Deploy Scalable VPC Architecture on AWS cloud
20 Followers
Just to separate
space for sep
space for separation
Subnet1: public-bastion-01
Make sure your enable auto-assign public IPv4 setting is enabled
Subnet2: private-application-01
Subnet-3: private-application-02
Subnet-4: public-application-01
Subnet-5: public-application-02c
VPC à Nat gateways à Create NAT gateway à Provide Name à Subnet details and allocate elastic ip
Route Table1: public-bastion-route
VPC à Route Tables à Subnet Associations à Edit subnet associations à choose subnet the one that is for bastion
Edit Routes for this route table
VPC à Route tables à your route table à edit routes
Route Table-2:
VPC à Route Tables à Subnet Associations à Edit subnet associations à choose subnet the one that is for private application
Edit Routes for this route table
VPC à Route tables à your route table à edit routes
Route Table-3: private-application-route-02
VPC à Route Tables à Subnet Associations à Edit subnet associations à choose subnet the one that is for private application
Edit Routes for this route table
VPC à Route tables à your route table à edit routes
Route Table-4: private-application-route-02
VPC à Route Tables à Subnet Associations à Edit subnet associations à choose subnet the one that is for public application
Edit Routes for this route table
VPC à Route tables à your route table à edit routes
Choose our Golden AMI that was created previously
In Network settings à click edit
Choose our golden AMI, Application VPC and public-application-01 subnet
Note: security group should accept traffic for ssh and port 80, these instances are just for checking the connectivity you can terminate them later on as we will be managing instances via ASG later in the section
In Advanced details section in User data add below
#!/bin/bash
yum update -y
service httpd start
#rm -rf /var/www/html/*
git clone https://bitbucket.org/dptrealtime/html-web-app.git /var/www/html/
VPC à Transit gateways à Create transit gateway à Provide ASN as 4200000000 à Leave other settings default
VPC à Transit gateway attachments à Create Transit gateway attachment
Create another attachment for another VPC
Validate Transit Gateways routes
VPC à Transit gateway route tables à routes
Route Table: private-application-route-01
Route Table: public-bastion-route
Subnet Association for private-application-route-01
Place your application configuration here
Upload your configuration in this bucket
Amazon S3 à Buckets à edwiki-application-config-1 à Upload
IAM à Policies à Create policy à JSON à paste below policy and replace your bucket name and then save and attach to the role which was previously created named as SSM+Cloudwatch-FullAccess
IAM à Roles à Add permissions
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": [
"arn:aws:s3::: YOUR_BUCKET_NAME/*",
"arn:aws:s3::: YOUR_BUCKET_NAME"
]
}
]
}
EC2 à Launch configurations à Create launch configuration
LC SNAP-1
LC Snap-02
LC SNAP-03
#!/bin/bash
yum update -y
systemctl start httpd
aws s3 cp s3://edwiki-application-config-1/index.html /var/www/html/
systemctl restart httpd
sudo service awslogsd start
LC SNAP-04
EC2 à Auto Scaling Groups à Create Auto Scaling group
ASG-1
ASG-2
ASG-3
Health check for 2/2 checks not for service failure checks, if you need service health checks then you will need to enable ELB option
ASG-4
ASG-5
Keep the remaining configurations as default and create an ASG
This will Create two servers in the respective subnets and respective logs will be pushed to cloudwatch
EC2à Target Group à Create target group
Keep the remaining configuration as default
TG-2
Keep the rest configuration as default
EC2à ASG à your asg group à edit load balancing and choose application, Network and select the target group which we created in previous step
NLB-1
NLB-2
Note: To attach Amazon EC2 instances that are located in a private subnet, first create public subnets. These public subnets must be in the same Availability Zones as the private subnets that are used by the backend instances. Then, associate the public subnets with your load balancer.
if you are unable to get the Target group then you might have chosen the protocol HTTP instead of TCP for NLB
Select the Target group
Then create load balancer
Create a route53 Hosted zone for your domain
Copy the Name server on your DNS provider portal ie. Change the default nameservers by the ones provided by AWS
Example go daddy editing default name server
Create a CNAME Record for NLB DNS
Now you should be able to view the website using your domain
Create a policy with below permissions
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"logs:DescribeLogGroups",
"logs:DescribeLogStreams"
],
"Resource": "*"
}
]
}
Create a IAM role with Trusted entity type as AWS service and use case as EC2
And attach the above policy, edit trust relationship of the role with below text
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "vpc-flow-logs.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Trust Relationships
VPC à Your VPCs à Select your VPC and click on Flow logs à Create flow log
Choose destination log group and IAM role, create flow logs, repeat the same step for another VPC
Now we can view the logs in cloudwatch in our edwiki-vpc-flow-logs group on ENI basis
For better understanding you can consider below image
Can you post the problem statement, abstract and
literature survey of this project
Powered by Froala Editor
Can you post the problem statement, abstract and
literature survey of this project
Powered by Froala Editor