DevOps Classroom notes 31/Mar/2026

Story

You are a cloud engineer.
Today i.e. 31-March-2026

You have to create for a customer test environment
    a network
    a ubuntu linux machine
    a database (mysql)

Customer is using AWS
watch classroom recording to view
Team member makes following changes

You have to create for a customer production environment
    a network
    two ubuntu linux machine
    a loadbalancer
    a database (mysql)

Solution

The solution to this problem is automating infra management
How to manage infra
Scripts (Using CLI)

#!/bin/bash

set -e

# Variables
REGION="ap-south-1"
VPC_CIDR="10.0.0.0/16"
SUBNET_CIDR="10.0.1.0/24"
KEY_NAME="my-keypair"   # change this
DB_PASSWORD="MyStrongPass123!"  # change this

echo "Creating VPC..."
VPC_ID=$(aws ec2 create-vpc \
  --cidr-block $VPC_CIDR \
  --region $REGION \
  --query 'Vpc.VpcId' \
  --output text)

echo "VPC_ID=$VPC_ID"

aws ec2 modify-vpc-attribute --vpc-id $VPC_ID --enable-dns-support "{\"Value\":true}"
aws ec2 modify-vpc-attribute --vpc-id $VPC_ID --enable-dns-hostnames "{\"Value\":true}"

echo "Creating Subnet..."
SUBNET_ID=$(aws ec2 create-subnet \
  --vpc-id $VPC_ID \
  --cidr-block $SUBNET_CIDR \
  --region $REGION \
  --query 'Subnet.SubnetId' \
  --output text)

echo "SUBNET_ID=$SUBNET_ID"

echo "Creating Internet Gateway..."
IGW_ID=$(aws ec2 create-internet-gateway \
  --query 'InternetGateway.InternetGatewayId' \
  --output text)

aws ec2 attach-internet-gateway \
  --internet-gateway-id $IGW_ID \
  --vpc-id $VPC_ID

echo "Creating Route Table..."
RT_ID=$(aws ec2 create-route-table \
  --vpc-id $VPC_ID \
  --query 'RouteTable.RouteTableId' \
  --output text)

aws ec2 create-route \
  --route-table-id $RT_ID \
  --destination-cidr-block 0.0.0.0/0 \
  --gateway-id $IGW_ID

aws ec2 associate-route-table \
  --subnet-id $SUBNET_ID \
  --route-table-id $RT_ID

echo "Creating Security Group for EC2..."
EC2_SG=$(aws ec2 create-security-group \
  --group-name ec2-sg \
  --description "EC2 SG" \
  --vpc-id $VPC_ID \
  --query 'GroupId' \
  --output text)

aws ec2 authorize-security-group-ingress \
  --group-id $EC2_SG \
  --protocol tcp \
  --port 22 \
  --cidr 0.0.0.0/0

echo "Creating Security Group for RDS..."
RDS_SG=$(aws ec2 create-security-group \
  --group-name rds-sg \
  --description "RDS SG" \
  --vpc-id $VPC_ID \
  --query 'GroupId' \
  --output text)

aws ec2 authorize-security-group-ingress \
  --group-id $RDS_SG \
  --protocol tcp \
  --port 3306 \
  --source-group $EC2_SG

echo "Launching EC2 Instance..."
AMI_ID="ami-0f5ee92e2d63afc18"  # Ubuntu 22.04 in ap-south-1 (verify before use)

INSTANCE_ID=$(aws ec2 run-instances \
  --image-id $AMI_ID \
  --instance-type t2.micro \
  --key-name $KEY_NAME \
  --subnet-id $SUBNET_ID \
  --security-group-ids $EC2_SG \
  --associate-public-ip-address \
  --query 'Instances[0].InstanceId' \
  --output text)

echo "EC2 Instance ID: $INSTANCE_ID"

echo "Creating DB Subnet Group..."
aws rds create-db-subnet-group \
  --db-subnet-group-name my-db-subnet-group \
  --db-subnet-group-description "My DB subnet group" \
  --subnet-ids $SUBNET_ID

echo "Creating MySQL RDS Instance..."
aws rds create-db-instance \
  --db-instance-identifier my-mysql-db \
  --db-instance-class db.t3.micro \
  --engine mysql \
  --master-username admin \
  --master-user-password $DB_PASSWORD \
  --allocated-storage 20 \
  --vpc-security-group-ids $RDS_SG \
  --db-subnet-group-name my-db-subnet-group \
  --no-publicly-accessible

echo "âœ… Infrastructure creation started!"

