AWS-VPC With Terraform project.
Set up a custom Network to Deploy a 3-tier Application.
In this project, we will deploy a Django API Backend, A React Frontend Webapp and A Postgresql db.
The Frontend and API Backend will be hosted in the public subnet, the Database will be hosted in a Private subnet.
An Application Load Balancer will be configured to access our Frontend Application
Check later for a recorded screencast showing how to create a custom Network to Deploy a 3-tier App.
From our Network Architecture Diagram, we will create 2 VPCs (Virtual Private Cloud) within the same region (eu-west-2), and configure VPC Peering to enable you route traffic between VPCs using private addresses.
A VPC is a logical division of a service provider’s public cloud multi-tenant architecture to support private cloud computing.
Below is the description of the VPCs created.
- Main-global-vpc
Main-global-vpcwithprimary CIDR Block 172.18.0.0/16
When you create a VPC, you specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block.
A VPC spans all the Availability Zones in the region, and you can add one or more subnets in each availability zone.
If the subnet’s traffic is routed to an internet gateway, the subnet is known as a public subnet.
If a subnet doesn’t have a route to the internet gateway, the subnet is known as a private subnet.
Public Subnets created in Main-global-vpc
Frontend-pub with CIDR Block 172.18.1.0/24, configured in Availability Zone A - The web app (React Frontend) will be hosted here.
Backend-pub with CIDR Block 172.18.2.0/24, configured in Availability Zone A - The api backend (Django Backend) will be hosted here.
Frontend-pub-zone-b with CIDR Block 172.18.3.0/24, configured in Availability Zone B - The web app (React Frontend) will be hosted here too. By launching the web app instances in separate Availability Zones, you can protect your application from the failure of a single location.
An application Load Balancer will be configured to access the frontend application, and web app instances from those different availability Zones will be registered as targets for the load balancer.
- Main-local-vpc
Main-local-vpcwithprimary CIDR Block 172.30.0.0/16
Private Subnet created in Main-local-vpc
Database-private-sub with CIDR Block 172.30.1.0/24, configured in Availability zone A - A database instance running postgresql db will be hosted here
Public Subnet created in Main-local-vpc
Nat-pub with CIDR Block 172.30.2.0/24, configured in Availability zone A - A Nat Instance that will act as a jump host will hosted here
After planning our Network Architecture, we will use Terraform to script our Network configuration.
Using Terraform we will be able to create an immutable infrastructure which provides a level of control and testability to maintain a healthy and stable environment for all components that never deviate from a source definition.
To create our custom network, we will use the terraform scripts
- Clone the repository and
cdintoAWS-VPC-Terraform
git clone https://github.com/sekayasin/AWS-VPC-Terraform.git
cd AWS-VPC-Terraform
- Terraform package must be installed, You can install it using
homebrewon a mac
brew install terraform
- It's important to specify the
AWS secretandaccess keys. Create and add aterraform.tfvarsfile and add your AWS ACCESS_KEY and SECRET_KEY, make sure you gitignore this file to avoid any security issues that might rise when your forget and commit your AWS secret keys to Github which makes your keys exposed.
terraform.tfvarswill populate the variables in thevars.tffile when the terraform script is executed.
ACCESS_KEY = "SDBJBGJFSKHVSNCXKANDKSBK"
SECRET_KEY = "tejdbkndscRSDHBSDcsgfajh1797jsdgcSAGFDSFHJSDHSH"
REGION = "eu-west-2"
PRIVATE_KEY = "your-key"
PUBLIC_KEY = "your-key.pub"
Yes, Generate an RSA key using ssh-keygen commandline utility to be used by SSH protocol when you wish to remotely login to the instances you have spinned up. ssh-keygen utility will create a private key and public key which you will use for remote access. create the keys by running ssh-keygen command line utility. key.tf terraform file will upload your public key to all your instances created, and use your private key to for remote access.
$ ssh-keygen -f your-key
Run that command in your terminal - It will create a key pair i.e your-key which is your private key and your-key.pub which is your public key
- For terraform to create the instances you wish to spin up, you can use packer to build your own AMI images and provide them to terraform.
Checkout this repo on how to use Packer to build your own images.
Notice the bake-images folder, this folder consists of our packer templates in json that will build our Images for the API, Frontend APP and Database together with their Ansible Scripts in yml as named respectively api_ami.json and api.yml, app_ami.json and app.yml, and db_ami.json and db.yml
cd bake-iamges
./bake.sh - This will create AMI Images for your customized instances, Use the AMI created to spin up the Database, API Backend , and the Frontend
- Run the
terraform init, then optionally you can runterraform planto check whether the execution plan for a set of changes matches your expectations and finally runterraform applycommand, this will create the following resources on AWS
- Two VPCs with public and private subnets
- A VPC Peering to Route Traffic within different VPCs
- An Application Load Balancer to access our frontend application
- A Database instance running postgresql in a private Subnet with private IP: 172.30.1.10
- A frontend application in eu-west-2a availability zone with a private IP: 172.18.1.10
- A frontend application in eu-west-2b availability zone with a private IP: 172.18.3.10
- A Nat instance to act as a jump host with a Private IP: 172.30.2.10
- A Backend API instance with a Private IP: 172.18.2.10 - this will communicate with the Database instance
- Internet gateway for connecting to the internet
Yes, the terraform script will create a load balancer. Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as EC2 instances, containers, and IP addresses in multiple Availability Zones. It can handle the varrying load of your application traffic in a single Availability Zone or across multiple Availability Zones. This makes your application highly available.
There are three types of Load Balancer namely;
- Application Load Balancer - Is best suited for load balancing of HTTP and HTTPS Traffic and provides advanced routing targeted at the delivery of modern application architectures, including microservices and containers. Operates at Layer 7 (Application Layer of the OSI Model).
- Network Load Balancer - Is best suited for load balancing of Transmission Control Protocol (TCP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operates at Layer 4 (Transport Layer of the OSI Model).
- Classic Load Balancer - provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level (Layer 7) and connection level (Layer 4). Classic Load Balancer is intended for applications that were built within the EC2-Classic network.
For our custom Network, Our Terraform script will create an Application Load Balancer
Here is an extract of the infrastructure diagram showing the load balancer configured to distribute traffic for our frontend apps in Zone A and B.
It uses health checks to detect which instances are healthy and directs traffic only across those instances
Check out elb.tf terraform file, It creates an application load Balancer named webapp-lb
Once the Terraform has successful created our custom network. To get the Load Balancer Link, kindly log on to AWS console, Click on Load Balancers > Description > DNS name: webapp-lb-422337339.eu-west-2.elb.amazonaws.com - This Link is our configured Load Balancer.
Configured Load Balancer for the Frontend app: http://webapp-lb-422337339.eu-west-2.elb.amazonaws.com/
NOTE: If the Load Balancer Link up is not working, It's Likely that the resources created by our Terraform script have been destroyed by the time you've checked this repo to avoid incurring high bills on AWS.
- Terraform - To script our custom network configuration
- AWS - Amazon Web Services is a subsidiary of Amazon that provides on-demand cloud computing platforms to individuals, companies, and governments, on a paid subscription basis.
- Amazon EC2 - Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud.
- AWS Elastic Load Balancer - An Application load balancer to access the frontend application