Day-7-Aws
Implementing a Real-Time Production-Grade AWS Project: A Step-by-Step Guide
TLDR: This blog post provides a comprehensive guide on implementing a real-time production-grade AWS project, covering the creation of a VPC, subnets, load balancers, and auto-scaling groups, while ensuring secure application deployment in a private subnet.
In this blog post, we will explore how to implement a real-time production-grade AWS project. This guide is part of the AWS Zero to Hero series and will cover the concepts learned from previous sessions, including EC2 instances, VPCs, public and private subnets, security groups, and load balancers. By the end of this post, you will have a complete understanding of how to set up a secure and scalable application on AWS.
| create vpc |
| search → VPC → create Vpc |
| vpc setting |
| → resource to create : VPC and more |
| → name tag : aws-prod-example |
| → ipv4 CIDR block : ( → 65,536 IPs) |
| → no of avalibility zone : 2 |
| → no of public subnet : 2 |
| → no of private subnet : 2 |
| → nat gatway : 1 per AZ |
| → vpc endpt : none |
| → (checked by default→ enable hostname → enable resolution) |
| → create VPC |
| → installing → view VPC |
| creating template |
| search → ec2 → auto scaling (sidebar) → auto scaling group |
| launch template (card) → create launch template → name : aws-prod-example → description : proof of concept |
| application and os image (AMI)→ recently launched → ubuntu → v22.04 |
| Instance type → t2.micro |
| key value pair → aws_login |
| network setting → firewall : create security group —> name : aws-prod-example → description : → vpc : aws-prod-example-vpc → inbound rules → add rules [type: ssh→ source type : anywhere → port : 22] → add rules [type: custom TCP→ source type : anywhere → port : 8000] |
| launch template |
| Select created template and create auto scaling group |
| search → ec2 → auto scaling (sidebar) → auto scaling group |
| launch template (card) → name : aws-prod-example → launch template (dropdown) : aws-prod-example —> next |
| network (card) → vpc : aws-prod-example-vpc → avalible zone and subnet : select 2 private subnet —> next |
| load balancing : no → remaining default setting → next |
| good size : [desired: 2, min : 1, max: 4 -→ ec2 start with 2 → max is 4] → scaling policy : none —> next |
| add notification : no for now —> next |
| add tag : no for now —> next |
| → create auto scaling group |
| to check ec2 instance is created at 2 different zones |
| search → ec2 → instances → 2 instances |
| 1st instance → created at → east-1a |
| 2nd instance → created at → east-1b |
install python app in both instance
| install application inside the both Ec2 instance |
| both instance does not consist of —> public ip add , so how to login to it? —> jump server (bastion host) |
| Create jump server (bastion host) EC2 instance |
| search →ec2 → instance (resource card) → create Instance |
| name : bastion-host |
| os : ubuntu |
| AMI : v22.04 |
| instance type: t2.micro |
| key value pair : aws_login (selct from dropdown) create key value |
| network setting →edit→ vpc : aws-pod-example-vpc → subnet : aws-pod-example-subnet-public-us-east-1a→ auto assign public-ip : enable → firewall : create security group → (checked) allow ssh traffic from |
| inbound rules → add rules [type: ssh→ source type : anywhere → port : 22] |
| → launch instance |
| copy the aws_login.pem → [local computer → jump server] → scp command for it |
| scp -i <local-aws_login.pem-path\> <loacl-aws_login.pem-path\> ubuntu@<public ip of jump server>:/home/ubuntu |
| ssh -I aws_login.pem ubuntu@<public ip of jump server> |
| ls → aws_login.pem will be visible |
| login to 1st ec2 instance and install python app |
| ssh -I aws_login.pem ubuntu@<private ip of 1st instance> |
| → logged in to → st ec2 instance → private ip |
| vim index.html → paste html code |
| sudo apt update |
| python3 -m http.server 8000 |
| create target group → 2 ec2 instance |
| search → ec2 → load balancing (sidebar) → load balancer → create load balancer → ALB (out of 3)[L7 load balancer]→ create |
| Listener and routing → [create target group → (type: instance → (name: aws-prod-example → port:8000 →protocol : HTTP → Vpc: aws-prod-example-vpc → protocol version : HTTP1 )—>next)→(select instances : 2 → include as pending → create target group )] |
| attach load balancer → to control traffic |
| search → ec2 → load balancing (sidebar) → load balancer → create load balancer → ALB (out of 3)[L7 load balancer]→ create |
| name : → scheme : internet facing → ip add type : ipv4 → vpc : aws-prod-example-vpc → mapping : select both [east-1a,east-1b → public subnet] → security group : aws-prod-example |
| Listener and routing → protocol : HTTP→ port : 80 →select target group : aws-pord-example (created above) |
| create load balancer → view load balancer (state: active) |
| fix error on port 80 |
| search → ec2 → load balancing (sidebar) → load balancer → select created load balancer |
| listener → http : 80 → [* error → port is not reachable] |
| security → security group → inbound rules → add rules [type: HTTP → source type : anywhere → port : 80]→ save rules |
| listener → http : 80 → [error is fixed now] |
| target group → Health check → |
| so always traffic is forwarded to healthy ec2 (i.e where application is installed → 1st server) |
| so traffic so not forwarded to unhealthy ec2 (i.e where application is not installed→ 2nd server) |
Project Overview
The project aims to demonstrate how to create a Virtual Private Cloud (VPC) and secure applications within it in a production environment. The architecture consists of:
A VPC with public and private subnets across two availability zones.
A load balancer in the public subnet to manage incoming traffic.
Applications deployed in the private subnet, accessible through the load balancer.
Why Two Availability Zones?
Using two availability zones ensures high availability. If one data center goes down, the other can still serve traffic, maintaining application uptime.
Key Components to Understand
Before diving into the implementation, it's essential to understand the following components:
1. Auto Scaling Group
An Auto Scaling Group allows you to automatically adjust the number of EC2 instances based on demand. For example, if your application receives more requests than the current instances can handle, the Auto Scaling Group can launch additional instances to accommodate the traffic.
2. Load Balancer
A load balancer distributes incoming application traffic across multiple targets, such as EC2 instances. This ensures that no single instance is overwhelmed with requests, improving application availability and responsiveness.
3. Bastion Host
A Bastion Host, or jump server, is used to securely access EC2 instances in a private subnet. It acts as a gateway, allowing you to SSH into private instances without exposing them to the internet.
Implementation Steps
Step 1: Create a VPC
Log into your AWS console and navigate to the VPC dashboard.
Click on "Create VPC" and select the option to create a VPC with public and private subnets.
Choose two availability zones and configure the necessary settings, including route tables and internet gateways.
Step 2: Configure Subnets
Create one public subnet and one private subnet in each availability zone.
Ensure that the public subnet is attached to a route table with an internet gateway, allowing external access.
Step 3: Set Up NAT Gateway
- Deploy a NAT Gateway in the public subnet to allow instances in the private subnet to access the internet while keeping their private IP addresses hidden.
Step 4: Launch EC2 Instances
Create an Auto Scaling Group to manage your EC2 instances. Use a launch template to define the instance type, AMI, and security group settings.
Ensure that the instances are launched in the private subnet.
Step 5: Create a Bastion Host
Launch a Bastion Host in the public subnet with SSH access enabled.
This host will be used to connect to the private instances.
Step 6: Install Applications
- SSH into the Bastion Host and then into the private instances to install your application. For demonstration, you can set up a simple Python application that serves an HTML page.
Step 7: Set Up Load Balancer
Navigate to the EC2 dashboard and select "Load Balancers."
Create an Application Load Balancer in the public subnet.
Configure the load balancer to route traffic to the target group containing your EC2 instances.
Ensure that the security group for the load balancer allows HTTP traffic.
Step 8: Test the Setup
Once the load balancer is active, access it via the public IP address. You should see the application running.
To demonstrate load balancing, you can deploy different versions of your application on the two EC2 instances and observe how the load balancer distributes traffic between them.
Conclusion
Congratulations! You have successfully implemented a real-time production-grade AWS project. This setup demonstrates the use of various AWS services to create a secure and scalable application architecture. In future sessions, we will delve deeper into specific components like Auto Scaling Groups and Load Balancers to enhance your understanding further.
Feel free to experiment with the setup and let us know your experiences in the comments. Thank you for following along, and stay tuned for more exciting AWS projects!