DAY 4 & 5: ADVANCED EC2 DEPLOYMENT PATTERNS & ENTERPRISE STRATEGIES

Objective: Create a fault-tolerant web application across multiple Availability Zones

Step 1: Create Launch Template

1.1 Navigate to EC2 Console

• Go to AWS Management Console
• Search for EC2 and click on it
• In the left sidebar, click Launch Templates

1.2 Create New Launch Template

Click Create launch template

Fill in the following details:

Launch template name and description

• Launch template name: production-web
• Template version description: Production web servers
• Auto Scaling guidance: Check Provide guidance to help me set up a template for use with EC2 Auto Scaling

Application and OS Images (Amazon Machine Image)

• AMI: Choose Amazon Linux 2 AMI (ami-0c02fb55956c7d316 or latest)
• Click Select

Instance type

• Instance type: t3.medium

Key pair (login)

• Key pair name: cloudreality-KP

Network settings

Security groups: Select existing or create new:

• Security group name: web-sg
• Description: Allow SSH and HTTP
• Inbound rules:
  • SSH (port 22) — Your IP
  • HTTP (port 80) — 0.0.0.0/0

1.3 Configure Advanced Details

Scroll to Advanced details → User data and paste:

#!/bin/bash

# Update system and install Apache
yum update -y
yum install -y httpd

# Enable and start Apache
systemctl enable httpd
systemctl start httpd

# Create web page
cat <<EOF > /var/www/html/index.html
<h1>Hello from CloudReality Auto Scaling Group</h1>
<p>Instance ID: $(curl -s http://169.254.169.254/latest/meta-data/instance-id)</p>
<p>Availability Zone: $(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone)</p>
EOF

1.4 Create Launch Template

• Click "Create launch template"
• You'll see success message: "Launch template production-web was successfully created"

---

Step 2: Create Auto Scaling Group

2.1 Navigate to Auto Scaling Groups

• In EC2 left sidebar, click "Auto Scaling Groups"
• Click "Create Auto Scaling group" button

2.2 Choose Launch Template

• Auto Scaling group name: production-web-asg
• Launch template: Select production-web from dropdown
• Click "Next"

2.3 Configure Instance Launch Options

Choose instance launch options:

• Purchase options and instance types: Keep default (On-demand)
• Network: Select your VPC
• Subnets: CRITICAL - Select AT LEAST 2 DIFFERENT SUBNETS in different Availability Zones
  • Example: subnet-12345678 (us-east-1a)
  • Example: subnet-87654321 (us-east-1b)

Click "Next"

2.4 Configure Advanced Options

Load balancing:

• Attach to an existing load balancer: ☐ No load balancer (we'll add later)

![Configure Advanced Options

](...)

Health checks:

• ☑ EC2 (default)
• ☑ ELB (check this for application-level health checks)
• Health check grace period: 300 seconds

Additional settings:

• Monitoring: ☑ Enable CloudWatch detailed monitoring

Click "Next"

2.5 Configure Group Size and Scaling

Group size:

• Desired capacity: 3
• Minimum capacity: 2
• Maximum capacity: 10

Scaling policies:

• Select "Target tracking scaling policy"
• Metric type: Average CPU utilization
• Target value: 50 (percent)

Click "Next"

2.6 Add Tags

• Click "Add tag"
• Key: Name
• Value: production-web
• ☑ Tag instances (this tags all instances created by ASG)

Click "Next"

2.7 Review and Create

• Review all settings
• Click "Create Auto Scaling group"

---

Step 3: Verify Auto Scaling Group

3.1 Check Auto Scaling Group Status

• Go to Auto Scaling Groups in EC2 console
• Click on your new ASG: production-web-asg
• Check "Instance management" tab
• You should see 3 instances launching with status "Pending" → "InService"

3.2 Monitor Instance Launch

• Go to Instances in EC2 console
• You should see 3 new instances with names production-web
• Wait for all instances to show "3/3 checks passed"

---

Step 4: Test the Setup

4.1 Test Web Server

For each instance:

1. Copy the Public IP address
2. Open web browser and go to: http://<PUBLIC_IP>
3. You should see: "Hello from Auto Scaling Group" with instance details

4.2 Test Instance Replacement

1. In Instances console, select one instance
2. Click "Instance state" → "Terminate instance"
3. Confirm termination
4. Watch Auto Scaling Group:
   • ASG will detect missing instance
   • New instance will automatically launch
   • Wait 2-3 minutes for new instance to be ready

4.3 Test Manual Scaling

1. Go to Auto Scaling Groups → Select your ASG
2. Click "Edit" (top right)
3. Change "Desired capacity" to 5
4. Click "Update"
5. Watch 2 new instances launch automatically

