Deploy a Static Website on AWS
I will walk you through deploying a static website on AWS using the management console
Requirements:
- AWS Certified Cloud Practitioner CLF-C01
- AWS Certified Solutions Architect — Associate SAA-C03
- Don’t just complete the project. Its important that you understand why we are using these technologies and how they work together
Introduction
Welcome back to another project! We will learn how to host/deploy this HTML website on AWS. We will also learn how to use my reference architecture to host this website using various core AWS services and how they work together:
- VPC with public and private subnets
- Security groups
- EC2 instances
- NAT gateways
- Application load balancer
- Route 53
- Certificate manager
- Auto scaling group and more
Objective
- Build a three-tier AWS network VPC from scratch
- Create NAT Gateways
- Create security groups
- Create an application load balancer
- Register a new domain name in route 53
- Create a record set in Route 53
- Register for an SSL certificate in AWS certificate manager
- Create an HTTPS (SSL) listener for an application load balancer
- Create an auto scaling group
- Clean up
We will start by creating a custom 3-tier VPC using the reference architecture above. In a 3-tier reference architecture, our infrastructure is divided into 3 tiers.
Tier 1 — we have the public subnet which will hold the resources such as NAT gateway, load balancer, and bastion host
Tier 2 — this is our private subnet which will hold our web servers (EC2 instances)
Tier 3 — another private subnet which will hold our database
We will duplicate these subnets across multiple availability zones for high availability and fault tolerance.
Lastly, we will create an internet gateway and route table to allow the resources in our VPC to have access to the internet.
VPC Reference Architecture
- VPC with public and private subnets in 2 availability zones
- An internet gateway is used to allow communication between instances in VPC and the internet
- We are using 2 availability zones for high availability and fault tolerance
- Resources such as NAT gateway, bastion host, and application load balancer use public subnets.
- We will put the web servers and database servers in the private subnets to protect them
- The public route table is associated with the public subnets and routes traffic to the internet through the internet gateway
- The main route table is associated with the private subnets
Part 1: Build a Three-Tier AWS Network VPC from Scratch
VPC
In the management console, select the region where we want to create our VPC. According to our reference architecture we need to create this VPC in the N. Virginia region.
Either select VPC from the console or type VPC in the search bar above.
In your VPC dashboard select VPCs or the Create VPC orange box
Let’s give our VPC a name. Let’s select VPC only and call it Dev VPC.
Based on our reference architecture we will enter 10.0.0.0/16 in the IPv4 CIDR block.
We will leave the IPv6 CIDR block and Tenancy to default. Let’s click Create VPC at the bottom right.
It will give us a successfully created message
We can also see all the VPC that we created by clicking the drop down arrow on Select a VPC box — let’s choose the one we just created
Let’s enable the DNS host name in our VPC by selecting Actions and Edit VPC settings
Under Edit VPC settings make sure that Enable DNS hostnames is checked then click Save
We have successfully enabled the DNS hostnames in our VPC
Internet Gateway
The next thing we are going to do is to create an Internet gateway for our VPC. You can find and select Internet gateway at the left side menu of Your VPC
Let’s select Create Internet gateway, give it a name — Dev Internet Gateway and click Create internet gateway
Now, we need to attach the internet gateway to the VPC we created earlier. This will allow the VPC to communicate with the internet.
Just simply click Attach to a VPC in the green banner above
Select the Dev VPC that we created and click Attach internet gateway. This is the only VPC that will show in your account this doesn’t have any internet gateway attached to it. We can only attach one internet gateway to one VPC
We successfully attached the internet gateway to our VPC. The Details show the State and the VPC ID
Public Subnets
Let’s create our public subnets in the first and second availability zones. Ensure that its still filtered to our Dev VPC then click Subnets at the left side.
Once you are in the subnet page, click Create subnet
Let’s select the VPC where we want to create our subnet in — let’s choose Dev VPC
Let’s give our subnet a name. Based on our reference architecture, we will call it Public Subnet AZ1 and put this in the us-east-1a Availability Zone
The CIDR block should be 10.0.0.0/24 and click Create subnet
We have successfully created our first public subnet in the us-east-1a Availability Zone.
