# Terraform configuration to create a multi-tier VPC for a web application. # This defines a VPC, public and private subnets, an Internet Gateway, # a NAT Gateway, route tables, and security groups for a 3-tier architecture. provider "aws" { region = "us-east-1" } # --- Variables --- variable "vpc_cidr" { description = "CIDR block for the VPC" default = "10.0.0.0/16" } variable "public_subnet_cidr" { description = "CIDR block for the public subnet" default = "10.0.1.0/24" } variable "private_app_subnet_cidr" { description = "CIDR block for the private application subnet" default = "10.0.2.0/24" } variable "private_db_subnet_cidr" { description = "CIDR block for the private database subnet" default = "10.0.3.0/24" } variable "az_1" { description = "Availability Zone 1" default = "us-east-1a" } variable "az_2" { description = "Availability Zone 2" default = "us-east-1b" } # --- VPC --- resource "aws_vpc" "main" { cidr_block = var.vpc_cidr tags = { Name = "MyWebAppVPC-Terraform" } } # --- Subnets --- resource "aws_subnet" "public" { vpc_id = aws_vpc.main.id cidr_block = var.public_subnet_cidr availability_zone = var.az_1 map_public_ip_on_launch = true tags = { Name = "WebApp-Public-Subnet" } } resource "aws_subnet" "private_app" { vpc_id = aws_vpc.main.id cidr_block = var.private_app_subnet_cidr availability_zone = var.az_1 tags = { Name = "WebApp-Private-App-Subnet" } } resource "aws_subnet" "private_db" { vpc_id = aws_vpc.main.id cidr_block = var.private_db_subnet_cidr availability_zone = var.az_2 tags = { Name = "WebApp-Private-DB-Subnet" } } # --- Gateways --- resource "aws_internet_gateway" "main" { vpc_id = aws_vpc.main.id tags = { Name = "WebApp-IGW" } } resource "aws_eip" "nat" { domain = "vpc" depends_on = [aws_internet_gateway.main] } resource "aws_nat_gateway" "main" { allocation_id = aws_eip.nat.id subnet_id = aws_subnet.public.id tags = { Name = "WebApp-NAT-GW" } depends_on = [aws_internet_gateway.main] } # --- Route Tables --- # Public Route Table resource "aws_route_table" "public" { vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.main.id } tags = { Name = "WebApp-Public-RT" } } resource "aws_route_table_association" "public" { subnet_id = aws_subnet.public.id route_table_id = aws_route_table.public.id } # Private Route Table resource "aws_route_table" "private" { vpc_id = aws_vpc.main.id route { cidr_block = "0.0.0.0/0" nat_gateway_id = aws_nat_gateway.main.id } tags = { Name = "WebApp-Private-RT" } } resource "aws_route_table_association" "private_app" { subnet_id = aws_subnet.private_app.id route_table_id = aws_route_table.private.id } resource "aws_route_table_association" "private_db" { subnet_id = aws_subnet.private_db.id route_table_id = aws_route_table.private.id } # --- Security Groups --- # Web Tier SG resource "aws_security_group" "web" { name = "WebApp-Web-SG" description = "Allow HTTP/HTTPS inbound traffic" vpc_id = aws_vpc.main.id ingress { description = "HTTP from anywhere" from_port = 80 to_port = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } ingress { description = "HTTPS from anywhere" from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "WebApp-Web-SG" } } # App Tier SG resource "aws_security_group" "app" { name = "WebApp-App-SG" description = "Allow traffic from Web SG" vpc_id = aws_vpc.main.id ingress { description = "Traffic from Web Tier" from_port = 8080 to_port = 8080 protocol = "tcp" security_groups = [aws_security_group.web.id] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "WebApp-App-SG" } } # DB Tier SG resource "aws_security_group" "db" { name = "WebApp-DB-SG" description = "Allow traffic from App SG" vpc_id = aws_vpc.main.id ingress { description = "MySQL from App Tier" from_port = 3306 to_port = 3306 protocol = "tcp" security_groups = [aws_security_group.app.id] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } tags = { Name = "WebApp-DB-SG" } }