- This project demonstrates how to create a VPC that can be used for server in a production environment
- To improve resiliency, Deployed the server in two availability Zones, by using an Auto Scaling group and an Application Load Balancer.
- The servers receive request through the load balancer. The server can connect o the internet by using a NAT gateway. To improve resiliency, deployed the gateway in both Availability Zones.
- The servers run in the private subnets, are launched and terminated by using an Auto Scaling group, and receive traffic from the Load Balancer.
- Select option - VPC and more
- Name the VPC
- Number of Availability Zones - 2 (for High Availability)
- Number of Public Subnet - 2
- Number of Private Subnet - 2
- Number of NAT Gate - 1 per AZ (For masking of application IP addresses)
- VPC endpoints - None (As Database is not required – 2 Tier Application)
Now we will Create Auto Scaling Group and for creating Auto Scaling Group we need to create Launch template as Launch template is used as reference for creation of instances in future during downtime
- Search for EC2
- Search for Auto Scaling Group
- Click on Create Launch Template
- Name the Template
- Provide Description
- Choose Operating System as Ubuntu (For Linux based applications)
- Choose Instance Type (As per Requirements) I am using t2 micro (free tier applicable)
- Key Pair (For Login Authentication)
- Click Network Settings (For Creating Security Group with Inbound Rules)
- Select create security group
- Name the security group
- Provide description
- select VPC ( select VPC just created )
- security rule 1 = Type ssh, Port 22, Source Type anywhere (for SSH login)
- security rule 2 = Type Custom TCP, Port 8000, Source Type anywhere
- Hit Create
Step 1 -
- Name the auto scaling group
- Select the launch template we have just created
- Hit next
Step 2 –
- Choose VPC last created
- Choose the private subnet of both the AZ ( As application needs to be in private )
- Hit next
Step 3 –
- I have not attached any load balancer at Auto Scaling Group private subnet for applications
- Health check is Okay
- Hit next
Step 4
- Desired capacity – 2
- Minimum capacity – 1
- Maximum capacity – 4 (if traffic increases for applications it can expand up to 4 machines)
- Scaling policies – None
- Hit next
Step 5
- Here we can use SNS for notification about machine if added or terminated (I have not used SNS in this project)
- Hit next
Step 6
- Here we can use tags for using this Auto Scaling Group in future (I am using tags in this project )
- Hit next
Step 7
- Review all the configurations of tha Auto Scaling Group
- Hit Create Auto Scaling Group
Now check EC2 instance if Auto Scaling Group have created 2 instances in the selected subnet at step 2 of Auto Scaling Group Creation
After checking the subnets, we will install the applications in both the private instances
For installing applications, we need to connect the private application server. To connect the private server, we need to create Bastion Host ( As public IP is not present to SSH the private application server ) For creating Bastion Host, we will Create an EC2 instance
- Name instance Bastion Host
- Select the image ubuntu (For Linux based applications )
- Instance type – t2 micro
- Select Key pair to ssh connect the Bastion Host
- Network setting - select the same VPC as created above
- Add security group which allow SSH connect to Bastion Host
- Enable assign public IP
- Hit Launch Instance
- scp -i /path/key-pair-name.pem /home/ubuntu/key.pem ubuntu@IP ADDRESH:/home/ubuntu
- ssh -i /path/key-pair-name.pem instance-user-name@instance-public-ip-address
After establishing the connection with Bastion Host, we will connect to the private application server
Check if the pem file is present or not by using ( ls )command
- ssh -i /path/key-pair-name.pem instance-user-name@instance-private-ip-address
- Make a simple vim file ( vim index.html )and write this simple html code <! DOCTYPE html>
-
then run the python command at port 8000
-
python3 -m http.server 8000
- Select application load balancer
- Name the load balancer
- Select – Internet facing
- Select IPV4
- Select VPC which is created above
- Select both the Availability Zones only with public subnet
- Select Security Group with Port 80 from anywhere
- Select instance
- Name the target group
- Select HTTP port 8000
- Hit next
Port for selected instance – 8000 Click – Include as pending below
- Hit Create Target Group
Add this target group to the Load Balancer
- Select protocol – HTTP
- Open port – 80
- Select Default action – VPC created above
Hit create Load Balancer
Now Go to the Load Balancer – If its showing error for port 80 then change the security group and allow HTTP ,TCP,80,Anywhere