Let’s create our second subnet in the us-east-1b Availability Zone and click the Create subnet button at the top right.
Select the same VPC
We are going to call it Public Subnet AZ2 and place it in us-east-1b Availability Zone — based on our reference architecture
Select and enter 10.0.1.0/24 in IPv4 CIDR block. Afterwards we can Create subnet
Good work! We have successfully created our 2nd public subnet in the us-east-1b Availability Zone. If you select Clear filters it will show you the 2 subnets that we created this region — remember to filter it to your Dev VPC to populate these
Remember to check the following:
Public Subnet AZ1 is in us-east-1a AZ
Public Subnet AZ2 is in us-east-1b AZ
Moving forward let’s enable the Auto assign IP settings for these 2 public subnets. This means that anytime you launch EC2 instance in these public subnets, those EC2 instances will be assigned a public IPv4 address.
Let’s select Public Subnet AZ1 click Actions and click Edit subnet settings
Under Edit subnet settings and Auto-assign IP settings check the Enable auto-assign public IPv4 address
Scroll all the way down and hit Save. We are going to do the same procedure for Public Subnet AZ2.
Under Edit subnet settings and Auto-assign IP settings check the Enable auto-assign public IPv4 address and we are ready to Save
Next is we need to create a public route table. Based on our reference architecture, we will call this Public Route Table.
Let’s click Route tables on the left side. The route table that we see was set up when we created the VPC. This is the main route table and its private by default.
Click Create route table. We will call it Public Route Table. Make sure to select Dev VPC under VPC before clicking Create route table
We have successfully created our Public Route Table
Let’s add a public route to the route table. This will allow the route table to route traffic to the internet. First, let’s make sure that we are on the Routes tab then click Edit routes
Click Add route
To add a route that routes traffic to the internet to this route table, we will add 0.0.0.0/0 under Destination and the Target should be the Internet Gateway igw-0d4cf65f60faaed05. When this is all filled in we can click Save changes
We successfully added a route to the internet to our public route table. You can see it under the Routes tab
Let’s associate the 2 public subnets we created earlier with this route table. Let’s ensure that we are still under Public Route Table
Click Subnet associations and click Edit subnet associations. On this page, we can see the 2 subnets that we created previously
Under Edit subnet associations select both Subnets and Save association.
Good job! We have associated the 2 subnets that we created to the Public Route Table. These will now show under Subnet associations tab
To finish creating our VPC we need to create 4 private subnets. So let’s click Subnets at the left side and Create subnet
We will still stick to our Dev VPC under VPC ID and based on our reference architecture let’s name it Private App Subnet AZ1 and choose us-east-1a Availability Zone.
Our CIDR block should be 10.0.2.0/24 and we are now ready to Create subnet
There you go! We created our 1st private subnet in the us-east-1a Availability Zone. Doing the same procedures above let’s create the next 3 private subnets using the settings below and referring to our reference architecture:
2nd Subnet
VPC ID: Dev VPC
Subnet name: Private App Subnet AZ2
Availability Zone: us-east-1b
IPv4 CIDR block: 10.0.3.0/24
3rd Subnet
VPC ID: Dev VPC
Subnet name: Private Data Subnet AZ1
Availability Zone: us-east-1a
IPv4 CIDR block: 10.0.4.0/24
4th Subnet
VPC ID: Dev VPC
Subnet name: Private Data Subnet AZ2
Availability Zone: us-east-1b
IPv4 CIDR block: 10.0.5.0/24
We have successfully created all 4 subnets. To see these let’s click Clear filters and filter it by Dev VPC
Let’s also review and make sure that we put each subnets in the right availability zones.
Before we move on to Part 2 of our project, let’s discuss about an important thing.
Difference between public and private subnet
When we create a route table and add a route to that route table to route traffic to the internet, any subnet you associate with that route table becomes public.
Basically, a public subnet is associated with a route table that is able to route traffic to the internet.
On the other hand, when you have a route table that does not have a route to the internet, any subnet you associate with that route table is private.
