©2019 by Raghavendra Kambhampati

How to build a custom VPC to launch MySQL RDS and Webserver and configure your application?

In this lab,we will create a VPC which will include a web server and an Amazon RDS database.

Tasks will include: 1.Create a Amazon VPC (Virtual Private Cloud) 2.Create a public and private subnets 3.Create an Internet Gateway 4.Create a Route Table and add an entry for route to the internet 5.Create a security group for web server to allow only HTTP traffic 6.Create a security group for MySQL RDS database to allow MySQL traffic from public subnets 7.Deploy a web server and a MySQL RDS instance 8.Configure your application to connect to MySQL RDS instance

First:Select the Region where you want to Create VPC and launch resources.(I will be selecting Mumbai for demo purposes)

Task 1: Create a VPC

In the AWS Management Console,on the Services Menu->Under Networking & Content Delivery-> Click VPC.

In the left navigation pane,Click Your VPCs.

Click Create VPC and then configure->Click Create.

NOTE:In Tenancy,we have two options available i.e Default and Dedicated. Default-All Your instances that you launch in your VPC runs on shared hardware. Dedicated-All Your instances that you launch in your VPC runs on single-tenant hardware. You can change the instance tenancy of a VPC from dedicated to default after you create it. You cannot change the instance tenancy of a VPC from default to dedicated.

Task 2: Create Your Public Subnets

We will create two public subnets. Each subnet will reside in a separate availability group.

Create Your First Public Subnet

1.In the left navigation pane,Click Subnets.

2.Click Create Subnet and then configure->Click Create.

NOTE: While Creating your first public subnet,in VPC field select the VPC which we created at first and then select the first availability zone.(Here Mumbai has two availability zones ,so I will be placing first in ap-south-1a and second in ap-south-1b)

3. Once created,select the public subnet which we created and then click on Actions Menu->Select Modify auto-assign IP settings ->Click on Enable Auto-assign IPv4 ->Click Save.

NOTE: Once we enable Auto-Assign IPv4,all the instances that are launched in this public subnet will be assigned public IPv4 address.

Create Your Second Public Subnet

1.In the left navigation pane,Click Subnets.

2.Click Create Subnet and then configure->Click Create.

3. Once created,select the public subnet which we created and then click on Actions Menu->Select Modify auto-assign IP settings ->Click on Enable Auto-assign IPv4 ->Click Save.

NOTE: Once we enable Auto-Assign IPv4,all the instances that are launched in this public subnet will be assigned public IPv4 address. Though we created two public subnets in two availability zones,we need to create Internet Gateway and attach it .

Task 3:Create an Internet Gateway

1.In the left navigation pane,Click Internet Gateways.

2.Click Create Internet Gateway and then configure->Click Create.

3.After you created Internet Gateway,you can the see the state as detached.

4.Now Select the Internet Gateway which we created->Go to Actions Menu->Select Attach to VPC and Select the VPC which we created->Click Attach.

Task 4:Create a Route Table,Add Routes and Associate Public Subnets

NOTE: Since we created a VPC named MY VPC,it will by default create one route table associated with this VPC to route traffic locally.So we need to create additional route table to route public traffic to Internet Gateway.

Below image talks about the default route table.

1.In the left navigation pane,Click Route Tables.

2.Click on Create route table and then configure->Click Create.

3.Now select the public route table which we created->Click on the Routes tab and you can see there is one route entry in the table which allows traffic within the network 10.0.0./16 to flow inside VPC and does not route traffic outside.So we will add one more new route to enable public traffic.

4.Click on Edit routes->Click on Add route->Add entry 0.0.0.0/0 and select Internet Gateway as the Target as we want to enable public traffic>Click Save.

5.Click the Subnet Associations tab->Click on Edit subnet associations->Select both the newly created public subnets 1a and 1b->Click Save.Since both the public subnets are connected to the Internet Gateway they can route public traffic.

Task 5:Create a Security Group for your Web Server

1.In the left navigation pane,Click Security Groups under Security.

2.Click Create Security group and then configure->Click Create.

3.Select the Security group which we created ->Click on Inbound Rules Tab->Click Edit Rules->Click Add Rule->Select HTTP as Type and Source select either anywhere or MY IP->Click Save Rules.

