Use aws CloudFormation to set up network infrastructure, deploy servers, and create security roles for a highly available web app. The script deploys the application (Apache Web Server), along with the necessary supporting software into its matching infrastructure, pick up code (JavaScript and HTML) from S3 Storage and deploy it in the appropriate folder on the web server.
-
Load-balanced servers with auto-scaling capability across two availability zones within a single region.
-
Server/instance specification: 2vCPUs, 4GB RAM, 10GB disk space.
-
Linux Operating System using the Ubuntu distribution machine image.
-
Compute instances are secured in a private subnet and only accepts traffic originating from a bastion host and load-balancer both within a public subnet.
-
Each availability zone contain a bastion host to enable SSH to instances in each of the private subnets for debugging and troubleshooting.
-
Load-balancer, bastion host, and application servers have security groups defined with only needed ports opened.
-
Application servers have outbound internet access via NAT gateway for critical OS updates and patches.
-
Sample application code is packaged and stored in an S3 bucket with IAM permissions.
-
Application servers are configured with IAM instance profile to be able to access and download application code from AWS S3 bucket.
-
Application code is deployed in a dockerized apache web server for added security and isolation.
-
Health checks and thresholds are defined to aid in system availability detection. Metrics are collected, aggregated, and monitored via AWS CloudWatch.
-
Entire environment is fully virtualized in a cloud platform that can be taken down and brought back up within a short period of time. The process of creating and starting all the services, spinning up instances are automated via scripts in this repo.
- AWS account
- aws cli is installed and configured
- Three helper scripts:
- network-infra.yml - Network CloudFormation script
- network-infra-parameters.json - parameter values used by network CloudFormation script
- servers-config.yml - Servers CloudFormation script
- servers-parameter.json - - parameter values used by servers CloudFormation script
Create network infrastructure followed by servers deployment as servers depend on outputs generated by network infrastructure
> ./create.sh <stack-name> network-infra.yml network-infra-parameters.json
> ./create.sh <stack-name> servers-config.yml servers-parameter.jsonFor updates to the stack:
> ./update.sh <stack-name> network-infra.yml network-infra-parameters.json
> ./update.sh <stack-name> servers-config.yml servers-parameter.jsonTo delete the stack:
> ./delete.sh <stack-name>