If you can’t figure out how to secure your own WordPress site , then you are in the right place.
To do this we are using AWS Network as a Service and Terraform Infrastructure as Code.
STEP1: Specifying Provider
We specify Terraform that we are going to use AWS as our cloud service provider and the user we are going to use. The user should be configured already in your system.
STEP2: Creating Key-Pair
We create key-pair to ssh into our instance.
STEP3: Create Virtual Private Cloud(VPC)
Amazon Virtual Private Cloud (Amazon VPC) lets us provision a logically isolated section of the AWS Cloud where we can launch AWS resources in a virtual network that we define. We have complete control over your virtual networking environment, including selection of our own IP address range, creation of subnets, and configuration of route tables and network gateways. We can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications.
For our VPC, the name will come as set in variables and the IPv4 CIDR as 192.168.0.0/16. Hostnames and DNS support have been kept as true so as auto public IP allocation can be done.
STEP4: Creating Subnets in VPC
A VPC spans all of the Availability Zones in the Region. After creating a VPC, we can add one or more subnets in each Availability Zone.When we create a subnet, we specify the CIDR block for the subnet, which is a subset of the VPC CIDR block. Each subnet must reside entirely within one Availability Zone and cannot span zones.
The configuration for this scenario includes a virtual private cloud (VPC) with a public subnet and a private subnet. We want to run a public-facing web application, while maintaining back-end servers that aren’t publicly accessible. For example , we are creating a multi-tier architecture, with the Wordpress site in a public subnet and the database servers in our case MySQL in a private subnet. We can set up security and routing so that the web servers can communicate with the database servers.
The instances in the public subnet can send outbound traffic directly to the Internet, whereas the instances in the private subnet can’t. Instead, the instances in the private subnet can access the Internet by using a network address translation (NAT) gateway that resides in the public subnet. The database servers can connect to the Internet for software updates using the NAT gateway, but the Internet cannot establish connections to the database servers.
STEP5 : Creating security group
We create 2 security groups:
- Security group1 allowing inbound ssh (from port 22) and http(from port 80) protocols into instances in the public subnet.
- Security group2 allowing only inbound requests to port 3306(MySQL) from sg1.
Internet Gateway: An internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between your VPC and the internet.
To enable access to or from the internet for instances in a subnet in a VPC, we must do the following:
- Attach an internet gateway to your VPC.
- Creating a route table that directs requests to the internet gateway. And associate it with public subnet 1
STEP7: EC2 instances
Launch the WordPress instance in the public subnet with Security group1.
Launching MySQL instance in the private subnet with security group 2. So it will only be accessible from public subnet security group 1 and not from the outside world.
We are done with the Terraform code now. So to run that do:
Then apply the changes:
terraform apply -auto-approve
Then after everything is setup. We have to SSH into the wordpress instance and edit the wp-config.php file contained in the /var/www/html directory.
Note the private IP of the MySQL instance and substitute it there.
We’ve done it !!! The infrastructure is now set up!
Now we can visit the wordpress site using the Public DNS/IP.
To destroy the infrastructure, run
terraform destroy -auto-approve
To get the complete code: