Deploying Infrastructure on AWS: EC2, VPC, and Route 53 Explained


A Hands-On Guide to the Foundational Trio of the AWS Cloud
Figure 1: A high-level overview of the services we'll cover.
If you're starting your journey with Amazon Web Services (AWS), you'll quickly discover a foundational trio of services: EC2, VPC, and Route 53. Mastering these is the key to building almost any application in the cloud. They provide the compute power, the secure network, and the global routing needed to bring your ideas to life.
In this article, we won't just define these services. We'll explore their core components and then walk through a hands-on lab to deploy a live web server, showing you exactly how they work together.
π Table of Contents
What is EC2 (Elastic Compute Cloud)?
What is Amazon VPC (Virtual Private Cloud)?
What is Amazon Route 53?
Hands-On Lab: Building Our Live Infrastructure
Bonus: The AWS Shared Responsibility Model
Conclusion
π¦ What is EC2 (Elastic Compute Cloud)?
Amazon EC2 (Elastic Compute Cloud) provides secure and resizable compute capacity in the cloud. In simple terms, it's a virtual server that you can rent from AWS. This lets you run applications without buying or managing physical hardware.
EC2 Instance Types
AWS knows that one size doesn't fit all. That's why EC2 offers various "instance types," each optimized for different tasks.
Type | Description | Use Case Example |
π§ General Purpose | A balance of compute, memory, and networking | Web servers, Dev/Test environments |
β‘ Compute Optimized | High-performance processors | Gaming servers, scientific modeling |
π§ Memory Optimized | Large amounts of RAM for data-intensive work | In-memory databases, real-time analytics |
πΎ Storage Optimized | High-speed local disk I/O | Big data analysis, data warehousing |
π Accelerated Compute | Hardware accelerators (GPUs, FPGAs) | Machine learning, video rendering |
π What is Amazon VPC (Virtual Private Cloud)?
Amazon VPC gives you your own logically isolated section of the AWS Cloud. Think of it as your personal, private data center network in the cloud. You have complete control over this network, including your own IP address ranges, subnets, route tables, and network gateways.
Figure 2: The basic architecture of a Virtual Private Cloud (VPC).
Key VPC Components
Subnets: A segment of your VPCβs IP address range where you can place groups of isolated resources. They can be Public (accessible from the internet) or Private (not directly accessible).
Route Tables: A set of rules that determines where network traffic from your subnet is directed.
Internet Gateway (IGW): The gateway you attach to your VPC to allow communication with the internet.
NAT Gateway: A service that allows instances in a private subnet to connect to the internet (e.g., for software updates), but prevents the internet from initiating a connection with those instances.
Security Groups (SG) & Network ACLs (NACL): Your VPC's firewalls.
Security in Your VPC: SG vs. NACL
Understanding the difference between Security Groups and NACLs is crucial for network security.
Feature | Security Group (SG) | Network ACL (NACL) |
Layer | Instance-level firewall | Subnet-level firewall |
State | Stateful (Outbound traffic is auto-allowed if inbound is) | Stateless (Outbound rules must be set separately) |
Default | Denies all inbound traffic | Allows all traffic (inbound and outbound) |
Use Case | Securing specific applications (e.g., a web server) | Broad, stateless protection for an entire subnet |
π Amazon Route 53: DNS and Routing
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. Its primary job is to translate human-friendly domain names (like your-app.com) into the IP addresses that computers use to connect.
Figure 3: Route 53 connecting a domain to various AWS resources.
Why is it called "Route 53"?
DNS servers use the well-known network Port 53. The name is a clever reference to its core function of routing traffic through this port.
Key Capabilities:
Domain Registration: Buy and manage domains directly within AWS.
DNS Resolution: Maps your domain to AWS resources (EC2, S3, Load Balancers).
Health Checks: Monitors the health of your endpoints and automatically reroutes traffic away from unhealthy ones.
Routing Policies: Advanced traffic management like routing users based on latency, geographic location, or weighted distribution.
π οΈ Hands-On Lab: Building Our Live Infrastructure
Theory is great, but building is better. Let's launch a real web server using all three services.
Our Goal
We will build the architecture shown below: Route 53 will direct internet traffic through an Internet Gateway into our VPC's public subnet, where our EC2 web server lives.
Figure 4: The architecture we are about to build.
Step 1: Launch Your EC2 Instance & VPC
AWS has made this easier than ever. We can create the VPC, subnet, security group, and EC2 instance in one go.
Navigate to the EC2 Dashboard in the AWS Console and click "Launch instances".
Name: Give your server a name, like my-web-server.
