This lab walks you through the steps to deploy a highly available Web application and use Bastion host to control the access to underlying private instances.
Duration: 60 minutes
AWS Region: US East (N. Virginia)
A bastion host is a system that is exposed to the internet.
In terms of security, Bastion is the only server that is exposed to the internet and should be highly protective to malicious attacks.
A Bastion host is also known as a Jump Box. It is a computer that acts like a proxy server and that allows the client machine to connect to the remote server.
It usually resides outside the firewall.
The Bastion server filters the incoming traffic and prevents unwanted connections entering the network thus acting as a gateway to maintain the security of bastion hosts, all unnecessary software, daemons.
Consider your application is running on a single EC2 instance. If the traffic to your application increases and you need further resources, we can launch multiple EC2 instances from an already running server and then use Elastic Load Balancing to distribute the traffic to your application among the newly-created servers.
We can also eliminate the Fault tolerance in your application by placing the servers ( EC2 instances) across different availability zones.
In the event of Failure of one Availability zone, your application will serve or handle the traffic from another availability zone.
High Availability and fault tolerance can be achieved using Elastic Load balancers.
Load Balancer is a service that allows you to distribute the incoming application or network traffic across multiple targets (such as Amazon EC2 instances, containers, and IP addresses) in multiple Availability Zones.
AWS currently offers three types of load balancers:
Application Load Balancer is best suited for load balancing of HTTP and HTTPS traffic.
Network Load Balancer is used to distribute the traffic or load using TCP/UDP protocols.
Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances.
Launch a Bastion Host instance along with two web application instances, two web application instances should be launched in the private subnet.
Set up a Load Balancer and associate the two web instances to the Load Balancer.
SSH into the web servers via the Bastion server.
Publish a test index.html on both of the web servers.
Access the webpage using the load balancer's DNS endpoint.
Check the responses to see the Load Distribution between the 2 servers.
Stop or Terminate one of the web servers.
Check the responses to see how to Load Distribution changes