For this project we’ll be using this network diagram. Here VPC has public subnets and private subnets in two Availability Zones. Each public subnet contains a NAT gateway and a load balancer node. The servers run in the private subnets, are launched and terminated by using an Auto Scaling group, and receive traffic from the load balancer. The servers can connect to the internet by using the NAT gateway. The servers can connect to Amazon S3 by using a gateway VPC endpoint.
1. Create VPC
For this we’ll start by creating VPC
In create vpc option select VPC and more
Here server’s (present in private subnet) ip address, when it will access the internet, will be replaced by NAT gateway’s public IP address (elastic ip address/static ip address
For this project I am not going to use S3-bucket for my private subnet, thus removing it.
For this project, default 65536ips are not desired so I’ll lessen them to about 256ips making this IPv4 CIDR block to 10.0.0.0/24
Setting NAT gateways= 1 per AZ (as per the VPC diagram)
Since I don’t need s3 for this project I am setting it to NONE
Here the Network diagram also changes after deleting S3.
Once VPC is created. Now we’ll deploy the application using EC2 instances.
2. Create Autoscaling Group
Now create an autoscaling group
Then select all basic configurations and key pair.
My application is going to be deployed and accessed using port 8000, so
Now launch template
Go back to auto scaling group and choose the template that we have just created
Here since we are launching the servers/ EC2 instances in private subnet, so in “AZ AND SUBNET” select both private zones
For this autoscaling group I am not creating any load balancer. We’ll create that in public subnet as per the network diagram
Set all the coming up configurations as per desire and create this autoscaling group
Search EC2 and verify if the resources have been created and check the AZ for it
Now its verified that desired instances have been created
3. Create BASTION-HOST using EC2instance:
Now next step creating LOAD BALANCERS in public subnet, before that deploy application on the SERVERS
As our SERVERS don’t have public ips, we’ll deploy application on them using BASTION. Bastion host is a server whose purpose is to provide access to a private network from an external network
For this purpose, lauch an EC2 instance for BASTION HOST
Use ubuntu as AMI, t2 micro for instance type and key value pair.
Important thing: in network settings allow ssh because with it we’ll ssh into the servers from public subnet
Furthermore click EDIT network settings enable auto ip assign and select the VPC that we created
Now LAUNCH INSTANCE
4. Using Bastion-host to ssh into servers
From my laptop I will ssh in BASTION HOST and from there I’ll ssh into SERVERS/EC2 INSTANCES
I am here using AWS CLI for WINDOWS to upload the KEY FILE to bastion-host where it will use that key to ssh into private subnet
scp -i "C:/Users/Fiza/Downloads/aws-public-private.pem" "C:/Users/Fiza/Downloads/aws-public-private.pem" ubuntu@54.81.165.176:/home/ubuntu
File is successfully uploaded
Now ssh into the ubuntu machine
ssh -i aws-public-private.pem ubuntu@54.81.165.176
And successfully ssh into machine
Now with this I will deploy a simple application in one of the instances that we created in private subnet. For this we will ssh into one of the instances following the same terminal
Step1: get the private ip address of any of instances and ssh it
We often come across this kind of issue
To solve it, use
chmod 600 aws-public-private.pem
And we will get access
Now I will deploy a really simple html page
https://www.w3schools.com/html/html_basic.asp
from here I picked a basic html code and placed it in a file called index.html
Now run the http server
5. Creting Load balancer
Now final step is creating load balancer
Select APPLICATION LOAD BALANCER
Load balancer should be in public subnet and must have access to internet
Both should be using public subnet since load balancer is present in public subnet
Target group specifies which instances should be accessible, so we’ll create a target group
And select create target group
Add this target group in LOAD BALANCER and create it
Once the load balancer is in active state. Copy the DNS and test if its redirecting traffic to our application(in private network)
Here 1 thing to notice is we haven’t allowed our load balancer to receive http traffic. So go to security groups an edit the inbound rules and then save rules
And here you get it
Now if I go to the listeners tab in LOAD BALANCER and follow aws-pulic-priavte DEFAULT ACTION section we’ll come across that with our 2 targets one of them is unhealthy. The reason is we have only deployed application on 1 EC instance and all our traffic is redirected to this healthy instance
Top comments (0)