We are going to host a simple web application on Linux & Windows EC2 instances and here are the Key requirements:
Requirement #1
Requirement #2
Requirement #1
- Create a VPC with Internet Gateway, two route tables, two subnets in two availability zones
- Define separate Network Access Control List (NACL) and Security Group for the two EC2 instances
- Setup two EC2 instances - Linux & Windows on public subnet with Apache & IIS configured on port 80
- Ensure that application use custom index page named webindex.html
- Website should be served from the 2 GiB additional EBS Volumes
- Setup an Application Load Balancer to distribute traffic to the Linux and Windows servers in a round-robin fashion which means that requests to the Application Load Balancer on port 80 will get re-directed to the Apache and IIS web servers listening on port 80.
- Code the website to fetch the static content like images / videos from S3 Bucket.
- Validate website is being served over ALB public DNS.
Requirement #2
- Create an AMI out of Linux & Windows EC2 Instances
- Create 2 Launch Configurations with the AMIs created in previous step with the same instance specification as in RFE #1
- Create Auto Scaling Group (ASG) with the above Launch Configurations to scale in when CPU > 80% and scale out when CPU < 80%
Requirement #3
- Create a CloudFront distribution -> WebDistribution and point to ALB public endpoint
Services Used
- EC2 - Linux & Windows 2019, EBS, ALB, ASG, S3
- Region used: Mumbai
Requirement #1 Architecture Diagram
Step 1: Network & Security Group Setup
VPC
- Switch to ap-south-1 region (Mumbai)
- Create a VPC with a Name tag WebVPC with IPv4 CIDR block 10.0.0.0/16 leaving IPv6 CIDR block and Tenancy as default.
- Create Internet Gateway as WebIGW and attach to the VPC - WebVPC
- Create two route tables WebRT-Public and WebRT-Private with WebVPC selected
- Add a route to WebRT-Public pointing to the Internet Gateway - WebIGW
Subnet
- Create two Subnets with Name tag as WebSubnet1-Public & WebSubnet2-Public for two availability zones in in ap-south-1 region with WebVPC
- Set the CIDR block to 10.0.1.0/24 & 10.0.2.0/24 respectively
- Go to public route table WebRT-Public, click on Subnet Association and select both the subnets
Network Access Control Lists (NACL)
- Create two Network ACLs with Name tags as WebNACL1 & WebNACL2.
- Since NACLs are state-less, inbound and outbound rules have to be enabled explicitly
- Add the following rules for both inbound and outbound for WebNACL1
Rule # Protocol Port Source 100 SSH 22 0.0.0.0/0 110 HTTP 80 0.0.0.0/0 - Select Subnet Associations of WebNACL1 and pick WebSubnet1-Public
- Add the following rules for both inbound and outbound for WebNACL2
Rule # Protocol Port Source 120 RDP 3389 0.0.0.0/0 130 HTTP 80 0.0.0.0/0 - Select Subnet Associations of WebNACL2 and pick WebSubnet2-Public
Security Groups
- Create two Security Groups with Name tag as WebSG-Linux & WebSG-Win and set the VPC as WebVPC
- Since Security Groups are stateful, enabling inbound is sufficient
- Add the following inbound rules for WebSG-Linux
Protocol Port Source SSH 22 0.0.0.0/0 HTTP 80 0.0.0.0/0 - Add the following inbound rules for WebSG-Win
Protocol Port Source RDP 3389 0.0.0.0/0 HTTP 80 0.0.0.0/0 - Note: Best practise is to use specific port rage or specific port instead of 0.0.0.0/0
- Please note by default all outbound connections are allowed.
