App Deployment Inside VPC On Private Server In Production

Vibhuti JainVibhuti Jain
5 min read

About the Project:

This example demonstrates how to create a VPC that you use for servers in a production environment.

To improve resiliency, you deploy the servers in two AZs by using an auto scaling group and an application load balancer. For additional security, you deploy the servers in private subnets. The server receives requests through the load balancer. The servers can connect to the internet gateway by using NAT gateway. To improve resiliency, you deploy the NAT gateway in both availability zones.

Project Overview:

The VPC has public subnets and private subnets in two availability zones.

Each public subnet contains a NAT gateway and a load balancer.

The servers run in the private subnets are launched and terminated by using an auto-scaling group, and receives traffic from the load balancer.

The server can connect to the internet by using NAT gateway.

  1. Go to VPC service and click on create VPC.

  2. Follow the configuration and create a VPC as per your need.

Now click on create VPC.

This would be the architecture of our VPC

  1. Now create two EC2 instances with auto scaling and load balancer. Go to auto scaling scaling group and create auto scaling group.

  1. Click on create a launch templates and select following configurations:

And click on the launch template.

  1. Do refresh the page and go back to the auto-scaling group and fill the necessary thing.

and choose the template you created and click on the next button.

click on the next button after doing all above confriguration. Verify all your configuration and click on create auto-scaling group.

Two instances got created in us-east-2a and us-east-2b

These instances don't have an IP address in public because we created a private subnets server. So we use a jump server approach to connect to them.

Jump Server - In AWS, a jump server (also called a bastion host) is a dedicated server that acts as a secure gateway, providing access to private instances within a VPC (Virtual Private Cloud) from outside the VPC. It's a common security practice that reduces the risk of unauthorized access to internal resources by funneling all external SSH traffic through a single, secure point.

For this go to launch instance and create a new instance as bastion host or jump server with created VPC and public subnets and give access to SSH login.

And launch the instance. Now you will have 3 instances.

2 created with an auto-scaling group and one as a jump server.

To connect with private subnets your jump server should connect to the SSH. because we want to connect 2 instances created by auto-scaling.

So we have to copy the pem file of 2 instances from our local server to the jump server.SCP Command - scp -i "aws_login.pem" aws_login.pem ubuntu@ec2-18-116-80-56.us-east-2.compute.amazonaws.com:/home/ubuntu

After copying file login to the jump server by using SSH key.

This pem file should be here in your jump server.

Now go to any one instance and take the private IP address and launch an application.

And do ssh in instance.

Change the permission of pem to login to the server.

chmod 600 aws_login.pem

and do ssh -i aws_login.pem ubuntu@10.0.158.205 and get connected to the server.

create an index.html and write a basic html inside the index.html file.

Now go to the load balancers section and create a default application load balancer which moves all your traffic to application (python).

Application load balancer - The Application Load Balancer distributes incoming HTTP and HTTPS traffic across multiple targets such as Amazon EC2 instances, microservices, and containers, based on request attributes. When the load balancer receives a connection request, it evaluates the listener rules in priority order to determine which rule to apply, and if applicable, it selects a target from the target group for the rule action.

Give the public subnet in subnet section because in our diagram load balancer attached to the public subnet.

create a target group for listening to port 8000 and after configuring all the things click on next.

It will open a instance section and choose both the instance because one has an application and other not we have to check the incoming traffic of private subnets in one server and other one throw an error because it doesn’t have the application.

Include as pending below, click on that and it shows the target instance where the flow of incoming traffic should go and create target groups.

Run your application on port instead of 8000. Relaunch your application in port 80 likewise you can configure 8000 also.

Now go back to the load balancer and do configure for 80 port and target group as created.

When you try to access the application at port you won’t allow it because load balancer is allowing port 80 access.

Go to the security group and allow the traffic for port 80.

Go to inbound traffic rules and add port 80 configuration.

save this rule. and after adding this 80 port in group the error in load balancer disappeared.

Now access the DNS for the server.

Your application in the private subnet server has deployed now.

Enjoy:)

0
Subscribe to my newsletter

Read articles from Vibhuti Jain directly inside your inbox. Subscribe to the newsletter, and don't miss out.

AWSdeploymentvpcLoad Balancingautoscalingtargetsubnetting#naclnat

Written by

Vibhuti Jain
Vibhuti Jain

Hi, I am Vibhuti Jain. A Devops Tools enthusiastic who keens on learning Devops tools and want to contribute my knowledge to build a community and collaborate with them. I have a acquired a knowledge of Linux, Shell Scripting, Python, Git, GitHub, AWS Cloud and ready to learn a lot more new Devops skills which help me build some real life project.