Cookie Consent by Free Privacy Policy Generator 📌 Terraform 101: Creating Secure Subnets in Your VPC


✅ Terraform 101: Creating Secure Subnets in Your VPC


💡 Newskategorie: Programmierung
🔗 Quelle: dev.to

Welcome to Part 2 of the series: Terraform for Beginners

Previously, we learned how to create a VPC in AWS using Terraform. In this blog, we'll learn about subnets and how to create them using Terraform.

What is a subnet?

According to AWS documentation,

A subnet is a range of IP addresses in your VPC. You can create AWS resources, such as EC2 instances, in specific subnets.

Here's a breakdown of the key aspects of a subnet:

  • Segmentation: Subnets allow you to partition your VPC into isolated units. This enhances security by restricting resources within one subnet from directly accessing resources in another subnet by default. If needed, you can configure specific routing rules to allow controlled communication between subnets.

  • Placement: You can create multiple subnets within your VPC, each with its own CIDR block (a range of IP addresses). When launching resources like EC2 instances within your VPC, you can specify their subnet. This placement determines their network access and security posture.

  • Public vs. Private: A common practice involves creating two main types of subnets:

    • Public Subnet: Resources placed in a public subnet have direct access to the internet. This allows them to receive inbound traffic from the internet and potentially send outbound traffic. Public subnets are suitable for resources like web servers that need to be accessed publicly.
    • Private Subnet: Resources in a private subnet don't have direct internet access by default. This improves security for resources that don't require exposure to the internet. However, if these resources need controlled outbound access (e.g., downloading updates), you can leverage a NAT Gateway (Network Address Translation Gateway) to provide it.

Let's look at the architecture diagram.

Architecture Diagram

We have to create a public and private subnet inside the vpc we created in the previous blog.

Prerequisites

Complete the tutorial for creating a vpc as we will continue from there.
You can check out the tutorial here

Terraform Code to create Subnet in AWS

Step 1: In your vpc.tf file copy and paste the following piece of code:

resource "aws_subnet" "public_subnet" {
  for_each                = var.public_subnet
  vpc_id                  = aws_vpc.main.id
  cidr_block              = each.value.cidr_block
  availability_zone       = each.value.availability_zone
  map_public_ip_on_launch = true
  tags = {
    Name         = "${var.env}-${local.project}-${each.key}"
    CreatedByTer = true
  }
}

resource "aws_subnet" "private_subnet" {
  for_each          = var.private_subnet
  vpc_id            = aws_vpc.main.id
  cidr_block        = each.value.cidr_block
  availability_zone = each.value.availability_zone
  tags = {
    Name          = "${var.env}-${local.project}-${each.key}"
    CreatedByTer  = true
  }
}

Explanation:

  • for_each allows you to create multiple subnets with varying configurations based on the data provided in the variables named public_subnet and private_subnet.

  • cidr_block = each.value.cidr_block.

    • This line defines the CIDR block for the subnets. However, it uses a dynamic approach by referencing each.value.cidr_block. This suggests that var.public_subnet and var.private_subnet is a map or list containing key-value pairs where the key is used for iteration (each.key) and the value (each.value) contains a nested object with a cidr_block key. This allows you to define multiple CIDR blocks for different subnets within the loop.
  • availability_zone = each.value.availability_zone

    • Similar to the cidr_block, this line defines the availability zone for the subnets using a dynamic reference to the availability_zone key within the nested objects. This allows you to distribute your resources across zones for redundancy.
  • map_public_ip_on_launch

    • This line sets the map_public_ip_on_launch attribute to true or false. When set to true, any EC2 instances launched within that subnet will automatically receive a public IP address, allowing them to be accessed directly from the internet. Similarly, when set to false, the instances will not be assigned a public IP during creation.

You will get an error as we have not yet created the public_subnet and private_subnet variables.

Step 2: In your variables.tf file copy and paste the following code:

variable "public_subnet" {
  type        = map(any)
  description = "Public Subnets to be created"
}
variable "private_subnet" {
  type        = map(any)
  description = "Private Subnets to be created"
}

Explanation:

  • This code block defines two Terraform variables named "public_subnet" and "private_subnet". It specifies that the variables will hold a collection of data in the form of a map.

  • While 'any' allows for flexibility, using more specific data types within the map can improve code readability and catch potential errors during configuration.

