PROJECT #1
Infrastrucutre for a Web App using VPC & EC2
By Abhinay Durishetty
6 mins read
In the previous section, you learned how to create an EC2 instance with default settings, and congratulations on taking that first step into the world of AWS! Now, it's time to empower you with the knowledge and skills to customize your EC2 instances to meet your specific business needs.
Lets assume that you need to provision a basic infrastructure using EC2 for a web application. Here are its technical requirements:
Tailoring EC2 Configuration to meet custom technical needs
To meet the above technical requirements of your app, we need to provision the infrastructure as depicted below.
Lets assume that you need to provision a basic infrastructure using EC2 for a web application. Here are its technical requirements:
- Assume that the app needs general purpose servers without much compute or memory.
- It requires two servers one facing internet and other in private network.
- The server in private network should be reachable or accessible only by the server in public network.
- And the server in private network should have 30GB of storage.
Tailoring EC2 Configuration to meet custom technical needs
To meet the above technical requirements of your app, we need to provision the infrastructure as depicted below.
Provisioning the infrastructure
Step by step procedures to be followed to provision the above
depicted infrastructure
depicted infrastructure
Step 1: Create a Public Network
We shall learn more about Virtual Private Cloud (VPC) in the next sections, for now think of VPC as, your own isolated area of the AWS cloud.
It allows you to create your network environment, your own IP address range, subnets, and routing tables.
We shall create a Public Network (172.31.96.0/19) in default VPC.
As explained in the previous section, we need to create a route for this Public network for it to access internet.
It allows you to create your network environment, your own IP address range, subnets, and routing tables.
We shall create a Public Network (172.31.96.0/19) in default VPC.
As explained in the previous section, we need to create a route for this Public network for it to access internet.
Step 2: Create a Private Network
We shall create a Private Network (172.31.128.0/19) in default VPC.
To understand more about Public and Private Networks, please refer to our Networking Basics tutorial.
To understand more about Public and Private Networks, please refer to our Networking Basics tutorial.
Step 3: Create an EC2 in Public
Network
Network
As per the technical needs of your application, we shall create a "general purpose" EC2 in public network.
Different types of EC2 instances are explained later in this section.
Different types of EC2 instances are explained later in this section.
Step 4: Create another EC2 in Private Network
We shall create a "general purpose" EC2 in private network.
Step 5: Create a Security Group for EC2 in Public Network
Imagine security groups as digital bouncers for your instance. They control who can enter and exit. You'll learn in next sections, how to define rules to allow or deny traffic to your EC2 instance.
Here we shall create a Security Group for EC2 instance#1 such that it allows traffic from EC2 instance #2.
Here we shall create a Security Group for EC2 instance#1 such that it allows traffic from EC2 instance #2.
Step 6: Create a Security Group for EC2 in Private Network
Here we shall create a Security Group for EC2 instance#2 such that it allows traffic from EC2 instance #1 only.
Step 7: Attach a storage volume to EC2 in Private Network
You can choose the root volume type best suited for your requirements, in the advanced storage section of EC2.
As of this writing, the most commonly used volume types for EC2 instances are 'io' and 'gp', with 'gp3' being the latest and the preferred choice for general purposes.
Other Storage options - IOPS, Throughput, Encryption of the storage volume are explained below.
As of this writing, the most commonly used volume types for EC2 instances are 'io' and 'gp', with 'gp3' being the latest and the preferred choice for general purposes.
Other Storage options - IOPS, Throughput, Encryption of the storage volume are explained below.