Build a Web Server

Lab Description

🎯 In this lab, you will use Amazon VPC (Virtual Private Cloud) to create your own VPC and add additional components to produce a customize network. You also create a Security Group for your EC2 instances. You will then configure and customize an EC2 instance to run a web server and launch it into the VPC.

This lab resembles a traditional network that you operate in your own data center, with the benefits of using the scalable infra of AWS. One last thing, the VPC will span on multiple Availability Zons.

Duration: 45 minutes (Maximum: 120 minutes)

Scenario

You will build following architecture in this lab:

cloud.vn

Highlights

  1. Create a VPC

  2. Create subnets

  3. Configure Security Group

  4. Launch an EC2 Instance into a VPC

START LAB

TASK 1 - CREATE VPC & SUBNETS IN FIRST AVAILABLE ZONE

In this task, we will use VPC Wizard to create a VPC, an Internet Gateway (IGW), 2 subnets in a single Availability Zone. An IGW is a VPC Components that allows communication between instances in your VPC and internet.

By default, you can create 5 VPC, 5 IGW per Region per Account.

Knowledge Refresher:

  1. Subnet cannot span on multi AZ (Availability Zone). Just within one zone.

  2. AWS Region is a biggest concept. In a region, we have two or more Availability Zones. In each AZ, you can have one or more Data centers physically and one or more subnet(s) logically. AWS Data Center is not cold that have thousands of servers.

  3. Public subnet - subnet’s traffic is routed to the IGW.

  4. Private subnet - subnet’s traffic is not routed to the IGW.

  5. Private subnet does not allow to access to internet directly. So, we will create a NAT Gateway to provide internet connectivity for EC2 instances in the private subnets.

STEP 1 - Create Elastic IP for NAT Gateway

At this step, we will create an Elastic IP Address to assign to NAT Gateway in the Step 2.

1.1. Access AWS EC2 Service

In the AWS Management Console, on the Services menu, click and access EC2

cloud.vn

EC2 Dashboard

cloud.vn

1.2. Allocate Elastic IP Address for NAT

Scroll down and Choose Elastic IPs on the left sidebar / Click on Allowcate Elastic IP Address

cloud.vn

Click on Allocate

cloud.vn

Success

cloud.vn

STEP 2 - Create VPC with first Availability Zone

At this step, we will create VPC with one Availability Zone first. We also create 2 subnets (1 public subnet for NAT, 1 private subnet for future use), NAT gateway for providing internet connectivity for private instances.

2.1. Access AWS VPC

In the AWS Management Console, on the Services menu, click and access VPC

cloud.vn

2.2. Launch VPC Wizard

On the VPC Dashboard / Click on Launch VPC Wizard

cloud.vn

VPC Configuration Options

cloud.vn

2.3. Create VPC with public and private subnets

On the Configuration Options / Click on VPC with Public and Private Subnets (the second option)

cloud.vn

Click Select then configure as below:

VPC Name: VPC Lab

Availability Zone: Select your first Availability Zone depends your selected Region. In this case, the AZ is ap-northeast-1a

– Choose Elastic IP Allocation ID from the list

cloud.vn

Click on Create VPC

cloud.vn

Success

cloud.vn

Click OK to back to VPC Dashboard. You will see the created custom VPC that created by you and a default VPC that created on the Region.

cloud.vn

STEP 3 - Review VPC Configuration

At this step, we will review the created resources on AWS by using Launch VPC Wizard such as: VPC, Subnets, Route Tables, Internet Gateway, NAT Gateway.

3.1. VPC Dashboard

cloud.vn

3.2 Public Subnet Information

cloud.vn

3.3 Private Subnet Information

cloud.vn

3.4 Route Table Main for Private subnets

Click on Route Tables on the left sidebar / Select the route table with VPC Lab that you created, Main value is Yes.

Click on Routes tab below.

cloud.vn

Click on first colume to rename to Private RTB Lab

cloud.vn

3.5 Route Table IGW for Public subnets

On Route Tables / Select the route table with VPC Lab that you created, Main value is No.

cloud.vn

Click on first colume to rename to Public RTB Lab

cloud.vn

3.6 Internet Gateway Way (IGW)

On the left sidebar, click on Internet Gateways cloud.vn

Choose the IGW for VPC Lab and naming to IGW Lab

cloud.vn

3.7 NAT Gateway

On the left sidebar, click on NAT Gateways

cloud.vn

Naming to NAT GW Lab

cloud.vn

You have completed apart of the architect as below:

cloud.vn

TASK 2 - CREATE & CONFIGURE SUBNETS IN SECOND AVAILABLE ZONE

In previous task, you created 02 subnets in first available zone. In this task, you will create the subnets in the second available zone to provide high available, fault tolerent architect.

