Step1: Lets first check to make sure our AWS credentials are stored locally.
I am using a mac so I did have to dig for my AWS credentials and located them in the home directory ~/User/Bryant/.aws. If you then go to this directory cd ~/User/Bryant/.aws then use the ls command you will see your credentials [default] and the under the profile we just created [learning]. They can have the same values or different (*I am not using my root account to deploy infrastructure as it is not a best practice).
*I forgot to take a screenshot here so I pulled this from another website. Mine will read us-east-1. Us-east-1 is the closest AZ to me.
Step 2:
When deploying systems we need to generate AWS Key Pair, which will be used to access the remote system using a private key.
You can use these steps to create a key pair:
Step 3: Creating Modules
The below module will create the network infrastructure and security group. The security group module will need to reference the VPC for creating the security groups. These are tied to securing subnets within that VPC.
It is important to keep your security groups separate because you will edit them regularly.
Creating the VPC
We can create our VPC with 10.0.0.0/16 network. We are going to add a few tags to define the purpose of our VPC.
Subnet Creation
Next, let’s refer to the availability zones, this varies between regions, between 2–3. Using this will allow us to use an index instead of using a static string. As you can see below here we are adding private and public subnets and not the IP addresses as well.
Creating the Internet Gateway (IGW)
We need to create an Internet Gateway so that our infrastructure can get out to the Internet and respond to users that connect to our web server.
Route Table Creation
We need to tell the infrastructure on the public subnets how to route traffic by creating a route table. Then we must associate the public subnets to the route table.
Network Information: Outputs
Now that we created our infrastructure, we need to share the information, so that other modules can use this information. We want to share the VPC and subnets for other modules to reference.
Next…Let’s create our security groups
So the infrastructure can communicate with each other, and so the web server can communicate to users.
Input Variables
We will have one variable that we need, the VPC to where we apply these security groups.
Create Database Server SG
We want to open up access to MySQL port 3306, but only for web servers, we created earlier. We can do this by linking to the security group id of the web server security group.
Output Security Group
After creating the security groups for the webapp, we need to share the output for other modules to use.
Network and Security Group Outputs
We want to forward the output from network and security submodules to anything that may want to use the infrastructure module. We can reference the output returned by the modules we called.
Testing our deployment
If you’re like me and you may have some errors. If you get the error stating that you need to provide a region. Simply make a provider.tf config file with your desired region under the infrastructure directory and if should relieve the error.
Now let’s try to terraform plan
Here we will be able to see the changes when we run terraform apply that will occur in our AWS account. The real test is yet to come when we run the apply command as you may see errors you didn’t see in the “plan” stage.
Looks good.
The next test is on the apply, where in some cases you can still receive errors. Terraform apply is good for me. Don’t forget that if you actually deploy these resources to conduct a Terraform Destroy to prevent receiving charges.
There is still more to deploy in which I will update at a later time. The webapp (ec2) instance needs to be deployed and the MySQL database. I will update this in a few days as I have a few other projects I am working on.