# 🌐AWS - AWS Networking & Content Delivery - VPC'S Amazon VPC 🌐 AWS VPC is like a shielded fortress within the AWS network, providing you with a virtually isolated private network. It's as if you've brought your secure data center to the cloud! πŸ°πŸ’»πŸŒ ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697682971933/83f681ff-7b8b-4e92-9312-18361f7d14b7.png align="center") While creating a VPC following options need to be configured. **Availability Zones** πŸ™οΈ: 1. * These are distinct data centers within a region, providing redundancy and fault tolerance. Think of them as the building blocks of high availability. 2. **CIDR Blocks** πŸ“Š: * Classless Inter-Domain Routing blocks are used to define the IP address range for your VPC, much like setting the size of your territory on a map. 3. **DNS Options** 🌐: * Domain Name System (DNS) options allow you to configure how your VPC resolves domain names. It's like choosing your VPC's "language" for talking to the internet. 4. **Internet Gateway** 🌐: * This is your VPC's portal to the internet. It helps traffic flow between your VPC and the worldwide web, acting as the gateway to the online world. 5. **Name** πŸ“›: * The name of your VPC is like a label on a folder, making it easier to identify and manage within your AWS account. 6. **NAT Gateways** ⚑: * Network Address Translation (NAT) gateways are like interpreters that help your private resources communicate with the internet, enabling them to "speak the same language." 7. **Route Tables** πŸ—ΊοΈ: * Think of route tables as maps that dictate where network traffic should go. They define the pathways within your VPC. 8. **Subnets** 🏘️: * Subnets are like neighborhoods within your VPC. They divide your VPC's IP address range into smaller chunks, each with its unique characteristics. 9. **Tenancy** 🏑: * Tenancy options determine whether your instances run on shared hardware (like apartments in a building) or dedicated hardware (like your own house) within the AWS data center. Let's create and deploy the VPC and all the networking components in a real time hands-on way. The solution is comprised of the following components: Β· Β· A VPC across two Availability Zones Β· Two public web subnets, two private app subnets, and two private DB subnets Β· An Internet Gateway attached to the VPC Β· A public route table routing internet traffic to the Internet Gateway Β· Two private route tables routing traffic internally within the VPC Β· A frontend web server application Elastic Load Balancing that routes traffic to the Apache Web Servers An Auto Scaling group that launches additional Apache Web Servers based on defined scaling policies. Each instance of the web server is based on a launch template, which defines the same configuration for each new web server. Β· A hosted zone in Amazon Route 53 with a domain name that routes to the frontend web server Elastic Load Balancing Β· An Auto Scaling group that launches additional Apache Web Application Servers based on defined scaling policies. Each instance of the Apache Web Application server is based on a launch template, which defines the same configuration and software components for each new application server Β· A MySQL Amazon Relational Database Service (Amazon RDS) Multi-AZ deployment for MySQL RDS to store the contact management and role access tables Here's the list of components: 1. ☁️ AWS Cloud 2. 🌐 VPC * 🏘️ Subnets * 🌐 Internet Gateway * βš™οΈ NAT Gateway * πŸ—ΊοΈ Route Tables * πŸ”’ Security Groups 3. πŸ’» EC2 Machine 4. 🎯 Application Load Balancer 5. ♻️ Auto Scaling 6. πŸš€ Launch Template 7. 🎲 RDS Database - MySQL 8. πŸšͺ Mobaxterm SSH Client Here are the project implementation phases: 1. πŸš€ Phase 1: Deploy networking infrastructure 2. πŸ“¦ Phase 2: Deploy Launch Template 3. 🎯 Phase 3: Create elastic load balancer, auto scaling group, target group 4. 