22/7/2021 AWS Labs

Architecting on AWS - Lab 2 -

Deploying a WEB Application on
AWS
AWS Solutions Architect Labs

Main Page Lab 1 Lab 2 Lab 3 Lab 4 Lab 5 Lab 6

Open Console LAB OVERVIEW

Windows users use Google Chrome or Mozilla Firefox as your

Connection Details web browser for this lab. The lab instructions are not compatible
with Microsoft Internet Explorer because of a difference in the
Region (Oregon) Amazon Relational Database (Amazon RDS) console.

us-west-2 Traditional methods of deploying web servers and Configuring

security are complex and often involve multiple teams and long
delays. Forntunately, it is quick and easy to deploy secure
infrastructure in the AWS Cloud.

In this lab, you configure security groups, create an Amazon

Relational Database Service (Amazon RDS) database, launch a
web application server with Amazon Elastic Compute Cloud
(Amazon EC2), and test a web application. The following image
shows the final architecture:

https://labs.netec.com/pages/lab2.html 1/14
22/7/2021 AWS Labs

OBJECTIVES
After completing this lab, you will be able to:

Launch a database using Amazon RDS.

Launch an application server using Amazon EC2.
Automatically install an application on an EC2 instance.

DURATION

This lab requires approximately 30 minutes to complete.

START LAB
This starts the process of provisioning your lab resources. An
estimated amount of time to provision your labs resources is
displayed. You must wait for your resources to be provisioned
before continuing.

https://labs.netec.com/pages/lab2.html 2/14
22/7/2021 AWS Labs

Open the AWS Console with the green button to the left of
this page.

On the login page, place the User assigned for the course

In the Password section paste the password assigned for the

course

Click "Sign in"

Congratulations you have logged in.

Click on the only account that appears in the user interface.

Select the name of the account and the list of labs will appear.

NOTE: Don’t try to change the password or the user.

NOTE: Do not change the Region unless instructed.

TASK 1: CONFIGURING SECURITY

You should implement security at every layer of your architecture in

the application, on the server, within the network, and when
connecting to the internet.

In this task, you define security groups for the Amazon EC2
application server and Amazon RDS database instance. The
following diagram shows these security groups and how traffic will
follow:

A security group acts as a virtual firewall that controls the traffic for
one or more instances, you Associate one or more security groups
with the instance. You add rules to each security group, and these
rules allow traffic to or from the group’s associated instances. You
can modify the rules for a security group at any time; the new rules
are automatically applied to all instances that are associated with
the security group.

First, create the App Security Group and configure it to permit

incoming HTTP connections from the internet.

1. In the AWS Management Console, on the Services menu,

click EC2.
https://labs.netec.com/pages/lab2.html 3/14
22/7/2021 AWS Labs

2. If you see New EC2 Experience at the top-left of your

screen, ensure New EC2 Experience is selected. This lab is
designed to use the new EC2 Console.

3. In the left navigation pane, click Security Groups.

A couple existing security groups are listed you will create a new
security group for the APP Server.

4. Click Create security group

5. For Basic details, configure:

Security group name: App-SG

Description: Allow HTTP acc

VPC: Lab VPC

6. For Inbound rules, click Add rule then configure:

Type: HTTP

Source: Anywhere

7. For Tags Click Add new tag

Key Name

Value App-SG

8. At the bottom of the page, click Create security group

The security group is created. You will use this security group later
in the lab when launching the App Server.

Next, configure the Database Security Group and configure it to

permit incomming database connections from the App Server.

9. In the left navigation pane, click Security Groups

10. For Basic details, configure:

https://labs.netec.com/pages/lab2.html 4/14
22/7/2021 AWS Labs

Security group name: DB-SG

Description: Allow DB access

VPC: Lab VPC

11. For Inbound rules, click Add rule then configure:

Type: MYSQL/AUROR

Source: Click inside the text field. Type the letters "sg" (just

the letters) and choose the APP-SG

12. For Tags Click Add new tag

Key Name

Value DB-SG

13. At the bottom of the page, click Create security group.

This configuration means that the Database Security Group (DB-

SG) is permitting inbound access from the Application Security
Group (App-SG), as shown in the following diagram:

When you created the inbound rule for the Database Security
Group, notice that you used the Application Security Group ID as
the source. The ability for one security group to refer to another
security group is a powerful capability. It means that you can grant
additional EC2 instances to have access to the database by
associating them with the Application Security Group. Any instance
associated with the Application Security Group will then be

https://labs.netec.com/pages/lab2.html 5/14
22/7/2021 AWS Labs

permitted to communicate to the database (more accurately, to any

database Associate with the Database Security Group).

