🚀 Deploying a Highly Available Web Application on AWS using ALB & Auto Scaling (Beginner-Friendly)

👋 Introduction

In this hands-on project, I built a production-ready AWS architecture using core services like VPC, Application Load Balancer, Auto Scaling Group, EC2, and NAT Gateway.

This setup follows AWS best practices:

Secure networking

High availability

Automatic scaling

Zero public access to EC2 instances

This guide is beginner-friendly, yet interview-ready.

🧠 What You Will Learn

✅ How to design a secure AWS VPC
✅ Public vs Private Subnets (real use-case)
✅ Application Load Balancer (ALB)
✅ Auto Scaling Group (ASG)
✅ NAT Gateway for outbound internet
✅ Real-world architecture used in companies

🏗️ Architecture Overview
Internet
|
▼
Application Load Balancer (Public Subnets)
|
▼
Target Group
|
▼
Auto Scaling Group
(EC2 Instances in Private Subnets)
|
▼
NAT Gateway → Internet (Outbound Only)

🔒 EC2 instances have NO public IPs
🌐 Only ALB is exposed to the internet

🛠️ Services Used

Amazon VPC

EC2 (Ubuntu)

Application Load Balancer

Auto Scaling Group

Target Groups

NAT Gateway

Elastic IP

Security Groups

🚦 Step-by-Step Implementation
1️⃣ Create a Custom VPC

CIDR: 10.0.0.0/16

Enable:

DNS Hostnames

DNS Resolution

2️⃣ Create Subnets

Create 4 subnets:

Public Subnets

Public-Subnet-1 (ALB)

Public-Subnet-2 (NAT Gateway)

Private Subnets

Private-Subnet-1 (EC2)

Private-Subnet-2 (EC2)

⚠️ Enable Auto-assign Public IP = YES only for public subnets

3️⃣ Internet Gateway

Create and attach an Internet Gateway to the VPC

Required for ALB and NAT Gateway

4️⃣ NAT Gateway (CRITICAL)

Create NAT Gateway in public subnet

Attach Elastic IP

Allows private EC2 to access internet securely

5️⃣ Route Tables

Public Route Table

0.0.0.0/0 → Internet Gateway

Private Route Table

0.0.0.0/0 → NAT Gateway

Associate correctly with subnets.

6️⃣ Security Groups
🔹 ALB Security Group

HTTP (80) → 0.0.0.0/0

🔹 EC2 Security Group

HTTP (80) → ALB Security Group

SSH (22) → Your IP (optional)

🔐 EC2 is accessible only via ALB

7️⃣ Launch Template (EC2)

AMI: Ubuntu 22.04
Instance Type: t2.micro

🧾 User Data Script

!/bin/bash

apt update -y
apt install apache2 -y
systemctl start apache2
systemctl enable apache2

echo "

Welcome from ALB + Auto Scaling

Hostname: $(hostname)

" > /var/www/html/index.html

8️⃣ Target Group

Target Type: Instance

Protocol: HTTP

Port: 80

Health Check Path: /

9️⃣ Application Load Balancer

Type: Internet-facing

Subnets: Public Subnets

Listener: HTTP 80

Forward to Target Group

🔟 Auto Scaling Group

Use Launch Template

Subnets: Private Subnets

Desired: 2

Min: 1

Max: 3

Attach to ALB Target Group

📈 Optional: CPU-based scaling policy

✅ Final Verification

Copy ALB DNS name

Paste into browser

Refresh multiple times

🎉 You will see different hostnames
This confirms:

Load balancing

Auto scaling

High availability

📂 GitHub Repository

🔗 Project Source Code & Documentation
👉 https://github.com/IrfanPasha05/aws-alb-autoscaling-project

Includes:

Folder structure

User-data scripts

Setup steps

Troubleshooting guide

🎯 Why This Project Matters

This architecture is used in:

Real production environments

Enterprise applications

DevOps & Cloud Engineer roles

Perfect for:

Resume

Interviews

Portfolio

LinkedIn & DEV

🧩 Future Enhancements

HTTPS with ACM

Custom domain (Route 53)

CloudFront CDN

Monitoring with CloudWatch

🙌 Final Thoughts

This project strengthened my understanding of AWS networking, security, and scalability. If you’re learning AWS or preparing for cloud roles — build this once, and you’ll remember it forever.

Happy Clouding ☁️🚀