---

Step 5: Configure CloudWatch Alarms

5.1 Create CPU Utilization Alarm

• Go to CloudWatch console
• Click "Alarms" → "All alarms" → "Create alarm"
• Click "Select metric"
• Choose "EC2" → "Per-Instance Metrics"
• Select "CPUUtilization" for your instances
• Click "Select metric"

Configure conditions:

• Threshold type: Static
• Whenever CPUUtilization is...: Greater > 70
• Additional configuration:
  • Datapoints to alarm: 2 out of 2
  • Missing data treatment: Treat missing data as missing

Configure actions:

• Alarm state trigger: In alarm
• Select an SNS topic: Create new topic
• Name: asg-high-cpu-alert
• Email endpoints: Enter your email

Click "Create alarm"

5.2 Create Scale-Out Policy (Optional)

• Go back to your Auto Scaling Group
• Click "Automatic scaling" tab
• Click "Create dynamic scaling policy"
• Policy type: Step scaling
• Alarm: Select the CPU alarm you created
• Take the action: Add 2 capacity units when alarm triggers

---

Step 6: Monitoring and Validation

6.1 Check Auto Scaling Activities

• In your ASG, go to "Activity" tab
• You should see history of all scaling activities

6.2 Verify Multi-AZ Distribution

• In "Instance management" tab
• Check that instances are distributed across different Availability Zones

6.3 Test Application

• Access each instance via public IP
• Verify all instances serve the web page correctly
• Note different instance IDs and AZs shown on each page

---

Success Checklist

• [ ] Launch template created successfully
• [ ] Auto Scaling Group created with 3 instances
• [ ] Instances distributed across multiple AZs
• [ ] Web servers responding on port 80
• [ ] Instance auto-replacement working
• [ ] Manual scaling working
• [ ] CloudWatch alarms configured
• [ ] All instances healthy in ASG

Troubleshooting Tips

• Instances not launching: Check security group inbound rules
• Health checks failing: Increase health check grace period
• Web server not responding: Check User Data script for errors
• No public IP: Ensure subnets have auto-assign public IP enabled

Your production-grade Auto Scaling Group is now ready! 🚀

Step 1: Delete the Auto Scaling Group (ASG)

1. Go to the EC2 console → Auto Scaling Groups.
2. Select your ASG (production-web-asg).
3. Click Delete.
4. When prompted, choose “Yes, terminate all instances” so that all EC2 instances managed by this ASG are stopped and deleted.
5. Wait until the ASG status disappears from the console.

⚠️ Important: Deleting the ASG will not delete your Launch Template or Security Groups. That’s next.

---

Step 2: Terminate any leftover EC2 instances

1. Go to EC2 → Instances.
2. Look for any instances with the name production-web or related.
3. Select them → Instance state → Terminate instance.
4. Wait until they show terminated.

---

Step 3: Delete the Launch Template

1. Go to EC2 → Launch Templates.
2. Select the launch template: production-web.
3. Click Actions → Delete template.
4. Confirm deletion.

---

Step 4: Delete Security Groups

1. Go to EC2 → Security Groups.
2. Find the security group you created (web-sg) or any related to this app.
3. Select it → Actions → Delete security group.
4. Confirm deletion. > ⚠️ You cannot delete a security group if it’s still attached to a running instance or ENI. Make sure all instances are terminated. --- ## Step 5: Delete Load Balancers (if created)
5. Go to EC2 → Load Balancers (or Elastic Load Balancing).
6. Find any load balancers you attached to the ASG.
7. Select it → Actions → Delete.
8. Confirm deletion.

---

Step 6: Delete CloudWatch Alarms

1. Go to CloudWatch → Alarms → All alarms.
2. Look for alarms you created, e.g., asg-high-cpu-alert.

3. Select → Actions → Delete.

Step 7: Delete SNS Topics (if any)

1. Go to SNS → Topics.
2. Find any topic you created (like asg-high-cpu-alert).

3. Select → Delete topic.

Step 8: Clean up Key Pairs (optional)

1. Go to EC2 → Key Pairs.

2. Select cloudreality-KP (or any you used for this app) → Delete key pair.

✅ After completing these steps, your AWS account will be completely clean of this multi-AZ setup.

DAY 4 — ADVANCED EC2 DEPLOYMENT PATTERNS & ENTERPRISE STRATEGIES

Overview

Master production-grade EC2 architectures, automation, and enterprise best practices for real-world deployments.

---

Hands-On Lab: Production Auto Scaling Group

Objective: Deploy a fault-tolerant web application across multiple Availability Zones.

