Deploying a Highly Available Web Application and Bastion Host in AWS

Lab Details

  1. This lab walks you through the steps to deploy a highly available Web application and use Bastion host to control the access to underlying private instances.

  2. Duration: 60 minutes

  3. AWS Region: US East (N. Virginia) us-east-1

Introduction

Bastion Host

  • A bastion host is a system that is exposed to the internet.

  • In terms of security, Bastion is the only server that is exposed to the internet and should be highly protective to malicious attacks. 

  • A Bastion host is also known as a Jump Box. It is a computer that acts like a proxy server and that allows the client machine to connect to the remote server.

  • It usually resides outside the firewall.

  • The Bastion server filters the incoming traffic and prevents unwanted connections entering the network thus acting as a gateway to maintain the security of bastion hosts, all unnecessary software, daemons.

High Availability

  • Consider your application is running on a single EC2 instance. If the traffic to your application increases and you need further resources, we can launch multiple EC2 instances from an already running server and then use Elastic Load Balancing to distribute the traffic to your application among the newly-created servers.

  • We can also eliminate the Fault tolerance in your application by placing the servers ( EC2 instances) across different availability zones.

  • In the event of Failure of one Availability zone, your application will serve or handle the traffic from another availability zone.   

  • High Availability and fault tolerance can be achieved using Elastic Load balancers.  

Elastic Load Balancer

  • Load Balancer is a service that allows you to distribute the incoming application or network traffic across multiple targets (such as Amazon EC2 instances, containers, and IP addresses) in multiple Availability Zones.

  • AWS currently offers three types of load balancers:

  • Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic.

  • Network Load Balancer is used to distribute the traffic or load using TCP/UDP protocols. 

  • Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances. 

Architecture Diagram

Task Details

  1. Launching Lab Environment

  2. Check Cloudformation stack is created

  3. Create a Bastion Server

  4. Creating a Security Group for the Load Balancer

  5. Steps to create Web-servers

  6. Create a Target Group

  7. Create a Load Balancer

  8. Connecting to web server via Bastion

  9. Checking the health of the load balancer

  10. Test case for High Availability

  11. Validation of the lab.