Create AWS VPC with Terraform

Today, I will show you how to use Terraform to create a customized VPC in AWS.

Using this Terraform template, I will create a VPC:

  • Name: terraform-vpc
  • IP block for this VPC: 10.0.0.0/16
  • Public Subnet: 10.0.1.0/24. (Note: VM instance in this subnet will have Internet access)
  • Private Subnet: 10.0.100.0/24

To verify the newly created VPC works as expected. you will seee that my template will create a test EC2 instance in public subnet (10.0.1.0/24) and upload a public key so that I SSH to this new EC2 instance via private key. To verify the new EC2 instance’s Internet connectivity , I include the following in the template as well:

  1. Enable a simple web service on EC2 instance;
  2. Create a security group which allows HTTP (TCP80) is created and associated with this EC2 instance;

 

provider “aws” {
region = “ap-southeast-2”
shared_credentials_file = “${pathexpand(“~/.aws/credentials”)}”
#shared_credentials_file = “/home/dzhang/.aws/credentials”
}
resource “aws_vpc” “terraform-vpc” {
cidr_block = “10.0.0.0/16”
instance_tenancy = “default”
enable_dns_support = “true”
enable_dns_hostnames = “true”
enable_classiclink = “false”
tags {
Name = “terraform”
}
}

resource “aws_subnet” “public-1” {
vpc_id = “${aws_vpc.terraform-vpc.id}”
cidr_block =”10.0.1.0/24″
map_public_ip_on_launch = “true”
availability_zone = “ap-southeast-2b”
tags {
Name = “public”
}
}

resource “aws_subnet” “private-1” {
vpc_id = “${aws_vpc.terraform-vpc.id}”
cidr_block =”10.0.100.0/24″
map_public_ip_on_launch = “false”
availability_zone = “ap-southeast-2b”
tags {
Name = “private”
}
}

resource “aws_internet_gateway” “gw” {
vpc_id = “${aws_vpc.terraform-vpc.id}”
tags {
Name = “internet-gateway”
}
}

resource “aws_route_table” “rt1” {
vpc_id = “${aws_vpc.terraform-vpc.id}”
route {
cidr_block = “0.0.0.0/0”
gateway_id = “${aws_internet_gateway.gw.id}”
}
tags {
Name = “Default”
}
}

#resource “aws_main_route_table_association” “association-subnet” {
# vpc_id = “${aws_vpc.terraform-vpc.id}”
# route_table_id = “${aws_route_table.rt1.id}”
#}

resource “aws_route_table_association” “association-subnet” {
subnet_id = “${aws_subnet.public-1.id}”
route_table_id = “${aws_route_table.rt1.id}”
}

resource “aws_instance” “terraform_linux” {
ami = “ami-4ba3a328”
instance_type = “t2.micro”
vpc_security_group_ids = [“${aws_security_group.websg.id}”]
subnet_id = “${aws_subnet.public-1.id}”
key_name = “${aws_key_pair.myawskeypair.key_name}”
user_data = <<-EOF
#!/bin/bash
echo “hello, world” >index.html
nohup busybox httpd -f -p 80 &
EOF

lifecycle {
create_before_destroy = true
}

tags {
Name = “terraform-example”
}
}

resource “aws_key_pair” “myawskeypair” {
key_name = “myawskeypair”
public_key = “${file(“awskey.pub”)}”
}

resource “aws_security_group” “websg” {
name = “security_group_for_web_server”
vpc_id = “${aws_vpc.terraform-vpc.id}”
ingress {
from_port = 80
to_port = 80
protocol = “tcp”
cidr_blocks = [“0.0.0.0/0”]
}

lifecycle {
create_before_destroy = true
}
}

resource “aws_security_group_rule” “ssh” {
security_group_id = “${aws_security_group.websg.id}”
type = “ingress”
from_port = 22
to_port = 22
protocol = “tcp”
cidr_blocks = [“60.242.xxx.xxx/32”]
}
output “vpc-id” {
value = “${aws_vpc.terraform-vpc.id}”
}

output “vpc-publicsubnet” {
value = “${aws_subnet.public-1.cidr_block}”
}

output “vpc-publicsubnet-id” {
value = “${aws_subnet.public-1.id}”
}

output “vpc-privatesubnet” {
value = “${aws_subnet.private-1.cidr_block}”
}

output “vpc-privatesubnet-id” {
value = “${aws_subnet.private-1.id}”
}

output “public_ip” {
value = “${aws_instance.terraform_linux.public_ip}”
}

Below is outputs of the Terraform template.

Outputs:

public_ip = 13.54.172.172
vpc-id = vpc-c3a418a7
vpc-privatesubnet = 10.0.100.0/24
vpc-privatesubnet-id = subnet-89dbb9ff
vpc-publicsubnet = 10.0.1.0/24
vpc-publicsubnet-id = subnet-b7d8bac1

We can verify the setting of newly created VPC in AWS Console:

  • VPC

VPC_1

  • Subnets

VPC_subnet

  • Routing Table

VPC_routetable

  • EC2 Instance

VPC_EC2

Browse the WebPage on the test EC2 instance to verify our security group configuration

Webpage

SSH via private key

[dzhang@localhost vpc]$ ssh 13.54.172.172 -l ubuntu -i awskey
Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-110-generic x86_64)

* Documentation: https://help.ubuntu.com/

System information as of Sat Mar 25 09:56:52 UTC 2017

System load: 0.16 Memory usage: 5% Processes: 82
Usage of /: 10.1% of 7.74GB Swap usage: 0% Users logged in: 0

Graph this data and manage this system at:
https://landscape.canonical.com/

Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

ubuntu@ip-10-0-1-15:~$ exit
logout

One thought on “Create AWS VPC with Terraform

  1. Pingback: AWS VPC Network with Terraform – asbubam's blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s