Create Launch Template

# Create Launch Template
aws ec2 create-launch-template \
  --launch-template-name production-web \
  --version-description "Production web servers" \
  --launch-template-data '{
    "ImageId": "ami-0c02fb55956c7d316",
    "InstanceType": "t3.medium",
    "KeyName": "cloudreality-KP",
    "SecurityGroupIds": ["sg-1234567890abcdef0"],
    "UserData": "IyEvYmluL2Jhc2gKc3VkbyB5dW0gdXBkYXRlIC15CnN1ZG8geXVtIGluc3RhbGwgLXkgaHR0cGQKc3VkbyBzeXN0ZW1jdGwgc3RhcnQgaHR0cGQKZWNobyAiPGgxPkhlbGxvIGZyb20gQXV0byBTY2FsaW5nIEdyb3VwPC9oMT4iIHwgc3VkbyB0ZWUgL3Zhci93d3cvaHRtbC9pbmRleC5odG1s"
  }'

Create Auto Scaling Group

# Create Auto Scaling Group
aws autoscaling create-auto-scaling-group \
  --auto-scaling-group-name production-web-asg \
  --launch-template LaunchTemplateName=production-web,Version='$Latest' \
  --min-size 2 \
  --max-size 10 \
  --desired-capacity 3 \
  --vpc-zone-identifier "subnet-12345678,subnet-87654321" \
  --health-check-type ELB \
  --health-check-grace-period 300 \
  --tags "Key=Name,Value=production-web,PropagateAtLaunch=true"

Practice Tasks

• Test instance replacement by terminating one instance
• Scale the ASG manually and observe new instances
• Configure CloudWatch alarms for auto-scaling # How to Delete Your Multi-AZ Fault-Tolerant Web Application Setup in AWS

📘 AWS Docs:

• Auto Scaling Groups
• Launch Templates

Certification Focus

• Exam Topic: High Availability, Auto Scaling, Load Balancing
• AWS Certs: Solutions Architect Professional, DevOps Engineer Professional

Questions

• What's the difference between launch configurations and launch templates?
• How do you ensure zero-downtime deployments with Auto Scaling Groups?
• What metrics are most important for scaling decisions?

💡 Problem & Solution

Problem	Cause	Fix
ASG instances failing health checks	Application startup too slow	Increase health check grace period
Scaling too aggressively	Wrong CloudWatch alarm thresholds	Adjust scaling policies and cooldown periods
Instances unevenly distributed	Imbalanced subnet configuration	Use multiple AZs and balanced subnets

Certification Questions

Expert Level (Solutions Architect Professional)

Q1: Design a multi-region active-active architecture with 99.99% availability

A: Use Global Accelerator, Route53 latency routing, cross-region read replicas, and automated failover

Q2: How do you implement blue-green deployments for EC2 with zero downtime?

A: Use Elastic Load Balancer with target groups, Auto Scaling groups, and weighted routing

Q3: Design cost-optimized architecture handling 10x traffic spikes

A: Spot Fleets (70%) + On-Demand (20%) + Reserved (10%) with predictive scaling

Enterprise Interview Scenarios

Architecture Design Questions

1. "Design an EC2 architecture for a financial trading platform requiring <1ms latency"
2. "How would you secure EC2 instances handling PCI-DSS compliant data?"
3. "Design a migration strategy for 500 on-premises servers to EC2"

Troubleshooting Scenarios

1. "Users report intermittent 503 errors - walk through your investigation process"
2. "Database performance degraded 50% after migration to EC2 - diagnose and fix"
3. "Auto Scaling group constantly cycling instances - root cause analysis"

Real-World Scenarios

Scenario 1: E-Commerce Platform Migration

Problem: Black Friday traffic spikes causing downtime

Solution: Implemented predictive scaling with CloudWatch metrics and Spot Fleets for cost optimization

Scenario 2: Microservices Container Platform

Problem: Container instances failing health checks

Solution: Implemented custom health checks, instance replacement policies, and proper drain configurations

---

🗓️ DAY 5 — ENTERPRISE SECURITY & COST OPTIMIZATION

Overview

Implement enterprise-grade security, compliance, and cost optimization strategies for production workloads.

Hands-On Lab: Security Hardening & Cost Management

Objective: Implement security best practices and cost optimization techniques.

Enforce IMDSv2 and disable IMDSv1

# Enforce IMDSv2 and disable IMDSv1
aws ec2 modify-instance-metadata-options \
  --instance-id i-1234567890abcdef0 \
  --http-tokens required \
  --http-endpoint enabled

Create cost allocation tags

bash

# Create cost allocation tags
aws ec2 create-tags \
  --resources i-1234567890abcdef0 \
  --tags Key=CostCenter,Value=Engineering Key=Project,Value=WebApp

Set up budget alerts

# Set up budget alerts
aws budgets create-budget \
  --account-id 123456789012 \
  --budget file://budget.json \
  --notifications-with-subscribers file://notifications.json