Infrastructure as Code: Deployment to AWS using Terraform Part 2

In the part1 section of this tutorial series, I have taken time to explain how to set up Terraform to be working with AWS using AMI and creating a simple instance running as classic EC2.

This series aims to be a gentle walk-through of Terraform with full code available on git htttps://

In part 2, I will try to evolve the architecture a little bit and use a scenario that’s a bit close to reality. It will not be as detailed as in part1 and I will only highlight parts that I thought are important. The git branch for this part 2 is at

Creating a simple infra in a VPC

When you create a VPC from the wizard in AWS console a whole lot is done for you in the background. But when you are using the aws-cli to create it, it’s a bit more detailed compared to the console, but it gives you more control over the network. We will be creating a VPC with 2 public and 3 private subnets. Below are the VPC components to explicitly create when using CLI:

  • Network Address range
  • Subnet and their range
  • Internet Gateway
  • Optionally a Nat Gateway
  • A routing table and its route for public traffic
  • A routing table and its route for private traffic
  • Routing table and subnets association

Our network CIDR will be and below are the subnets we will be creating:

  • public subnet in AZ A. cidr:
  • public subnet in AZ B. cidr:
  • private subnet in AZ A. cidr:
  • private subnet in AZ B. cidr:
  • private subnet in AZ C. cidr:

Creating the VPC

To create our subnets in different availability zones, we are going to need to use the hashicorp aws_availability_zones data source to pull the data from AWS

Creating the Internet Gateway

For our network to be accessible from internet we need to create an internet gateway in the vpc. We referred to the vpc id by using a resource interpolation [type(ie aws_vpc)].[name(terraform_vpc)].[attribute(id)]

Creating the Elastic IP to be used on the Nat Gateway

Creating a route table with a public route

Creating subnets and making it public

When creating a subnet in a vpc, unless you assign it a route table that has a public route, it can’t really be called public subnet

Creating a NAT Gateway

For the NAT Gateway to do its work, it has to be located in a place where it has internet access itself. That’s why it wasn’t created immediately after the internet gateway was created. It needs to live inside a public subnet

Creating a route table with private route

creating subnets and making them private

Creating an EC2 instance in the VPC

This time along, I will be using an Ubuntu node that I normally use for my production workload. Here the same principle applies. You need a security group, a public ssh key, etc. But since we want to create the instance inside a VPC, the security group obviously should be created in that same VPC. The Id of the subnet we want the node to be created in is used and the attribute we used for assigning the security_group in part 1 of this series is different from the vpc_security_group_ids used now.

Creating the infrastructure

A quick terraform apply command and we should be up and running in no time and our instance and our vpc should look like the following:

Showing the instance created with its properties
Showing the current VPCs in the AWS VPC list
Showing the various subnets created into our VPC

Leave a Reply

Your email address will not be published. Required fields are marked *

captcha * Time limit is exhausted. Please reload the CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top