DEV Community

Hermann ESSOH
Hermann ESSOH

Posted on

16 1

Host a static website on AWS: A detailed step-by-step guide

Table of content


Introduction

To complete our project, we'll create a custom VPC for more security using the following reference architecture.
VPC Reference architecture

In this type of architecture, we've 3-tiers:

  • First Tier: We'll have the public subnet which holds resources such as NAT Gateway, Load Balancer, and Bastion Host
  • On the second tier, we'll have the private subnet which holds resources such as the webservers
  • And, on the third tier, we'll have another private subnet where we'll store the database. We'll duplicate the subnets across multiple (02) availability zones for High availability and Fault tolerance We'll also create an Internet Gateway (IGW) and custom Route Table to allow the resources in our public subnets to access the internet.

Project architecture overview:
Architecture overview


Prerequisites

  • Good knowledge of the AWS Management Console
  • Good knowledge of AWS services such as VPC, EC2
  • Basic knowledge of Amazon Route 53 and CloudWatch

VPC Creation

VPC's name tag: Hermann VPC
VPC IPv4 CIDR: 12.0.0.0/16
Note: I deliberately chose to use the information above for this lab. You can customize it as well.

💡💡 To create a custom VPC, log in to the AWS management console. Once you're logged in, the first thing you have to do is select the region where you want to create your VPC.
To do that, first, click on the dropdown located at the top right of your screen between the gear wheel and your IAM username.
Setting the region for VPC Creation

Then, select on the list, the appropriate region that will best suit your needs. It's advised to select the closest region to your customers to reduce latency. So, in my case, I select US EAST 1 (N. Virginia)
Selecting the best region

Once the region is set, let's create our custom VPC by getting to the VPC dashboard. Type VPC in the search bar and click on VPC in the search results.
Accessing VPC dashboard

In the VPC dashboard, click on Your VPCs, then hit the Create VPC button.
Creating Custom VPC

Fill in the blank spaces with the required information and click on Create VPC when you're done.
VPC Information settings

VPC creation


DNS Hostname Setting in VPC

⚠️⚠️ Before showing you how to enable the DNS Hostname in our newly created VPC, it's important to know why we're doing that. So, enabling the DNS hostname for the resources in our VPC simplifies the process of managing and connecting to those resources because it's easier to use a memorable hostname to design a resource in our network instead of an IP address.
To enable the DNS hostname in our custom VPC, click on the concerned VPC ID then click actions and select Edit VPC Settings
VPC ID

Edit vpc settings

Scroll down to DNS settings, tick the checkbox next to Enable DNS hostname, and click Save to apply changes.
DNS Hostname enabled


Internet Gateway Creation

Still, in the VPC dashboard under VPC, click on Internet Gateway, hit the Create Internet Gateway button, then enter the name tag of your IGW and click on Create IGW.
IGW creation
IGW creation

Once the IGW is created, we'll want to attach it to our custom vpc. Otherwise, the resources within our vpc won't have access to the internet. To do so, we click directly on attach vpc in the green notification bar or click on the action button and then, select "attach VPC".
Attach IGW to VPC

Select the vpc and click on attach Internet gateway.
Attach an IGW to a custom VPC


Subnets Creation

Availability Zone (AZ) 1a

  • Public Subnet AZ1a - IPv4 CIDR block : 12.0.1.0/24
  • Private App Subnet AZa - IPv4 CIDR block : 12.0.2.0/24
  • Private Data Subnet AZa - IPv4 CIDR block : 12.0.3.0/24

Availability Zone (AZ) 1b

  • Public Subnet AZb - IPv4 CIDR block : 12.0.4.0/24
  • Private App Subnet AZb - IPv4 CIDR block : 12.0.5.0/24
  • Private Data Subnet AZb - IPv4 CIDR block : 12.0.6.0/24

Note: These are just random CIDR Blocks I've created for this project. So, you can choose to use them or create yours. Also, the AZs can be modified but if for instance, you chose AZ 1c as your first AZ, stick to it and create all the subnets that should be created within the first AZ in AZ 1c.

