Virtual Private Cloud (VPC) is one of the (essential) services from AWS that offers cloud users the ability to create isolated instances of virtual data centers. VPC offers complete control over the cloud networking for the instances created in the AWS cloud. It allows us to create multiple subnets for micro segmenting the virtual instances in different subnets and leverage the network ACL and Security Groups to control inter-subnet communication. It also offers internet connectivity to the instances created in the AWS cloud.
By default, each AWS region will be created with a “Default” VPC that cannot be deleted. Any VPC has region-wide scope with a default CIDR of 172.31.0.0/16. Any VPC can be configured with one or more subnets from the CIDR block where each subnet is local to the Availability Zone (AZ) within the AWS region.
We can custom configure our own VPC to cater the business need. It involves the basic four steps as shown below:
- Create a VPC in the relevant AWS region and assign the name.
- Configure one or more subnets for each AZ within the AWS region.
- Configure one or more route-table
- Configure the Internet Gateway.
This article explains how to configure VPC using both the AWS portal and terraform configuration.
VPC Configuration using AWS Portal
The user is expected to have AWS account created and logged into the portal to create the VPC. Below is the configuration procedure depicted while creating the VPC from the AWS portal:
A graphical representation of the VPC creation flow is shown in the portal as below:
The basic terraform configuration involves the below:
- Create terraform variable listing one or more Availability Zones with a type string
- Create terraform variable listing one or more subnets with a type string
- Create aws_vpc resource to configure the VPC
- Create aws_subnet resource to configure the subnets in each AZs within the region.
The same configuration is as below:
resource aws_vpc "nyacorp-new" {
cidr_block = "172.16.0.0/16"
instance_tenancy = "default"
tags = {
Name = "NyaCorp-VPC"
}
}
variable "availability_zones" {
type = list(string)
default = ["us-east-1a", "us-east-1b"]
}
variable "public_subnet_cidr_block" {
type = list(string)
default = ["172.16.0.0/20", "172.16.128.0/20"]
}
variable "private_subnet_cidr_block" {
type = list(string)
default =["172.16.16.0/20", "172.16.144.0/20"]
}
resource "aws_subnet" "public_subnets" {
count = length(var.public_subnet_cidr_block)
vpc_id = aws_vpc.nyacorp-new.id
availability_zone = element(var.availability_zones, count.index)
cidr_block = element(var.public_subnet_cidr_block, count.index)
}
resource "aws_subnet" "private_subnets" {
count = length(var.private_subnet_cidr_block)
vpc_id = aws_vpc.nyacorp-new.id
availability_zone = element(var.availability_zones, count.index)
cidr_block = element(var.private_subnet_cidr_block, count.index)
}
Once the terraform configuration is applied using "terraform apply", it could be noted that the VPC is created along with the subnets. But the internet gateway is not. While portal-based configuration, creates the internet gateway by default for the VPC, it needs to explicitly be configured while using Terraform.
Below is the resource configuration required to create the internet gateway for the VPC:
resource "aws_internet_gateway" "nyacorp-igw" {
vpc_id = aws_vpc.nyacorp-new.id
tags = {
Name = "NyaCorp-IGW"
}
}
There are other different ways to configure the VPC or to configure more granular details using terraform. This article attempts to clarify the basic requirements to configure the VPC using the AWS portal and using Terraform.
Configuration well explained
ReplyDelete