🌐 Phase 4: Verify that the web application is accessible 5. πŸ”„ Phase 5: Test horizontal scaling and high availability of the web application 6. 🎲 Phase 6: Deploy RDS DB managed MYSQL instance This sequence provides a clear and visually engaging overview of your project's implementation phases. ### AWS Solution Architecture: ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697690191744/ec8f36a4-3d9b-42a6-b5ba-0f1c3590867b.png align="center") **Phase 1: Deploy networking components** 🌐 1. Create VPC 🏞️ * Name: prafect-vpc πŸ“› * CIDR: 10.0.0.0/16 πŸ“Š 2. Create web Subnets 🏘️ * Name: web-public01 πŸ“› * Availability zone: us-east-2a πŸ™οΈ * CIDR: 10.0.1.0/24 πŸ“Š * Name: web-public02 πŸ“› * Availability zone: us-east-2b πŸ™οΈ * CIDR: 10.0.2.0/24 πŸ“Š 3. Create app Subnets 🏘️ * Name: app-private01 πŸ“› * Availability zone: us-east-2a πŸ™οΈ * CIDR: 10.0.3.0/24 πŸ“Š * Name: app-private02 πŸ“› * Availability zone: us-east-2b πŸ™οΈ * CIDR: 10.0.4.0/24 πŸ“Š 4. Create DB Subnets 🏘️ * Name: db-private01 πŸ“› * Availability zone: us-east-2a πŸ™οΈ * CIDR: 10.0.5.0/24 πŸ“Š * Name: db-private02 πŸ“› * Availability zone: us-east-2b πŸ™οΈ * CIDR: 10.0.6.0/24 πŸ“Š 5. Create Internet Gateway 🌐 * Name: web-igw πŸ“› * Attach to VPC: prafect-vpc 🌐 6. Create NAT Gateway ⚑ * Name: prafect-NAT πŸ“› * Subnet: web-public01 🏘️ * Connectivity: Public 🌐 * Elastic IP: Allocate Elastic IP πŸ“Ά 7. Create Route table – web-RT πŸ—ΊοΈ * Name: Web-RT πŸ“› * Select the VPC: prafect-vpc 🌐 * Subnet Associations 🏘️ * Select – web-public01 🏘️ * Select – web-public02 🏘️ * Routes – Add internet gateway as a route from 0.0.0.0/0 πŸ›£οΈ * Destination: 0.0.0.0/0 πŸ—ΊοΈ * Target: Select internet gateway: web-igw 🌐 8. Create Route table – App-RT πŸ—ΊοΈ * Name: App-RT πŸ“› * Select the VPC: prafect-vpc 🌐 * Subnet Associations 🏘️ * Select – app-private01 🏘️ * Select – app-private02 🏘️ * Routes – Add NAT 0.0.0.0/0 πŸ›£οΈ * Destination: 0.0.0.0/0 πŸ—ΊοΈ * Target: Select NAT gateway ⚑ 9. Create Security Groups πŸ›‘οΈ * Create one security group for web traffic πŸ“› * Name: web-SG πŸ“› * VPC: prafect-vpc 🌐 * Inbound rule 1 πŸ“Š * Type: HTTP 🌐 * Protocol: TCP 🌐 * Port Range: 80 πŸ“Ά * Source: 0.0.0.0/0 🌍 * Create the second security group for App traffic πŸ“› * Name: app-SG πŸ“› * VPC: prafect-vpc 🌐 * Inbound rule 1 πŸ“Š * Type: HTTP 🌐 * Protocol: TCP 🌐 * Port Range: 80 πŸ“Ά * Source: anywhere : web-SG 🌍 * Inbound rule 2 πŸ“Š * Type: MYSQL/Aurora 🌐 * Protocol: TCP 🌐 * Port Range: 3306 πŸ“Ά * Source: anywhere : db-SG 🌍 * Inbound rule 3 πŸ“Š * Type: SSH (if need to access the app instance by admin) 🌐 * Protocol: TCP 🌐 * Port Range: 22 πŸ“Ά * Source: anywhere : MYIP 🌍 * Create the third security group for db traffic πŸ“› * Name: db-SG πŸ“› * VPC: prafect-vpc 🌐 * Inbound rule 1 πŸ“Š * Type: ALL TCP 🌐 * Protocol: TCP 🌐 * Port Range: 0-65635 πŸ“Ά * Source: anywhere : app-SG 🌍 **Phase 2: Deploy Launch Template** πŸš€ 1. Create Launch Template: instances πŸ“¦ 2. Target Group name: app-TG 🎯 * Protocol: TCP 🌐 * Port: 80 πŸ“Ά 3. VPC: prafect-vpc 🌐 4. Health checks 🩺 * Health check protocol: HTTP 🌐 5. Advanced health check 🩺 * Port: Traffic port πŸ“Ά * Healthy threshold: 3 πŸ“ˆ * Unhealthy threshold: 3 πŸ“‰ * Timeout: 4 ⏱️ * Interval: 10 seconds ⏳ **Phase 3: Deploy Target Group** 🎯 1. Choose target group: instances πŸ“¦ 2. Target Group name: app-TG 🎯 * Protocol: TCP 🌐 * Port: 80 πŸ“Ά * VPC: prafect-vpc 🌐 3. Health checks 🩺 * Health check protocol: HTTP 🌐 4. Advanced health check 🩺 * Port: Traffic port πŸ“Ά * Healthy threshold: 3 πŸ“ˆ * Unhealthy threshold: 3 πŸ“‰ * Timeout: 4 ⏱️ * Interval: 10 seconds πŸš€ **Phase 4: Deploy Application Load Balancer** 1. Create Launch Template 2. Create Application Load Balancer * Name: web-ALB * Scheme: internet-facing * IP address: IPv4 * Network Mapping: * Select VPC: web-vpc * Mappings: Select: us-east-1a, us-east-1b * Security Groups: Select: web-ALB-SG * Listener: * HTTP:80 * Default action: Target Group πŸš€ **Phase 5: Deploy Auto Scaling Group** 1. Name: web-ASG 2. Launch Template: web-template 3. Network: * VPC: web-vpc * Availability Zones: us-east-1a, us-east-1b * Load Balancing: Attach to an existing load balancer * Choose Target Group: web-TG * Health Check: ELB: 300 seconds * Group Size: * Units * Desired Capacity: 2 * Minimum Capacity: 2 * Maximum Capacity: 4 * Scaling Policies: * Name: Target Tracking Policy * Metric Type: Average CPU Utilization * Target Value: 50 * Warm-up: 300 seconds πŸš€ **Phase 6: Verify that web application is accessible** 1. Go to Application Load Balancer (ALB) 2. Access the ALB DNS and access the web application πŸš€ **Phase 7: Deploy RDS DB Managed MySQL Instance** * Create DB Instance Group * Go to Subnet Groups * Create DB Subnet Group * Name: db-subnetgroup * VPC: prafect-vpc * Add Subnets: * Availability Zones: us-east-2a, us-east-2b * Subnets: db-private01, db-private02 * Create * Create DB Instance – MySQL * Create Database * Standard Create * Engine Options: MySQL * Engine Version: 5.7.39 * Template: Dev/Test * Availability: Single DB Instance * Settings: * DB Instance: mysql * Credentials: * Master Username: admin * Password: Passw0rd! * Connectivity: * VPC: prafect-vpc * DB Subnet Group: dbsubnet * Public Class: No * Existing Security Group: db-SG * Database Authentication: Password Authentication πŸ“‹ **Prerequisites for the AWS Project:** 1. **AWS Free Tier** πŸ†“ 2. **Web Application Source Code** 🌐 3. **Web Server Installation Script File** πŸ“œ 4. **SSH Client** πŸ”‘ πŸš€ **Taking Action on the Implementation:** **Phase 1: Deploy networking components** 🌐 1. Create VPC 🏞️ * Name: prafect-vpc πŸ“› * CIDR: 10.0.0.0/16 πŸ“Š ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686040503/bb31e5f3-53ab-486f-86b7-040038066069.png align="center") 2. Create web Subnets 🏘️ * Name: web-public01 πŸ“› * Availability zone: us-east-2a πŸ™οΈ * CIDR: 10.0.1.0/24 πŸ“Š * Name: web-public02 πŸ“› * Availability zone: us-east-2b πŸ™οΈ * CIDR: 10.0.2.0/24 πŸ“Š ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686149700/c2566a24-bfd7-40c4-9a80-07c1d8af3368.png align="center") 1. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686168178/03688ca2-0853-4db4-859a-abcc83a3bf8c.png align="center") 2. 3\. Create app Subnets 🏘️ * Name: app-private01 πŸ“› * Availability zone: us-east-2a πŸ™οΈ * CIDR: 10.0.3.0/24 πŸ“Š * Name: app-private02 πŸ“› * Availability zone: us-east-2b πŸ™οΈ * CIDR: 10.0.4.0/24 πŸ“Š ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686405981/2984797a-49be-4554-bd8e-cdf0b1776809.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686420583/9789576d-ff27-4997-9408-fe9855ad7c3d.png align="center") 1. Create DB Subnets 🏘️ * Name: db-private01 πŸ“› * Availability zone: us-east-2a πŸ™οΈ * CIDR: 10.0.5.0/24 πŸ“Š * Name: db-private02 πŸ“› * Availability zone: us-east-2b πŸ™οΈ * CIDR: 10.0.6.0/24 πŸ“Š ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686520025/1ec5f6c5-fdbb-4213-a10d-dd4de6f2472e.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686532979/5817bec0-4228-49cf-abb4-15ad245d23c7.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686548918/7107cea5-fe00-4640-9ea5-6cf5d2c40617.png align="center") 1. Create Internet Gateway 🌐 * Name: web-igw πŸ“› * Attach to VPC: prafect-vpc 🌐 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686591633/868baaea-222b-4312-9f96-58d632c9b44b.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686610559/39124f3e-7b63-44b3-a2be-df0da1e6e78d.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686628394/63c8c994-c5d9-4c97-8185-ab8332d93d74.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686642682/0ee6d0cd-314d-4561-9061-c5f7ce9bd7f6.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686656251/97fb3fdf-3213-4822-94b5-daf9de37e76b.png align="center") 1. Create Route table – App-RT πŸ—ΊοΈ * Name: App-RT πŸ“› * Select the VPC: prafect-vpc 🌐 * Subnet Associations 🏘️ * Select – app-private01 🏘️ * Select – app-private02 🏘️ * Routes – Add NAT 0.0.0.0/0 πŸ›£οΈ * Destination: 0.0.0.0/0 πŸ—ΊοΈ * Target: Select NAT gateway ⚑ ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686706227/481a1be7-a4b0-47e8-a63e-57f12b2c03d6.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686721049/da7cd313-003e-4a70-b818-36822b23f4c2.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686742952/a1a0c7dd-38ae-41d1-a538-b24449b519d6.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686757873/6441e36e-676f-4fbe-84ae-bbf717326d8b.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686774467/eca0de1c-9418-4fbe-a931-3d381e6a44be.png align="center") Add route to internet gateway ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686818592/1bb5bef5-5b20-4128-9ae4-64b0270a755a.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697686829731/3bab316c-0522-4ed1-9422-70355c56904e.png align="center") Destination: 0.0.0.0/0 Target: Internet gateway ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687183897/8897c0bb-a86c-4906-be65-d24cda803e55.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687210528/0e8f11e6-bf21-47ec-ac9d-3b24b832c8ce.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687345698/908c1622-03c4-46dd-9a03-c756ec3913f6.png align="center") 1. Create Route table – App-RT πŸ—ΊοΈ * Name: App-RT πŸ“› * Select the VPC: prafect-vpc 🌐 * Subnet Associations 🏘️ * Select – app-private01 🏘️ * Select – app-private02 🏘️ * Routes – Add NAT 0.0.0.0/0 πŸ›£οΈ * Destination: 0.0.0.0/0 πŸ—ΊοΈ * Target: Select NAT gateway ⚑ ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687408100/bd44dab5-aad3-4a2b-8810-d254add723b3.png align="center") Add subnet association ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687437389/c3d6ed42-721d-438f-9220-8f7631027dfd.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687455027/b62ce496-923b-496f-8936-c79b753398cf.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687479273/6fe48657-e311-491a-b547-5241d1f80e33.png align="center") 1. Create Security Groups πŸ›‘οΈ * Create one security group for web traffic πŸ“› * Name: web-SG πŸ“› * VPC: prafect-vpc 🌐 * Inbound rule 1 πŸ“Š * Type: HTTP 🌐 * Protocol: TCP 🌐 * Port Range: 80 πŸ“Ά * Source: 0.0.0.0/0 🌍 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687581268/799bbb73-4556-4031-8502-8ab83d0b5f13.png align="center") * Create the second security group for App traffic πŸ“› * Name: app-SG πŸ“› * VPC: prafect-vpc 🌐 * Inbound rule 1 πŸ“Š * Type: HTTP 🌐 * Protocol: TCP 🌐 * Port Range: 80 πŸ“Ά * Source: anywhere : web-SG 🌍 * Inbound rule 2 πŸ“Š * Type: MYSQL/Aurora 🌐 * Protocol: TCP 🌐 * Port Range: 3306 πŸ“Ά * Source: anywhere : db-SG 🌍 * Inbound rule 3 πŸ“Š * Type: SSH (if need to access the app instance by admin) 🌐 * Protocol: TCP 🌐 * Port Range: 22 πŸ“Ά * Source: anywhere : MYIP 🌍 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687616725/40568988-782b-4619-9d52-ddd67b54779f.png align="center") * Create the third security group for db traffic πŸ“› * Name: db-SG πŸ“› * VPC: prafect-vpc 🌐 * Inbound rule 1 πŸ“Š * Type: ALL TCP 🌐 * Protocol: TCP 🌐 * Port Range: 0-65635 πŸ“Ά * Source: anywhere : app-SG 🌍 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687649010/86c0180e-b353-4360-bbfd-85a4eae87387.png align="center") **Phase 2: Deploy Launch Template** πŸš€ 1. Create Launch Template: instances πŸ“¦ 2. Target Group name: app-TG 🎯 * Protocol: TCP 🌐 * Port: 80 πŸ“Ά 3. VPC: prafect-vpc 🌐 4. Health checks 🩺 * Health check protocol: HTTP 🌐 5. Advanced health check 🩺 * Port: Traffic port πŸ“Ά * Healthy threshold: 3 πŸ“ˆ * Unhealthy threshold: 3 πŸ“‰ * Timeout: 4 ⏱️ * Interval: 10 seconds ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687725569/b35fa878-4ad2-4e15-b59f-13b234821e8f.