Code based scripts (python example)

import boto3
import time

REGION = "ap-south-1"
KEY_NAME = "my-keypair"  # change this
DB_PASSWORD = "MyStrongPass123!"  # change this

ec2 = boto3.client("ec2", region_name=REGION)
rds = boto3.client("rds", region_name=REGION)

# 1. Create VPC
print("Creating VPC...")
vpc = ec2.create_vpc(CidrBlock="10.0.0.0/16")
vpc_id = vpc["Vpc"]["VpcId"]

ec2.modify_vpc_attribute(VpcId=vpc_id, EnableDnsSupport={"Value": True})
ec2.modify_vpc_attribute(VpcId=vpc_id, EnableDnsHostnames={"Value": True})

print(f"VPC_ID: {vpc_id}")

# 2. Create Subnet
print("Creating Subnet...")
subnet = ec2.create_subnet(
    VpcId=vpc_id,
    CidrBlock="10.0.1.0/24"
)
subnet_id = subnet["Subnet"]["SubnetId"]

print(f"SUBNET_ID: {subnet_id}")

# 3. Internet Gateway
print("Creating Internet Gateway...")
igw = ec2.create_internet_gateway()
igw_id = igw["InternetGateway"]["InternetGatewayId"]

ec2.attach_internet_gateway(
    InternetGatewayId=igw_id,
    VpcId=vpc_id
)

# 4. Route Table
print("Configuring Route Table...")
rt = ec2.create_route_table(VpcId=vpc_id)
rt_id = rt["RouteTable"]["RouteTableId"]

ec2.create_route(
    RouteTableId=rt_id,
    DestinationCidrBlock="0.0.0.0/0",
    GatewayId=igw_id
)

ec2.associate_route_table(
    RouteTableId=rt_id,
    SubnetId=subnet_id
)

# 5. Security Groups
print("Creating Security Groups...")

# EC2 SG
ec2_sg = ec2.create_security_group(
    GroupName="ec2-sg",
    Description="EC2 SG",
    VpcId=vpc_id
)["GroupId"]

ec2.authorize_security_group_ingress(
    GroupId=ec2_sg,
    IpPermissions=[
        {
            "IpProtocol": "tcp",
            "FromPort": 22,
            "ToPort": 22,
            "IpRanges": [{"CidrIp": "0.0.0.0/0"}],
        }
    ],
)

# RDS SG
rds_sg = ec2.create_security_group(
    GroupName="rds-sg",
    Description="RDS SG",
    VpcId=vpc_id
)["GroupId"]

ec2.authorize_security_group_ingress(
    GroupId=rds_sg,
    IpPermissions=[
        {
            "IpProtocol": "tcp",
            "FromPort": 3306,
            "ToPort": 3306,
            "UserIdGroupPairs": [{"GroupId": ec2_sg}],
        }
    ],
)

# 6. Launch EC2
print("Launching EC2 instance...")

AMI_ID = "ami-0f5ee92e2d63afc18"  # Ubuntu (verify latest)

instance = ec2.run_instances(
    ImageId=AMI_ID,
    InstanceType="t2.micro",
    KeyName=KEY_NAME,
    SubnetId=subnet_id,
    SecurityGroupIds=[ec2_sg],
    MinCount=1,
    MaxCount=1,
)

instance_id = instance["Instances"][0]["InstanceId"]
print(f"EC2 Instance ID: {instance_id}")

