Updated on 2024-11-26 GMT+08:00

Configuring the Network

Application Scenario

Before creating your VPCs, determine how many VPCs, the number of subnets, and what IP address ranges or connectivity options you will need. For details about network planning, see VPC Best Practices.

In this topic, you will create a VPC to host web applications or websites. This VPC uses the private CIDR block 192.168.0.0/16 and is divided into three subnets for web, application, and database servers. In addition, servers are arranged into different security groups with targeted access control rules configured.

Procedure

  1. Create a VPC and three subnets.

    1. Create the network.tf file, enter the following information, and save the file:
      resource "huaweicloud_vpc" "vpc" {
        name = "vpc-web"
        cidr = "192.168.0.0/16"
      }
      resource "huaweicloud_vpc_subnet" "subnet1" {
        name       = "subnet-web"
        cidr       = "192.168.10.0/24"
        gateway_ip = "192.168.10.1"
        vpc_id     = huaweicloud_vpc.vpc.id
        dns_list   = ["100.125.1.250", "100.125.129.250"]
      }
      resource "huaweicloud_vpc_subnet" "subnet2" {
        name       = "subnet-app"
        cidr       = "192.168.20.0/24"
        gateway_ip = "192.168.20.1"
        vpc_id     = huaweicloud_vpc.vpc.id
        dns_list   = ["100.125.1.250", "100.125.129.250"]
      }
      resource "huaweicloud_vpc_subnet" "subnet3" {
        name       = "subnet-db"
        cidr       = "192.168.30.0/24"
        gateway_ip = "192.168.30.1"
        vpc_id     = huaweicloud_vpc.vpc.id
        dns_list   = ["100.125.1.250", "100.125.129.250"]
      }
      Table 1 Parameter description

      Resource Name

      Parameter

      Description

      huaweicloud_vpc

      name

      VPC name.

      • Value: a string of 1 to 64 characters that can contain letters, digits, underscores (_), hyphens (-), and periods (.)
      • Constraints: A VPC name must be unique under a tenant.

      cidr

      Available subnets in the VPC. The value must be in CIDR format, for example, 192.168.0.0/16.

      huaweicloud_vpc_subnet

      name

      Subnet name.

      • Value: a string of 1 to 64 characters that can contain letters, digits, underscores (_), hyphens (-), and periods (.)

      cidr

      CIDR block of the subnet.

      • Value: a CIDR block in the range allowed in the VPC
      • Constraints: The value must be in CIDR format. The subnet mask length cannot be greater than 28 bits.

      gateway_ip

      Subnet gateway address.

      vpc_id

      ID of the VPC to which the subnet belongs. The value is referenced from huaweicloud_vpc.vpc.id.

      dns_list

      Addresses of DNS servers on the subnet. If this parameter is not specified, the value is left blank by default. For details about private DNS server addresses, see What Are the Private DNS Server Addresses Provided by the DNS Service?

    2. Run terraform init to initialize the environment.
    3. Run terraform plan to view resources.
    4. After you confirm that the resource information is correct, run terraform apply to start VPC and subnet creation.
    5. Run terraform show to view the created VPC and subnets.

  2. Create a security group and add a rule to it.

    1. Add the following information to the network.tf file:
      resource "huaweicloud_networking_secgroup" "mysecgroup" {
        name                 = "secgroup"
        description          = "My security group"
        delete_default_rules = true
      }
      resource "huaweicloud_networking_secgroup_rule" "secgroup_rule" {
        direction         = "ingress"
        ethertype         = "IPv4"
        protocol          = "tcp"
        port_range_min    = 22
        port_range_max    = 22
        remote_ip_prefix  = "0.0.0.0/0"
        security_group_id = huaweicloud_networking_secgroup.mysecgroup.id
      }
    2. Run terraform plan to view resources.
    3. After you confirm that the resource information is correct, run terraform apply to start security group and rule creation.
    4. Run terraform show to view the created security group and rule.