To show you why these 2 subnets are public
and these subnets are private
let’s look at the VPC we just created. To verify these, click on Route Tables and filter it by our VPC — Dev VPC
Let’s select Public Route Table and Routes tab, this route table is routing traffic to the internet. So any subnet we associate with this route table becomes public.
The Subnet associations tab shows that we associated both Public Subnet AZ1 and AZ2 to this route table. That is what makes these 2 subnets public.
On the other hand, let’s select the main Route Table. Uncheck the Public Route Table and select the main Route table — this was created when we created the VPC.
The main Route table is private by default it is only routing traffic locally in the VPC and it doesn’t have a route to the internet
Further, we created 4 private Subnets we did not associate them with any route tables. By default, they will be associated with the main Route table which is private. Going back to the main Route table under Subnet associations
Let’s scroll down to Subnets without explicit associations. It says The following subnets have not been explicitly associated with any route tables and are therefore associated with the main route table.
On the next part of our project, we will create a NAT Gateway and private Route tables. We will explicitly associate our private subnet with our private Route tables but for now we will let the Private subnet be associated with the main Route table which is private by default.
Part 2: Create NAT Gateways
NAT Gateway Reference Architecture
- The NAT Gateway allows the instances in the private app subnets and private data subnets to access the internet
- The Private Route Table is associated with the private subnets and routes traffic to the internet through the NAT gateway.
We need to create a NAT gateway in the first and second availability zone using the reference architecture.
Let’s head to the Console Home and start, shall we?
Before creating the NAT Gateway let’s make sure that we are in the region where we created the VPC, hence N. Virginia us-east-1
Click VPC
Select NAT gateways
Click Create NAT gateway
We will create the first NAT gateway in the Public Subnet AZ1. We will call it NAT gateway AZ1 and we will put this in the Public Subnet AZ1. We also need to click the Allocate Elastic IP button
Now we are ready to click Create NAT gateway. It should bring us to the NAT gateway created successfully page
Next is we need to create a route table. We will call it Private Route Table AZ1. Select Route tables at the left side and hit Create route table
We will call this Private Route Table AZ1 in Dev VPC then hit Create route table
The next page should say Route table was created successfully.
Let’s add a route to the Private Route Table AZ1 to route traffic to the internet through the NAT gateway in the Public Subnet AZ1
Under Routes tab click Edit routes then Add route
Internet traffic is always 0.0.0.0/0 so we will select that as our Destination
Our target will be NAT gateway and we need to select NAT gateway AZ1. We’re ready to click Save changes the next page shows Updated routes for Private Route Table AZ1 successfully
Great work! If we scroll down we can see the route here
Next we will associate Private Route Table AZ1 with Private App Subnet AZ1 and Private Data Subnet AZ1.
Let’s click the Subnet associations tab and Edit subnet associations
From the list of available subnets below we need to select Private App Subnet AZ1 and Private Data Subnet AZ1 then click Save associations
We have successfully associated Private App Subnet AZ1 and Private Data Subnet AZ1 to the Private Route Table AZ1 as shown under Explicit subnet associations
and Explicit subnet associations under Subnet associations tab
Now let’s create our second NAT gateway in the Public Subnet AZ2. The next steps are similar to what we did previously. Click NAT gateways at the left
Hit Create NAT gateway
These are the information that we need to put
Name: NAT Gateway AZ2
Subnet: Public Subnet AZ2
Elastic IP allocation ID: Allocate Elastic IP
We have successfully created our second NAT Gateway
Now let’s create another route table named — Private Route Table AZ2. Click Route Table at the left side
Click Create route table and here are the information that we need to in the Route table settings.
Name: Private Route Table AZ2
VPC: Dev VPC
Once all settings are complete click Create route table
Next is we will add a route to this route table to route traffic to the internet through the NAT gateway in the Public Subnet AZ2
Let’s click the Routes tab and Edit routes
Click Add route and enter the following information
Destination: 0.0.0.0/0
Target: Nat Gateway AZ2
Click the Save changes button and we have successfully updated routes for Private Route Table AZ2
Lastly, we need to associate this route table with Private App Subnet AZ2 and Private Data Subnet AZ2.
