I am new to terraform and AWS networking. I have the following tips. Hope people may find them useful.
- Draw your AWS Architecture Diagram
- which provides an anchor and north star during builing your infrastructure
- Need to create internet gateway for new created VPC.
- It is because default VPC in AWS comes with default internet gateway.
- but new created VPC does not have default internet gateway.
- Need to create NAT gateway for resources (e.g. ec2) in private subnets to access internet (egress traffic)
- note: egress traffic means internet requests FROM the resources
- Need to create security group for resources in private subnet
- which can allow egress traffic through NAT
- which can allow ingress traffric from other resources in public and/or private subents
- LB needs to live at least 2 AZ
- required by AWS
- ref
... ensure that the load balancer can continue to route traffic
- In order to allow resoruces in public subents to access those in private subnets
- route table and security groups are the only two things needed
- in case, there are timeout during terraform destroy
- it could be due to deletion protection
- e.g. disable_api_termination in aws_instance