Step 2: Setup Linux EC2 with Apache & host custom index page
Instance Configuration
Create an EC2 instance with the following configuration
Create an EC2 instance with the following configuration
Instance Spec Values AMI Amazon Linux v2 EBS Volume - Root 8 GiB EBS Volume - Additional 2 GiB VPC WebVPC Subnet WebSubnet1-Public Security Group WebSG-Linux Create New Key Pair webkeypair Name tag WebLinuxServer
User Data
#!/bin/bash
# Install Apache Web Server
sudo yum install -y httpd
# Turn on web server
sudo chkconfig httpd on # httpd service comes up on reboot
sudo service httpd start
# Setup web server
cd /var/www/html
echo "<html><h1>Hello AWS Aspirants – I am running on Linux over port 80</h1></html> " > webindex.html
# Install Apache Web Server
sudo yum install -y httpd
# Turn on web server
sudo chkconfig httpd on # httpd service comes up on reboot
sudo service httpd start
# Setup web server
cd /var/www/html
echo "<html><h1>Hello AWS Aspirants – I am running on Linux over port 80</h1></html> " > webindex.html
Default Web Page setting
vi /etc/httpd/conf/httpd.conf to view the default document
to change the default document edit the following line
DirectoryIndex webindex.html index.html
Step 3: Setup Windows EC2 with IIS & host custom index
Create an EC2 instance with the following configuration
Instance Spec Values AMI Amazon Windows 2019 Base Image EBS Volume - Root 30 GiB EBS Volume - Additional 2 GiB VPC WebVPC Subnet WebSubnet1-Public Security Group WebSG-Linux Create New Key Pair webkeypair Name tag WebWinServer
User Data
# Install & Configure IIS
<powershell>
Set-ExecutionPolicy Unrestricted -Force
New-Item -ItemType directory -Path 'C:\temp'
# Install IIS and Web Management Tools
Import-Module ServerManager
install-windowsfeature web-server, web-webserver -IncludeAllSubFeature
install-windowsfeature web-mgmt-tools
Set-ExecutionPolicy Unrestricted -Force
New-Item -ItemType directory -Path 'C:\temp'
# Install IIS and Web Management Tools
Import-Module ServerManager
install-windowsfeature web-server, web-webserver -IncludeAllSubFeature
install-windowsfeature web-mgmt-tools
# Create custom index.html
Set-Location -path C:\inetpub\wwwroot
$htmlcode = " <html><h1> Hello AWS Aspirants - I am running on Windows Server Over Port 80 </h1></html>"
$webindex | ConvetTo-Html - Head $htmlcode | Out-File .\webindex.html
</powershell>
Tips: <persist>true</persist>
By default user data commands are run once when the instance is first launched. If you would like your commands to run every time the instance is started you need to include the <persist>true</persist> at the end in your user data.
Manual IIS Setup
IIS Installation on Windows 2016
Create Windows 2019 EC2, RDP, Install & Configure IIS with this instructions
Go to C:\inetpub\wwwroot
rename iisstart.htm to iisstart_original.htm
rename iisstart.htm to iisstart_original.htm
create webindex.html and place
<html><h1>Hello AWS Aspirants – running on Windows & IIS Server – on port 80</h1></html>
Save the file and run http://localhost on same EC2 or use public URL from outside
<html><h1>Hello AWS Aspirants – running on Windows & IIS Server – on port 80</h1></html>
Save the file and run http://localhost on same EC2 or use public URL from outside
Default index.html Setting:
Search -> iis -> Default Web Site -> Default Content (double click this to view the default documents)
Add webindex.html as default page.
Search -> iis -> Default Web Site -> Default Content (double click this to view the default documents)
Add webindex.html as default page.
Step 3: Create an Application Load Balancer and point to EC2 public endpoints
Step 4: Create S3 Bucket and upload Static Images for Website
- Create a S3 Bucket named simplewebapp101
- Upload the static files that you want to place in the webpage rendered from Linux or Windows EC2
- Make the objects public
- Create an Instance Role with S3 Read-Only access and apply to both Windows & Linux EC2
- Edit the webindex.html to update with the new image URL stored in S3 Bucket and refresh the web page using ELB endpoint