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687788122/a8c8c984-6f94-4964-af33-e0a689d7c590.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687804018/682ee33e-e5ad-462f-bd2d-9afca437f975.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687820578/0d533daf-b1d1-4dfd-a7bc-10a0ece35f69.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687838920/9598c187-fd87-45e3-9a7f-24ad45899224.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687869770/bb8a90db-1958-4141-af12-698747c8a742.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687884367/d1c48cea-eb6e-486c-bb36-54714d7c59d8.png align="center") **Phase 3: Deploy Target Group** 🎯 1. Choose target group: instances πŸ“¦ 2. Target Group name: app-TG 🎯 * Protocol: TCP 🌐 * Port: 80 πŸ“Ά * VPC: prafect-vpc 🌐 3. Health checks 🩺 * Health check protocol: HTTP 🌐 4. Advanced health check 🩺 * Port: Traffic port πŸ“Ά * Healthy threshold: 3 πŸ“ˆ * Unhealthy threshold: 3 πŸ“‰ * Timeout: 4 ⏱️ * Interval: 10 seconds ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687960395/ef29a695-8097-45d7-8213-f1ed8e4bff18.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687978502/34c0cf6a-114c-4584-9433-aa5ef26e236f.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697687994201/8ddb4d01-45a4-4afa-93eb-98187a1cb373.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688010053/4a95e580-d315-4268-89a0-0e886cea5d1f.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688027885/0c2bf287-d035-4fef-be37-78766336f33a.png align="center") πŸš€ **Phase 4: Deploy Application Load Balancer** 1. Create Launch Template 2. Create Application Load Balancer * Name: web-ALB * Scheme: internet-facing * IP address: IPv4 * Network Mapping: * Select VPC: web-vpc * Mappings: Select: us-east-1a, us-east-1b * Security Groups: Select: web-ALB-SG * Listener: * HTTP:80 * Default action: Target Group ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688096030/bb146873-1d73-46ad-b17f-ed7b37fdb59e.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688111581/ea4d6d08-cae8-4cf3-b484-9df0e3acf4f6.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688127992/f629c4d8-83f8-464b-82a4-2167b2a4814b.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688143134/21d7fe32-73b4-40c1-b44f-981491a85daa.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688161461/ddf68c7d-b027-4eb3-8405-3a4f6dfffbbf.png align="center") Loadbalancer created successfully ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688187020/8f2897e6-4625-4340-be14-bcaa7b5aaf84.png align="center") πŸ” **Verify ALB URL Accessibility**: 1. πŸ“‹ Copy the ALB DNS: * ALB DNS: [prafect-ALB-784003759.us-east-2.elb.amazonaws.com](http://prafect-ALB-784003759.us-east-2.elb.amazonaws.com) 2. 🌐 Open your preferred browser 🌟. 3. 🌐 Paste the ALB DNS into the browser's address bar and hit Enter ⏎. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688249875/0c281c86-d4d4-40c8-b2eb-02779bf40dfa.png align="center") Go to Target Group ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688304608/25d3a4e2-5b52-420f-b7d1-3a6982fdc0a3.png align="center") πŸš€ **Phase 5: Deploy Auto Scaling Group** 1. Name: web-ASG 2. Launch Template: web-template 3. Network: * VPC: web-vpc * Availability Zones: us-east-1a, us-east-1b * Load Balancing: Attach to an existing load balancer * Choose Target Group: web-TG * Health Check: ELB: 300 seconds * Group Size: * Units * Desired Capacity: 2 * Minimum Capacity: 2 * Maximum Capacity: 4 * Scaling Policies: * Name: Target Tracking Policy * Metric Type: Average CPU Utilization * Target Value: 50 * Warm-up: 300 seconds ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688338861/23cb39dd-b224-4f7b-8345-4a1695b9ac82.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688352822/c95ceb4f-dc66-472d-b62c-35d6685256a1.