You will use the new Database Security group in the next task.

TASK 2: CREATING AN AMAZON RDS DATABASE

Traditionally, creating a database can be a complex process,

requiring either a database Administrator or Systems Administrator.
In the AWS Cloud, using the Amazon Relational Database Service
(Amazon RDS) helps to simplify this process.

In this task, you create a MySQL database in your virtual private

cloud (VPC). MySQL is a popular open-source Relational database
management system (RDBMS) with no software licensing fees.

Windows users use Google Chrome or Mozilla Firefox as your

web browser for this lab. The lab instructions are not compatible
with Microsoft Internet Explorer because of a difference in the
Amazon Relational Database (Amazon RDS) console.

14. In the AWS Management Console, on the Services menu,

click RDS

15. Click Create database

Note: If a banner displays with a Switch to the new database

creation Flow link, click the link to switch to taht workflow

16. For Choose a database creation method, select Standard

create

17. For Engine options select MySQL

18. For Templates select Dev/Test.

You can now configure database settings, such as credentials,

instance size, and storage type and amount. The Multi-AZ
deployment option creates a standby instance in a different
Availability Zone to provide availability and durability. In this lab,
you will use a single database instance.

18. For Settings configure:

DB instance identifier: inventory-db

Master username: dbadmin

https://labs.netec.com/pages/lab2.html 6/14
22/7/2021 AWS Labs

Master password: lab-password

Confirm password: lab-password

19. For DB instance size configure:

Select Burstable classes (includes t classes)

Select db.t2.micro

Note: If db.t2.micro is not visible in the drop-down then enable the

Include previous generation classes button

20. For Connectivity, configure:

Virtual private cloud (VPC): Lab VPC

21. For VPC security group: Select Choose existing.

Existing VPC security groups: click the dropdown menu. Select

DB-SG to highlight it in blue and click default to remove the default
security group.

22. Expand Additional configuration, then configure:

Initial database name: inventory

Uncheck Enable automatic backups

Uncheck Enable Enhanced monitoring

Note: The Initial database name is the logical name of the

database, which the application will use.

Tip: Feel free to look at the other options displayed on the page,
but Leave them set to their default values. Options include
automatic backups, the ability to Export log files, and automatic
version upgrades. The ability to actívate such features by clicking a
box shows the power of using a Fully managed database solution
rather than having to install, backup, and maintain the database
yourself.

23. At the bottom of the page, click Create database

Note: If you receive an error message that mentions rds-

monitoring-role, confirm that you have uncheked Enable
Enhanced monitoring in the Additional configuration section.
Then, try again.
https://labs.netec.com/pages/lab2.html 7/14
22/7/2021 AWS Labs

A message displays to indicate that your database is being created.

This takes a few minutes, but you can continue to the next task.
You do not need to wait until the database is created.

TASK 3: LAUNCHING AN APPLICATION SERVER USING

AMAZON EC2

You are now ready to launch an Amazon Elastic Compute Cloud

(Amazon EC2) instance to run the application. As part of the
launch, you will provide a configuration script, which will
automatically install an application. You will also Associate the
instance with the App Security Group that you created earlier in the
lab. This will permit HTTP (web) access from the internet.

24. In the AWS Management Console, on the Services menu,

click EC2.

25. At the top-left of the screen, ensure that New EC2

Experience is selected. This lab is designed to work with the
New EC2 Console.

26. Click Launch instance and select Launch instance

STEP 1: CHOOSE AMI

Note: Examine the list of displayed AMIs, which includes multiple

versions of Microsoft Windows and Linux. These disk images are
regulary updated to incorporate security patches and software that
helps you use AWS Services. You can also create your own AMI
that includes your own data an applications, or you can select pre-
built comercial applications from the AWS Marketplace.