Under Vpc, click subnet and click on create subnet
Subnet creation

Select the vpc in which we're creating the subnets and enter the name of the subnet
Subnet creation

Select the Availability zone, enter the IPv4 CIDR block of the subnet, and click on Create Subnet.
You repeat the process to create other subnets
đź’ˇTips: Before clicking on Create subnet, you can click "add new subnet" five more times and specify the details of each subnet to create all six subnets at once. In this case, be meticulous while entering each subnet's information.
Subnet creation

Once all subnets are created you'll have something similar on your screen when you filter in the search by vpc.
Subnet creation


Auto assign IP in public subnets

Enabling auto-assign IP allows AWS to automatically assign a public IPv4 address to every resource we launch in those subnets. To do so,

Select the Public Subnet AZb then click on actions and select Edit Subnet settings.
Auto-assign IP in public subnet AZb

Tick the checkbox to enable auto-assign IP and click save to validate the configuration. Repeat these two steps for the second public subnet.
Auto-assign IP in public subnet AZb


Route Table Creation for Public subnets

Naming a subnet "public" subnet doesn't make it public; it's just for reference for our eyes and the same thing goes for Private subnets. For a subnet to be public, we'll have to create a route table that has a route to the internet and whatever subnet we'll associate this route table with, it will be public (accessible from the Internet). let's do it then.

In the VPC dashboard, select Route Tables and click Create route table
Image description

Name the route table, select the VPC in which we are creating it, and click Create route Table
Image description

Now that it has been created, we need to add a route to the Internet so that every subnet associated with it will be public or in other words, accessible from the Internet. Follow the steps on the first screenshot then click "Add Route"
Image description

Select or enter the destination as 0.0.0.0/0 to allow the RT to route traffic to the Internet, then under the target section, select Internet Gateway and pick up the IGW we created earlier. Through this configuration, we're saying that we want our traffic to have access to the Internet through the IGW
Image description

Let's make our subnets public by associating them with the RT
Image description

Image description

Now we've successfully made our Public subnets AZ1a and AZb accessible from the Internet.

Note⛔️: AWS automatically creates a route table in your VPC when you create it. This route table is the main route table and by default, it is private because when you look under routes, you can see that it doesn’t route traffic through the internet. It only has a local route.
So, anytime you create a subnet and you do not explicitly associate it with a route table, AWS automatically associates it with the main route table, making the subnet private.


NAT Gateway Creation

Noteđź’ˇ: The NAT Gateway allows resources in the private subnet in a VPC to have access to the Internet while blocking users from the Internet to access the resources. It acts like a shield that protects our resources from any threat on the Internet so that's why it's important to consider using it when it comes to privacy and resource protection.

According to our reference architecture, we should create two NAT Gateways in two different AZs. That's best practice when you’re building a VPC in a production environment at work. In this case, it’s better to create a NAT Gateway in each AZ in your VPC for high availability and fault tolerance. But Since the use of NAT Gateways is costly (I'm under the free tier), we're going to create just one for both availability zones to avoid expenses.

Access the VPC dashboard, click NAT Gateways, and then click Create NAT Gateway. Fill in the blanks with the appropriate information, select the public subnet in which you're creating the NAT Gateway, and allocate the elastic IP if there is none.
NAT Gateway creation

AWS will automatically assign one after clicking on Allocate Elastic IP. Finally, click on Create NAT Gateway
NAT Gateway creation

Great! you've successfully created your NAT Gateway. Now, wait some minutes and refresh the page to check the state of the newly created NAT Gateway. When the state changes to available, move to the next part of this guide.


Route Table Creation for Private subnets

As we previously did, access the VPC dashboard and select Route Tables. Next, click on Create Route table, give it a name, and select the custom VPC.
Route Table Creation for Private subnets

Let's add a route to allow the resources within the private subnets to access the Internet. Tick the checkbox before the private RT, then click the Route section and select edit routes
Route Table Creation for Private subnets

Click add route and select 0.0.0.0/0 as the destination. It implies that we want all traffic to reach anywhere. And, select NAT Gateway as Target and pick up the previously created NAT Gateway. This means we want our traffic to leave our network (VPC) to the Internet through the NAT Gateway. When all is done, save the changes to validate the action of creating the NAT Gateway.
Route Table Creation for Private subnets

Route Table Creation for Private subnets

Edit subnets association to link our four private subnets with this private route table.
Tick the checkbox before Private RT then click Actions and select edit subnets associations. Next, select all your private subnets and click Save associations
Subnet association with private RT