STEP 4 - Create public and private subnets in second Availability Zone

4.1. Create new public subnet

Choose your desired Region (For example: Tokyo in my case). In the VPC service, click on Subnets

cloud.vn

Click on Create subnet and enter the new public subnet

Name tag: Public subnet 2

VPC: VPC Lab (The VPC ID may vary on your AWS Account)

Availability Zone: Choose the second Availability Zone. In this example: ap-northeast-1c

IPv4 CIDR block: 10.0.2.0/24

cloud.vn

Success

cloud.vn

4.2 Create new private subnet

Click on Create subnet and enter the new private subnet

Name tag: Private subnet 2

VPC: VPC Lab (The VPC ID may vary on your AWS Account)

Availability Zone: Choose the second Availability Zone. In this example: ap-southeast-1c

IPv4 CIDR block: 10.0.3.0/24

cloud.vn

Success

cloud.vn

Subnets are created

  1. Public subnet

  2. Public subnet 2

  3. Private subnet

  4. Private subnet 2

cloud.vn

STEP 5 - Configure Route Tables (RTB)

5.1. Configure Route Table (RTB) for public internet access

In VPC service, click on Route Tables / Public RTB Lab / Subnet Associations

cloud.vn

Click on Edit subnet associations / Choose Public subnets

cloud.vn

Click Save

cloud.vn

5.2 Configure Route Table (RTB) for private subnets

In VPC service, click on Route Tables / Private RTB Lab / Subnet Associations

cloud.vn

Click on Edit subnet associations / Choose Private subnets

cloud.vn

Click Save

cloud.vn

The architect now is updated as below:

cloud.vn

TASK 3 - CREATE & CONFIGURE VPC SECURITY GROUP

In this task, you will create a Security Group (SG) that is a firewall for EC2 instances. You will assign this SG to an web server to allow incoming HTTP, SSH, ICMP from the internet.

STEP 6 - Create Security Group

In VPC service, click on Security Groups / Create security group

cloud.vn

STEP 7 - Configure inbound rules

Enter required information for a security group:

– Security group: SG Web - VPC Lab

– Description: Security Group Lab for Web Access, SSH

– VPC: VPC Lab

cloud.vn

Click Add rule to configure Inbound rules

– HTTP

– ICMP

– SSH

cloud.vn

Outbound rules as default.

cloud.vn

Click Create security group to complete.

cloud.vn

TASK 4 - LAUNCH A WEB SERVER INSTANCE

In this task, we will launch an EC2 instance in the created public subnet (Public subnet 2). We also install and configure a web server by using User Data.

STEP 8 - Launch an EC2 Web server

8.1. EC2 Dashboard

In AWS Management Console, click on Services / Enter ec2 and click on EC2 service

cloud.vn

8.2. Select AMI

Click on Launch instance / Launch instance to go to AMI selection screen

cloud.vn

Select Amazon Linux 2 AMI (HVM), SSD Volume Type, 64-bit (x86)

cloud.vn

Click on Select to go to next page

8.3. Select EC2 Instance size

Choose t2.micro type.

cloud.vn

Click Next: Configure Instance Details

8.4. Configure Instance Details

Change the information as below:

Network: VPC Lab

Subnet: Public subnet 2

Auto-assign Public IP: Enable

cloud.vn

Advanced Details / User data: Copy and paste following source code

#!/bin/bash
# Install Apache Web Server and PHP
yum install -y httpd mysql php
# Download Lab files
wget https://s3-ap-southeast-1.amazonaws.com/cloud.training/lab-app.zip
unzip lab-app.zip -d /var/www/html/
# Turn on web server
chkconfig httpd on
service httpd start

cloud.vn

Click Next: Add Storage

cloud.vn

Click Next: Add tags

cloud.vn

Click Next: Configure Security Group / Select Select an existing security group / Choose SG Web - VPC Lab

cloud.vn

Click Review and Launch

cloud.vn

Click Launch

STEP 8.5 - Create key pair

Choose Create a new key pair

cloud.vn

Enter key name: cloudvn / Click on Download Key Pair

cloud.vn

Click Launch instances

cloud.vn

Launching

cloud.vn

Launching status

Click on the instance ID to see (Status check: Initializing)

cloud.vn

You also can click on refresh button to see the updated status.

Success

cloud.vn

The architect now is updated as below:

cloud.vn

TASK 5 - ACCESS WEB SERVER

STEP 9 - Get Instance’s public IP Address or DNS

In the EC2 Dashboard / Choose Instances / Click on the created EC2 instance (Example: i-02341bbe510b27616)

cloud.vn

You will see the importance parameters. For example in my case:

– Public IPv4 address: 13.114.164.100

– Public IPv4 DNS: ec2-13-114-164-100.ap-northeast-1.compute.amazonaws.com

You will see the different data from your lab.

STEP 10 - Access Web server

Using your favourite browsers such as: Google Chrome, Firefox, Safari… and enter the above IP Address, DNS.

cloud.vn

Tadah Congratulations! You are sucessfully completed to build the first web server on AWS!

cloud.vn

TASK 6 - CLEAN LAB

To save your money, you should clean the environment after completing the lab.

To-Do list:

  1. Delete NAT Gateway

  2. Delete Web Server

  3. Delete VPC

  4. Release Elastic IP Address

STEP 11 - Delete NAT Gateway

Go to VPC Service / Choose NAT Gateways / Click on NAT GW Lab / Click Action / Choose Delete NAT Gateway

cloud.vn

Enter delete to confirm

cloud.vn

Success

cloud.vn

STEP 12 - Delete Web Server

Go to EC2 Service / Choose Instances on left sidebar / Choose your web server / Click on Instance state / Choose Terminate instance

cloud.vn

STEP 13 - Delete VPC

Go to VPC Service / Choose VPCs

cloud.vn

Click on VPC Lab

cloud.vn

Click Action / Choose Delete VPC

cloud.vn

Enter delete to confirm

cloud.vn

Click Delete

cloud.vn

Resources have been deleted!

cloud.vn

STEP 13 - Release Elastic IP Address

Go to VPC Service / Choose Elastic IPs / Click on your created Elastic IP / Click Action / Choose Release IP Addresses

cloud.vn

Click Release to confirm

cloud.vn

Success

cloud.vn

CONGRATULATIONS!