.Tech_VPC.id
 tags = {
        Name = "Tech VPC Route Table"
}
} # end resource
# Create the Internet Access
resource "aws_route" "Tech_VPC_internet_access" {
  route_table_id         = aws_route_table.Tech_VPC_route_table.id
  destination_cidr_block = var.destinationCIDRblock
  gateway_id             = aws_internet_gateway.Tech_VPC_GW.id
} # end resource
# Associate the Route Table with the Subnet
resource "aws_route_table_association" "Tech_VPC_association" {
  subnet_id      = aws_subnet.Tech_VPC_Subnet.id
  route_table_id = aws_route_table.Tech_VPC_route_table.id
} # end resource
# end vpc.tf

  • Below is the variable file for Terraform. In the variable file, I have used 172.16.0.0/16 CIDR 

# variables.tf
variable "access_key" {
     default = "XXXXXXXXX"
}
variable "secret_key" {
     default = "XXXXXXXXXXXXXXXXXXXX"
}
variable "region" {
     default = "us-east-1"
}
variable "availabilityZone" {
     default = "us-east-1a"
}
variable "instanceTenancy" {
    default = "default"
}
variable "dnsSupport" {
    default = true
}
variable "dnsHostNames" {
    default = true
}
variable "vpcCIDRblock" {
    default = "172.16.0.0/16"
}
variable "subnetCIDRblock" {
    default = "172.16.1.0/24"
}
variable "destinationCIDRblock" {
    default = "0.0.0.0/0"
}
variable "ingressCIDRblock" {
    type = list
    default = [ "0.0.0.0/0" ]
}
variable "egressCIDRblock" {
    type = list
    default = [ "0.0.0.0/0" ]
}
variable "mapPublicIP" {
    default = true
}
# end of variables.tf
  • After creating both the files now initialize terraform project and apply using the below commands
# terraform init

# terraform apply 

  • Once the process will be completed, You will get VPC in the Dashboard


at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)