# Wait for EC2 to be running
print("Waiting for EC2 to be running...")
ec2.get_waiter("instance_running").wait(InstanceIds=[instance_id])

# 7. Create DB Subnet Group
print("Creating DB Subnet Group...")
rds.create_db_subnet_group(
    DBSubnetGroupName="my-db-subnet-group",
    DBSubnetGroupDescription="My DB subnet group",
    SubnetIds=[subnet_id],
)

# 8. Create RDS MySQL
print("Creating MySQL RDS instance...")

rds.create_db_instance(
    DBInstanceIdentifier="my-mysql-db",
    DBInstanceClass="db.t3.micro",
    Engine="mysql",
    MasterUsername="admin",
    MasterUserPassword=DB_PASSWORD,
    AllocatedStorage=20,
    VpcSecurityGroupIds=[rds_sg],
    DBSubnetGroupName="my-db-subnet-group",
    PubliclyAccessible=False,
)

print("âœ… Infrastructure creation started (RDS will take ~10-15 mins)")

Infra as Code: Here we describe what we want (Desired State)

provider "aws" {
  region = var.region
}

# -------------------
# VPC
# -------------------
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"

  tags = {
    Name = "main-vpc"
  }
}

# -------------------
# Subnet
# -------------------
resource "aws_subnet" "public" {
  vpc_id                  = aws_vpc.main.id
  cidr_block              = "10.0.1.0/24"
  map_public_ip_on_launch = true

  tags = {
    Name = "public-subnet"
  }
}

# -------------------
# Internet Gateway
# -------------------
resource "aws_internet_gateway" "igw" {
  vpc_id = aws_vpc.main.id
}

# -------------------
# Route Table
# -------------------
resource "aws_route_table" "rt" {
  vpc_id = aws_vpc.main.id
}

resource "aws_route" "internet_access" {
  route_table_id         = aws_route_table.rt.id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.igw.id
}

resource "aws_route_table_association" "rta" {
  subnet_id      = aws_subnet.public.id
  route_table_id = aws_route_table.rt.id
}

# -------------------
# Security Groups
# -------------------
resource "aws_security_group" "ec2_sg" {
  name   = "ec2-sg"
  vpc_id = aws_vpc.main.id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "rds_sg" {
  name   = "rds-sg"
  vpc_id = aws_vpc.main.id

  ingress {
    from_port       = 3306
    to_port         = 3306
    protocol        = "tcp"
    security_groups = [aws_security_group.ec2_sg.id]
  }
}

# -------------------
# EC2 Instance
# -------------------
data "aws_ami" "ubuntu" {
  most_recent = true
  owners      = ["099720109477"] # Canonical

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-*"]
  }
}

resource "aws_instance" "web" {
  ami                    = data.aws_ami.ubuntu.id
  instance_type          = "t2.micro"
  subnet_id              = aws_subnet.public.id
  vpc_security_group_ids = [aws_security_group.ec2_sg.id]
  key_name               = var.key_name

  tags = {
    Name = "ubuntu-ec2"
  }
}

# -------------------
# DB Subnet Group
# -------------------
resource "aws_db_subnet_group" "db_subnet" {
  name       = "my-db-subnet-group"
  subnet_ids = [aws_subnet.public.id]

  tags = {
    Name = "db-subnet-group"
  }
}

# -------------------
# RDS MySQL
# -------------------
resource "aws_db_instance" "mysql" {
  identifier              = "my-mysql-db"
  engine                  = "mysql"
  instance_class          = "db.t3.micro"
  allocated_storage       = 20
  username                = "admin"
  password                = var.db_password
  db_subnet_group_name    = aws_db_subnet_group.db_subnet.name
  vpc_security_group_ids  = [aws_security_group.rds_sg.id]
  publicly_accessible     = false
  skip_final_snapshot     = true
}

By continuous learner

devops & cloud enthusiastic learner

View all of continuous learner's posts.

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please turn AdBlock off

Animated Social Media Icons by Acurax Responsive Web Designing Company