Skip to main content

Creating a Secure Web Application from Scratch with a Bastion Host, NAT Gateway and Application Load Balancer in AWS

Hands-On Lab

 

Photo of

Training Architect

Length

01:30:00

Difficulty

Advanced

In this live environment, you will learn how to create a highly-secure web application on AWS. This application will use an Application Load Balancer to route traffic between EC2 webservers that are otherwise inaccessible from the open internet. Because the application instances cannot be accessed over the public internet, we will create a bastion host instance and allow it to access those instances. Additionally, we will create a NAT Gateway in order to allow instances themselves to establish connections with outside servers, for the purposes of installing software packages.

For information on using PuTTY for Windows to SSH through a Bastion Host, see: https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/

The code for this lab is below:

chmod 400 security.pem
ssh-add -K security.pem
(note: 'ssh-add -K' is mac specific.
For alternatives, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html )
ssh -A ec2-user@BASTION-HOST-PUBLIC-IP
ssh ec2-user@PRIVATE-IP-OF-EC2-INSTANCE

sudo yum update -y
sudo yum install -y httpd 
sudo service httpd start
sudo chkconfig httpd on
exit
What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.