100 Days of DevOps — Day 16- Building VPC using Terraform

Check the updated 101 Days of DevOps Course

Course Registration link: https://www.101daysofdevops.com/register/

Course Link: https://www.101daysofdevops.com/courses/101-days-of-devops/

YouTube link: https://www.youtube.com/user/laprashant/videos

Welcome to Day 16 of 100 Days of DevOps, Let continue our journey, yesterday I discussed terraform, today let’s build VPC using terraform

Pre-requisites: I am assuming you already understand VPC, in case if you need a refresher

Introduction to VPC — Part 2

100 Days of DevOps — Day 15- Introduction to Terraform

What is VPC?

Without going to all the nitty-gritty details of VPC, first, let’s try to understand VPC in the simplest term. Before the cloud era, we use to have datacenters where we deploy all of our infrastructures.

You can think of VPC as your datacentre in a cloud but rather than spending months or weeks to set up that datacenter it’s now just a matter of minutes(API calls). It’s the place where you define your network which closely resembles your own traditional data centers with the benefits of using the scalable infrastructure provided by AWS.

• Today we are going to build the first half of the equation i.e VPC

• Once we create the VPC using AWS Console, these things created for us by-default

* Network Access Control List(NACL)
* Security Group
* Route Table

• We need to take care of

* Internet Gateways
* Subnets
* Custom Route Table

But the bad news is as we are creating this via terraform we need to create all these things manually but this is just one time task, later on, if we need to build one more VPC we just need to call this module with some minor changes(eg: Changes in CIDR Range, Subnet) true Infrastructure as a Code(IAAC)

This is how my terraform VPC module structure look like

$ tree
├── main.tf
├── vpc_networking
│   ├── main.tf
│   ├── outputs.tf
│   └── variables.tf
├── outputs.tf
├── terraform.tfvars
└── variables.tf

• So the first step is to create a data resource, what data resource did is to query/list all the AWS available Availablity zone in a given region and then allow terraform to use those resource.

For more info

AWS: aws_availability_zones - Terraform by HashiCorp

• Now it’s time to create VPC

• enable_dns_support - (Optional) A boolean flag to enable/disable DNS support in the VPC. Defaults true. Amazon provided DNS server(AmazonProvidedDNS) can resolve Amazon provided private DNS hostnames, that we specify in a private hosted zones in Route53.
• enable_dns_hostnames - (Optional) A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false. This will ensure that instances that are launched into our VPC receive a DNS hostname.

For more info

AWS: aws_vpc - Terraform by HashiCorp

• Next step is to create an internet gateway

* Internet gateway is a horizontally scaled, redundant and highly avilable VPC component.
* Internet gateway serves one more purpose, it performs NAT for instances that have been assigned public IPv4 addresses.

AWS: aws_internet_gateway - Terraform by HashiCorp

• Next step is to create Public Route Table
• Route Table: Contains a set of rules, called routes, that are used to determine where network traffic is directed.

For more info

AWS: aws_route_table - Terraform by HashiCorp

• Now it’s time to create Private Route Table. If the subnet is not associated with any route by default it will be associated with Private Route table

• Next step is to create Public Subnet

• Private Subnet

AWS: aws_subnet - Terraform by HashiCorp

• Next step is to create a route table association

AWS: aws_route_table_association - Terraform by HashiCorp

• Network Access Control List(NACL) A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.
• Security Group acts as a virtual firewall and is used to control the traffic for its associated instances.
• Difference between NACL and Security Group

AWS: aws_security_group - Terraform by HashiCorp

• This is how our variables file look like

• Now let’s test it
• Initialize a Terraform working directory

• Execute terraform plan
• Generate and show an execution plan

• Final step terraform apply’
• Builds or changes the infrastructure

GitHub Link

100daysofdevops/100daysofdevops

Terraform Module

• You can think of Terraform Module like any other language module eg: Python, it’s the same terraform file but just that after creating a module out it we can re-use that code OR Instead copy-pasting the code the same code in different places we can turn into reusable modules.
• Now the code structure will look like this

NOTE: Please ignore the terraform.tfstate.* files

The syntax for the module

module "NAME" {
  source = "SOURCE"

  [CONFIG ...]
}

• variables.tf file look like this

• terraform.tfvars

GitHub Link

100daysofdevops/100daysofdevops

• Few people asked me this question, how to run the terraform code

# Step1
$ git clone https://github.com/100daysofdevops/100daysofdevops.git
Cloning into '100daysofdevops'...
remote: Enumerating objects: 83, done.
remote: Counting objects: 100% (83/83), done.
remote: Compressing objects: 100% (64/64), done.
remote: Total 83 (delta 28), reused 41 (delta 12), pack-reused 0
Unpacking objects: 100% (83/83), done.
#Step2
cd 100daysofdevops/two-tier-environment/
#Step3 
Run all the terraform command
* terraform init
* terraform plan
* terraform apply

Looking forward from you guys to join this journey and spend a minimum an hour every day for the next 100 days on DevOps work and post your progress using any of the below medium.

• Twitter: @100daysofdevops OR @lakhera2015
• Facebook: https://www.facebook.com/groups/795382630808645/
• Medium: https://medium.com/@devopslearning
• Slack: https://devops-myworld.slack.com/messages/CF41EFG49/
• GitHub Link:https://github.com/100daysofdevops

Reference

100 Days of DevOps — Day 0