Custom VPC with Public Private subnet - Application deployed in Private subnet

This example demonstrates how to create a VPC that you can use for servers in a production environment. To improve resiliency, you deploy the servers in two Availability Zones, by using an Auto Scaling group and an Application Load Balancer. For additional security, you deploy the servers in private subnets. The servers receive requests through the load balancer. The servers can connect to the internet by using a NAT gateway. To improve resiliency, you deploy the NAT gateway in both Availability Zones.

1. Create custom VPC.

   

   

   2. Create auto scaling group and create launch template configuration.

      

      

   3. Create EC2 instances in private instances. As these are private instances, they do not have public IP address.

      

      

   4. Bastion host instance is created in public subnet in the same VPC to access our instances in private subnets.

      

   5. Now copy .pem file this file is used to SSH into private instances. also modify the permission on .pem file by using command - chmod 600 demo.pem

      

      

   6. Able to login to EC2 instance from bastion host to our private EC2 instances now.

      

   7. Deploy the application by running below command in one of the private subnet.

      python3 -m http.server 8000

      

   8. Now create load balancer. we can see error because we have not added port 8000.

      

   9. When we edit the inbound rule and add port 8000 then error is gone.

      

      

   10. we have created html page in private EC2 instance and we can now access the webpage. also please note that we have deployed http server only in one private subnet and on 2nd subnet nothing is deployed hence we can see 1 instance as healthy and 2nd instance as unhealthy which is perfectly fine.