Task 6:Launch a Web Server using EC2 in your Public Subnet

1.On the Services Menu->Click EC2 under Compute.

2.Click on Launch Instance->Select Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type .

3.Select t2.micro instance (you can select anyone for demo we are selecting t2.micro)->Click on Next:Configure Instance Details.

4. Select Your VPC in Network,Select Public 1a as subnet ->Scroll Down->Select Advanced Details and copy the below code.(This code will install a web server on your EC2 instance and runs an app that can be configured to point to RDS instance during the instance is launched for the first time)->Click on Add Storage.

Code: 
#!/bin/bash -ex yum -y update yum -y install httpd php mysql php-mysql chkconfig httpd on service httpd start cd /var/www/html wget https://s3-us-west-2.amazonaws.com/us-west-2-aws-training/awsu-spl/spl-13/scripts/app.tgz tar xvfz app.tgz chown apache:root /var/www/html/rds.conf.php  

5.Select the default values for Storage->Select Next Add Tags.

6.Click Add Tag->Enter values as shown below->Click Configure Security Group.

7.Select the Security Group which we created previously->Select Review and Launch->Ignore the warning for port 22 as we are not going to login to server.If in case we want to login to server we can enabled port 22 as we did for HTTP,select SSH as type ).

8.When you click on Launch,it will ask for the key pair if we created if not we can select create a new key pair ->Click on Launch Instances.

9.Once the instance is launched,we can see the status as running.

10.Copy the IPv4 Public IP and paste in the browser and you will see the below page.The Application is running but since we did not create RDS database we will not be able to connect it to web server.

Task 7:Create Private Subnets for your MySQL Server(RDS Database)

Create Your First Private Subnet

1.In the AWS Management Console,on the services Menu,Click VPC under Network & Content Delivery.

2.In the left navigation pane,Click subnets.

3.Click Create Subnet and then configure->Click Create.

NOTE: While Creating your first private subnet,in VPC field select the VPC which we created at first and then select the first availability zone.(Here Mumbai has two availability zones ,so I will be placing first in ap-south-1a and second in ap-south-1b)

Create Your Second Private Subnet

In the left navigation pane,Click subnets.

Click Create Subnet and then configure->Click Create.

Task 8:Create a Security Group for Your Database Server

1.In the left navigation pane,click Security Groups.

2.Copy the Group ID of the Webserver Security group which we created earlier for launching webserver using EC2.

3.Click Create Security Group and then configure->Click Create.

4.Select Database Security group,Click Inbound Rules->Click Edit Rules->Click Add Rule and then configure->Click Save Rules.(In Source add the web server security group ID and Type as MySQL Database).

This will allow your web server to communicate with the database as we have configured the web server security group ID as incoming for database.

Task 9:Create a Database Security Group

When we use RDS databases,they require a seperate database subnet group.They are typically collection of private subnets in at least two availability zones in given region.

1.On the Services Menu,Click RDS under Database.

2.In the left navigation pane,Click Subnet Groups.

3.Click Create DB Subnet Group and then configure->Click Create.

Add all the private subnets for both the availability zones which we created.

Task 10:Create an Amazon RDS Database

In the left navigation pane,Click Databases.

Click Create Database ->Select MySQL as the database engine->Click Next->Select Dev/Test as the use case->Click Next->Select DB instance class as db.t2.micro -1 vCPU,1 GiB RAM and rest all values as default->Under Settings->Enter DB Instance Identifier as myDB->Master Username as admin->Password as demo-password->Click Next.

Select VPC which we created ->Select Database as Security Group and DB name as myDB under Database Options and 0 days under backup and retention period->Click Create Database.

We have deployed MySQL RDS Database.

Task 11:Connect Your Application to Your RDS Database

1.Click on the RDS DB which we created and get the endpoint.

2.Return to the browser where we entered Public IPv4 address of Ec2 instance which we created and then configure RDS Database details->Click Submit.

Now we are able to see the application data which got stored in the RDS database.Now we can add /remove a contact from address book as this information is saved in RDS database.

Now if you observe I have added new contact named user1 and it got stored in the RDS database.The address book is the application which we deployed in the webserver and once it got connected to RDS database,all the details are stored.

Thus we were able to configure webserver in public subnet and RDS database in private subnet which were created under VPC and able to connect application to a database using route tables and security groups.

10 views