DEV Community

Cover image for "Building Scalable Cloud Architecture with Terraform: Harnessing VPC Endpoints, VPC Peering, and Load Balancing"
Puneet Jena
Puneet Jena

Posted on

"Building Scalable Cloud Architecture with Terraform: Harnessing VPC Endpoints, VPC Peering, and Load Balancing"

In this overview, we will explore the process of architecting a robust and scalable multi-region cloud infrastructure using Amazon Web Services (AWS) and Terraform. We will create two servers in the Mumbai (ap-south-1) region - one private and the other public. Additionally, we will establish an interface endpoint for the private server, set up load balancing for our application, and create a VPC peering connection between the Mumbai VPC and a VPC created in the N. Virginia (us-east-1) region.

Creating a VPC:

  1. - To begin, let's define a VPC in the N. Virginia (us-east-1) region with the CIDR block "11.0.0.0/16". The CIDR block represents the IP address range that the VPC will use for its instances.

Creating a Public Subnet:

  1. Next, we'll create a public subnet within our VPC. A subnet is a segmented range of IP addresses within the VPC. In this case, we'll create a subnet with the CIDR block "11.0.1.0/24" in the availability zone "us-east-1a".

Configuring an Internet Gateway:

  1. - For instances in the public subnet to access the internet, we need an internet gateway. The internet gateway acts as a bridge between the VPC and the internet.

Setting Up a Route Table:

  1. - To control the traffic flow between the subnet and the internet gateway, we need to create a route table and associate it with the public subnet.

Adding a Route to the Internet Gateway:

  1. - Now, we'll add a route in the route table that points all traffic (0.0.0.0/0) to the internet gateway.


Repeat the same process in mumbai region with Peering Connection



** Configuring VPC Peering and edit routes:**


Launching Instances in N. Virginia (us-east-1) AND Mumbai (ap-south-1):
Using Terraform, we can define our instance configuration for the N. Virginia region. This involves specifying the AMI (Amazon Machine Image), instance type, security groups, and other relevant details.


Configuring Security Groups for N. Virginia Instances and Mumbai:
Using Terraform, we'll define the security group rules for instances launched in the N. Virginia region and Mumbai. This involves specifying inbound and outbound rules based on our identified security requirements.



Setting Up Load Balancer:
We'll start by defining an Application Load Balancer (ALB) that can distribute traffic across instances within the N. Mumbai(ap-south-1) region.

Creating Target Groups:
Target groups enable load balancers to direct traffic to specific instances based on defined criteria. We'll create a target group for our instances and configure the health check settings to ensure seamless traffic routing.

Configuring Listener:
The listener defines how the load balancer should route incoming traffic to target groups. We'll configure the listener to accept HTTP requests on a specific port and forward them to the previously created target group.


Defining Security Group Rules for the Load Balancer:
Using Terraform, we'll create a security group specifically designed to protect the load balancer. We'll define rules to allow incoming traffic on the necessary ports (e.g., HTTP) while restricting unauthorized access.


creating endpoint for private server in mumbai


After running the Terraform commands terraform init, terraform plan, and terraform apply, the following outcomes can be expected:

terraform init:

  1. - Initializes the Terraform working directory.
    • Downloads the necessary provider plugins and modules specified in the configuration files. terraform plan:
    • Generates an execution plan based on the current state and the desired configuration.
    • This command performs a "dry run" without actually making any changes to the infrastructure. terraform apply:
    • Applies the changes specified in the Terraform configuration to create, update, or delete resources. Connect to N. Virginia Server:

Use an SSH client (e.g., OpenSSH, PuTTY) to connect to your N. Virginia server.

  1. - Obtain the public IP address

Test Connectivity to Private Server in Mumbai:

  1. - From the N. Virginia server, attempt to connect to the private server in the Mumbai region using its private IP address.
  2. - Ensure that the security group rules on both the N. Virginia and Mumbai servers allow the necessary inbound and outbound traffic for communication.
    • If the peering connection is correctly configured, you should be able to establish a connection between the servers.

  4. After connecting to N-Virgina server provide key of the private mumbai server using vi keyname then provide required chmod permission ( this process i have missed in screenshot)


we can see that we can successfully connect to private server so the peering connection working properly now lets check the endpoint connection :-

  1. - through endpoint connection, we will try to access s3 buckets

Top comments (0)