🏠 Back to Home

πŸ—οΈ Terraform AWS VPC Infrastructure

Master Infrastructure as Code by deploying production-grade AWS networking using Terraform.

Welcome to Terraform Infrastructure as Code Lab! πŸš€

Infrastructure as Code (IaC) is a key practice in DevOps, enabling teams to manage and provision infrastructure through code rather than manual processes. In this lab, you'll use HashiCorp Terraform to deploy a Multi-AZ AWS VPC environment.

🧩

Declarative Layout

Define the 'what', not the 'how'. Terraform handles the complex provisioning steps automatically.

πŸ’Ύ

State Management

Terraform keeps track of your infrastructure state to ensure consistency and enable updates.

☁️

AWS Best Practices

Deploy multi-AZ networking with isolation between public and private resources.

πŸŽ“ Learning Objectives

  • Understand HCL (HashiCorp Configuration Language) syntax and file structure.
  • Configure AWS Providers and resource dependencies.
  • Implement VPC, Subnets, Internet Gateway, and NAT Gateway.
  • Master the Terraform workflow: Init, Plan, Apply, and Destroy.
  • Learn state management and troubleshooting principles.
Lab Stats:
  • Estimated Time: 90 - 120 Minutes
  • Difficulty: Intermediate
  • Resources: ~15 AWS Resources

πŸ—οΈ Multi-AZ VPC Architecture

Designing for high availability and security requires a multi-AZ deployment with segregated networking tiers. Below is the architecture you will implement today.

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚                          AWS Cloud (us-east-1)                          β”‚
β”‚                                                                         β”‚
β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β” β”‚
β”‚  β”‚                    VPC: 10.0.0.0/16                               β”‚ β”‚
β”‚  β”‚                  (terraform-lab-vpc)                              β”‚ β”‚
β”‚  β”‚                                                                   β”‚ β”‚
β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”     β”‚ β”‚
β”‚  β”‚  β”‚   Availability Zone A    β”‚  β”‚   Availability Zone B    β”‚     β”‚ β”‚
β”‚  β”‚  β”‚                          β”‚  β”‚                          β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β”‚  Public Subnet     β”‚  β”‚  β”‚  β”‚  Public Subnet     β”‚  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β”‚  10.0.1.0/24       β”‚  β”‚  β”‚  β”‚  10.0.2.0/24       β”‚  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚           β”‚              β”‚  β”‚           β”‚              β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”΄β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β”‚  Private Subnet    β”‚  β”‚  β”‚  β”‚  Private Subnet    β”‚  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β”‚  10.0.11.0/24      β”‚  β”‚  β”‚  β”‚  10.0.12.0/24      β”‚  β”‚     β”‚ β”‚
β”‚  β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β”‚     β”‚ β”‚
β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜     β”‚ β”‚
β”‚  β”‚                                                                   β”‚ β”‚
β”‚  β”‚  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”         β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”       β”‚ β”‚
β”‚  β”‚  β”‚  Internet Gateway   β”‚         β”‚   NAT Gateway        β”‚       β”‚ β”‚
β”‚  β”‚  β”‚  (igw)              │────────▢│   (nat-gw)           β”‚       β”‚ β”‚
β”‚  β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜         β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜       β”‚ β”‚
β”‚  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜ β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

Resource Inventory

Resource Purpose Configuration
VPC Isolated Cloud Network 10.0.0.0/16, DNS Support Enabled
Internet Gateway External Connectivity Attached to VPC
Public Subnets DMZ Tier (Web/ALB) Map Public IP on Launch, 2 AZs
Private Subnets Application/Data Tier No Direct Inbound, 2 AZs
NAT Gateway Outbound for Private 1x Elastic IP required

πŸ“‹ Environment Setup

Required Tools:

Ensure you have the following installed before proceeding:

  • Terraform CLI (version 1.0+)
  • AWS account with IAM permissions
  • AWS CLI configured or Env variables set

1. Install Terraform

Run the following command to verify your installation:

terraform version

2. AWS Credentials

Setting up your credentials as environment variables is the most common practice:

export AWS_ACCESS_KEY_ID="your_access_key"
export AWS_SECRET_ACCESS_KEY="your_secret_key"
export AWS_DEFAULT_REGION="us-east-1"

βš™οΈ Configuration Breakdown

Terraform uses HCL files to define the desired state of your infrastructure. Select a file to review its purpose and code.

Configures the Terraform version and the AWS provider. 
Loading code...

πŸš€ The Terraform Workflow

Deploying infrastructure follows a standard lifecycle. Use these commands in sequence.

1

Initialization

Downloads providers and initializes state storage.

terraform init
2

Plan (Dry Run)

Compares desired state with current state to show proposed changes.

terraform plan
3

Apply (Execute)

Executes the plan to create or modify resources.

terraform apply -auto-approve
Critical Cleanup: Once you've verified your deployment, ALWAYS run the destroy command to avoid charges. 
terraform destroy -auto-approve

βœ… Verification Steps

After a successful apply, use these steps to verify your infrastructure.

1

Terraform Outputs

Review the calculated values generated by Terraform:

terraform output
2

AWS CLI Inspection

Confirm the VPC exists in your account:

aws ec2 describe-vpcs --filters "Name=tag:Name,Values=terraform-lab-vpc"
3

Resource Checklist

  • βœ… VPC created with 10.0.0.0/16 CIDR.
  • βœ… 4 Subnets correctly tagged (Public 1/2, Private 1/2).
  • βœ… NAT Gateway has an Elastic IP assigned.
  • βœ… Public Route Table has a default route to IGW.

πŸ”§ Common Issues

Troubleshooting Terraform often involves separating configuration errors from provider/cloud errors.

Error Category Possible Cause Resolution
Auth Errors Invalid AWS Credentials Run aws sts get-caller-identity
Provider Errors Version mismatch Run terraform init -upgrade
Resource Conflict Duplicate naming or overlapping CIDRs Check variables.tf values
State Lock Interrupted apply Wait or manually release lock via UI/CLI

πŸ’‘ Pro Debugging Tip

Enable verbose logging by setting the TF_LOG environment variable to DEBUG before running commands to see exact API requests and responses.

🧠 Knowledge Check

Test your understanding of Terraform and AWS networking basics.

0% Correct

Good job!