Subnet association with private RT


Security Groups Creation

Security groups are firewalls we use to regulate network traffic in our VPC. For this lab, we'll create 3 security groups:

  • The ALB security group: Will be added to the Application Load Balancer and allow traffic on port 80 (HTTP) and port 443 (HTTPS) from anywhere on the internet.
  • The EICE security group: We'll attach it to the EICE, open port 22 (SSH) on the outbound traffic, and limit the source to our VPC CIDR block or IPV4 address.
  • The App server security group: We'll add it to the EC2 instance and allow traffic on ports 80 (HTTP) and 443 (HTTPS) only when traffic comes from the ALB. We'll also allow traffic on port 22 only from our EC2 instance connect endpoint (EICE).

Access the VPC dashboard and scroll down to the security section. Click Security Groups then click Create Security Group and fill in the blank the SG information. Next, select the VPC and finally add the rules we specified earlier.
Security groups creation

  • Let's start with the Application Load balancer Security Group: Fill in the name and description, select the appropriate VPC, and click add rule ALB SG

Add the inbound rules (HTTP & HTTPS) we specified earlier to allow traffic from the internet and one outbound rule to give access to our resources to access the internet. Once it's done, click Create Security Group
ALB SG
ALB SG

  • EICE security group Still, in the security group dashboard, click Create Security Group and fill in the blank the information related to the EICE SG then choose the VPC EICE security group

Next, specify the SSH rules for this SG to allow only resources within our network to SSH into the instance. We only allowed resources within our VPC to SSH into the web server by limiting the destination to the VPC IPV4 address. Click Create Security Group next
EICE security group

  • App server security group Access the SG creation dashboard, fill in the required information, and click add rule. EICE security group

Open ports 80 and 443 by allowing incoming traffic through HTTP and HTTPS only from the ALB. Also, open port 22 to allow traffic through SSH only from the EC2 instance connect endpoint (EICE). Allow all outgoing traffic to the internet and click create security group.
App Server SG

To avoid any confusion, verify if all the rules were added. In the security group dashboard, select the App server SG and click the inbound rules section to check all the added rules.
App server security group


EC2 Instance Connect Endpoint Creation

The EC2 Instance Connect Endpoint (EICE) allows you to connect to any resource in your VPC's public or private subnet without managing SSH keys.

We don't need a key pair if we intend to use an EC2 Instance Connect Endpoint to SSH into our EC2 instance.

Within the VPC dashboard, click endpoints and create an endpoint.
EICE Creation

Fill in the endpoint's name, select the service category as EC2 Instance connect endpoint, and scroll down.
EICE Creation

Choose the custom vpc and select any private subnet in which you'll be creating the endpoint. Do not forget to pick the EICE Security group we created earlier then click Create endpoint.
EICE Creation

  • EC2 Instance Connect Endpoint Testing We'll launch an EC2 instance in a private subnet in our VPC. The purpose of this EC2 instance is to test whether we can connect to it using an EC2 instance connect endpoint. In the console search bar, type EC2 and access its dashboard. Click instances then launch instance. EICE testing

Enter the instance's name, select its AMI, choose the instance type, and specify you'll proceed without a keypair since you'll be connecting using an EICE then click edit next to network settings.
EICE testing
EICE testing

Select your custom VPC, choose any private subnet, and select the dropdown to disable auto-assign public IP (our instance is being created in the private subnet, consequently, it doesn't have to get a public IP). Pickup Select existing security group as we've created all of the SGs earlier and choose the App server security group
When it's done, review all the settings and click Launch instance
Image description

Once we've launched the instance, we'll give it some time to pass the status check then we get to SSH into it. We can SSH either using the management console or the AWS CLI.