AMI: Choose an Amazon Machine Image, such as Amazon Linux 2 (Free Tier eligible).
Instance Type: Select t2.micro (also Free Tier eligible).
Key Pair: Create a new key pair. Give it a name, download the .pem file, and save it somewhere safe. You will not be able to download it again.
Network Settings: Click "Edit".
For VPC, select "Create new VPC". The wizard will automatically create the VPC, a public subnet, and an Internet Gateway.
For Security Group, select "Create security group". Ensure it has two rules:
Allow SSH traffic from My IP.
Allow HTTP traffic from Anywhere.
Click "Launch instance".
Step 2: Install a Web Server
Once your instance is "Running," select it and copy its Public IPv4 address.
Open your terminal or command prompt. First, make your key file read-only, then connect via SSH.
Generated bash
# For Mac/Linux. If on Windows, you can use PuTTY or WSL. chmod 400 /path/to/your-key-name.pem ssh -i /path/to/your-key-name.pem ec2-user@YOUR_PUBLIC_IP
Once connected, run these commands to install and start a simple web server:
Generated bash
# Install Apache web server sudo yum update -y sudo yum install -y httpd # Start the web server sudo systemctl start httpd sudo systemctl enable httpd # Create a simple web page echo "<h1>Hello World! My AWS site, deployed by Sharjil, is live!</h1>" | sudo tee /var/www/html/index.html
Open your browser and paste your EC2 instance's public IP address into the URL bar. You should see your "Hello World" message!
Step 3: Connect Your Domain with Route 53
Navigate to the Route 53 dashboard.
Go to Hosted zones and click on your domain name.
Click "Create record".
Leave the Record name blank to route traffic for your root domain (e.g., your-domain.com).
Set Record type to A.
In the Value field, paste your EC2 instance's Public IPv4 address.
Click "Create records".
After a few minutes for DNS to propagate, you can now visit your domain name in the browser and see your live website!
π Bonus: The AWS Shared Responsibility Model
When using AWS, it's vital to understand who is responsible for what.
AWS's Responsibility (Security of the Cloud): AWS manages the security of the underlying hardware, software, networking, and facilities that run AWS services.
Your Responsibility (Security in the Cloud): You are responsible for securing your data, managing access (IAM), and configuring network controls like Security Groups and NACLs.
Automating secure infrastructure with DevOps tools like Jenkins or Terraform must always respect these boundaries.
π Conclusion
EC2, VPC, and Route 53 are the pillars of modern cloud infrastructure on AWS. By mastering them, you've learned how to:
β
Deploy Compute: Launch and manage scalable virtual servers with EC2.
β
Secure Networks: Create isolated, secure virtual networks with VPC.
β
Route Traffic: Reliably connect users to your applications with Route 53.
You've not only learned the theory but have now successfully deployed a fully functional piece of cloud infrastructure.
π Letβs Connect!
π·οΈ Tags:
#AWS, #EC2, #VPC, #Route53, #CloudComputing, #DevOps, #TechBlog, #SharjilLearnsCloud
Subscribe to my newsletter
Read articles from Md Sharjil Alam directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Md Sharjil Alam
Md Sharjil Alam
π DevOps & Cloud Engineer | AWS | CI/CD | Terraform | Docker | Golang | Kubernetes I'm a DevOps & Cloud Engineer passionate about automating infrastructure and building reliable, scalable cloud systems. I bring hands-on experience with AWS services, CI/CD pipelines, and Infrastructure as Code to streamline software delivery and enhance operational efficiency. From writing backend logic in Golang to provisioning cloud infra with Terraform, and deploying Dockerized apps using Jenkins, Iβve worked across the stack to integrate development and operations seamlessly. π§ Core Skills: DevOps: Jenkins, GitHub Actions, Docker, Ansible, Terraform Cloud: AWS (EC2, S3, IAM, Lambda, Route 53, CloudWatch) IaC & Automation: Terraform, Ansible, Shell scripting Containerization & Orchestration: Docker, Kubernetes Backend Development: Golang, REST APIs, MySQL, MongoDB Frontend (for full-stack apps): ReactJS, JavaScript, Tailwind CSS Tools: Git, GitHub, Linux, VS Code π οΈ Project Highlights: βοΈ Built automated CI/CD pipelines with Jenkins, Docker, and GitHub Actions βοΈ Deployed and managed staging/production environments on AWS π§ Provisioned cloud infrastructure using Terraform and Ansible π§ Wrote backend APIs in Go and connected to full-stack apps π Set up IAM roles, monitoring (CloudWatch), and cloud security best practices π I share learnings and tutorials on Hashnode. π© Letβs connect: mdsharjil32@gmail.com