VPCs, LBs, and ASGs

What is a VPC?

A virtual private cloud is a private cloud hosted within a public cloud. Imagine a public cloud as a crowded gym, and a virtual private cloud as a reserved basketball court in that crowded gym. Even though the gym is full of people, a court with a “Reserved” sign outside of the basketball court’s door where it can only be accessed by the teams who made the reservation. Similarly, a public cloud is crowded with various cloud customers accessing computing resources, but a VPC reserves some of those resources for use by only one customer.

What is a LB?

Load Balancer is an AWS tool that manages the network traffic and distributes it across multiple servers in a cloud environment. A load balancer is like a traffic cop. Imagine a busy intersection and many cars are attempting to get to different destinations. The cop’s job is to direct the cars in the correct directions so that everyone can get to where they need to go quickly and safely.

What is an ASG?

An auto scaling group is a collection of EC2 instances that are launched from a launch template in AWS. ASG’s have the ability to automatically scale instances; they launch or terminate automatically to utilize cost efficiencies.

In this article, a VPC and three public subnets will be created. Also, an autoscaling group will be created using a launch template using a free tier AMI and using t2.micro instances. The instances launched will have apache installed on each with a custom web page. There will be an application load balancer created to distribute traffic to the autoscaling group as well as a target group.

First, navigate to VPC in the AWS console and select the VPC dashboard and “create VPC”

When creating the VPC, select the “VPC only” tab and name the VPC. After naming the VPC, under the “IPv4 CIDR” tab place “10.10.0.0/16” in the field. Leave all other settings default and create the VPC.

Select the newly created VPC, under the actions dropdown edit the VPC settings and enable DNS hostnames

Next, navigate back into the “virtual private cloud” tab and select “Internet gateways” and create internet gateway

Once the internet gateway is created, attach it to the VPC by using the actions dropdown and selecting “attach to VPC”

The option to attach to VPC is greyed out on the example due to me already attaching before the screenshot!

Next, create three public subnets to associate with the newly created VPC. Under “Virtual private cloud” tab select “subnets” and create subnet.

Select the newly created VPC from the dropdown field to associate the subnets with that particular VPC. Three subnets will be created “10.10.1.0/24”, “10.10.2.0/24”, and “10.10.3.0/24” placed in availability zones us-east-1a, us-east-1b, and us-east-1c.

Under the route table with 10.10.0.0/16, edit the routes to add 0.0.0.0/0 to move through the created internet gateway

in the route table under “subnet associations”, the three created subnets will be listed:

For each subnet, use the actions dropdown to edit the subnet settings to enable the auto assign of IPv4 addresses

Next, navigate to the EC2 dashboard and under the “Instances” drop down go into “Launch Templates” and “Create launch template”

Next, name the instance, select a free tier AMI and select “t2.micro” as the instance type. Create a key pair if needed or select an exisiting key pair. Create a security group or select an exhisting security group that allows for “http” traffic (will go back and modify rules later). Don’t include subnet information into the launch template. Under “advanced network configuration” add network interface, the only settings needing to be changed will be to auto assign a public IP address.

Scroll down, under the “Advanced” tab enter in user data to install apache services and html data for a custom page to display and create the launch template.

#!/bin/bash
yum update -y
yum install httpd -y

cat <<EOF > /var/www/html/index.html
<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Welcome to Level Up in Tech: Let's Go Blue Team!</title>
    <style>
        body {
            font-family: Arial, sans-serif;
            background-color: #007bff;
            color: #ffffff;
            display: flex;
            justify-content: center;
            align-items: center;
            height: 100vh;
            margin: 0;
        }

        h1 {
            font-size: 36px;
            text-align: center;
        }
    </style>
</head>

<body>
    <h1>Welcome to Level Up in Tech: Let's Go Blue Team!</h1>
</body>

</html>
EOF

service httpd start
chkconfig httpd on

Next, go back to the EC2 dashboard and navigate to Auto Scaling Groups located under the “Auto Scaling” tab and create an auto scaling group. Select the created VPC and select each subnet that was created above

On the next page select “No load balancer”, (this will be revisited later in the article). Leave all other settings on the page as default and click next. On the next page are group size options, on this page the desired capacity will be set between the minimum and maximum of “2" and “5”. For my example I selected 2 as the desired capacity.

I set the desired capacity at 2, this can be changed anytime by going into the auto scaling group settings.

Leave remaining pages as default and create the auto scaling group. Once the auto scaling group is created, it will launch the same number of EC2 instances as the desired capacity of the auto scaling group.

Next, navigate to EC2 and create a new security group for the load balancer to allow HTTP 0.0.0.0/0

Navigate back to the EC2 dashboard and under the Load balancers tab and select “create load balancer” There are three types offered “Application, Network, and Gateway” select “Application Load Balancer”

The scheme will be “Internet-facing” since we have three public subnets. Select the created VPC and all three subnets.

Next, select the created security group for the load balancer within the created VPC. Next choose the link to create target group, once the target group is created, come back and refresh and select it from the drop down.

When creating the target group, do not attach it to the current instances, accept all defaults and create the TG.

Navigate to the auto scaling group, click on the newly created ASG

Scroll to the tab “load balancing” and Edit

Attach the target group that was created

Anytime a new instance is launched into the ASG it will be picked up by the load balancer.

Next, go back into the load balancer page and copy the load balancer DNS name:

Enter the copied DNS name from the load balancer into a private browser to test:

Successful!

To tighten security, navigate to security groups and select the security group that was used in the launch template.

Delete the current rule showing

Add a rule that allows HTTP traffic and select the security group that was used to allow all traffic within the load balancer and save the rule.

This should block access using the public IP address from the EC2 instance and only allow the use of the load balancer DNS.

The page never loads, but the DNS from the load balancer loads fully.

Next, navigate to the auto scaling group tab and select the auto scaling group created. Click on the automatic scaling tab, and create dynamic scaling policy. The target value will be set to 50% of CPU utilization, and create the policy.

Creating a target policy automatically creates and manages a cloudwatch alarm which controls the scaling policy and calculates the scaling adjustment based on the metric and the target value.

Navigate to CloudWatch to view Alarms and logs

To avoid charges, terminate any running EC2 instances, load balancers, and auto scaling groups!