Step 3: In your terraform.tfvars file copy and paste the following code block

public_subnet = {
  public-subnet-1 = {
    cidr_block        = "10.0.101.0/24"
    availability_zone = "ap-south-1a"
  }
}
private_subnet = {
  private-subnet-1 = {
    cidr_block        = "10.0.1.0/24"
    availability_zone = "ap-south-1"
  }
}

Explanation:

  • The value of the public_subnet and private_subnet variables are defined here.

  • This configuration defines the above variables as map of a map.

  • public-subnet-1 is the name of the first child map of the variable public_subnet. It consists of two key-value pairs:

    • cidr_block specifies the CIDR range for the subnet
    • availability_zone specifies the AWS availability zone the subnet will reside in. Here we are creating the subnet in the _Mumbai _region.
  • Similarly, private-subnet-1 is the name of the first child of the variable private_subnet. It consists of the same key-value pairs.

Deploy infrastructure to AWS

Follow the steps here to deploy the changes to AWS.

Congratulations! You have successfully created subnets in AWS using terraform.

Up next: Internet Gateway! Stay tuned. 👋

...

✅ Terraform 101: Creating Secure Subnets in Your VPC


📈 85.04 Punkte

✅ Generating dynamic subnets & AZs with Terraform's VPC module


📈 56.22 Punkte

✅ AWS Networking - AWS VPC, Subnets, Security Groups, NAT Gateway & IP Addresses


📈 43.48 Punkte

✅ Learning AWS Day by Day — Day 20 — VPC Hands-on: Part 2 (VPC Peering)


📈 40.26 Punkte

✅ How to move an Amazon RDS DB instance from an Amazon Virtual Private Cloud (Amazon VPC) to a new VPC


📈 40.26 Punkte

✅ AWS Intra-Region VPC Peering: Conectando VPCs en la Misma Región con Terraform


📈 32.87 Punkte

✅ How to Build AWS VPC Using Terraform - Step By Step


📈 32.87 Punkte

✅ “Automating VPC Peering in AWS with Terraform”


📈 32.87 Punkte

✅ Building a Custom VPC and EKS Cluster on AWS with Terraform


📈 32.87 Punkte

✅ Guide on creating a Virtual Network with Subnets in Microsoft Azure


📈 32.51 Punkte

✅ Creating an Azure Virtual Network with Four Subnets (192.148.30.0/26)


📈 32.51 Punkte

✅ Creating An Azure virtual Network with Subnets


📈 32.51 Punkte

✅ Creating Azure Virtual Network with 4 Subnets Using the Address Space 192.148.30.0/26


📈 32.51 Punkte

✅ Creating an Azure Virtual Network with Multiple Subnets


📈 32.51 Punkte

✅ Creating an Azure Virtual Network with Subnets.


📈 32.51 Punkte

✅ Creating an Azure Virtual Network with subnets


📈 32.51 Punkte

✅ Creating an Azure Virtual Network with Subnets


📈 32.51 Punkte

✅ Beginner's Guide to AWS: Creating Your First Virtual Private Cloud (VPC)


📈 32.43 Punkte

✅ Creating custom VPC on AWS using OpenTofu


📈 29.29 Punkte

✅ Creating a VPC Peering Connection


📈 29.29 Punkte

✅ Ansible as a Provisioning tool: Creating a VPC


📈 29.29 Punkte

✅ Architecting a Secure and Scalable Network with AWS VPCs and Subnets


📈 29.08 Punkte

✅ Creating Secure Backups for DynamoDB Tables with Terraform


📈 27.64 Punkte

✅ How to host servers in your living room on publicly routed static IPv4 and IPv6 subnets


📈 26.49 Punkte

✅ Boost your Cloud Security with Network ACLs in your VPC


📈 26.4 Punkte

✅ Terraform - Using GitHub Copilot Chat with Terraform


📈 25.49 Punkte

✅ Understanding Terraform: part 1 – What is Terraform?


📈 25.49 Punkte

✅ Automate your Firebase project creating with Terraform


📈 25.04 Punkte

✅ Terraform 101


📈 23.53 Punkte

✅ HOW TO CREATE AN AZURE VIRTUAL NETWORK WITH MULTIPLE SUBNETS USING SPECIFIED ADDRESS SPACE


📈 23.35 Punkte

✅ Create and Configure a Virtual Network with Four Subnets


📈 23.35 Punkte

✅ Subnets, Gateways, Route Tables


📈 23.35 Punkte











matomo

Datei nicht gefunden!