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688372463/b12ece8e-dada-48ac-96f9-08931b8792eb.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688388133/3351d41e-c78d-4169-8743-3b858f76869e.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688404010/50fbad5d-43cd-4221-a655-bb330fb2cb73.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688417394/399284db-6caf-4a49-b78e-6dc11c0cfbc9.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688432869/e387447e-d3c6-42bb-b6a1-f38c59e980a5.png align="center") Go to ALB and copy the ELB DNS ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688458873/4e4d75b0-8a55-41cb-995e-ce6ef7e85a42.png align="center") **Verify ALB URL Accessibility**: 1. πŸ“‹ Copy the ALB DNS: * ALB DNS: [prafect-ALB-784003759.us-east-2.elb.amazonaws.com](http://prafect-ALB-784003759.us-east-2.elb.amazonaws.com) 2. 🌐 Open your preferred browser 🌟. 3. 🌐 Paste the ALB DNS into the browser's address bar and hit Enter ⏎. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688497888/59caaa09-94c8-4e65-bc4e-3e5d2c092cb6.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688522503/e1d1de3e-8485-4ad4-b300-fc5d3e92058f.png align="center") Create NAT Gateway ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688555574/5e335cd4-9031-4928-977e-b191752677bd.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688568484/32c5e13a-3c77-4882-ab55-932608286fff.png align="center") Add route to application private route table: APP-RT route table ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688613703/f6edbfce-f12e-43ec-998a-0f20727c5c64.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688630912/87efd175-b255-4f4b-a876-e4d979915b98.png align="center") Edit Route – Add NAT gateway Destination: 0.0.0.0/0 Target: NAT Gateway ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688662429/ec2f4bb5-00a0-48c8-8ee0-2848ebe144c0.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688679316/73db61a9-55fb-4b4b-bc38-b182ee37e8cc.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688700081/ad689f1e-2516-49e3-b23a-e0d42a15d51f.png align="center") πŸš€ **Phase 6: Verify that web application is accessible** 1. Go to Application Load Balancer (ALB) 2. Access the ALB DNS and access the web application **Verify ALB URL Accessibility**: 1. πŸ“‹ Copy the ALB DNS: * ALB DNS: [prafect-ALB-784003759.us-east-2.elb.amazonaws.com](http://prafect-ALB-784003759.us-east-2.elb.amazonaws.com) 2. 🌐 Open your preferred browser 🌟. 3. 🌐 Paste the ALB DNS into the browser's address bar and hit Enter ⏎. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688763551/e217a3cd-c851-4da0-9974-6676bf082022.png align="center") πŸ“ **Important Note**: If your web application source code resides in the Private App Subnet, here's what you need for configuring SSH access and package downloads: 1. To access the server from SSH, make sure to **enable Public IP** when creating the Launch Template 🌐. This allows secure access to your instance. 2. For downloading packages and installing the web server in the Private App Subnet, you'll need the following configurations: * 🌐 **NAT Gateway**: Launch a NAT Gateway into the Web-Public Subnet. This enables instances in the Private App Subnet to access external resources. * πŸ“š **App-RT (Route Table)**: Add a NAT Gateway route to the App-Route Table. This route allows instances in the Private App Subnet to use the NAT Gateway for internet-bound traffic. πŸš€ **Phase 7: Deploy RDS DB Managed MySQL Instance** * Create DB Instance Group * Go to Subnet Groups * Create DB Subnet Group * Name: db-subnetgroup * VPC: prafect-vpc * Add Subnets: * Availability Zones: us-east-2a, us-east-2b * Subnets: db-private01, db-private02 * Create ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688936960/68aacb06-7e95-4271-826e-e3f3d8c824c3.