Let’s go to Subnet associations tab then click Edit subnet associations
We’re going to select Private App Subnet AZ2 and Private Data Subnet AZ2 then click Save associations
We have successfully updated the subnet associations for Private Route Table AZ2 as shown under Explicit subnet associations
It will also show under the Subnet associations tab then Explicit subnet associations
Good work! This is how we create NAT gateways to allow resources in the private subnet to have access to the internet.
Part 3: Create Security Groups
According to the security groups reference architecture, we will put the web webservers in the private subnets and we will use an application load balancer to route traffic to those web servers.
These are the 3 security groups that we will use for this project
ALB Security Group
- Port 80 and 443 with source 0.0.0/0
- This is the security group that we will add to the application load balancer
SSH Security Group
- Port 22 with source Your IP Address
- Remember when you create an SSH security group you should always limit the source to your IP address
Webserver Security Group
- Port 80 and 443 with source ALB Security Group
- Port 22 with source SSH Security Group
- This is the security group that we will add to our EC2 instance
Let’s head over to the console and create the security groups and we will use the information from the reference architecture.
In the console home click VPC
At the left hand side click security groups
Click create security group
Enter the following settings
Basic details
Security group name: ALB Security Group
Description: ALB Security Group
VPC: Dev VPC
Inbound rules — we will add 2 rules
1st rule
Type: HTTP
Protocol: TCP
Port range: 80
Source: 0.0.0.0/0
2nd rule
Type: HTTPS
Protocol: TCP
Port range: 443
Source: 0.0.0.0/0
Once we opened the ports let’s click Create security group
We successfully created the ALB security group
Let’s create the SSH security group. Click security groups to go back one directory
Click create security group and enter the following settings
Basic details
Security group name: SSH Security Group
Description: SSH Security Group
VPC: Dev VPC
Inbound rules
Type: SSH
Protocol: TCP
Port range: 22
Source: My IP
This is the only rule that we need to add to our SSH security group let’s click create security group
We successfully created the SSH security group
The last security group that we will create is going to be used for our EC2 instance. Click security groups to go back one directory
Click create security group
Click create security group and enter the following settings
Basic details
Security group name: Webserver Security Group
Description: Webserver Security Group
VPC: Dev VPC
Inbound rules — we will add 3rules
1st rule
Type: HTTP
Protocol: TCP
Port range: 80
Source: ALB Security Group — this is how we limit a traffic to a particular security group
2nd rule
Type: HTTPS
Protocol: TCP
Port range: 443 — this is an internet traffic that is encrypted
Source: ALB Security Group
3rd rule
Type: SSH
Protocol: TCP
Port range: 22
Source: SSH Security Group
This completes the rules that we need for our webserver security group. Click create security group.
We have opened ports 80, 22 and 443 — we have limited them to a specific security group.
Alright, let’s create an application load balancer.
Part 4: Application Load Balancer
- VPC with public and private subnets in 2 availability zones
- An Internet Gateway is used to allow communication between instances in VPC and the internet
- We are using 2 Availability Zones for high availability and fault tolerance
- Resources such as NAT Gateway, Bastion Host, Application Load Balancer uses Public Subnets
- We will put the webservers in the Private Subnets to protect them
- The NAT Gateway allows the instances in the private app subnets to access the internet
- We are using EC2 Instances to host our website
- Application Load Balancer is used to distribute web traffic across an auto scaling group of EC2 instances in multiple AZs.
- Using Auto Scaling Group to dynamically create our EC2 instances to make our website highly available scalable, fault-tolerant, and elastic
- We are using Route 53 to register our domain name and create a record set
- We will store our web files in a GitHub repository
Let’s go to the Console Home. We will launch an EC2 instance in each of the private app subnet.
Click EC2 from the console home and select Launch Instance
Let’s add a tag to our EC2 instance. Click Add additional tags under Name and tags and enter these settings
Key: Name
Value: Webserver AZ1
On Application and OS Images (Amazon Machine Image) select Amazon Linux 2023 AMI
It’s going to be t2.micro under Instance type
In Key pair (login) let’s select the key pair that we created previously
Click Edit under Network settings and enter the following information
VPC: Dev VPC
Subnet: Private App Subnet AZ1 (we are going to launch this EC2 instance in this subnet)
We need to use the security group we created previously
Under Network settings choose Select existing security group
We’re going to leave the storage to their default settings.