Let us connect using the management console
Still, in the EC2 dashboard, select the EC2 instance then click connect.
EICE Testing

Select EC2 Instance connect, choose the connection type as connect using EICE, and pick up the only endpoint we created earlier. Once it's done, click Connect
EICE Testing
EICE Testing

And therein goes, we've successfully connected to the instance
EICE Testing

Let's run this command to verify if the instance has access to the internet to download the packages sudo yum update -y
The outcome shows the instance has access to the internet
EICE Testing

Let's SSH using the AWS CLI
Open Powershell if you're using Windows or the terminal on macOS. verify that AWS CLI is installed by typing the command aws --version and pressing enter on the keyboard. If you have the same outcome as on my screenshot you're good to go.
Next, enter the command above to ssh into the instance and hit enter:
aws ec2-instance-connect ssh --instance-id paste instance ID
You'll find the instance ID under the instance's details section above the Instance summary. Answer Yes to the question and there it goes, you've successfully SSH into the instance.
You can verify the instance's accessibility to the internet by typing the command sudo yum install httpd -y to install the Apache server.
EICE Testing

The instance accessed the internet and successfully installed Apache.
EICE Testing

All these tests allowed us to conclude the EICE works correctly. Now, follow the steps on the screenshots to terminate the instance since it was just for testing purposes
EICE Testing - Terminate instance
EICE Testing - Terminate instance


Application Load balancer Creation

We create an Application Load balancer to allow users to access the website we host on our server. But for security reasons, we'll place our instances in private subnets. To enable users from the Internet to access the website, we'll create a target group in which we'll put our servers so that the ALB will route traffic to them.

  • Target Group Creation: Within the EC2 dashboard, scroll down to Load balancing and select Target groups. Click Create Target Group and fill in the information as in the screenshots below. Target Group Creation Target Group Creation

Enter the target group name, choose the protocol port as HTTP and the protocol type as IPv4. Select the custom VPC and protocol version then click next
Target Group Creation
Target Group Creation

Leave all the other settings as default then click Create Target Group

  • Launch EC2 Instance: Under the EC2 dashboard, click instances then Launch instance Launch EC2 Instance

Fill in the blank space with the appropriate information, select the AMI and instance type, click the dropdown next to the keypair section select proceed without a keypair then click edit to customize the network settings
Launch EC2 Instance
Launch EC2 Instance

Choose the VPC we created earlier, select any private subnet, and disable auto-assign public IP since the instance is being created in the private subnet. Under firewall, choose to select existing security group and pick up the app server SG. Review all the settings and click Launch Instance
Launch EC2 Instance

  • Add the EC2 Instance to the Target Group: On the EC2 dashboard, scroll. down to Load balancing and select Target Group, then click on the dev target group we previously created Add the EC2 Instance to the Target Group

Access the targets section and click register targets
Add the EC2 Instance to the Target Group

Under available instances, select the web server AZa we just created and click include as pending below
Image description

Scroll down, check if the selected instance appears under review targets then click register pending targets to add the instance successfully to the target group
Image description

  • ALB Creation: Within the EC2 dashboard, click Load Balancer and hit the Create Load Balancer button at the top right of the screen Application Load Balancer Creation

Click Create under Application Load Balancer and enter the custom information in the following step.
Application Load Balancer Creation

Enter the name of the ALB. Under scheme choose internet facing and under Load Balancer IP address type, choose IPv4
Application Load Balancer Creation

Scroll down to Network mapping section and apply the modifications below. Click on the dropdown under VPC and select your custom VPC. Since we only have two AZs within our VPC, they'll appear in the mappings section. So, select the first AZ, and pick up the public subnet under subnet subsection. Then, select the second AZ and click on the dropdown under subnet subsection to choose the public subnet in AZ2
Note: ALB only works in the public subnet
Application Load Balancer Creation

Go to the security groups section and click on the X to remove the default security group. Then, select the dropdown menu and select the ALB security group from among all the SGs we created earlier.
Please scroll down to Listeners and Routing and select the default action of the HTTP protocol as the Target group so that the HTTP listener will route traffic to our Dev Target group
Application Load Balancer Creation

When it's done, leave other settings as default and scroll down to the summary section to check if all was set properly. If everything is okay, click Create Application Load Balancer and that was all.
Application Load Balancer Creation
Application Load Balancer Creation


Website installation on the EC2 Instance

#!/bin/bash

# Switch to the root user to gain full administrative privileges
sudo su

# Update all installed packages to their latest versions
yum update -y

# Install Apache HTTP Server
yum install -y httpd

# Change the current working directory to the Apache web root
cd /var/www/html

# Install Git
yum install git -y

# Clone the project GitHub repository to the current directory
git clone https://github.com/Walter-Obrien/Host-a-static-website-on-AWS.git

