Connectivity between a Public Wordpress and a Private Database over the AWS Instance !
This article is about setting the Wordpress in the public subnet so that it can be accessed by our clients whereas its backend ie. the database, which is to be kept secure and inaccessible by the clients, in the private subnet and showing connectivity between them.
This setup is entirely setup on the AWS cloud using a very powerfull tool for IAAC ie. Terraform. Terraform is a highly demanded tool that is used for provisioning and managing any cloud, infrastructure, or service.
Let us start by creating the code for this infrastructure ::
Setting the Provider : Profile is set so that the Terraform code automatically picks up credentials from the local system. Also, we specify the cloud provider. It is important to specify the cloud provider since the Plugins are to be downloaded for the perticular cloud provider. These plugins are the one which makes terraform intelligent.
Creating our own VPC : aws_vpc is the resource available in AWS for creating a vpc. cidr-block is a required parameter and specifies the IP range for the VPC. enable_dns_support is an optional parameter which is a boolean flag to enable/disable DNS support in the VPC and defaults true. enable_dns_hostname is also an optional parameter to enable/disable DNS hostnames in the VPC and defaults false.
Creating a public subnet for the Wordpress and a private subnet for the database instance : Public subnet is created so that outside world can have access to your instance whereas private subnet is created when our application is very critical and we dont want our instance with that critical application to be exposed to the outside worl . The thing that you need to Remeber is that the subnet range should be inside the vpc range only.
Internet Gateway, Route Table and Route Association
Creating internet gateway : What is an internet gateway? An internet gateway is a virtual router you can add to enable direct connectivity to the internet. Resources that need to use the gateway for internet access must be in a public subnet and have public IP address. Each public subnet that needs to use the internet gateway must have a route table route that specifies the gateway as the target. This internet gateway resource uses vpc_id as a parameter which specifies that we want our internet gateway in the same vpc that we just created.
Then we have created a Route Table which uses the Internet Gateway.
Then we finally associate the Route Table with the Public Subnet using its ID.
Lets have a look at the code for the same.
NAT Gateway, Route Table and Route Association
NAT Gateway is used for the situations where we want our instance to go to the internet and we dont want that the outside traffic from the public world to access our instance.
For NAT Gateway we first create a EIP ie. ELASTIC IP. An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. We need to launch the NAT Gateway in the public subnet. WHY?? NAT Gateway takes the instance out to the Public World and only Public Subnet has this ability. So NAT Gateway is always launched in the Public Subnet.
Then, similarly as we did in the internet gateway we create a route table and route table association for the NAT Gateway as well.
Now let us jump on to create our mysql instance:
Configuring Security groups: We configure security group for our private instance where we allow only port 3306 which is important for mysql for ingress and all ports for egress. Egress is used to setup for the outbound traffic. Ingress is the traffic coming to our websites.
Configuring MySQL ec2 instance:
For configuring Mysql instance we specified the AMI , the instance type to be used, the security group and the private subnet id . A key , which would be used for the connection purposes. Here all the commands that were to be used for the configuration of database inside the instance are passed using the “user_data”. We aren’t doing remote exec here because for that we will have to open port 22 for SSH which will be unsafe for the Database Instance.
Now we move on and create our wordpress instance:
Configuring Security groups:
I have kept 2 ports open : SSH, and HTTP. SSH for connecting to the remote instance so that we can configure the instance to use it as WordPress. HTTP so that our clients can connects to the website.
Egress has been set to all ports so that our website can reach out to the public world.
Configuring Wordpess ec2 instance:
Firstly, we select the image that we would like to use for our instance i. Amazon Linux 2. Then specify the subnet, key, security group and other required parametres. Then we establish a connection with the launched instance using the ssh protocol beacause we would like to run commands for setting up th wordpress database as the mysql instance. Because of this our resource contains a depends_on option which specifies mysql instance.
Then created a null resource which would execute our commands remotely. Here the commands are setting up docker inside the instance and launching a container with required database information passed as environmental variables.
Also, Opens on Chrome automatically when infrastructure is setup
As soon as the connection is established between the two instances this resources opens up the webpage automatically on our screens.
As you can observe the output that 2 instances: wordpress and mysql have been setup. further if you access the public IP provided for the wordpress instance you would land up to the wordpress page .
Since we have deployed my own MySQL Database, it is important to check whether or not WordPress is using our database or not. To prove this there are multiple ways:
- Going inside the MySQL Database and checking if the WordPress site has created some tables or not.
This can’t be done because there is no way to go inside the MySQL Database. This can be done only if either SSH is allowed on the instance and it is in the Public Subnet. But for Security reasons, I have closed port 22 — SSH.
2. Check the settings of WordPress Site and match the Private IP of the database it is using with the EC2 Instance I launched.
The Database IP of the WordPress Site and the Private IP of the EC2 Instance is the same. So WordPress site is using our Database.
Thats all !! Do leave your valuable feedbacks . For any queries or correction feel free to contact.