These are the commands that we will need shortly
#!/bin/bash
sudo su
yum update -y
yum install -y httpd
cd /var/www/html
wget https://github.com/azeezsalu/jupiter/archive/refs/heads/main.zip
unzip main.zip
cp -r jupiter-main/* /var/www/html/
rm -rf jupiter-main main.zip
systemctl enable httpd
systemctl start httpd
Advance details — go to User data
- This is where we are going to add our bash script to install the website. Remember to paste it as plain text
We are now ready to click Launch instance
and we should get a Success page.
Click View all instances at the bottom right and we have launched our first EC2 instance in the private app subnet AZ1.
Let’s launch our second EC2 instance in the private app subnet AZ2. We will be doing similar steps we did previously so let’s click Launch instances again and enter the following information.
Key: Name
Value: Webserver AZ2
Application and OS Images (Amazon Machine Image): Amazon Linux 2023 AMI
Instance type: t2.micro
Key pair: myec2key
VPC: Dev VPC
Subnet: Private App Subnet AZ2
Security Group: Webserver Security Group
Storage: Default
User data: Enter the same command shown below
#!/bin/bash
sudo su
yum update -y
yum install -y httpd
cd /var/www/html
wget https://github.com/azeezsalu/jupiter/archive/refs/heads/main.zip
unzip main.zip
cp -r jupiter-main/* /var/www/html/
rm -rf jupiter-main main.zip
systemctl enable httpd
systemctl start httpd
Once all settings are entered we can launch our second instance and select View all instances. Let’s wait and ensure that the Instance state is running and Status check says 2/2 checks passed
Now that we have successfully launched our EC2 instances in the private app AZ1 and private app AZ2, we are ready to create the Application Load Balancer that will route internet traffic to those EC2 instances.
On the Instances page at the left side scroll down to Load Balancing and select Load Balancers
Create load balancer
Select Application Load Balancer and hit Create
Enter the information below. Let’s leave the settings that are not mentioned to default
Load balancer name: Dev-ALB
VPC: Dev VPC
Mappings: us-east-1a
Subnet: Public Subnet AZ1 *you always want to place your ALB in the public subnet
Mappings: us-east-1b
Subnet: Public Subnet AZ2
Security group : ALB Security Group *remove the default security group
Listeners and routing
Protocol: HTTP
Port: 80
Let’s click Create target group this will open a new window/tab. A target group is how you specify the EC2 instances that you want your application load balancer to route traffic to.
Choose a target a type: Instances
Target group name: Dev-TG
Protocol: HTTP
Port: 80
VPC: Dev VPC
And let’s hit Next. Under Register targets, select both Instance ID and click Include as pending below
Click Create target group under Review targets
And we get a successful message
We still need to associate this target group to a load balancer. Going back to our load balancer tab/window head back to Listeners and routing, go to Default action under Listener, we should be able to see and select Dev-TG if we click refresh
We can click Create load balancer it will bring us to this page.
Let’s wait until the the State turns from Provisioning to Active. Afterwards, put a check beside our Dev-ALB and copy the DNS name
Open a new tab and paste the DNS name that we copied and it should bring us to this page
Well done! The application load balancer is routing internet traffic to the EC2 instances in the private subnets and we can access the website using the DNS name of our application load balancer.
Part 5: Register a New Domain Name in Route 53
We will register a new domain name in Route 53. This will allow our end users to access our website using that domain name instead of the domain name of our application load balancer.
In the Console Home type and select Route 53 in the search box above to bring us to the Route 53 Dashboard
We need to check if our domain name is available so scroll down to Register domain box type your preferred domain and hit Check
The domain name that we are trying to register is available and if you click Select it will add it to your shopping card
There are also Suggested available domains to choose from
In the Selected domains box at your right click Proceed to checkout
Review the Pricing then click Next
Complete the Contact Information and click Next. Leave the Admin contact, Tech Contact, and Privacy protection to their default settings.
