Overview of Sample Web Application Architecture

The Sample Web Application depicted below will include Web Servers, App Servers and Database Servers

-       There are two Availability Zones (AZ) in the Sample Web Application, in order to provide high redundancy and therefore high availability

-       Subnet is nothing but the range of IP addresses in a VPC

-       Network ACLs stands for Network Access Control Lists that are applied to subnets

-       Each AZ has one private subnet and public subnet

-       All subnets within a VPC is designed to talk to each other freely

-       Only public subnets are accessible from the internet

-       Servers in the private subnet can only make outbound calls to the Internet via the NAT server. No inbound traffic is accepted.

-       NAT have only one purpose here  -> allows instances on private subnets to call out to the Internet to download updates. Traffic from the Internet is not permitted to make inbound connections

-       Traffic is further restricted via security groups

-       NAT Instance is relatively old service and we have an alternative now called NAT Gateway, which was introduced in Re-invent 2016

-       Basically NAT Instance is an EC2 instance with certain configurations where you have to establish ASG to scale-up or down and enable fault tolerance whereas in NAT Gateway both elasticity and failover are handled by AWS.

-       AWS Internet Gateway - An Internet gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the Internet.

-       Amazon Route 53 (Route 53) is a scalable and highly available Domain Name System (DNS)

When the user access the website www.mycloudapp.com either from his computer or mobile, the request goes to Route 53, passes through Internet Gateway & Elastic Load Balancer before hitting the Web Servers in public subnet. The Application Servers and Database Servers are placed in private subnet which can be accessed only by Web Servers. These Servers in private subnet can make only outbound calls to the Internet where they get their software updates, which happens through VPC NAT Gateway.

What is an ELB?
-       ELB stands for Elastic Load Balancing.
-       Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2 instances & multiple availability zones.

-       ELB enables you to achieve greater levels of fault tolerance in your applications ensuring that only healthy Amazon EC2 instances receive traffic

-       ELB can automatically scales its request-handling capacity to meet the demands of application traffic.