Building a scalable web site using AWS/Docker/Terraform

In the past I have written pots about using infrastructure as code to deploy your web applications in a repeatable and controllable fashion using the concept of infrastructure as code. Today I would like to give a concrete example of how this is done using word press deployed to AWS.

In the first section I will illustrate how to use Terraform to create the networking components required to support the environment.

We will illustrate how to define the following components as code.

  • VPC – Virtual Private Cloud
  • Subnets – both public and private in multiple availability zones.
  • DNS – Route 53 configuration
  • Security Groups
  • NAT and Internet Gateways
  • Route Tables


By the end of this post you should be able to use Terraform to apply the above configuration and deploy a test EC2 instance to the environment.


In order to complete this you will need to register a DNS name at your registrar of choice. For this demo I registered at for $7.99. After you apply the configuration using Terraform to AWS you can go back to your registrar and update the provided DNS servers.


The terraform scripts are divided into sections based on Amazon services.  The complete scripts are available


The first component to setup is a VPC or Virtual Private Cloud.  The VPC is used as a networking container to deploy your resources such as EC2 instances, Load Balancers, RDS instances into. They control networking ingress and egress via Security Groups or Network ACLs and provide routing rules for networking traffic.

The first resource is the VPC.  We must define a CIDR block.  In addition we would like DNS hostnames to be automatically assigned to new instances.

Next we will define four subnets.  Two public and two private.  The public subnets will be internet facing while the private subnets will be only accessible from within the VPC. We use Terraform’s capability to look up availability zone names so that they are not hard coded if we decide to deploy the configuration to a different region.

We will also need a NAT gateway and a Internet Gateway.  These will provide inbound and outbound connectivity for the public subnets and outbound access for the private subnets. The NAT gateway requires us to provision a elastic IP address.

Lastly we will create some route tables and assign them to the appropriate subnets.

Route 53

Now that we have the VPC setup we can move onto Route 53.  We will need to create a zone for the domain. We will also ask Terraform to output the 4 name servers that amazon has assigned.

Security Groups

For now we will go ahead and create two security groups.  One for web traffic and one for database traffic.  The web traffic group will allow ingress on ports 80,443 and 22.  The db traffic group will allow ingress on ports 3306 and 22 but only from instances assigned to the web traffic group.  This will ensure all ingress to the DB is from our web tier.

Now that we have completed the configuration we can go ahead and apply the Terrforam configuration. using

After the process is complete we can head on over to our domain registrar and update the outputted nameserver addresses.


In the next article we will learn how to launch an RDS to support our website as well as configure an EC2 instance to run WordPress on.

Continued in Part 2: adding RDS and WordPress

You may also like...

2 Responses

  1. August 11, 2017

    […] my last post I talked about using Terraform to use infrastructure as code principles to create a VPC environment […]

  2. August 13, 2017

    […] Setting up a VPC In this part we will setup the basic amazon infrastructure including VPCs, Subnets, and NAT Gateways. […]