- It will no longer ask for your payment information because that has been set up when you created your AWS account
On Review and submit check all the information and tick the Terms and condition box before hitting Submit
You will get a confirmation page and you may need to wait for few minutes. If you click on Requests at the left hand side you will see the domain with the Status of Domain registration in progress. You may need to click refresh.
Your domain name should be registered after about 15 minutes and you should see it under Registered domains
This is how we register a domain name in Route 53. Keep up the good work!
Part 6: Create a Record Set in Route 53
We will create a record set in Route 53 to point our domain name to the application load balancer.
In the Console Home, under Recently visited select Route 53
Select Hosted zones at the left menu and click your domain name
Click Create record
Enter the following information and click Create record
Record name: www
Alias: toggle this option
Route traffic to
- Alias to Application and Classic Load Balancer
- US East (N. Virginia) [us-east-1]
- Dev-ALB
We have successfully created our record set in Route53 and we are pointing our domain name to the application load balancer
Moving forward we will use our domain name to access our website. Copy the Record name under Record details at the right side. Open a new tab and paste the record name in the address bar.
Good job! We can access our website using the domain name.
This is how we create a record set in Route 53 and point the record set to the application load balancer.
Part 7: Register for an SSL Certificate in AWS Certificate Manager
We will create a free SSL certificate from the AWS certificate manager. We will use this certificate to encrypt all communications between the web browser and our web servers.
Whenever you visit a website and it has this lock icon, that means that all communications between your web browser and our web site is secure.
Currently, for our website the communication between the web browser and our website is not secured.
That is why we will use SSL Certificate to secure all communications between the web browser and our website — also referred as Encryption in transit
In the Management Console search Certificate Manager
Click Request a certificate
We are going to Request a public certificate click Next
Under Domain names we will enter the domain we want to request this certificate for.
After typing your domain name click Add another name to this certificate to add a wildcard for your domain name. This allows you to have “www.example.com"
In the second empty field type *. followed by your domain name.
We will leave the rest to their default settings and click Request
We have successfully requested a certificate. To view this click View Certificate
The Status says Pending validation because we need to create a record set in Route 53 to validate that this domain belongs to us.
So let’s click Create records in Route 53
Let’s make sure to tick the box beside our domain name and wild card then click Create records at the bottom right
We have successfully created DNS records in Route 53 to validate that these domain names belongs to us. If you refresh the page the Status of the SSL certificate is Issued
The Status of 2 domain names that we requested the certificate for should show Success
This is how we create and request an SSL certificate from the AWS Certificate Manager
Part 8: Create an HTTPS (SSL) Listener for an Application Load Balancer
We will use SSL certificate to secure all communications to our website. In the Console, type EC2 in the search box or just simply click EC2 in your Recently visited
At the left menu, scroll down and select Load Balancer under Load Balancing
Tick the box beside our Dev-ALB and select the Listeners tab
Click Add listener. Under Listener details enter these information
Protocol: HTTPS
Port: 443
Default actions should be Forward
Select Dev-TG as our Target group
Select your Default SSL/TLS certificate in the Select a certificate drop down box
click the Add button at the bottom right
We have successfully created a SSL listener and it is forwarding traffic to our target group.
One other thing that we need to do for our HTTP listener is we need to change the default action to redirect traffic to the HTTPS listener. Let’s select HTTP:80, click Actions and Edit listener
Under Default actions, Remove the Forward to action
Select Redirect under Default actions
We will redirect it to HTTPS with Port 443
Scroll down and click Save changes. We successfully modified our HTTP listener.
Under HTTP listener we are redirecting traffic to HTTPS
Now let’s check if our website is secure. Open a new browser type https:// followed by your domain name then press enter
There you have it! Communications to our website is now secure you can also see the Lock icon which wasn’t there earlier.
This is how we use the SSL certificate to secure the communications to our website.
Part 9: Create an Auto Scaling Group
In this part of our project, we will create an auto scaling group to dynamically create and scale our EC2 instance in the private app subnets.
