Understanding Terraform Configuration and Prerequisites for AWS VPC Setup

Shahid HannureShahid Hannure
4 min read

Table of contents

Hey there! If you're diving into setting up an AWS VPC using Terraform, you're in the right place. Let's break down the Terraform configuration and discuss the prerequisites you'll need to get everything up and running smoothly.

Terraform Configuration Breakdown

Based on your context, we're working with a setup in the us-west-2 region. Here's what each part of the Terraform code does:

Provider Configuration

provider "aws" {
  region = "us-west-2"
}

Explanation:

  • This sets AWS as the provider and specifies the us-west-2 region, which is crucial for ensuring that resources are created in the desired location.

VPC and Subnets

resource "aws_vpc" "project_vpc" {
  cidr_block = "10.0.0.0/16"
  tags = {
    Name = "project-vpc"
  }
}

resource "aws_subnet" "public1" {
  vpc_id            = aws_vpc.project_vpc.id
  cidr_block        = "10.0.1.0/24"
  availability_zone = "us-west-2a"
  map_public_ip_on_launch = true
  tags = {
    Name = "project-subnet-public1-us-west-2a"
  }
}

resource "aws_subnet" "private1" {
  vpc_id            = aws_vpc.project_vpc.id
  cidr_block        = "10.0.2.0/24"
  availability_zone = "us-west-2a"
  tags = {
    Name = "project-subnet-private1-us-west-2a"
  }
}

resource "aws_subnet" "public2" {
  vpc_id            = aws_vpc.project_vpc.id
  cidr_block        = "10.0.3.0/24"
  availability_zone = "us-west-2b"
  map_public_ip_on_launch = true
  tags = {
    Name = "project-subnet-public2-us-west-2b"
  }
}

resource "aws_subnet" "private2" {
  vpc_id            = aws_vpc.project_vpc.id
  cidr_block        = "10.0.4.0/24"
  availability_zone = "us-west-2b"
  tags = {
    Name = "project-subnet-private2-us-west-2b"
  }

Explanation:

  • VPC: Defines a virtual private cloud with a CIDR block of 10.0.0.0/16.

  • Subnets: Four subnets are defined, two in each availability zone (us-west-2a and us-west-2b). Public subnets are configured to automatically assign public IPs to instances.

Route Tables and Associations

resource "aws_route_table" "public" {
  vpc_id = aws_vpc.project_vpc.id
  tags = {
    Name = "project-rtb-public"
  }

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.igw.id
  }
}

resource "aws_route_table" "private1" {
  vpc_id = aws_vpc.project_vpc.id
  tags = {
    Name = "project-rtb-private1-us-west-2a"
  }

  route {
    cidr_block = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.nat1.id
  }
}

resource "aws_route_table" "private2" {
  vpc_id = aws_vpc.project_vpc.id
  tags = {
    Name = "project-rtb-private2-us-west-2b"
  }

  route {
    cidr_block = "0.0.0.0/0"
    nat_gateway_id = aws_nat_gateway.nat2.id
  }

Explanation:

  • Public Route Table: Routes internet traffic through the internet gateway.

  • Private Route Tables: Route traffic through NAT gateways for internet access without exposing instances.

Network Connections

resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.project_vpc.id
  tags = {
    Name = "project-igw"
  }
}

resource "aws_eip" "nat1" {
  vpc = true
}

resource "aws_nat_gateway" "nat1" {
  subnet_id     = aws_subnet.public1.id
  allocation_id = aws_eip.nat1.id
  tags = {
    Name = "project-nat-public1-us-west-2a"
  }
}

resource "aws_eip" "nat2" {
  vpc = true
}

resource "aws_nat_gateway" "nat2" {
  subnet_id     = aws_subnet.public2.id
  allocation_id = aws_eip.nat2.id
  tags = {
    Name = "project-nat-public2-us-west-2b"
  }

Explanation:

  • Internet Gateway: Allows public subnets to access the internet.

  • NAT Gateways: Enable private subnets to access the internet via Elastic IPs.

Route Table Associations

resource "aws_route_table_association" "public1" {
  subnet_id      = aws_subnet.public1.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route_table_association" "private1" {
  subnet_id      = aws_subnet.private1.id
  route_table_id = aws_route_table.private1.id
}

resource "aws_route_table_association" "public2" {
  subnet_id      = aws_subnet.public2.id
  route_table_id = aws_route_table.public.id
}

resource "aws_route_table_association" "private2" {
  subnet_id      = aws_subnet.private2.id
  route_table_id = aws_route_table.private2.id
}

Explanation:

  • Associates each subnet with the appropriate route table to ensure proper traffic routing.

Prerequisites

Before running this Terraform configuration, you'll need to set up a few things:

  1. Terraform: Ensure Terraform is installed on your machine. You can download it from the official Terraform website.

  2. AWS CLI: Install and configure the AWS CLI to manage your AWS credentials. You can download it from the AWS CLI website.

  3. AWS Credentials: Configure your AWS credentials using the AWS CLI:

     aws configure

    You'll need to provide your AWS Access Key ID, Secret Access Key, default region name (us-west-2), and default output format (e.g., json).

  4. IAM Permissions: Ensure your AWS IAM user has the necessary permissions to create VPCs, subnets, route tables, internet gateways, NAT gateways, and Elastic IPs.

  5. Initialize Terraform: In your project directory, run:

     terraform init

    This command initializes the directory and downloads the necessary provider plugins.

  6. Apply Configuration: Once everything is set up, apply the Terraform configuration with:

     terraform apply

    Review the plan and approve it to create the resources.

By following these steps and ensuring your configuration is correct, you'll be able to set up a robust AWS VPC environment using Terraform. If you have any questions or run into any issues, feel free to reach out

0
Subscribe to my newsletter

Read articles from Shahid Hannure directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Terraform#IaCvpcAWS

Written by

Shahid Hannure
Shahid Hannure