A three-tier architecture with:
- 3 tiers: frontend (public-facing), backend (private), database (private)
- 3 Security Groups, one for each tier
- 1 vpc in a region.
- 2 public subnets in 2 availability zones.
- 6 private subnets in 2 availability zones.
- 1 Internet Gateway.
- 1 Network Address Translation (NAT) Gateway.
- 2 Route Tables
- 1 Internet-facing Application Load Balancer
- 1 Auto-Scaling Group in the frontend tier
- 1 Internal Application Load Balancer
- 1 Auto-Scaling Group in the backend tier
- 1 RDS subnet group
- 1 RDS (MySQL) in the database tier
- Need to have .an AWS account
- Need to have your AWS credentials all set.
- Need to have a key pair for provisioning EC2. Use the private key to ssh to EC2.
- Install Terraform
$ terraform init
$ terraform plan
$ terraform apply
$ terraform destroy
Most variables have default values in variable.tf. Modify them as you need. You need to specify the name of the key pair when using terraform plan/apply/destroy
region: the region you want to put your VPC inaz1: the first AZ.az2: the second AZ.db-name: The name of the database namedb-username: The usernamedb-password: The passwordkeypair: The name of the keypair for provisioning EC2tags: Tags to add to resources
db_address: The hostname of the RDS instance. Need this to connect to RDS from the backend tier.db_port: the database portpublic_alb_address: The DNS name of the public-facing load balancer. Put it in the browser to access servers running on EC2s in the frontend tier.private_alb_address: The DNS name of the internal-facing load balancer. It won't work if you put it in the browser (it's INTERNAL-facing, close to public). ssh into EC2 instances andcurl '<private_alb_address>then it works.
sshinto EC2 instances in the backend tiermysql --host=<db_address> --user=<db-username> -p <db-name>. Use-pso you'll be prompted to enter the password<db-password>.