Resource mapping shows how it works and what created after doing all stuff
VPC (10.0.0.0/16)
├── Private Subnet (10.0.0.0/24) → No internet access
├── Public Subnet (10.0.2.0/24) → Has internet access
├── Internet Gateway → Connects VPC to internet
└── Route Table → Public Subnet → IGW → Internet
10.0.0.0/16 → VPC range (large - 65,536 IPs)
10.0.1.0/24 → Subnet range (small - 256 IPs)
0.0.0.0/0 → All internet traffic (any IP)
Rule: Subnets must be within VPC CIDR range
provider "aws" {
region = "eu-north-1"
}
# -----------------------------------------------
# STEP 1: Create VPC
# Like creating your own private network in AWS
# Manual: VPC → Create VPC → add CIDR
# -----------------------------------------------
resource "aws_vpc" "my-vpc" {
cidr_block = "10.0.0.0/16" # IP range for entire network
tags = {
Name = "my-vpc"
}
}
# -----------------------------------------------
# STEP 2: Create Private Subnet
# Internal only - no internet (for DB, backend)
# Manual: Subnet → Create → pick VPC → add CIDR
# -----------------------------------------------
resource "aws_subnet" "private-subnet" {
cidr_block = "10.0.0.0/24" # IP range within VPC
vpc_id = aws_vpc.my-vpc.id # Which VPC it belongs to
tags = {
Name = "private-subnet"
}
}
# -----------------------------------------------
# STEP 3: Create Public Subnet
# Internet accessible (for web servers, LBs)
# -----------------------------------------------
resource "aws_subnet" "public-subnet" {
cidr_block = "10.0.2.0/24" # Different range from private
vpc_id = aws_vpc.my-vpc.id
tags = {
Name = "public-subnet"
}
}
# -----------------------------------------------
# STEP 4: Create Internet Gateway
# Door between your VPC and the internet
# Manual: IGW → Create → Actions → Attach to VPC
# -----------------------------------------------
resource "aws_internet_gateway" "my-igw" {
vpc_id = aws_vpc.my-vpc.id # Attach to VPC directly in Terraform
tags = {
Name = "my-igw"
}
}
# -----------------------------------------------
# STEP 5: Create Route Table
# Rules for traffic - where should it go?
# cidr 0.0.0.0/0 = all internet traffic → send to IGW
# Manual: Route Table → Create → Edit Routes → add IGW
# -----------------------------------------------
resource "aws_route_table" "my-rt" {
vpc_id = aws_vpc.my-vpc.id
route {
cidr_block = "0.0.0.0/0" # All internet traffic
gateway_id = aws_internet_gateway.my-igw.id # Send it to IGW
}
}
# -----------------------------------------------
# STEP 6: Associate Public Subnet with Route Table
# Links public subnet to route table → gives it internet
# Private subnet not associated = no internet
# Manual: Route Table → Subnet Associations → Edit
# -----------------------------------------------
resource "aws_route_table_association" "public-sub" {
route_table_id = aws_route_table.my-rt.id # Which route table
subnet_id = aws_subnet.public-subnet.id # Which subnet
}
# -----------------------------------------------
# STEP 7: Launch EC2 Instance in Public Subnet
# subnet_id puts it inside our public subnet
# Without subnet_id → goes to default VPC
# -----------------------------------------------
resource "aws_instance" "myserver2" {
ami = "ami-0c83cb1c664994bbd"
instance_type = "t3.nano"
subnet_id = aws_subnet.public-subnet.id # Place inside public subnet
tags = {
Name = "SampleServer"
}
}
Public Subnet → Route Table has IGW → Internet
Private Subnet → No route table attached → No Internet
0.0.0.0/0 in route?