Hi Team,
I have purchased, Kodekloud pro account for playgrounds. I really not happy with playgrounds. when try to practice AWS, Azure, or Gcloud a lot of restrictions. Even simple thing lot of issue.
Now i tried to practice one small demo to create VPC,subnets and NAT gateway using terraforms. AWS is throwing below error.
==============================================================
Error: creating EC2 NAT Gateway: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: KqxMWt5glbneRLd7gR5f0amap0PUkGeINk_TE5fO48ljn0oyy94WeqS5NWbkNzTn7ihPzPsg0eUfTuXhDqRDHBDdscOdVaBwit7C2DcyoFCDR_NHn2NUWyF4BCYDnvJqJzlPMmLGNLY_czH90I924eX0y-7vQwR2LcYTJfTgxT_SLvW7Cn917nPJA904gYn7X8BB-qdxUGG3GBB_wqEiOexayBelFuniY4R7sDmiZRXbsnGP-ze6OETynnmrAB0q72TeT0S1WApgvmNWxigwKrr6ZEFYcLd9kfKkCzsZ3s-FLUM6-uH0ka29prRo3CMr5fofE4WXVQOP4VpipoJZrAiQ7vLx-cMtHMkLy7bTouL-TCM7ij52CeDogQS6OUaETclfxoMQmE6d-pDb-oWE2bn-Pdh2tL04XMyqpBhcT25uncGsfVlR7qh7kKf8IOm9wPjmJdNv4v8PQhSjAK3EQAfM5vvSpo-mB0feXeatVyll1doTRLOBJualpszsyB7fC3h2EEs9Hs8aaQxlcvxSKcLiW75IJWiWAH1sOiEQzi6vZJrm4acOvzRzrRNe_CC2rcFtatkVZh25PSNmg36HS3J5fP3J1Pn07w1RHwmAwKqTZu2zQERevVJOwxyHk4ZdxFuSk81-4pZ8i8bNjOUXFOQvuPW1fFD4ghFrb-gFA3AzFsVG8z7AwOCHnngsMnTKY5o_Ca-nwyp7_rwgD0Vo5xEszCwGRbiGjFJC9u1po4lDuD2vM-dIswyQRT0oewThVxNwLgYehe1XdXue-Pnzu20qDePUbwmOFm_oAEGJ46GvMGzd_KieWghSfjocKCbp_IdPTdIQ1OZwnKMHA8mktGpZMNIXSINLBh1YwU-ZlhDT_-U93v05T4ZE4GcZdln5Ay6FSMBMINVIvWSTqUlVyC40YLkQBFCGbLU5SU5-hO990L6CVmPAFtHNQq2cz3dndtyz65bJvFa60Zsk-Mpifdl_oMiI5_SZ-fQAH2WocEp1Txio6XUdzYBZifDUd2jgLud7dnAhnJ-ZkEilmq3stxvxJIEH-TisuHWn3SB5iFZf_891N13FT5cBrC_8ILhovckKT2h6vnY3ssXVjw79fFA1x-Q
│ status code: 403, request id: c6d650c7-66c1-4451-a2c2-5c9f6fd612a9
│
│ with aws_nat_gateway.nat_gateway,
│ on vpc.tf line 59, in resource “aws_nat_gateway” “nat_gateway”:
│ 59: resource “aws_nat_gateway” “nat_gateway” {
│=====================================================================
provider.tf
terraform {
required_providers {
aws = {
source = “hashicorp/aws”
version = “4.65.0”
}
}
}
provider “aws” {
Configuration options
region = “us-west-2”
}
=========================================
vpc.tf
resource “aws_vpc” “main” { # this name belongs to only terraform
cidr_block = “10.0.0.0/16”
instance_tenancy = “default”
tags = {
Name = "automated-vpc" # this name belongs to AWS
}
}
resource “aws_subnet” “public_subnet” {
vpc_id = aws_vpc.main.id #it will fetch vpc id from above code
cidr_block = “10.0.1.0/24”
tags = {
Name = “public-subnet-automated-vpc”
}
}
resource “aws_subnet” “private_subnet” {
vpc_id = aws_vpc.main.id #it will fetch vpc id from above code
cidr_block = “10.0.2.0/24”
tags = {
Name = “private-subnet-automated-vpc”
}
}
resource “aws_internet_gateway” “automated-igw” {
vpc_id = aws_vpc.main.id #internet gateway depends on VPC
tags = {
Name = “automated-igw”
}
}
resource “aws_route_table” “public-rt” {
vpc_id = aws_vpc.main.id
route {
cidr_block = “0.0.0.0/0”
gateway_id = aws_internet_gateway.automated-igw.id
}
tags = {
Name = “public-rt”
}
}
#private route table is depends on NAT
NAT depends on elastic IP
resource “aws_eip” “auto_eip” {
tags = {
Name = “auto_eip”
}
}
resource “aws_nat_gateway” “nat_gateway” {
allocation_id = aws_eip.auto_eip.id
subnet_id = aws_subnet.public_subnet.id
tags = {
Name = “automated-NAT”
}
To ensure proper ordering, it is recommended to add an explicit dependency
on the Internet Gateway for the VPC.
depends_on = [aws_internet_gateway.automated-igw]
}
resource “aws_route_table” “private-rt” { #for private route we don’t attach IGW, We attached NAT gateway
vpc_id = aws_vpc.main.id
route {
cidr_block = “0.0.0.0/0”
gateway_id = aws_nat_gateway.nat_gateway.id
}
tags = {
Name = “private-rt”
}
}
resource “aws_route_table_association” “public” {
subnet_id = aws_subnet.public_subnet.id
route_table_id = aws_route_table.public-rt.id
}
resource “aws_route_table_association” “private” {
subnet_id = aws_subnet.private_subnet.id
route_table_id = aws_route_table.private-rt.id
}