Capstone Project

Designing and deploying a custom VPC for a Mul9-Tier Web

Applica9on to be hosted inside AWS

Resources to be built:
• Custom VPC in AWS
• 4 subnets, 2 public and 2 private
• Internet Gateway to be created and a?ached to the VPC
• 2 EBS backed EC2 instances (Instance A and Instance B)
• 2 security groups WebSG and ALBSG
• A target group WebTG
• An applicaIon load balancer WebALB

Things to think about:

• Do you need one or more route tables? Why?
• How will the instances of the private subnet(s) connect to the internet and AWS
services?
• Can you place the Web/App Ier instances in private subnets 1 and 2?
 • If you are to create the database, will you create it in private subnets or public subnets?
Why?
• What is required to connect to the database from your applicaIon Ier?

Required Steps:

Design a soluIon for a mulI-Ier web applicaIon that will be deployed in a custom AWS VPC.
Create a custom VPC with CIDR block 10.0.0.0/16 with:
• Two Public subnets in two different Availability Zones, US-east-1a and us-east-1B in US-
east-1 region.
Ø Use 10.0.10.0/24 and 10.0.20.0/24 ranges for these two subnets.
• Two Private subnets in the same AZs as above.
Ø Use 10.0.100.0/24 and 10.0.200.0/24. Create a separate route table for the
private subnets.
• 2 security groups, WebSG and ALBSG
• Target Group WebTG and an ApplicaIon load balancer WebALB

• Launch two EBS-backed EC2 instances, one in each of the two private subnets above
(10.0.100.0/24 and 10.0.200.0/24).
Ø The instances will serve as the web and applicaIon Iers.
Ø The instances will have the user data script (shown in the last slide) run at launch
Ime.
Ø The security group assigned to the instances should use the name webSG and
must allow ports ssh (22), h?p (80) and h?ps (443) in the inbound direcIon.

# The bash script (user data) to use for this hands on lab
#Web/app instance 1:

#!bin/bash
yum update -y
yum install h?pd -y # installs apache (h?pd) service
systemctl start h?pd # starts h?pd service
systemctl enable h?pd # enable h?pd to auto-start at system boot
echo " This is server *1* in AWS Region US-EAST-1 in AZ US-EAST-1B " >
/var/www/html/index.html
#Web/app instance 2:

#!bin/bash
yum update -y
yum install h?pd -y
systemctl start h?pd
systemctl enable h?pd
echo " This is server *2* in AWS Region US-EAST-1 in AZ US-EAST-1B " >
/var/www/html/index.html

• Create a target group with the name webTG and add the two applicaIon instances to it.
• The target group will use the port 80 (HTTP) for traffic forwarding and health checks.
• Launch an applicaIon load balancer (WebALB) that will load balance to these two
instances using HTTP.
Ø The applicaIon load balancer must be enabled in the two public subnets you
have configured above.

• Adjust the security group of the web/app instances to allow inbound traffic only from
the applicaIon load balance security group as a source.
• The ALB security group (ALBSG) must allow outbound h?p to the web/app security
group (webSG)
• The ALBSG must allow inbound traffic from the internet on port h?p.
• Configure a target tracking auto scaling group that will ensure elasIcity and cost
effecIveness. The Auto Scaling group should monitor to the two instances and be able
to add instances on-demand and replace failed instances.
• Test to ensure that you can get to the index.html message on the instances through the
load balancer. If it works, congratulaIons on finishing this amazing project on AWS.
• Once completed successfully, please remember to destroy your deployed resources to
avoid any surprise charges.