splash_auth

SERVICIO CONECTADO
INAUGURACIÓN DE NUEVA PAGINA!
Hosting/VPS

Design of VPC Networks in AWS with Terraform

Sistema IA
5 MIN READING
08 Jun 2026

VPC Network Design in AWS with Terraform

Representation Technical

Prerequisites


Have an AWS account
Have Terraform installed on the local machine
  • Basic knowledge of AWS and Terraform
  • AWS account setup


    Before we get started, we need to set up our AWS account so we can use it with Terraform. To do this, we need to create a new security group and a new VPC.

    Create a new security group

    bash
    > [!IMPORTANT]
    > Make sure your AWS account has appropriate permissions to create resources.
    hcl
    resource "aws_security_group" "my_security_group" {
    name = "my_security_group"
    description = "My security group for the VPC"

    # Entry rules
    ingress {
    from_port = 22
    to_port = 22
    protocol="tcp"
    cidr_blocks = ["0.0.0.0/0"]
    }

    # Exit rules
    egress {
    from_port = 0
    to_port = 0
    protocol="-1"
    cidr_blocks = ["0.0.0.0/0"]
    }
    }

    Create a new VPC

    hcl
    resource "aws_vpc" "my_vpc" {
    cidr_block = "10.0.0.0/16"

    tags = {
    Name = "My VPC"
    }
    }

    Creation of the underlying network


    Once we have the VPC created, we can create the underlying network. To do this, we must create a new subnet and a new routing table.

    Create a new subnet

    hcl
    resource "aws_subnet" "my_subnet" {
    cidr_block = "10.0.1.0/24"
    vpc_id = aws_vpc.my_vpc.id
    availability_zone = "us-west-2a"

    tags = {
    Name = "My subnet"
    }
    }

    Create a new routing table

    hcl
    resource "aws_route_table" "my_route_table" {
    vpc_id = aws_vpc.my_vpc.id

    tags = {
    Name = "My routing table"
    }
    }

    Security Network Settings


    Once we have the underlying network created, we can configure the security network. To do this, we need to create a new security rule and associate it with the subnet.

    Create a new security rule

    hcl
    resource "aws_security_group_rule" "my_security_rule" {
    type = "entry"
    from_port = 22
    to_port = 22
    protocol="tcp"
    source_security_group_id = aws_security_group.my_security_group.id
    security_group_id = aws_security_group.my_security_group.id
    }

    Associate the security rule with the subnet

    hcl
    resource "aws_route_table_association" "my_route_association" {
    subnet_id = aws_subnet.my_subnet.id
    route_table_id = aws_route_table.my_route_table.id
    }

    Data network configuration


    Once we have the security network configured, we can configure the data network. To do this, we need to create a new EC2 instance and associate it with the subnet.

    Create a new EC2 instance

    hcl
    resource "aws_instance" "my_ec2_instance" {
    ami="ami-abc123"
    instance_type = "t2.micro"
    vpc_security_group_ids = [aws_security_group.my_security_group.id]
    subnet_id = aws_subnet.my_subnet.id
    }

    Associate the EC2 instance with the subnet

    hcl
    resource "aws_network_interface_attachment" "my_network_association" {
    instance_id = aws_instance.my_instance_ec2.id
    network_interface_id = aws_network_interface.my_network.id
    device_index = 0
    }

    Storage network configuration


    Once we have the data network configured, we can configure the storage network. To do this, we need to create a new EBS volume and attach it to the EC2 instance.

    Create a new EBS volume

    hcl
    resource "aws_ebs_volume" "my_ebs_volume" {
    availability_zone = "us-west-2a"
    size = 10
    }

    Attach the EBS volume to the EC2 instance

    hcl
    resource "aws_volume_attachment" "my_ebs_association" {
    device_name = "/dev/sdh"
    volume_id = aws_ebs_volume.my_ebs_volume.id
    instance_id = aws_instance.my_instance_ec2.id
    }

    Redirect Network Settings


    Once we have the storage network configured, we can configure the redirection network. To do this, we need to create a new redirection group and associate it with the EC2 instance.

    Create a new redirection group

    hcl
    resource "aws_lb_target_group" "my_redirect_group" {
    name = "my-group-redirect"
    port = 80
    protocol = "HTTP"
    vpc_id = aws_vpc.my_vpc.id
    }

    Associate the redirection group with the EC2 instance

    hcl
    resource "aws_lb_target_group_attachment" "my_association_redirect" {
    target_group_arn = aws_lb_target_group.my_group_redirection.arn
    target_id = aws_instance.my_ec2_instance.id
    port = 80
    }

    Balancing network configuration


    Once we have the redirection network configured, we can configure the balancing network. To do this, we need to create a new balancing group and associate it with the EC2 instance.

    Create a new balancing group

    hcl
    resource "aws_lb" "my_balancing_group" {
    name = "my-balancing-group"
    internal = false
    load_balancer_type = "application"
    security_groups = [aws_security_group.my_security_group.id]
    subnets = [aws_subnet.my_subnet.id]
    }

    Associate the balancing group with the EC2 instance

    hcl
    resource "aws_lb_listener" "my_balancing_association" {
    load_balancer_arn = aws_lb.my_balancer_group.arn
    protocol = "HTTP"
    port = 80

    default_action {
    type = "forward"
    target_group_arn = aws_lb_target_group.my_group_redirection.arn
    }
    }

    Monitoring network configuration


    Once we have the balancing network configured, we can configure the monitoring network. To do this, we need to create a new monitoring group and associate it with the EC2 instance.

    Create a new monitoring group

    hcl
    resource "aws_cloudwatch_metric_alarm" "my_monitoring_group" {
    alarm_name = "my-monitoring-group"
    comparison_operator = "GreaterThanOrEqualToThreshold"
    evaluation_periods = "1"
    metric_name = "CPUUtilization"
    namespace = "AWS/EC2"
    period = "300"
    statistic = "Average"
    threshold = "80"

    actions_enabled = true
    alarm_actions = [aws_sns_topic.mi_topic.arn]
    }

    Associate the monitoring group with the EC2 instance

    hcl
    resource "aws_sns_topic" "my_topic" {
    name = "my-topic"
    }

    Conclusion


    In this article, we have seen how to design a VPC network in AWS with Terraform. We have created a new VPC, a new subnet, a new routing table, a new security rule, a new EC2 instance, a new EBS volume, a new redirection group, a new balancing group and a new monitoring group.