# Copy all files, including hidden ones, from the cloned repository to the Apache web root
cp -R Host-a-static-website-on-AWS/. /var/www/html/

# Remove the cloned repository directory to clean up unnecessary files
rm -rf Host-a-static-website-on-AWS

# Enable the Apache HTTP Server to start automatically at system boot
systemctl enable httpd 

# Start the Apache HTTP Server to serve web content
systemctl start httpd
Enter fullscreen mode Exit fullscreen mode

⚠️ ⚠️ Remember to update my URL on line 17 of the code (https://github.com/Walter-Obrien/Host-a-static-website-on-AWS.git
) to the URL of your GitHub repository. And, whatever name you give to your GitHub repository (mine is Host-a-static-website-on-AWS), that'll be the same name you'll enter on the two following lines (lines 20 and 23 of the code).
However, you can still use my URL. Since my GitHub repository is public, you can still download the code from it. But if you want to do it from your repository, you should consider updating the values I stated up there.

  1. SSH into the EC2 Instance then run the above commands: Follow the same steps we previously used to SSH into our instance using the EICE. Once you're connected, run the above commands one after another.
    SSH & install Apache
    SSH & install Apache
    SSH & install Apache
    SSH & install Apache

  2. We now need to verify if we can access our website: To do that we have to use the DNS name of our ALB.
    Go to the EC2 dashboard, scroll down to Load Balancing, and select Load Balancers. You'll see your ALB, copy its DNS name, open a new tab in your browser, paste it and press enter.
    verification

And boom 👏🏾👏🏾👏🏾
verification


Domain Name Registration In Route 53

Now that we've installed our website and can access it using the DNS name of our ALB, we'll set up the DNS configuration for our website by registering a domain name in Route 53 that the end-user will use to access our website instead of the DNS name of our ALB.
In addition, we'll request an SSL certificate to ensure that the communication between our website and the end users is secure.

So, to register a domain name, type Route 53 in the search box and select it.
In the Route 53 dashboard, check the availability of the domain name you intend to use
Domain name registration

If available, click select and proceed to checkout
Domain name registration
Domain name registration

Activate or no Auto renew then click next
Domain name registration

Fill in your personal information then turn on privacy protection for all contacts before clicking next
Domain name registration
Domain name registration
Domain name registration

Review the settings, tick the checkbox to agree to the end-user agreement, and click submit. Since I have a registered domain already, I won't submit my request, check out my domain name on the third screenshot
Domain name registration
Domain name registration
Domain name registration

  • Let's create an A record in the Route 53 hosted zone to point our domain name to the ALB: Access the Route 53 dashboard, click on the number displayed under DNS management, and get to the hosted zones. create a record set

Once in hosted zones, click on your domain name, access the record section, and click Create record
create a record set
create a record set

Type in the record name as www, leave the record type set to route traffic to an IPv4 address then toggle the alias on. Under Choose endpoint, select the dropdown and pick A_lias to application and classic load balancer_ then choose the region where you created your ALB. Under choose Load balancer, select the dropdown, and pick up your ALB. When it's all set, click Create record
create a record set

Check the status of the A record by clicking View status. It will be pending, wait until it shows INSYNC under status.
create a record set
create a record set

When the status changes to INSYNC, go back to the hosted zones details and tick the checkbox aside from your domain name. Copy the record name and open a new tab in your web browser
create a record set

Paste the copied record name and press enter. Booom!! we can access our website from our domain name which points to our ALB
create a record set

  • Request an SSL Certificate: If you noticed, we can access our website using our domain name but the communication between the web browser and the website is not secure. So, an SSL Certificate will help us encrypt all communications between both entities to make it more secure

To do that, access the Certificate Manager dashboard by typing it in the search bar. Once. once dashboard, click Request a certificate.
Request an SSL Certificate
Request an SSL Certificate

Select the certificate type as public and click next
Request an SSL Certificate

Fill in the domain name then click add another name to this certificate. Enter your domain name the same way you see I did in the second row.
Choose the validation method as DNS and click Request certificate
Request an SSL Certificate

