Pumoxi

Setting up an AWS VPC with Terraform: A Step-by-Step Tutorial

Setting up an AWS VPC with Terraform: A Step-by-Step Tutorial

Disclaimer: The content of this post was generated with the assistance of AI.

In cloud environments, robust and secure networking is the backbone of reliable application deployment. Today, we’ll take a look at setting up an Amazon Web Services (AWS) Virtual Private Cloud (VPC) with Terraform, a tool that allows us to manage cloud infrastructure as code. This setup includes public and private subnets, security configurations, and an optional NAT Gateway deployment for routing traffic from private subnets to the internet.

Why Use Terraform for AWS VPC Networking?

Managing networking resources in the AWS Console can be time-consuming and error-prone. By defining network resources as code, you gain repeatability, version control, and an easy path for scaling infrastructure. Terraform makes it easy to define, deploy, and maintain your cloud infrastructure.

In this post, we’ll dive into a Terraform configuration that:

  • Creates a VPC with defined CIDR blocks
  • Sets up public and private subnets across two availability zones
  • Configures security groups for HTTP and egress traffic
  • Enables conditional deployment of NAT Gateways

Let’s get started.

Prerequisites

  1. AWS Account: Ensure your AWS account has permissions for VPC, subnet, NAT Gateway, and security group management.
  2. Terraform: Install Terraform (v0.12 or later) to define and manage infrastructure resources.

Step 1: Configuring the Module

Instead of creating resources directly, we’ll use a Terraform module pointing to a GitHub repository where this configuration is defined. This reusable module can be plugged into any project, enabling you to quickly integrate AWS networking.

To add this module, include the following in your Terraform configuration file:

In cloud environments, robust and secure networking is the backbone of reliable application deployment. Today, we’ll take a look at setting up an Amazon Web Services (AWS) Virtual Private Cloud (VPC) with Terraform, a tool that allows us to manage cloud infrastructure as code. This setup includes public and private subnets, security configurations, and an optional NAT Gateway deployment for routing traffic from private subnets to the internet.

Why Use Terraform for AWS VPC Networking?

Managing networking resources in the AWS Console can be time-consuming and error-prone. By defining network resources as code, you gain repeatability, version control, and an easy path for scaling infrastructure. Terraform makes it easy to define, deploy, and maintain your cloud infrastructure.

In this post, we’ll dive into a Terraform configuration that:

  • Creates a VPC with defined CIDR blocks
  • Sets up public and private subnets across two availability zones
  • Configures security groups for HTTP and egress traffic
  • Enables conditional deployment of NAT Gateways

Let’s get started.

Prerequisites

  1. AWS Account: Ensure your AWS account has permissions for VPC, subnet, NAT Gateway, and security group management.
  2. Terraform: Install Terraform (v0.12 or later) to define and manage infrastructure resources.

Step 1: Configuring the Module

Instead of creating resources directly, we’ll use a Terraform module pointing to a GitHub repository where this configuration is defined. This reusable module can be plugged into any project, enabling you to quickly integrate AWS networking.

To add this module, include the following in your Terraform configuration file:

module "aws_networking_setup" {
  source = "github.com/your_username/terraform-aws-networking-setup"

  # Required Variables
  aws_vpc_cidr               = "10.0.0.0/16"
  aws_region                 = "us-east-1"
  aws_az1                    = "us-east-1a"
  aws_az2                    = "us-east-1b"
  aws_public_subnet_az1_cidr = "10.0.1.0/24"
  aws_public_subnet_az2_cidr = "10.0.2.0/24"
  aws_private_subnet_az1_cidr = "10.0.3.0/24"
  aws_private_subnet_az2_cidr = "10.0.4.0/24"
  bool_nat_gateway           = true # Enable NAT Gateway
}

As security groups requirement differs per setup, this module will only create a blank security group. Please include the configuration of security group (example as below), and customize it as per your requirement.

resource "aws_vpc_security_group_ingress_rule" "allow_http_ipv4" {
  security_group_id = module.aws_networking_setup.security_group_id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "tcp"
  from_port         = 80
  to_port           = 80
}

resource "aws_vpc_security_group_ingress_rule" "allow_ssh_ipv4" {
  security_group_id = module.aws_networking_setup.security_group_id
  cidr_ipv4 = "0.0.0.0/0"
  ip_protocol = "tcp"
  from_port = 22
  to_port = 22
}

resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" {
  security_group_id = module.aws_networking_setup.security_group_id
  cidr_ipv4         = "0.0.0.0/0"
  ip_protocol       = "-1" # semantically equivalent to all ports
}

resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv6" {
  security_group_id = module.aws_networking_setup.security_group_id
  cidr_ipv6         = "::/0"
  ip_protocol       = "-1" # semantically equivalent to all ports
}

Step 2: Customize Your Variables

Each variable in the module defines a key aspect of the network setup. For instance:

  • aws_vpc_cidr: The CIDR block range for the VPC.
  • aws_public_subnet_az1_cidr and aws_public_subnet_az2_cidr: CIDR ranges for public subnets.
  • aws_private_subnet_az1_cidr and aws_private_subnet_az2_cidr: CIDR ranges for private subnets.
  • bool_nat_gateway: Boolean to enable or disable NAT Gateway deployment.

If bool_nat_gateway is set to true, the configuration creates NAT Gateways in each public subnet to route traffic from private subnets to the internet.

Note: Enabling of NAT Gateways incur cost

Step 3: Initialize and Apply the Configuration

Now that you’ve customized the module, initialize and apply it to deploy your VPC network. In your terminal, run:

terraform init
terraform apply

Terraform will prompt you to confirm the action, and then proceed to create your VPC, subnets, security groups, and optionally, the NAT Gateways.

Step 4: Reviewing the Outputs

Once the resources are deployed, you can view the outputs to retrieve important IDs, such as the VPC ID, public and private subnet IDs, and security group IDs. Here’s the output definition included in outputs.tf:

output "vpc_id" {
  description = "The ID of the created VPC"
  value       = aws_vpc.vpc.id
}

output "public_subnet_ids" {
  description = "List of public subnet IDs"
  value       = [aws_subnet.public_subnet_az1.id, aws_subnet.public_subnet_az2.id]
}

output "private_subnet_ids" {
  description = "List of private subnet IDs"
  value       = [aws_subnet.private_subnet_az1.id, aws_subnet.private_subnet_az2.id]
}

Benefits of this Configuration

1. Scalability: With the configuration as code, you can easily add more subnets or modify CIDR blocks.

2. Reusable Module: Using a module lets you reuse this setup across different projects with minimal changes.

3. Conditional NAT Gateway: The NAT Gateway’s conditional deployment offers flexibility, saving costs for setups that don’t need internet access for private subnets.

Cleanup

To tear down the resources created by Terraform, simply run:

terraform destroy

Final Thoughts

Building a VPC from scratch is a foundational skill for any cloud engineer. With Terraform, not only can you create a robust network architecture, but you also gain the power of version control, collaboration, and a path for managing complex infrastructure as code. This configuration offers a scalable, reusable setup for AWS networking that adapts to both cost-sensitive and secure environments.

Stay tuned for more Terraform and AWS best practices in upcoming posts!

Git Hub Repository

https://github.com/Pumoxi/tf_module_aws_networking_setup

Get More from Pumoxi

If you enjoyed this guide, subscribe us to receive daily insights into the world of IT and cloud infrastructure!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe

Discover more from Pumoxi

Subscribe now to keep reading and get access to the full archive.

Continue reading