AWS Project Used in Production

VPC With Public Private Subnet in Production

About the Project:

Key Concepts:
1. Auto Scaling Group:
Let’s say you want to deploy your application across two availability zones. Instead of manually
creating EC2 instances twice, you can configure the Auto Scaling Group to maintain a minimum of two
replicas. If your application starts receiving more requests and two servers are insufficient to handle the
traffic, the Auto Scaling Group will automatically make a decision to scale the number of servers
dynamically, based on the demand.

2. Load Balancer:
A Load Balancer is used to distribute incoming traffic across multiple servers to ensure efficient
utilization and prevent overloading any single server. Additionally, it supports path-based and host-
based routing, allowing requests to be directed to specific targets based on the URL path or hostname.

3. Bastion Host or Jump Server:

When EC2 instances are created in a private subnet, they do not have public IP addresses, meaning you
cannot SSH into these instances directly. This is done to enhance security by avoiding public exposure.
Instead, a Bastion Host (or Jump Host) is created in the public subnet. Using the Bastion Host, you can
securely connect to EC2 instances in the private subnet. This approach allows for proper auditing of
who is accessing the private subnet. Additionally, you can configure a set of rules on the Bastion Host
to control and monitor the traffic that flows to the private subnet.

Project Implementation
Here are Following list of steps that are used to implement this project.
1. Click on create VPC

2. On VPC settings click on VPC and more

AWS creates public private subnets in US-west 2a and US-west 2b. Subnets have to be attached to the
route table. Route table is the one which defines how to route the traffic within the subnet. Route table has
a destination and an internet gateway.

3. Now select the name of the project.

4. Choose the subnet block. In my case I chose by default which is giving me 65536 IP addresses.

5. Set the number of availability zone to 2 that we require in our project and one NAT gateway in 1
availability zone
6. For VPC endpoint click on none, You will notice in the diagram that there is no endpoint For S3
bucket.

7. Now click on Create VPC.

 8. Now VPC has been created successfully

Creation of Auto-scaling group:

9. Click on EC2 and select the autoscaling option
10. Click on creating Auto-scaling groups

11. click on launch template. Autoscaling in AWS cannot be created directly. For this you can use the
launch template. You can use that template in multiple autoscaling groups and acts as a reference

12. Give the name to template

13. Give the description of your template

14. Select the OS, For this project I am selecting ubuntu

15. Choose the Instance type

16. Create the Key value pair and save it as .pem file

17. Click to create a new security group

18. Select the name of the group

19. Select the VPC that we just created

Setting the Inbound rules for the application:

20. The port that we are using for accessing the application is port 8000 and adding the SSH rule on
port 22 and setting the source type to Anywhere

21. Now click on Launch template

22. Now Choose launch template

23. Now select the template that we just created

24. Choose the VPC that we have created

25. Choose the availability zones as private subnet

26. Click on no load balancer, we will create the load balancer in the public subnet

27. Select the group capacity

 28. Click on create button

Now the scaling group has been launched successfully

Two instances of ec2 were created successfully and 2 instances are created in different availability zones

Creating the Bastion Host:

29. In ec2 click on launch instance and give it a name

30. Choose ubuntu as an image

31. Provide the key pair

32. Make sure to add a security group that has access to ssh and make sure that bastion host is created
in the same VPC

33. Enable the Auto-assign public IP

 34. Now launch the instance

35. Now bastion-host has been created successfully

SSH into private subnet using bastion host:

36. First lets do the secure copy, The command transfers the file rahatjan.pem (likely a private key
file) from the local system to the /home/ubuntu directory on the remote server at 35.93.189.166.
This is commonly done to:
• Share the file for further use on the remote server.
• Prepare the remote environment for SSH-based operations.

37. File is successfully uploaded

Now ssh into the ubuntu machine

Now you can see that the .pem file is available in the bastion host.
With this setup, I will proceed to deploy a straightforward application on one of the instances we created
within the private subnet. To accomplish this, we will establish an SSH connection to one of the instances,
utilizing the same terminal environment for seamless access and control.
38. Take the private ip address of any of instances and ssh into it, In my case I am taking
10.0.149.135

39. Give 600 permissions to .pem file

40. Now ssh into one of the private subnet

Now we are able to login to the private instance as well

 41. Now we will install a simple python application in it
42. First create a html file

43. Now run the python server by using the following command python3 -m http.server 8000

Application Load Balancer:

Now we will try to do is create a load balancer and attach private subnet instances as target group that will
be our final stage.
44. Go to AWS and search for load balancer and click on create load balancer

45. In our used case, go with application load balancer which is L7 load balancer.

The Application Load Balancer distributes incoming HTTP and HTTPS traffic across multiple targets
such as Amazon EC2 instances, microservices, and containers, based on request attributes. When
the load balancer receives a connection request, it evaluates the listener rules in priority order to
determine which rule to apply, and if applicable, it selects a target from the target group for the rule
action.

46. Give a name to your load balancer

47. The scheme should be in internet-facing

48. Select the VPC that we created

49. Select both availability zones and it should be the public subnet

50. Create a target group which instances should be accessible. For this, click on target group

51. Give a name to target group

52. Select the instances of private subnet. One has the application and other doesn’t and click on
create target group
Adding target group to the load balancer:
53. Click on create load balancer and add the target group and port 80 which is default

Now load balancer with the attached target group has been created successfully
Accessing the application from outside world:
Let’s try to access the load balancer and you will see that the load balancer is not accessible because the
subnet that you attached to the load balancer does not expose port 80 so we have to explicitly add the rule

54. Now to access the application, click on DNS name

Now our application is accessible successfully