Created High Availability Architecture with AWS CLI
TASK DESCRIPTION👨💻
- Webserver configured on AWS instance
- Document root(/var/www/html) made persistent by mounting on EBS block device.
- Static objects used in code such as pictures stored in S3
- Setting up content delivery network using cloud front and using the origin domain as S3 bucket
- Finally place the cloud front URL on the WebApp code for security and low latency.
LET’S START…
STEP 1: DOWNLOAD AND CONFIGURE THE AWS CLI
We need to download and install AWS CLI tool in our OS. I have used Version 2.0.17
STEP 2 : CREATE IAM USER AND CONFIGURE AWS
Before starting, We have to create IAM user to get “Access key” and “Secret key”. So, we have to go to our AWS account from AWS Web Console. Then go to “IAM” service then click on “Users” then click on “Add User” and create one user. Then click on “Programmatic access” and then it’ll be giving us “Access key” and “Secret key”
Now, we have to run “aws configure” command to setup AWS CLI and provide Access key and Secret key of IAM user and region, etc.
STEP 3: CREATE KEY PAIR
Use below command to create key pair
aws ec2 create-key-pair --key-name <name_of_key_pair>
Confirm from AWS WebUI, whether Key pair created or not
STEP 4: CREATE SECURITY GROUP
Use below command to create Security group
aws ec2 create-security-group --group-name <name_of_ecurity_group> --description "<description>" --vpc-id <your_vpc_id>
NOTE : You can find your VPC id here : →Go to “Networking & Content Delivery” service → “VPC” and then go to “Your VPCs” .
STEP 5: SET INBOUND RULE TO SECURITY GROUP
Now, we have to add inbound rule. Use below command to set inbound rules.
In my case, I have allowed protocol as “All traffic” and hence my port is “all”. You can give your own Protocol and their respective Port number.
aws ec2 authorize-security-group-ingress --group-name <security_group_name> --protocol <protocol> --port <port_no.> --cidr <IP_range>
Also check from AWS WebUI, whether security group created or not.
STEP 6: LAUNCH A EC2 INSTANCE
Use below command to launch the ec2 instance
aws ec2 run-instance --image-id ami-068d43a544160b7ef --instance-type t2.micro --key-name <key name> --security-group-ids <security group id> --subnet-id <subnet id> --count 1 --tag-specifications=ResourceType=instance,Tags=[{Key=<key name>,Value=<value>}]
Also check from AWS WebUI, whether instance created or not.
STEP 7: CREATE EBS VOLUME OF 1GiB
Use below command to create volume of 1 GiB
aws ec2 create-volume --volume-type gp2 --size 1 --availability-zone <instance zone> --tag-specifications=ResourceType=volume,Tags=[{Key=<key name>,Value=<value>}]
STEP 8: ATTACH EBS VOLUME OF 1GiB TO EC2 INSTANCE
Use below command to attach volume of 1 GiB to ec2 instance
aws ec2 attach-volume --volume-id <volume id> --instance-id <instance id> --device /dev/sdf
STEP 8: SSH LOGIN
Use below command to do remote SSH
ssh -i "<aws_private_key.pem>" ec2-user@<ipv4_public_DNS>
STEP 9: CONFIGURATION OF WEBSERVER
To install httpd, use below command
yum install httpd
STEP 10: PARTITION, FORMATTING AND MOUNTING
Partition: “fdisk /dev/xvdf”Formatting: “mkfs.ext4 /dev/xvdf1”Mounting: “mount /dev/xvdf1 /var/www/html”
NOTE: Remember we have to mount that disk on /var /www/html
STEP 11: CREATE S3 BUCKET
To create S3 storage bucket, use bellow command
aws s3api create-bucket --bucket myvolume --region ap-south-1 --acl public-read --create-bucket-configuration LocationConstrained=ap-south-1
And now upload one picture on AWS S3 bucket through CLI, using command
aws s3 cp C:\Users\Suraj Vasantrao\Downloads\hello.jpg s3:/mybucketvolume --acl public-read
Check from WebUI, whether bucket created and image uploaded or not
STEP 12: SETTING-UP CONTENT DELIVERY NETWORK USING CLOUDFRONT WITH S3 BUCKET AS DOMAIN ORIGIN
To create domain name for S3 bucket using CloudFront, use command
aws cloudfront create-distribution --origin-domain-name <bucket_name>.s3.amazonaws.com
Now, also check from WebUI,whether uploaded image in S3 bucket got CloudFront URL or not.
Here is my S3 bucket URL-
https://mybucketvolume.s3.ap-south-1.amazonaws.com/hello.jpg
NOTE: Make sure your S3 URL is Public, otherwise it will show “ACCESS DENIED”