This lab walks you through the steps to deploy a highly available Web application and use Bastion host to control the access to underlying private instances.
Duration: 90 minutes
AWS Region: US East (N. Virginia) us-east-1
A bastion host is a system that is exposed to the internet.
In terms of security, Bastion is the only server that is exposed to the internet and should be highly protective to malicious attacks.
A Bastion host is also known as a Jump Box. It is a computer that acts like a proxy server and that allows the client machine to connect to the remote server.
It usually resides outside the firewall.
The Bastion server filters the incoming traffic and prevents unwanted connections entering the network thus acting as a gateway to maintain the security of bastion hosts, all unnecessary software, daemons.
Consider your application is running on a single EC2 instance. If the traffic to your application increases and you need further resources, we can launch multiple EC2 instances from an already running server and then use Elastic Load Balancing to distribute the traffic to your application among the newly-created servers.
We can also eliminate the Fault tolerance in your application by placing the servers ( EC2 instances) across different availability zones.
In the event of Failure of one Availability zone, your application will serve or handle the traffic from another availability zone.
High Availability and fault tolerance can be achieved using Elastic Load balancers.
Load Balancer is a service that allows you to distribute the incoming application or network traffic across multiple targets (such as Amazon EC2 instances, containers, and IP addresses) in multiple Availability Zones.
AWS currently offers three types of load balancers:
Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic.
Network Load Balancer is used to distribute the traffic or load using TCP/UDP protocols.
Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances.
Launching Lab Environment
Check Cloudformation stack is created
Create a Bastion Server
Creating a Security Group for the Load Balancer
Steps to create Web-servers
Create a Target Group
Create a Load Balancer
Connecting to web server via Bastion
Checking the health of the load balancer
Test case for High Availability
Validation of the lab.