Prerequisites
Have an AWS account
Have Terraform installed on the local machine
Basic knowledge of AWS and Terraform
AWS account setup
Before we get started, we need to set up our AWS account so we can use it with Terraform. To do this, we need to create a new security group and a new VPC.
Create a new security group
bash
> [!IMPORTANT]
> Make sure your AWS account has appropriate permissions to create resources.
hcl
resource "aws_security_group" "my_security_group" {
name = "my_security_group"
description = "My security group for the VPC"
# Entry rules
ingress {
from_port = 22
to_port = 22
protocol="tcp"
cidr_blocks = ["0.0.0.0/0"]
}
# Exit rules
egress {
from_port = 0
to_port = 0
protocol="-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
Create a new VPC
hcl
resource "aws_vpc" "my_vpc" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "My VPC"
}
}
Creation of the underlying network
Once we have the VPC created, we can create the underlying network. To do this, we must create a new subnet and a new routing table.
Create a new subnet
hcl
resource "aws_subnet" "my_subnet" {
cidr_block = "10.0.1.0/24"
vpc_id = aws_vpc.my_vpc.id
availability_zone = "us-west-2a"
tags = {
Name = "My subnet"
}
}
Create a new routing table
hcl
resource "aws_route_table" "my_route_table" {
vpc_id = aws_vpc.my_vpc.id
tags = {
Name = "My routing table"
}
}
Security Network Settings
Once we have the underlying network created, we can configure the security network. To do this, we need to create a new security rule and associate it with the subnet.
Create a new security rule
hcl
resource "aws_security_group_rule" "my_security_rule" {
type = "entry"
from_port = 22
to_port = 22
protocol="tcp"
source_security_group_id = aws_security_group.my_security_group.id
security_group_id = aws_security_group.my_security_group.id
}
Associate the security rule with the subnet
hcl
resource "aws_route_table_association" "my_route_association" {
subnet_id = aws_subnet.my_subnet.id
route_table_id = aws_route_table.my_route_table.id
}
Data network configuration
Once we have the security network configured, we can configure the data network. To do this, we need to create a new EC2 instance and associate it with the subnet.
Create a new EC2 instance
hcl
resource "aws_instance" "my_ec2_instance" {
ami="ami-abc123"
instance_type = "t2.micro"
vpc_security_group_ids = [aws_security_group.my_security_group.id]
subnet_id = aws_subnet.my_subnet.id
}
Associate the EC2 instance with the subnet
hcl
resource "aws_network_interface_attachment" "my_network_association" {
instance_id = aws_instance.my_instance_ec2.id
network_interface_id = aws_network_interface.my_network.id
device_index = 0
}
Storage network configuration
Once we have the data network configured, we can configure the storage network. To do this, we need to create a new EBS volume and attach it to the EC2 instance.
Create a new EBS volume
hcl
resource "aws_ebs_volume" "my_ebs_volume" {
availability_zone = "us-west-2a"
size = 10
}
Attach the EBS volume to the EC2 instance
hcl
resource "aws_volume_attachment" "my_ebs_association" {
device_name = "/dev/sdh"
volume_id = aws_ebs_volume.my_ebs_volume.id
instance_id = aws_instance.my_instance_ec2.id
}
Redirect Network Settings
Once we have the storage network configured, we can configure the redirection network. To do this, we need to create a new redirection group and associate it with the EC2 instance.
Create a new redirection group
hcl
resource "aws_lb_target_group" "my_redirect_group" {
name = "my-group-redirect"
port = 80
protocol = "HTTP"
vpc_id = aws_vpc.my_vpc.id
}
Associate the redirection group with the EC2 instance
hcl
resource "aws_lb_target_group_attachment" "my_association_redirect" {
target_group_arn = aws_lb_target_group.my_group_redirection.arn
target_id = aws_instance.my_ec2_instance.id
port = 80
}
Balancing network configuration
Once we have the redirection network configured, we can configure the balancing network. To do this, we need to create a new balancing group and associate it with the EC2 instance.
Create a new balancing group
hcl
resource "aws_lb" "my_balancing_group" {
name = "my-balancing-group"
internal = false
load_balancer_type = "application"
security_groups = [aws_security_group.my_security_group.id]
subnets = [aws_subnet.my_subnet.id]
}
Associate the balancing group with the EC2 instance
hcl
resource "aws_lb_listener" "my_balancing_association" {
load_balancer_arn = aws_lb.my_balancer_group.arn
protocol = "HTTP"
port = 80
default_action {
type = "forward"
target_group_arn = aws_lb_target_group.my_group_redirection.arn
}
}
Monitoring network configuration
Once we have the balancing network configured, we can configure the monitoring network. To do this, we need to create a new monitoring group and associate it with the EC2 instance.
Create a new monitoring group
hcl
resource "aws_cloudwatch_metric_alarm" "my_monitoring_group" {
alarm_name = "my-monitoring-group"
comparison_operator = "GreaterThanOrEqualToThreshold"
evaluation_periods = "1"
metric_name = "CPUUtilization"
namespace = "AWS/EC2"
period = "300"
statistic = "Average"
threshold = "80"
actions_enabled = true
alarm_actions = [aws_sns_topic.mi_topic.arn]
}
Associate the monitoring group with the EC2 instance
hcl
resource "aws_sns_topic" "my_topic" {
name = "my-topic"
}
Conclusion
In this article, we have seen how to design a VPC network in AWS with Terraform. We have created a new VPC, a new subnet, a new routing table, a new security rule, a new EC2 instance, a new EBS volume, a new redirection group, a new balancing group and a new monitoring group.