Before we do that, let’s head to the Console and terminate the EC2 instance that we manually created.
Select EC2 from your recently visited
Click Instances (running) under Resources
Select both instances
Click Instance state and Terminate instance
Click Terminate in the prompt box
Wait until the Instance state says Terminated
Before we create our auto scaling group we need to create a launch template — this contains the configuration of our EC2 instance that the auto scaling group will use to launch instances in the private app subnet.
Let’s select Launch Template under Instances and click Create launch template
Enter the following information
Launch template name: Dev-Launch-Template
Template version description: Launch template for ASG
Provide guidance to help me set up a template that I can use with EC2 Auto Scaling should be checked
Select Quick Start in the Application and OS Images then choose Amazon Linux 2 AMI
Let’s use the following information below
Instance type: t2 micro
Key pair: myec2key
Network settings: Webserver Security Group
Click Advanced details and head to User data. We will use the bash script to install our website
#!/bin/bash
sudo su
yum update -y
yum install -y httpd
cd /var/www/html
wget https://github.com/azeezsalu/jupiter/archive/refs/heads/main.zip
unzip main.zip
cp -r jupiter-main/* /var/www/html/
rm -rf jupiter-main main.zip
systemctl enable httpd
systemctl start httpd
And we are ready to click Create launch template. Click View launch templates
We can start creating our auto scaling group. At the left menu click Auto Scaling Group under Auto Scaling
Select the Create Auto Scaling group
Enter the following details
Name: Dev-ASG
Launch template: Dev-Launch-Template
Hit the Next button
VPC: Dev-VPC
Availability Zones and subnets: Private App Subnet AZ1 and Private App Subnet AZ2
Hit Next. Under Load balancing we are going to attach our auto scaling group with the application load balancer we created earlier.
Load Balancing: Attach to an existing load balancer
Attach to an existing load balancer: Choose from your load balancer target groups
Existing load balancer target groups: Dev-TG | HTTP
Enable Turn on Elastic Load Balancing health checks
Check Enable group metrics collection within CloudWatch and click Next
We want the auto scaling group to maintain 2 EC2 instances, it can scale down to a minimum of 1 instance or a maximum of 4 instances. Click Next
On the next page hit Add notification. Under SNS Topic select the SNS topic that we created previously. If you don’t have a topic you can click Create a topic
Let’s click Next. Under Tags enter the details below
Key: Name
Value: ASG-Webserver
Hit Next. Under Review page check all the details of our launch template and click Create Auto Scaling group
We have successfully created our auto scaling group with the desired capacity of 2, minimum of 1, and maximum of 4. If we check our instances we should have 2 running. Let’s go back to EC2 Dashboard and view the 2 instances running
We can say that these EC2instances are created by the auto scaling group because it shows the tag name that we created — ASG-Webserver
We should be able to access our website. Let’s open a new window and type the domain name of your website
This is how we create an auto scaling group.
Clean Up
We have used all the resources on our reference architecture and completed this project. Let’s clean up our AWS accounts so that we don’t get charged.
Auto Scaling Group
Select Dev-ASG and click Delete
Launch Template
Application Load Balancer
Select Dev-ALB and click Delete load balancer
Target Group
Select Dev-TG and click Delete
Security Groups
Go to VPC from the search box and click VPC. Under Security Groups check the Webserver Security Group. Click Actions and Delete security groups
Next, click both SSH and ALB Security Group and delete them
Its ok to leave the default security group.
NAT Gateway
Select NAT gateway AZ1 and do the same procedure for NAT gateway AZ2
Wait until the State says Deleted
VPC
Select Dev VPC, click Actions and Delete VPC
This will show you all the resources that will be deleted. Type delete and click Delete
The default VPC will be left available and that is fine.
Elastic IP
Select both Elastic IP click Actions and Release Elastic IP addresses
Route 53 Record Set
Under Records select the A Type record and click Delete record
Congratulations! Thank you for completing this project with me. Let me know if you have any questions and I look forward to see you on my next project.
Build real-world projects with me here! Show your employers that you are the right person for the job and stand out from the crowd!
Connect with me on LinkedIn