Deploying a Highly Available Web Application and a Bastion Host in AWS

Get Started
1.5 hours
  • 5 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we are going to build a highly available web application along with a highly available bastion host architecture.

To complete these tasks, we will need to add or configure the following services:

1. An RDS database from a snapshot
2. Security groups
3. Launch configurations and Auto Scaling groups
4. An Application Load Balancer

Good luck, and enjoy the hands-on lab!

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Launch an RDS Database

Launch an RDS database using the provided RDS backup image (which contains the WordPress site data).

  1. Navigate to the RDS console.
  2. Click Subnet Groups.
  3. Click Create DB Subnet Group.
  4. Add a name (sng1), description, and add the DB subnets: 10.99.21.0/24 and 10.99.22.0/24.
  5. Click Create.
  6. Click Snapshots in the left menu.
  7. Copy in the snapshot ARN provided in the lab instructions, and change the dropdown to All public snapshots.
  8. Check the box next to the snapshot, and choose Restore Database from the dropdown.
  9. Choose: t2.micro, and a DB instance identifier (wordpress-database), and subnet group (sng1).
  10. Accept all other defaults.
  11. Click Restore DB Instance. This may take 10–15 minutes to complete.
Create Security Groups
  1. Navigate to VPC.
  2. Create four security groups with inbound rules:
    • BastionSG (SSH from 0.0.0.0/0)
    • LoadBalancerSG (HTTP and HTTPS from 0.0.0.0/0)
    • WebServerSG (SSH from BastionSG and HTTP/HTTPS from LoadBalancerSG)
    • DatabaseSG (MySQL from WebServerSG)
Create Launch Configurations and Auto Scaling Groups

Create two Auto Scaling groups: one for the bastion host and one for the application servers.

Create First Auto Scaling Group

Create Launch Configuration

  1. Navigate to the EC2 page.
  2. Choose Auto Scaling Groups from the left menu.
  3. Click Create Auto Scaling group, and then Create launch configuration.
  4. Click Select beside Amazon Linux 2 AMI.
  5. Leave t2.micro chosen, and click Next: Configure details.
  6. Add a name: BastionLC.
  7. Change IP Address Type to Assign a public IP address to every instance.
  8. Click Next: Add storage.
  9. Click Next: Configure Security Group.
  10. Choose the existing BastionSG.
  11. Click Review, and then Create launch configuration.
  12. Create and download a new key pair.

Create Auto Scaling Group

  1. On the Create Auto Scaling Group page, enter a group name of BastionASG, start with 1 instance, choose SysOps VPC, and add both DMZ subnets.
  2. Click Next: Configure scaling policies.
  3. Select Keep group at its initial size, and click Review.
  4. Click Create Auto Scaling group, and then Close.

Create Second Auto Scaling Group

Create Launch Configuration

  1. Choose Launch Configurations from the left menu.
  2. Click Create Auto Scaling group, and then Create launch configuration.
  3. Click Select beside Amazon Linux 2 AMI.
  4. Leave t2.micro chosen, and click Next: Configure details.
  5. Add a name: WebServerLC.
  6. Click Advanced Details, and copy in the user data for the WordPress instance host using the script here.
  7. Change IP Address Type to Do not assign…
  8. Click Next: Add storage.
  9. Click Next: Configure Security Group.
  10. Choose the existing WebServerSG.
  11. Click Review, and then click Create launch configuration.
  12. Use the same key pair.
  13. Click Create launch configuration.

Create Auto Scaling Group

  1. On the Create Auto Scaling Group page, enter a group name of WebServerASG, start with 2 instances, choose SysOps VPC, and add both AppLayer subnets.
  2. Click Next: Configure scaling policies.
  3. Select Keep group at its initial size, and click Review.
  4. Click Create Auto Scaling group, and then Close.
  5. View EC2 instances to see one bastion and two web servers are pending or running.
Modify Database Security Groups and Create an Application Load Balancer

Create an application ELB that distributes traffic to the application servers.

Modify the Database Security Group

  1. Navigate to the RDS console.
  2. Modify the RDS instance to use the database security group you created.
  3. Click Continue.
  4. Check Apply Immediately, and then Modify DB Instance.

Create an Application Load Balancer

  1. Navigate to EC2, and then Load Balancers.
  2. Click Create Load Balancer.
  3. On Application Load Balancer, click Create.
  4. Add a name of ALB1, choose SysOps VPC, and add the 2 DMZ subnets.
  5. Choose Next: Configure Security Settings.
  6. Choose Next: Configure Security Groups.
  7. Choose the existing load balancer security group you configured.
  8. Choose Next: Configure Routing.
  9. Name the target group TG1, and change the path to /readme.html.
  10. Click Next: Register Targets.
  11. Click Next: Review, and then Create.

Modify Auto Scaling Group

  1. Navigate to Auto Scaling Groups.
  2. Edit the web server Auto Scaling group to add the target group.
  3. Click Save.
Browse Web Application
  1. Navigate to the RDS console.
  2. Click the database instance.
  3. Note the endpoint name (e.g., wordpress-database.clei7j95opir.us-east-1.rds.amazonaws.com).
  4. Navigate to Load Balancers.
  5. Note the DNS name, and browse to it.
  6. Configure WordPress:
    • Database Name: wordpressdb (not wordpress)
    • Username: wpuser
    • Password: Password1
    • Database Host: Use the RDS endpoint name
    • Table prefix: wp_

Additional Resources

Please go ahead and log in to the live environment with the cloud_user credentials provided.

Make sure you are using N. Virginia (us-east-1) as your region throughout the lab.

Database Snapshot ARN: arn:aws:rds:us-east-1:892710030684:snapshot:sysops-certification-la-course

  • Database Name: wordpressdb (not wordpress)
  • Username: wpuser
  • Password: Password1
  • Database Host: Use the RDS endpoint name
  • Table prefix: wp_

The user data script for the web server launch configuration is here.

Attention: When selecting the AMI for your bastion host and instance for your web app, please use the Amazon Linux 2 AMI.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Get Started
Who’s going to be learning?

How many seats do you need?

  • $499 USD per seat per year
  • Billed Annually
  • Renews in 12 months

Ready to accelerate learning?

For over 25 licenses, a member of our sales team will walk you through a custom tailored solution for your business.


$2,495.00

Checkout
Sign In
Welcome Back!
Thanks for reaching out!

You’ll hear from us shortly. In the meantime, why not check out what our customers have to say about ACG?