Charles Uneze

Posted on Mar 6, 2023 • Updated on Mar 8, 2023

Create an Instance with an Elastic IP Attached using Terraform

#cloud #terraform #aws #networkengineer

On my journey to explore the Kubernetes networking ecosystem, I decided to take my first step by completing the AWS Networking course outline using Terraform. I am attempting to gain an understanding of how things work at this layer.

Laying the Ground Work for My Code

The first thing I did was to install Terraform using this tutorial.

Defining the Backend for Storing Infrastructure Information

The next thing I did was to create a "Terraform.tf" file so I can set up the backend where all the information about this infrastructure will be stored. The information is mapped to the real infrastructure on AWS. I use a local backend, meaning the information is stored on my computer. This information is in JSON format.

terraform {
    backend "local" {
      path = ""
    }

  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

The above code in this file specifies that I am using a local backend, and also that I am using an “AWS provider.” The provider is a plugin for interacting with the AWS APIs so the infrastructure can be built.

Specifying the Cloud Provider

Next I created a "main.tf" file where I will specify the cloud provider and also the architecture as code.

# Configure the AWS Provider
provider "aws" {
  region = "us-west-2"
  access_key = ""
  secret_key = ""
}

Algorithm of the Architecture

Create a VPC
Specify the default NACL
Specify the default security group
Create an Internet Gateway
Specify the default route table, and add a new route to the Internet Gateway.
Create a subnet
Create an instance
Create an elastic IP address

Create a VPC

VPC = 10.0.0.0/16

# Create VPC
resource "aws_vpc" "VPC_A" {
  cidr_block       = "10.0.0.0/16"
  instance_tenancy = "default"

  tags = {
    name = "VPC_A"
  }
}

When a VPC is created, AWS uses an overlay network to offer multi-tenancy for implementation. I wrote some words about this on my substack.

Specify the default NACL

# Specify the default NACL, regardless if the VPC creates it on default
resource "aws_default_network_acl" "Default_VPC_A_NACL" {
  default_network_acl_id = aws_vpc.VPC_A.default_network_acl_id

  ingress {
    protocol   = -1
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 0
    to_port    = 0
  }

  egress {
    protocol   = -1
    rule_no    = 100
    action     = "allow"
    cidr_block = "0.0.0.0/0"
    from_port  = 0
    to_port    = 0
  }

  tags = {
    "name" = "Default_VPC_A_NACL"
  }
}

Specify the default security group

# Specify the default SG, regardless if the VPC creates it on default
resource "aws_default_security_group" "Default_VPC_A_SG" {
  vpc_id = aws_vpc.VPC_A.id

  ingress {
    protocol  = -1
    from_port = 0
    to_port   = 0
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = -1
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = {
    "name" = "Default_VPC_A_SG"
  }
}

Create an Internet Gateway

# Create the Internet Gateway
resource "aws_internet_gateway" "VPC_A_IGW" {
  vpc_id = aws_vpc.VPC_A.id

  tags = {
    name = "VPC_A_IGW"
  }
}

Specify the default route table, and add a new route to the Internet Gateway

# Create the default route table
resource "aws_default_route_table" "VPC_A_Default_RT" {
  default_route_table_id = aws_vpc.VPC_A.default_route_table_id

  route {
    cidr_block = "0.0.0.0/0"
    gateway_id = aws_internet_gateway.VPC_A_IGW.id
  }

  tags = {
    name = "VPC_A_Default_RT"
  }
}

Create a subnet

# Create Subnet
resource "aws_subnet" "VPC_A_Subnet_A" {
  vpc_id                  = aws_vpc.VPC_A.id
  cidr_block              = "10.0.0.0/24"
  availability_zone       = "us-west-2a"

  tags = {
    name = "VPC_A_Subnet_A"
  }
}