May 23, 2020

Hosting a Simple WebApp on AWSCloud

We are going to host a simple web application on Linux & Windows EC2 instances and here are the Key requirements:

Requirement #1
  •  Create a VPC with Internet Gateway, two route tables, two subnets in two availability zones
  •  Define separate Network Access Control List (NACL) and Security Group for the two EC2 instances
  •  Setup two EC2 instances - Linux & Windows on public subnet with Apache & IIS configured on port 80 
  •  Ensure that application use custom index page named webindex.html
  •  Website should be served from the 2 GiB additional EBS Volumes
  •  Setup an Application Load Balancer to distribute traffic to the Linux and Windows servers  in a round-robin fashion which means that requests to the Application Load Balancer on port 80 will get re-directed to the Apache and IIS web servers listening on port 80.
  • Code the website to fetch the static content like images / videos from S3 Bucket. 
  • Validate website is being served over ALB public DNS.

Requirement #2
  • Create an AMI out of Linux & Windows EC2 Instances
  • Create 2 Launch Configurations with the AMIs created in previous step with the same instance specification as in RFE #1
  • Create Auto Scaling Group (ASG) with the above Launch Configurations to scale in when CPU > 80% and scale out when CPU < 80%
Requirement #3
  • Create a CloudFront distribution -> WebDistribution and point to ALB public endpoint

Services Used
  • EC2 - Linux & Windows 2019, EBS, ALB, ASG, S3
  • Region used: Mumbai

Requirement #1 Architecture Diagram

    Step 1: Network & Security Group Setup

    • Switch to ap-south-1 region (Mumbai)
    • Create a VPC with a Name tag WebVPC with IPv4 CIDR block leaving IPv6 CIDR block and Tenancy as default.
    • Create Internet Gateway as WebIGW and attach to the VPC - WebVPC
    • Create two route tables WebRT-Public and WebRT-Private with WebVPC selected
      • Add a route to WebRT-Public pointing to the Internet Gateway - WebIGW
    • Create two Subnets with Name tag as WebSubnet1-Public & WebSubnet2-Public for two availability zones in in ap-south-1 region with WebVPC 
    • Set the CIDR block to & respectively
    • Go to public route table WebRT-Public, click on Subnet Association and select both the subnets

    Network Access Control Lists (NACL)
    • Create two Network ACLs with Name tags as WebNACL1 & WebNACL2. 
    • Since NACLs are state-less, inbound and outbound rules have to be enabled explicitly
    • Add the following rules for both inbound and outbound for WebNACL1
       Rule # Protocol Port Source
       100 SSH 22
       110 HTTP 80

    • Select Subnet Associations of WebNACL1 and pick WebSubnet1-Public
    • Add the following rules for both inbound and outbound for WebNACL2
       Rule # Protocol Port Source
       120 RDP 3389
       130 HTTP 80

    • Select Subnet Associations of WebNACL2 and pick WebSubnet2-Public
    Security Groups
    • Create two Security Groups with Name tag as WebSG-Linux & WebSG-Win and set the VPC as WebVPC
    • Since Security Groups are stateful, enabling inbound is sufficient
      • Add the following inbound rules for WebSG-Linux
         Protocol Port Source
         SSH 22
         HTTP 80

      • Add the following inbound rules for WebSG-Win
         Protocol Port Source
         RDP 3389
         HTTP 80

      • Note: Best practise is to use specific port rage or specific port instead of
      • Please note by default all outbound connections are allowed.

      Step 2: Setup Linux EC2 with Apache & host custom index page

      Instance Configuration

      Create an EC2 instance with the following configuration
       Instance Spec        Values
       AMI Amazon Linux v2
       EBS Volume - Root 8 GiB
       EBS Volume - Additional 2 GiB
       VPC WebVPC
       Subnet WebSubnet1-Public
       Security Group WebSG-Linux
       Create New Key Pair webkeypair
        Name tag WebLinuxServer

      User Data


      # Install Apache Web Server
      sudo yum install -y httpd

      # Turn on web server
      sudo chkconfig httpd on   # httpd service comes up on reboot
      sudo service httpd start

      # Setup web server
      cd /var/www/html

      echo "<html><h1>Hello AWS Aspirants – I am running on Linux over port 80</h1></html> " > webindex.html 

      Default Web Page setting

      vi /etc/httpd/conf/httpd.conf to view the default document
      to change the default document edit the following line 

      DirectoryIndex  webindex.html index.html

      Step 3: Setup Windows EC2 with IIS & host custom index

        Create an EC2 instance with the following configuration
         Instance Spec        Values
         AMI Amazon Windows 2019 Base Image
         EBS Volume - Root 30 GiB
         EBS Volume - Additional 2 GiB
         VPC WebVPC
         Subnet WebSubnet1-Public
         Security Group WebSG-Linux
         Create New Key Pair webkeypair
         Name tag WebWinServer

        User Data

        # Install & Configure IIS
        Set-ExecutionPolicy Unrestricted -Force
        New-Item -ItemType directory -Path 'C:\temp'
        # Install IIS and Web Management Tools
        Import-Module ServerManager
        install-windowsfeature web-server, web-webserver -IncludeAllSubFeature
        install-windowsfeature web-mgmt-tools

        # Create custom index.html
        Set-Location -path C:\inetpub\wwwroot
        $htmlcode = " <html><h1> Hello AWS Aspirants - I am running on Windows Server Over Port 80 </h1></html>" 
        $webindex | ConvetTo-Html - Head $htmlcode | Out-File .\webindex.html


        Tips: <persist>true</persist>
        By default user data commands are run once when the instance is first launched. If you would like your commands to run every time the instance is started you need to include the <persist>true</persist> at the end in your user data.

        Manual IIS Setup

        IIS Installation on Windows 2016
        Create Windows 2019 EC2, RDP, Install & Configure IIS with this instructions

        Go to C:\inetpub\wwwroot
        rename iisstart.htm to iisstart_original.htm
        create webindex.html and place
        <html><h1>Hello AWS Aspirants – running on Windows & IIS Server – on port 80</h1></html>

        Save the file and run http://localhost on same EC2 or use public URL from outside

        Default index.html Setting: 
        Search -> iis -> Default Web Site -> Default Content (double click this to view the default documents) 

        Add webindex.html as default page.

        Step 3: Create an Application Load Balancer and point to EC2 public endpoints

          Step 4: Create S3 Bucket and upload Static Images for Website

          • Create a S3 Bucket named simplewebapp101
          • Upload the static files that you want to place in the webpage rendered from Linux or Windows EC2
          • Make the objects public
          • Create an Instance Role with S3 Read-Only access and apply to both Windows & Linux EC2
          • Edit the webindex.html to update with the new image URL stored in S3 Bucket and refresh the web page using ELB endpoint

            Requirement #2 Architecture Diagram

            Requirement #3 Architecture Diagram