View the certificate and check its status. It'll be pending validation because we need to create a record set in Route 53 to validate that this domain belongs to us. So, scroll down to domain and click Create Records in Route 53. On the next page, select the two domain names we entered previously (those are the ones we're creating the record set for) and click Create record
Request an SSL Certificate

when it's done refresh the page and the status will be issued.
Request an SSL Certificate

  • HTTPS Listener setup for the ALB: Here we'll use the SSL Certificate we registered previously to secure all web communications to our website. Access the EC2 dashboard, scroll down to Load balancing, click load balancers, and select your load balancer. Get to the Listeners and Rules section and click Add listener HTTPS Listener setup for the ALB

Choose HTTPS as protocol, set the routing actions as forward to target groups, and pick up your target group
HTTPS Listener setup for the ALB

Leave the security policy as default, set the certificate source to From ACM, select the certificate created earlier, and click add
HTTPS Listener setup for the ALB

  • HTTP to HTTPS: We have to modify our HTTP listener to redirect traffic from port 80 that's not secure to HTTPS To do that, select the HTTP listener, click the dropdown next to manage listener, and select edit listener. HTTP to HTTPS

Set the routing actions to Redirect to URL, select Full URL, and leave other settings as default before clicking Save Changes.
Image description

We have successfully modified the listener and it is now redirecting its traffic to HTTPS.
HTTP to HTTPS
HTTP to HTTPS

Open a new tab, enter your domain name in the URL bar, and click enter. You'll notice the https protocol which means all communication between the web browser and the website is secure.
HTTP to HTTPS


Auto Scaling Group creation

We'll set an ASG to ensure that our website is always available and fault-tolerant. The ASG will dynamically add and remove instances/web servers as needed. Before going to that, we'll need to terminate the instance (Webserver AZa) we manually created upward to allow our ASG to dynamically create our EC2 instance.
Terminate EC2
Terminate EC2

Here's the script we'll use for the Launch template.

#!/bin/bash

# Switch to the root user to gain full administrative privileges
sudo su

# Update all installed packages to their latest versions
yum update -y

# Install Apache HTTP Server
yum install -y httpd

# Change the current working directory to the Apache web root
cd /var/www/html

# Install Git
yum install git -y

# Clone the project GitHub repository to the current directory
git clone https://github.com/Walter-Obrien/Host-a-static-website-on-AWS.git

# Copy all files, including hidden ones, from the cloned repository to the Apache web root
cp -R Host-a-static-website-on-AWS/. /var/www/html/

# Remove the cloned repository directory to clean up unnecessary files
rm -rf Host-a-static-website-on-AWS

# Enable the Apache HTTP Server to start automatically at system boot
systemctl enable httpd 

# Start the Apache HTTP Server to serve web content
systemctl start httpd

Enter fullscreen mode Exit fullscreen mode

It's the same script we previously used just that we added #!/bin/bash at the beginning to tell the interpreter to use bash to execute all the following commands.

  • Launch Template Creation: Access the EC2 dashboard, scroll down to Instances, and select Launch Templates. Click Create Launch template Launch Template Creation

Give it a name and description, then tick the checkbox under Auto Scaling Guidance since we'll use this template with EC2 Autoscaling
Launch Template Creation

Pick up the AMI, specify the instance type, and set the keypair as shown on the screenshot.
Launch Template Creation
Launch Template Creation

Under the network settings, select an existing security group and pick up the App server security group. Scroll down to advanced settings
Launch Template Creation

Copy the script I provided upward and paste it into the user data field. Review all settings on the right side of the screen then click Create Launch template
Launch Template Creation
Launch Template Creation

  • ASG Creation: In the EC2 dashboard, scroll down to Auto Scaling and select Auto Scaling Group. Then click Create Auto Scaling Group. ASG Creation

Enter the ASG name and choose the launch Template. Select the custom VPC we created earlier and choose both private App subnets
ASG Creation
ASG Creation

Under Load balancing, select attach to an existing load balancer, then select choose from your load balancer target group. Pick up the Dev-TG. Under health check, turn on elastic load balancing health checks. Also, enable group metrics collection within Cloudwatch under additional settings then click next
ASG Creation
ASG Creation
ASG Creation

Set the desired capacity on 2, then specify minimum & maximum desired capacity under scaling limits as shown on the screenshots.
ASG Creation

Choose to use a target tracking policy then specify the scaling policy name, metric type, target value and instance warmup
ASG Creation

Under instance maintenance policy, select no policy and click next
ASG Creation

Add a notification topic to create alerts on SNS. Specify the name of the topic and the email address that'll receive the notifications. Don't forget to click next when you're done.
ASG Creation

Under the Tags section, specify the value, then click Next, and review all the settings before validating the ASG creation
ASG Creation
ASG Creation
ASG Creation

We've successfully created the ASG and the desired capacity is 2. That means that if we go into the EC2 instance console, we'll see two instances there that are being launched.
ASG Creation
ASG Creation

⚠️ Note: When our ASG creates these instances, it will add them to the Target group so that the Application Load Balancer can route traffic to them. So let's verify that the instances are in the Target Group and that the Target Group is healthy.

Scroll down to Load Balancing, select target group, and click on the Dev-TG
ASG Creation

Get down to the Targets section and check the health status
ASG Creation

After verifying this, let's double-check if we can access our website. Open a new tab in your browser and enter the domain name we created earlier. We can notice that the website is fully encrypted and that the server that the website is installed on, is the server we created by the ASG
ASG Creation


Accept the SNS Subscription

To confirm the SNS topic we created in the previous step, access the email address you used to subscribe to the SNS topic. Once you're in, select the email from AWS notifications and click on confirm subscription included in the email
Accept the SNS Subscription
Accept the SNS Subscription
Accept the SNS Subscription

Now let's access the SNS service within the AWS management console to check if the status is confirmed. Once the SNS status is confirmed, it means that AWS will notify you of your ASG activities.
Accept the SNS Subscription
Accept the SNS Subscription


Cleanup the resources

  1. Auto Scaling group cleanup
    Auto Scaling group cleanup
    Auto Scaling group cleanup

  2. Launch Template deletion
    Launch Template deletion
    Launch Template deletion
    Launch Template deletion

  3. SNS topic deletion
    SNS topic deletion
    SNS topic deletion

  4. Application Load Balancer deletion
    Application Load Balancer deletion
    Application Load Balancer deletion

  5. Target Group deletion
    Target Group deletion
    Target Group deletion

  6. EC2 Instance connect Endpoint deletion
    Endpoints deletion
    Endpoints deletion
    Endpoints deletion

  7. NAT Gateway deletion
    NAT Gateway deletion
    NAT Gateway deletion
    NAT Gateway deletion

  8. Release Elastic IP address
    Release Elastic IP address
    Release Elastic IP address
    Release Elastic IP address

  9. Security Group deletion
    Security Group deletion
    Security Group deletion
    Security Group deletion
    Security Group deletion

  10. VPC deletion
    VPC deletion
    VPC deletion

We've successfully deleted all the resources we used to complete this project. Thanks for following throughout and I hope I helped you improve your skills today bye ✌🏽

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (5)

Collapse
 
denys_bochko profile image
Denys Bochko •

For a static website why not to use S3 bucket with cloudfront for distribution? much simpler setup. S3 will have your static files and cloud front will serve them to clients. CloudFront can be setup to use SSL and you can restrict S3 to only be accessible from the cloud front. CloudFront will handle scallability.

Collapse
 
hermann_essoh profile image
Hermann ESSOH •

Thanks for your comment. I'll consider that next time.

Collapse
 
leob profile image
leob •

Seconding that - just an S3 bucket and CloudFront, problem solved ... the "solution" provided in this article is for huge masochists ;-)

Collapse
 
leob profile image
leob • • Edited

Why on earth would you want to do all this, just for a static website ... ? Do we really need a VPC and a NAT gateway for this? I don't think so ... bear in mind that a NAT gateway incurs extra costs right away (I think it starts with $20, even if without any traffic) ...

And none of this stuff being automated (with CDK or whatever) - this is just for masochists ... way, way, way too complicated !

P.S. see comment below by Denys - just an S3 bucket and CloudFront should do it - no idea why you'd want a VPC and NAT Gateway ... I hope there aren't people who take this article as the gospel and start doing all this, because this seems pretty insane ...

Collapse
 
dbanksdesign profile image
Danny is staying the fuck home •

You could also use AWS Amplify for hosting

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

đź‘‹ Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay