Deploying a Highly Available Web Application and a Bastion Host in AWS

Hands-On Lab

 

Photo of Mark Richman

Mark Richman

AWS Training Architect II in Content

Length

01:30:00

Difficulty

Intermediate

In this hands-on lab, we are going to build a highly available web application along with a highly available bastion host architecture. To complete these tasks, we will need to add or configure the following services: 1. An RDS database from a snapshot 2. Security groups 3. Launch configurations and Auto Scaling groups 4. An Application Load Balancer Good luck, and enjoy the hands-on lab!

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Deploying a Highly Available Web Application and a Bastion Host in AWS

Introduction

In this hands-on lab, we are going to build a highly available web application along with a highly available bastion host architecture.

Solution

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) region throughout the lab.

Launch an RDS Database

Create a Subnet Group for the Database

  1. Navigate to the RDS console.
  2. Click Subnet groups in the left-hand menu.
  3. Click Create DB Subnet Group.
  4. For the Subnet group details, set the following values:
    • Name: sng1
    • Description: sng1
  5. Under Add subnets, set the following values for the first subnet:
    • Availability zone: us-east-1a
    • Subnet: 10.99.21.0/24
  6. Click Add subnet.
  7. Now, set the following values for the second subnet:
    • Availability zone: us-east-1b
    • Subnet: 10.99.22.0/24
  8. Click Add subnet.
  9. Click Create.

Restore the Database from a Public Snapshot

  1. Click Snapshots in the left-hand menu.
  2. In the filter box, paste in the following snapshot ARN:
    • arn:aws:rds:us-east-1:892710030684:snapshot:sysops-certification-la-course
  3. Change the dropdown to All Public Snapshots.
  4. Check the box next to the snapshot, and in the Actions dropdown, select Restore Snapshot.
  5. Under Instance specifications, set the following values:
    • DB Engine: MySQL Community Edition
    • License Model: general-public-license
    • DB Instance Class: db.t2.micro
    • Multi-AZ Deployment: Yes
  6. Under Settings, use the following:
    • DB Instance identifier: wordpress-database
  7. Under Network & Security, the VPC and subnet group should auto-populate to what we need.
  8. Click Restore DB Instance. It will take about 10-15 minutes to complete.

Create Security Groups

  1. Navigate to VPC > Security Groups.

BastionSG

  1. Click Create security group, and set the following values:
    • Security group name: BastionSG
    • Description: Bastion security group
    • VPC: SysOpsVPC
  2. Click Create.
  3. Check the box next to BastionSG.
  4. Click the Inbound Rules tab.
  5. Click Edit rules, and set the following values:
    • Type: SSH
    • Source: Anywhere
    • Description: SSH from anywhere
  6. Click Save rules.

LoadBalancerSG

  1. Click Create security group, and set the following values:
    • Security group name: LoadBalancerSG
    • Description: Load balancer security group
    • VPC: SysOpsVPC
  2. Click Create.
  3. Check the box next to LoadBalancerSG.
  4. For its inbound rules, click Edit rules, and set the following values:
    • Type: HTTP
    • Source: Anywhere
    • Description: HTTP from anywhere
  5. Click Add Rule, and use these settings:
    • Type: HTTPS
    • Source: Anywhere
    • Description: HTTPS from anywhere
  6. Click Save rules.

WebServerSG

  1. Click Create security group, and set the following values:
    • Security group name: WebServerSG
    • Description: Web server security group
    • VPC: SysOpsVPC
  2. Click Create.
  3. Check the box next to WebServerSG.
  4. For its inbound rules, click Edit rules, and set the following values:
    • Type: SSH
    • Source: Custom, BastionSG
    • Description: SSH from bastion
  5. Click Add Rule, set the following values:
    • Type: HTTP
    • Source: Custom, LoadBalancerSG
    • Description: HTTP from ALB
  6. Click Add Rule, set the following values:
    • Type: HTTPS
    • Source: Custom, LoadBalancerSG
    • Description: HTTPS from ALB
  7. Click Save rules.

DatabaseSG

  1. Click create security group, and set the following values:
    • Security group name: DatabaseSG
    • Description: Database security group
    • VPC: SysOpsVPC
  2. Click Create.
  3. Check the box next to DatabaseSG.
  4. For its inbound rules, click Edit rules, and set the following values:
    • Type: MySQL
    • Source: Custom, WebServerSG
    • Description: MySQL from WebServerSG
  5. Click Save rules.

Create Launch Configurations and Auto Scaling Groups

Create Launch Figuration for First Auto Scaling Group

  1. Navigate to EC2 > Auto Scaling Groups.
  2. Click Create Auto Scaling group.
  3. Select Launch Configuration, and click Next Step.
  4. Click Select beside Amazon Linux 2 AMI.
  5. Leave t2.micro chosen, and click Next: Configure details.
  6. Give it a Name of "BastionLC".
  7. For IP Address Type, select Assign a public IP address to every instance.
  8. Click Next: Add Storage.
  9. Leave the defaults, and click Next: Configure Security Group.
  10. For Assign a security group, choose Select an existing security group.
  11. Select BastionSG.
  12. Click Review, and then Create launch configuration.
  13. Create a new key pair (example name: "bastion"), and download it.
  14. Click Create launch configuration.

Create First Auto Scaling Group

  1. On the Create Auto Scaling Group page, set the following values:
    • Group name: BastionASG
    • Group size: 1 instances
    • Network: SysOpsVPC
    • Subnet: DMZ1public and DMZ2public
  2. Click Next: Configure scaling policies.
  3. Select Keep group at its initial size, and click Review.
  4. Click Create Auto Scaling group, and then Close.

Create Launch Configuration for Second Auto Scaling Group

  1. Click Create Auto Scaling group.
  2. Select Launch Configuration, Create a new launch configuration, and click Next Step.
  3. Click Select beside Amazon Linux 2 AMI.
  4. Leave t2.micro chosen, and click Next: Configure details.
  5. Give it a Name of "WebServerLC".
  6. Click Advanced Details, and paste the script from GitHub into the User data box.
  7. Click Next: Add storage.
  8. Leave the defaults, and click Next: Configure Security Group.
  9. For Assign a security group, choose Select an existing security group.
  10. Select WebServerSG.
  11. Click Review, and then Create launch configuration.
  12. Choose the existing key pair we just created.
  13. Click Create launch configuration, and Close.

Create Second Auto Scaling Group

  1. On the Create Auto Scaling Group page, use the following settings:
    • Group name: WebServerASG
    • Group size: 2 instances
    • Network: SysOpsVPC
    • Subnet: AppLayer1private and AppLayer2private
  2. Click Next: Configure scaling policies.
  3. Select Keep group at its initial size, and click Review.
  4. Click Create Auto Scaling group, and then Close.

Modify Database Security Groups and Create an Application Load Balancer

Modify the Database Security Group

  1. Navigate to RDS.

  2. Click Databases in the left-hand menu.

  3. Select our listed database.

    Note: Before we modify anything, in the Connectivity & security section, copy the Endpoint listed (e.g., wordpress-database.clei7j95opir.us-east-1.rds.amazonaws.com) and paste it into a note or text file — we're going to need it in a few minutes for the last part of the lab.

  4. Click Modify at the top.

  5. In the Network & Security section, delete the default security group listed.

  6. Choose our DatabaseSG from the Security group dropdown.

  7. Click Continue.

  8. Select Apply Immediately, and then Modify DB Instance.

Create an Application Load Balancer

  1. Navigate to EC2, and then click Load Balancers in the left-hand menu.
  2. Click Create Load Balancer.
  3. In the Application Load Balancer box, click Create.
  4. Use the following configuration settings:
    • Under Basic Configuration, give it a Name of "ALB1".
    • Under Availability Zones, select the default SysOpsVPC and check both availability zones.
  5. Click Next: Configure Security Settings.
  6. Click Next: Configure Security Groups.
  7. Un-check the default security group, and select LoadBalancerSG.
  8. Click Next: Configure Routing.
  9. In the Target group section, give it a Name of "TG1".
  10. In the Health checks section, enter a Path of "/readme.html".
  11. Click Next: Register Targets.
  12. Click Next: Review, and then Create.

Modify Auto Scaling Group

  1. Click Auto Scaling Groups in the left-hand menu.
  2. Select WebServerASG.
  3. In the Details section below, click Edit.
  4. Click into Target Groups box, and select TG1.
  5. Click Save.

Browse Web Application

  1. Navigate to Load Balancers.
  2. Copy the DNS name, and paste it into a new browser tab.
  3. Click Let's go!, and configure WordPress:
    • Database Name: wordpressdb
    • Username: wpuser
    • Password: Password1
    • Database Host: Enter the RDS endpoint name
    • Table prefix: wp_
  4. Click Submit, and Run the installation.
  5. Click Log in, but then navigate back to the Load Balancer DNS name.

Conclusion

Congratulations on completing this hands-on lab!