Goal
The goal is to create a scalable VPC to house AWS resources.
The design
As seen in the image above, I’m going for a three-tier architecture with each tier getting their own subnet. There will also be an extra subnet called reserved, which can be used for future expansions.
This subnet configuration is deployed on three different availability zones for high-availability. As of now, only the web subnet is connected to an internet gateway for public access.
Once more design considerations come in, security group rules will define the connectivity across subnets (ex: db -> app -> web as a unilateral traffic direction).
Implementation Notes
This is one of those labs where the code speaks for itself — they’re just mapping of the resources into Terraform code. Still, here are a couple of thoughts I had while writing the code:
- I moved the existing EC2 instance from Ubuntu to Amazon Linux as it’s the assumed default for most AWS documentation. I’ve used both with great success, I just thought it would be faster to prototype with Amazon Linux.
- I installed Apache and configured a “Hello World” page to quickly verify the instance’s connectivity. I achieved this by attaching a user data script.
- The subnet Terraform code can be shortened by using loops, but I find it easier and clearer to read when each subnet has their own resource block. My reasoning is that these subnets will probably see little to no change in the future, so optimizing for readability rather than brevity is the right choice.
Conclusion
In this lab, I built a scalable VPC that uses the three-tier architecture and can accommodate a reasonable amount of future requirements. I also moved the existing EC2 instance to Amazon Linux and deploy it inside one of the public subnets, which in turn makes it publicly accessible.
The source is available at the feature/011-vpc branch.