You are associated with a startup company as a solution architect which provides consultancy solution on AWS Cloud Platform. You got your project and details are as follows.
- The customer wants to host his three-tier website on an AWS platform.
- Architecture must be highly available with 99.999 % uptime.
- We should scale out and scale in automatically as per website traffic increase or decrease.
- Data should be stored in a highly durable manner.
- Link website to a custom domain name.
- Use caching if needed.
- Control network traffic flow for high security.
- Add users who can manage and monitor DB, storage, VM’s and network independently.
Lab 1 – IAM
Create some IAM users as per requirement.
If you login with your email id and password then it is your root account. And it is not recommended to use root account for performing daily tasks. There are your team members who are going to work on AWS along with you. And they need access to particular services on AWS platform.
Users who are going to work on project are like
|Emp. No.||Name||Role||Authorities||Emergency Contact no|
|0001||Raman||Project Admin||Full Admin Access||1234567890|
|0002||Natasha||DB admin||RDS full access||1234567890|
|0003||Navin||Storage admin||S3 bucket full access||1234567890|
|0004||Bhavesh||Storage admin||S3 bucket full access||1234567890|
|0007||Rohan||Storage Security||Read Access for s3||1234567890|
Assign proper tags for Identification of user. Activate MFA for Root account. Create strong password policy. Create alias for IAM login url.
Solution: AWS Solutions Architect Lab 1 : IAM
Lab 2 – VPC – Virtual Private Cloud
You have users who are going to work on your project. Next task is to create an isolated network for your project. That thing can be done with VPC service.
In three tier architecture there is one web server and one database server. As per the requirement we need 2 networks in a single VPC. create 2 different subets
- Webserver – 10.0.1.0/24
- Database – 10.0..2.0/24
Subnet where you are going to configure your web server will be connected to the internet and another where you have DB server should not connected to the internet. You will also need a bastion server to connect your private VM’s.
You will need an Internet Gateway to communicate outside your VPC, also a route table which will route traffic outside the VPC using Internet Gateway.
Create 03 security group for
- web Server,
- DB Server and
- Bastion Host.
And manage inbound traffic for security.
Finally your architecture look like below.
Solution: AWS Solutions Architect Lab 2: VPC
Lab 3 – EC2
Create 3 VM
1 Windows vm which works like a bastion host.
- Linux VM for web server.
- Linux VM for DB server.
Try to connect each machine one by one. And also check network traffic flow.
Architecture will be like.
Solution: AWS Solutions Architect Lab 3: EC2
Lab 4- NAT
Connect your DB vm and try to install mysql packages. Internet is not available for downloading packages that’s why you will need nat gateway in scenario.
- Create a Nat Gateway
- Create a route table
- Associate route table with private subnet.
- Add an entry for nat routing.
Solution: AWS Solutions Architect Lab 4: NAT
Lab 5 – VPC Peering
Customer already have a application hosted on one of the vpc on aws. Customer wants to connect this two VPC with each other. They should communicate to each other with private network connection.
- Create a VPC peering from one VPC
- Accept connection request from another VPC
- Add entry in route table
Lab 6 – High Availability
For High availability it is important to host application on more than one data centers i.e. Availability Zones.
- Create two web server in two different AZ.
2. Create an application load balancer to balance a load between two web servers.
Lab 7 – Scalability
Configure your architecture for scaling out and scaling in web servers whenever CPU utilization of web server increases or decreases. Configure a load balancer to receive traffic from a load balancer.
As per customer’s requirement minimum, 2 web servers should be available on two different AZ. Restrict no VMS to extend more than 4.
Use CPU utilization as a matrix and 60% as a threshold value.
- Create a launch configuration for web servers.
- Create an auto-scaling group using a launch configuration.
- Balance traffic on auto-scaling group using a load balancer.
Lab 8 – Add-on Exercise.
Application load balancers already have a public endpoint. Traffic coming for HTTP on web servers must be from a load balancer only. Remove public IP from the load balancer and make them private for improving security.
Configure traffic flow from the security group from as follows.
- Create separate Security Group for the Web server, DB server, Bastion and Load Balancer.
- DB instances allow 3306, 22 traffic only from web server Security Group and Bastion security Group respectively.
- Web server allow 80, 22 port traffic only from Load balancer Security group and Bastion host security group respectively.
- Make 80 port open for internet on load balancer security group.
- Make 22 port open for internet on bastion security group.
Solution: AWS Solutions Architect Lab 8
Lab 9 – DNS
Purchase a domain name and create an alias between domain name and load balancer endpoint.
- Purchase a domain name
- Create a route 53 hosted zone and add an alias for redirecting traffic to load balancer.
Solution: AWS Solutions Architect Lab 9
Lab 10 – Simple Storage Service S3
- Create an s3 bucket
- Make versioning on
- Host a static website on S3
- Make cross-region replication on
- Create a life cycle policy to move data from standard class IA after 30 days, IA to the glacier after 90 days, and expire after 360 days.
Lab 11 – Elastic Block Storage
- Add an extra local EBS volume of 10 GB for storing application data.
- Create a manual snapshot of EBS.
- Add a life cycle rule to create an automatic snapshot.
- Detach and Delete EBS.
- Remove Lifecycle rule
Lab 12 – Elastic File System
The customer needs network storage for storing data of multiple web servers on a central location.
- Create an EFS storage.
- Mount EFS to linux EC2 machine.
Lab 13 – Elastic File System
- Create a RDS instance with MySQL engine.
- Login mysql database on linux EC2 instance.
Lab 14 – Elastic Beanstalk
- Create an elastic beanstalk with python platform.
- Upload your code.
- Check endpoint and verify hosting application.
Lab 15 – Lambda function.