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688950637/8192b2e2-d683-4d4b-a97a-0ffad50e81e1.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697688962921/f934a6ea-3770-45e6-b0bb-5dd0098580ea.png align="center") * Create DB Instance – MySQL * Create Database * Standard Create * Engine Options: MySQL * Engine Version: 5.7.39 * Template: Dev/Test * Availability: Single DB Instance * Settings: * DB Instance: mysql * Credentials: * Master Username: admin * Password: Passw0rd! * Connectivity: * VPC: prafect-vpc * DB Subnet Group: dbsubnet * Public Class: No * Existing Security Group: db-SG * Database Authentication: Password Authentication ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689005569/57d13437-6315-46cc-b185-37b41dee928a.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689025405/b6045bbe-6986-4d21-9624-a0d45a2b3e71.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689042764/a7210e23-62b5-49b9-8e83-4649155ea4ba.png align="center") Db instance name: mysql User: admin Password: Passw0rd! ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689084856/996c5444-db0b-4608-94db-525b8b12ea51.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689100495/1a411d4b-b44f-49f3-b41f-cbf20c67168b.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689113953/f88598c1-6ca6-470a-8d49-4b0060966a5d.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689127561/de4643b9-b1e0-4b9e-832d-ceb112fc6e3c.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689141902/353ba6df-5d33-4ebf-a171-bb9a848ba66f.png align="center") MYSQL db instance created ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689179503/09e354ca-e9a0-4ddb-9b39-42a160e7eefe.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689194300/ef5e115e-3f87-4257-afe0-131274d5ac82.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689225209/04c8ea12-4df7-4553-a55b-5c8e4a49c9c3.png align="center") New DB connection parameters: Servername: [mysql1.cagenoemjwd5.us-east-2.rds.amazonaws.com](http://mysql1.cagenoemjwd5.us-east-2.rds.amazonaws.com) Username: admin Password: Passw0rd! Dbname: contacts Go to web source code file: db.php ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689264934/73ac66f0-49b5-421d-9961-ffad90dc3189.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689281655/c8c5bebe-791e-422a-b19f-c5eac1cca5f6.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689300624/adbd7793-9a7a-49d0-95fe-98bde6a3637a.png align="center") Add rule Type: MYSQL/Aurora Protocol: TCP Port range: 3306 Source : custom: db\_SG ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689335062/92ad11cf-1a58-40d3-b28a-54a9d1552eed.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689348961/d6ba2c01-2728-4a67-b73f-76c3328885f5.png align="center") Access rds db instance from one of web server 3.143.110.192 Install sudo apt-get install mysql-server mysql-client ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689382215/e171fbb6-34a4-4e58-8707-2e54fab9a395.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689403131/3a911378-7041-4cbb-b931-cf7a64206f36.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689416706/3eebcf02-d279-40dc-b38d-93057b1e99ec.png align="center") Solution: Go to web-SG, Add MY IP as source for MYSQL/Aurora 3306 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689460682/5d876324-5576-4f5e-9764-e6f39083000e.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689478345/9597971e-aa41-4309-80d0-b42e43a0ec3b.png align="center") Create a New Database mysql> create database contacts; Verify that database β€˜contacts’ is created ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689512398/68ad89e4-8b6f-46cf-becb-10743a9c5a3e.png align="center") πŸ“Š **Create Tables Inside 'Contacts' Database** πŸ“ 1. πŸ’Ό Access the 'Contacts' database: * `mysql> use contacts;` 2. πŸ› οΈ Create the 'users' table with columns 'name,' 'email,' and 'subject': * `mysql> create table users(name varchar(30), email varchar(30), subject varchar(30));` 3. βœ… Verify the creation of the 'users' table: * `mysql> show tables;` ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689558200/662d1d1e-c057-40e2-98f2-d53940113b28.png align="center") Describe table and check if the fields are exist mysql>Describe users; ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689594139/4eb9cce7-8290-423d-9271-1df2b829d46b.png align="center") Install Telnet utility & check DB Connection  Sudo apt-get install telnet ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689635292/08c22691-140c-4f6b-8d00-e12e9c6f7927.png align="center") Test RDS DB connection from Web to DB  Telnet  telnet [mysql2021.cntikk0jg8xf.ca-central-1.rds.amazonaws.com](http://mysql2021.cntikk0jg8xf.ca-central-1.rds.amazonaws.com) 3306 ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689670704/d59d585c-6471-4a1a-9dca-f02551b2aeea.png align="center") Let's insert data into database from webpage ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689726809/8b4d6c0a-e99b-4e5f-ba7c-a8864e8d92f4.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689739396/eb1454c9-eb5e-447b-ad17-c3ceafb53c34.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689752747/b393c1e3-7072-474a-8fa7-84025244ef6e.png align="center") ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689739396/eb1454c9-eb5e-447b-ad17-c3ceafb53c34.png align="center") πŸ” **Verify Data from Backend Database** πŸ›’οΈ To ensure that data has been successfully added from the web application, follow these steps: 1. 🏒 Access your backend database. 2. πŸ“Š Query the database to retrieve and verify the added data. ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1697689903941/5f4d9d94-9fc8-4a42-8774-8cd46e309c35.png align="center") Congratulations: πŸ›‘οΈ **Improvement Tasks for Enhanced Security**: 1. πŸšͺ **Identity and Access Management (IAM)**: Strengthen user access controls and authentication. 2. 🧯 **Firewalls (Web Application and Network)**: Enhance security layers and implement DDoS protection. 3. πŸ” **Create & Manage Cryptographic Keys**: Safeguard sensitive data with encryption. 4. 🀐 **Manage Secrets, API Keys, Credentials**: Securely handle and store sensitive information. 5. πŸ›‘οΈ **Security Assessment for EC2 Instances**: Regularly evaluate and fortify EC2 instance security. 6. 🚨 **Threat Detection**: Implement systems to detect and respond to security threats. 7. πŸ”” **Manage Security Alerts**: Monitor and respond to security incidents. 8. πŸ›‘οΈ **Configure Security Controls for Individual AWS Services**: Tailor security measures for each AWS service. πŸš€ **Improvement Tasks for Efficient Deployment**: 1. βš™οΈ **Automate Provisioning**: Streamline the deployment process for faster results. 2. πŸ•΅οΈ **Observability of AWS Resources**: Gain insights into resource performance and usage. 3. πŸ“Š **Track User Actions & API Usage on AWS**: Monitor user activities and API utilization. 4. πŸ› οΈ **Evaluate Configuration of AWS Resources**: Ensure resource settings align with best practices. 5. πŸ“‘ **Centralize Operations**: * πŸ€– **Automate Actions with Runbooks**: Execute routine tasks efficiently. * 🧰 **Manage & Patch Instances**: Keep instances up-to-date and secure. * πŸ•’ **Schedule & Govern Changes**: Control and schedule updates and modifications. By implementing these tasks, you can bolster security and streamline deployment, ultimately enhancing the performance and resilience of your AWS infrastructure. πŸŒŸπŸ› οΈπŸš€ #AWS #CloudEngineering #AmazonWebServices #CloudComputing #InfrastructureAsCode #Serverless #DevOps #AWSArchitecture #AWSBestPractices #SecurityInAWS #CostOptimization #AWSCertification #S3 #EC2 #Lambda #VPC #CloudFormation #IAM #CloudMigration #ElasticLoadBalancer