dev-resources.site
for different kinds of informations.
AWS VPC with Public and Private Subnets & NAT Gateway
This architecture describe what we’re going to implement. This is a most recommended AWS approach to deploy your application securely on ec2 instances. Let’s start.
A Virtual Private Cloud (VPC) in AWS is a private, isolated network within the AWS cloud where you can launch resources like EC2 instances. It allows you to define and control network configurations, including subnets, route tables, and security settings.
Why it's used:
- Isolation: Provides a secure and private environment for resources.
- Customizability: Enables custom IP addressing, subnets, and routing.
- Security: Supports security groups, network ACLs, and VPNs.
- First of all Open the Amazon VPC console and create VPC. To set vpc configuration, please look below images.
- After creating your VPC. Your diagram should exactly look like these.
Now that we've completed the VPC, if you look in architecture so we need to create Auto scaling group. Again open new console and go ec2 instance dashboard where you can find auto scaling group. A auto scaling concept is nothing but scale your ec2 instance.
- Before creating auto scaling group we need to create launch template. A launch template is a resource that contains configuration information for launching an instance.
- Note: Don't forget to create key pair and attach it.
Once you created so auto scaling group able to find it and now select and click next.
When you create an Auto Scaling group, you must specify the necessary information to configure the Amazon EC2 instances, the Availability Zones and VPC subnets for the instances, the desired capacity, and the minimum and maximum capacity limits etc.
- To configure Amazon EC2 instances that are launched by your Auto Scaling group, you can specify a launch template or a launch configuration. The following procedure demonstrates how to create an Auto Scaling group using a launch template.
Here a catch, Let’s say you want 2 ec2 instance but when when holiday arrive so probably your site hitting more traffic so auto scaling group does automate increase ec2 instance as your reequipments and your site won’t down. It’s amazing, isn’t?
Now click next next and next and tada your auto scaling group is created. When you look in ec2 instance so we have 2 instance created automatically, who create obviously *auto scaling group. *
- However, let's create a simple application within an EC2 instance. Wait. how do we login? Because is there no public ipv4. That’s a whole project about.this instance have to be secured. So you have rights to ask me taha how do we login?
The answer is very easy, make another ec2 instance and it’s a mediator between public and private subnet. I’ll ssh the mediator called instance from public subnet and the I’ll ssh the private host to login our main ec2 instance.
- Note: The mediator called ec2 instance create same like other 2 ec2 instance and does forget to change VPC and enable ip address. I'll def login mediator, before other 2 ec2 instance but i need to copy pem file to mediator and then login. so open your terminal and run this command to copy your pem file into mediator so this way to helping us to login other ec2 instance
scp –i "login.pem" "login.pem" [email protected]:/home/ubuntu
- What is Scp? Copy file to host machine into another host machine.
Successfully copy and login in mediator ec2 instance now using "login.pem" file and this mediator we able to login our private ec2 instances.
Hooray!Finally we login in private ec2 instance how beautiful is this. Isn’t it?
- Now create a simple python application so see. First of all make a simple html page. Using vim index.html
- Now Run this command.
This last thing to do is creating a load balancer. Again open a new tab and go ec2 instance dashboard where you can see load balancer.
This below images describe a load balancer configuration.
The Target group is getting ready and it’s Successfully created. Put it on load balancer.
Put it on Load balancer and click next.
Now load balancer is created. However is takes 2-3 mint to getting ready to use. Once the load balancer is provisioned let’s try to access the outside world.
The last thing to do is add security group because application does not listening on port 8000.
Follow below pictures to add security group.
Almost done, After clicking send rules access the application outside world.
Let’s go. Our application is running. Congrats you have implement AWS VPC project.
- Note: I deployed application on only one ec2 instance what you can do to see load balancing concept go other ec2 instance and deploy a other application so sometimes you can see my application and sometimes other. This is only for understanding a concept of load balancing.
Thank you for reading my documentation and yeah don’t forget to clean resources otherwise you'll get surprise AWS bill.
Featured ones: