Subhankar's blog
AWS Project - VPC with public-private subnet in Production:

AWS Project - VPC with public-private subnet in Production:

Subhankar Chatterjee's photo
Subhankar Chatterjee
·

3 min read

Table of contents

This example demonstrates how to create a VPC that you can use for servers in a production environment.

To improve resiliency, you deploy the servers in two Availability Zones, by using an Auto Scaling group(ASG) and an Application Load Balancer(ALB). For additional security, you deploy the servers in private subnets. The servers receive requests through the load balancer. The servers can connect to the internet by using a NAT gateway. To improve resiliency, you deploy the NAT gateway in both Availability Zones.

Overview of this project:

  1. The VPC has public subnets and private subnets in two Availability Zones.

  2. Each public subnet contains NAT gateway and a Load Balancer node.

  3. The servers run in the private subnets, are launched and terminated by using an Auto Scaling Group, and receive traffic from the load balancer.

  4. The servers can connect to the internet by using the NAT gateway.

Project Implementation:

  1. Go to AWS Console and search VPC.

  2. Create VPC -- VPC and more -- Name your VPC -- choose he IPV4 CIDR block -- Choose Availability Zones -[2] --Public & Private Subnets -[2 in each] -- NAT gateway -[1 per AZ].

  3. Create VPC.

EC2 creation:

  1. EC2 -- Auto Scaling Groups -- Create Launch template -- fill the details -- create a new security group -- select the VPC which you have created -- provide inbound rules -- CREATE TEMPLATE.

  2. Now go back to ASG -- select the template you created -- next -- Network -- choose the VPC and Private AZ's and subnet -- Next -- Next -- Group Size [put the desired, minimum and maximum capacity] -- CREAT AUTO SCALING TEMPLATE.

  3. Both Instances are running fine.

  4. Now we need to put our applications in our servers but we cant login as they dont have any public IP address, so here comes the Bastion Host/Jump Server.

BASTION HOST/JUMP SERVER:

Acts as a medium between your private subnet and the external/public subnet.

  1. Launch another EC2 instance and in Security group put the same VPC which you have created and enable SSH and enable auto-assign public IP -- LAUNCH

  2. Now move the .pem file from your local to bastion host server from your terminal with the following command.

    scp -i \users\USER\Downloads\banani.pem \users\USER\Downloads\banani.pem ubuntu@13.235.254.250:\home\ubuntu

  3. Now login to the bastion host and check pem file available or not.

    ssh -i banani.pem ubuntu@13.235.254.250

  4. Now take any private instance to deploy your application,since I will install python app. So login to your private instance.

    ssh -i banani.pem ubuntu@10.0.145.61

    IF YOU GET PERMISSION DENIED THEN PLEASE CHANGE THE PERMISSION TO 6OO OF YOUR PEM FILE USING CHMOD COMMAND.

  5. Now create a basic html file and save it

    **<!DOCTYPE html>
    <html>
    <body>

    <h1>My First Heading</h1>
    <p>My first paragraph.</p

    </body>
    </html>**

  6. Now install python using command:

    python3 -m http.server 8000

    ubuntu@ip-10-0-145-61:~$ python3 -m http.server 8000 Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...

  7. Now create a Application Load Balancer and provide the details such as name,internet facing, allow both mappings in public subnet, select the vpc ans SG.

  8. Now Create target group and fill the details allow yoyr port --NEXT --select both the instances(private ones)-- include as pending below --CREATE TARGET GROUP.

  9. Now add the target group to your load balancer and create load balancer.

  10. Now go to the load balancer and in details you will find the DNS NAME copy it and hit it in your browser and you will see success:

  11. PAGE IS RUNNING FINE AND CONGRATULATIONS IT'S A SUCCESS.

AWSvpcDevopsBastion Hosts