For this lab, the application will use the Amazon Linux 2 AMI

27. For the Amazon Linux 2 AMI, click Select

STEP 2: CHOOSE INSTANCE TYPE

Now choose an instance type, which determines the resources that

are allocated to your EC2 instance. Each instance type allocates a
combination of virtual CPUs, memory, disk storage, and network
performance.

Instance types are divided into families such as Compute

Optimized, Memory Optimized, and Storage Optimized. The
instance type name includes a family identifier, such as t2 or m4.
The number indicates the generation of the instance, so m5 is
newer than m4.

Your application will use a t2.micro instance type, which is a small

instance that can burst above baseline performance when it is
https://labs.netec.com/pages/lab2.html 8/14
22/7/2021 AWS Labs

busy. It is ideal for development, testing, and applications that have

bursty workloads.

28. Select the t2.mirco instance type

29. click Next: Configure Instance Details

STEP 3: CONFIGURE INSTANCE

Now configure instance details, such as the number of instances to

launch and the network configuration. To view a description of each
field, hover on the information icons.

You will launch the instance in a public subnet within the Lab VPC
network.

30. Configure these settings:

Network: Lab VPC

Subnet: (Note: Ensure it is Public, not Private)

Public Subnet 1

IAM role: Inventory-App-R

Inventory-App-Role has the following policy attached, which grants

permissions to applications running on the instance to make
requests to AWS services:

"Version": "2012-10-17",

"Statement": [

"Action": "ssm:*",

"Resource":
"arn:aws:ssm:*:*:parameter/inventory-app/*",

"Effect": "Allow"

In this case, the role grants permission to access the inventory-

app settings within the AWS Systems Manager Parameter Store,
which will be used to store configurations settings.

31. Scroll down to and expand the Advanced Details section.

Note: When you launch an instance, you can pass a configuration

script via the User data field. The script can be used to perform
https://labs.netec.com/pages/lab2.html 9/14
22/7/2021 AWS Labs

configuration tasks and install software.

Your instance is running Amazon Linux, so you will provide a shell

script that will runwhen the instance starts.

32. Copy and paste the following script into the User data field

Copy Code

#!/bin/bash

# Install Apache Web Server and PHP

yum install -y httpd mysql

amazon-linux-extras install -y php7.2

# Download Lab files

wget https://us-west-2-
tcprod.s3.amazonaws.com/courses/ILT-TF-200-
ARCHIT/v6.8.21/lab-2-webapp/scripts/inventory-app.zip

unzip inventory-app.zip -d /var/www/html/

# Download and install the AWS SDK for PHP

wget https://github.com/aws/aws-sdk-
php/releases/download/3.62.3/aws.zip

unzip aws -d /var/www/html

# Turn on web server

chkconfig httpd on

service httpd start

The script will:

Install an Apache web server (httpd) and the PHP language

Download the Inventory application and the AWS Software

Development Kit (SDK)

Activate the web server and configure it to automatically start

on boot

This type of script is an excellent way to configure a new instance

without having to log in and manually configure software. The script
also makes automation easy because a new instance can be
launched and fully configured without requiring intervention from
technical staff. On a Windows instance, you could use a
PowerShell script for configuration

33. Click Next: Add Storage

STEP 4: ADD STORAGE

At this step, you can add additional Amazon Elastic Block Store
(Amazon EBS) disk volumes and configure their size and
performance.

To view a description of each field, hover on the information icons.

You will use the default disk size, so no changes are required.
https://labs.netec.com/pages/lab2.html 10/14
22/7/2021 AWS Labs

34. Click Next: Add Tags

STEP 5: ADD TAGS

Tags allow you to categorize your AWS resources in different ways,

such as by purpose, owner, or environment. This is useful when
you have many resources of the same type-you can quickly identify
a specific resource by its tags. Each tag consists of a key and a
value, both of which you define

35. Click Add Tag then configure

Key: Name

Value: App Server

The Name tag will appear on the instance in the EC2 management
console

36. Click Next: Configure Security Group

STEP 6: CONFIGURE SECURITY GROUP

Now associate the instance with the App Security Group (App-SG)
you created earlier in the lab

37. Click Select an existing security group

38. Select App-SG

The inbound rules display and show that they permit HTTP traffic
from anywhere on the internet (0.0.0.0/0).

39. Click Review and Launch

Note: If you receive a warning that you will not be able to connect
to this instance, click Continue

STEP 7: REVIEW

40. Click Launch then configure:

Select Proceed without a key pair

Select I acknowledge that...
Click Launch Instnces

Your instance is now launching

41. At the bottom of the page, click View Instances

https://labs.netec.com/pages/lab2.html 11/14
22/7/2021 AWS Labs

The instance may appear in a pending state, which means it is

being launched. When the state changes to running, the instance
has started booting. Before you can access the instance, the
configuration script will install and configure the application.

Before continuing to the next task, wait for the instance state to
display running.

While you wait, review the information displayed on the

Description tab. It includes information about the instance type,
security settings, and network settings.

Note: The instance will start running after just a short time.
However, the status checks take a few minutes longer.

TASK 4: TESTING THE APPLICATION

You are now ready to test that the applciation is operational. You
can access the web application via the IP address of the EC2
instance.

42. In the EC2 Management Console, selects App Server

43. On the Details tab, copy the IPv4 Public IP to your clipboard

44. Open a new web browser tab, paste the IP address into the
address bar, and press ENTER

The web application appears. Very little information is displayed

because the application is not yet connected to the database.

You can now configure the application to use the Amazon RDS DB
instance you created earlier. First retrieve the Database Endpoint
so that the application knows how to connect to the database.

45. On the Services menu, click RDS

46. In the left navigation pane, click Databses

47. Click the inventory-db identifier

48. Scroll down to the Connectivity & Security section, and

copy the Endpoint to your clipboard.

It should look similar to: inventory-

db.crwxbgqad61a.rds.amazonaws.com

49. Return to the browser tab with the Inventory application

50. Click on Settings then configure

Endpoint: Paste the endpoint you copied earlier. (Step 48)

https://labs.netec.com/pages/lab2.html 12/14
22/7/2021 AWS Labs

Database: inventory

Username: dbadmin

Password: lab-password

51. Click Save

The application connects to the database, loads some initial data,

and displays information. This application allows you to add, edit, or
delete an item from a store's inventory.

The inventory information is stored in the Amazon RDS MySQL

database you created earlier in the lab. This means that, if the web
application server fails, the data will not be lost. It also means that
application servers could access the same data.

CLEAN UP RESOURCES

52. Go to Services and click on RDS.

53. In the left panel click on Databases.

54. Select in the radio button the only database called inventory-db
(Don't click on the name).

55. Click on Actions then the Delete option.

56. In the Delete inventory-db instance? uncheck the option

Create final snapshot?

57. Click on the box that says "I acknowledge that upon ..."

58. In the text box write delete me and click on the Delete button

59. Go to Services and click on EC2.

60. Select the instance named App Server in the box

61. At the top select Instance State and click Terminate Instance

62. Click on Terminate

63. In the left panel go to Network & Security click on the Security
Groups option.

64. Select in the box the name of the security groups called DB-SG
In the lower panel click on Inbound rules and Edit inbound
https://labs.netec.com/pages/lab2.html 13/14
22/7/2021 AWS Labs

rules.

65. Click Delete the rule and click the Save rules button.

66. Select in the box the name of the security groups called App-SG
and DB-SG

67. Click on Actions and click on Delete security Groups(if it

cannot be deleted, wait for the EC2 and RDS instance to be
Terminanted)

68. In the text box write delete and click Delete button

IMPORTANT: Notify your instructor that you have

finished cleaning up the resources.

CONCLUSION

¡Congratulations! You now have successufully:

Launched a database using Amazon RDS

Launched an application server using Amazon EC2
Automatically installed an application on an EC2 instance

END LAB

Click to go up

https://labs.netec.com/pages/lab2.html 14/14