Skip to content

Instantly share code, notes, and snippets.

@wingleungchoi
Last active October 2, 2023 16:32
Show Gist options
  • Save wingleungchoi/cc29d0f97abdbe89a667a852acf1e3cd to your computer and use it in GitHub Desktop.
Save wingleungchoi/cc29d0f97abdbe89a667a852acf1e3cd to your computer and use it in GitHub Desktop.
Reminder for myself

I am new to terraform and AWS networking. I have the following tips. Hope people may find them useful.

  • Draw your AWS Architecture Diagram
    • which provides an anchor and north star during builing your infrastructure
  • Need to create internet gateway for new created VPC.
    • It is because default VPC in AWS comes with default internet gateway.
    • but new created VPC does not have default internet gateway.
  • Need to create NAT gateway for resources (e.g. ec2) in private subnets to access internet (egress traffic)
    • note: egress traffic means internet requests FROM the resources
  • Need to create security group for resources in private subnet
    • which can allow egress traffic through NAT
    • which can allow ingress traffric from other resources in public and/or private subents
  • LB needs to live at least 2 AZ
    • required by AWS
    • ref ... ensure that the load balancer can continue to route traffic
  • In order to allow resoruces in public subents to access those in private subnets
    • route table and security groups are the only two things needed
  • in case, there are timeout during terraform destroy
    • it could be due to deletion protection
    • e.g. disable_api_termination in aws_instance
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment