Creating a Secure Web Application from Scratch with a Bastion Host, NAT Gateway and Application Load Balancer in AWS
In this live environment, you will learn how to create a highly-secure web application on AWS. This application will use an Application Load Balancer to route traffic between EC2 webservers that are otherwise inaccessible from the open internet. Because the application instances cannot be accessed over the public internet, we will create a bastion host instance and allow it to access those instances. Additionally, we will create a NAT Gateway in order to allow instances themselves to establish connections with outside servers, for the purposes of installing software packages.
For information on using PuTTY for Windows to SSH through a Bastion Host, see: https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/
The code for this lab is below:
chmod 400 security.pem ssh-add -K security.pem (note: 'ssh-add -K' is mac specific. For alternatives, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html ) ssh -A ec2-user@BASTION-HOST-PUBLIC-IP ssh ec2-user@PRIVATE-IP-OF-EC2-INSTANCE sudo yum update -y sudo yum install -y httpd sudo service httpd start sudo chkconfig httpd on exit