This project demonstrates the design and deployment of a highly available, scalable, and secure web application infrastructure on Amazon Web Services (AWS).
---
- Custom VPC with public and private subnets across multiple Availability Zones
- Internet Gateway for public access
- NAT Gateway for private subnet outbound internet access
- Application Load Balancer for traffic distribution
- Auto Scaling Group for elasticity
- EC2 instances running a simple Apache web application
- Amazon VPC
- EC2 (Amazon Linux)
- Application Load Balancer (ALB)
- Auto Scaling Groups
- NAT Gateway / Internet Gateway
- IAM & Security Groups
- Apache Web Server (User Data bootstrapping)
- AWS Cloud Architecture Design
- Networking (VPC, Subnets, Routing)
- Load Balancing & Auto Scaling
- Cloud Security (IAM, Security Groups)
- Linux Server Configuration
- High Availability System Design
- Production-grade infrastructure thinking
- Navigate to VPC → Create VPC
- Configuration:
- Name:
payflow-vpc - IPv4 CIDR:
10.0.0.0/16
- Name:
Subnet 1
- Name:
public-subnet-1 - CIDR:
10.0.1.0/24 - AZ:
us-east-1a
Subnet 2
- Name:
public-subnet-2 - CIDR:
10.0.2.0/24 - AZ:
us-east-1b
Subnet 3
- Name:
private-subnet-1 - CIDR:
10.0.3.0/24 - AZ:
us-east-1a
Subnet 4
- Name:
private-subnet-2 - CIDR:
10.0.4.0/24 - AZ:
us-east-1b
- Name:
payflow-igw - Attach it to
payflow-vpc
- Name:
public-rt - Route:
- Destination:
0.0.0.0/0 - Target: Internet Gateway
- Destination:
- Associate with:
public-subnet-1public-subnet-2
- Name:
private-rt - Associate with:
private-subnet-1private-subnet-2
- Place NAT Gateway in:
public-subnet-1 - Allocate an Elastic IP
- Add route:
- Destination:
0.0.0.0/0 - Target: NAT Gateway
- Destination:
- Allow:
- HTTP (Port 80) from
0.0.0.0/0
- HTTP (Port 80) from
- Allow:
- HTTP (Port 80) ONLY from ALB Security Group
- Launch EC2 instance in private subnet
- Amazon Linux AMI
- Install Apache web server using User Data:
#!/bin/bash
yum update -y
yum install -y httpd
systemctl enable httpd
systemctl start httpd
echo "PayFlow Server - $(hostname)" > /var/www/html/index.html
- Convert the configured EC2 instance into an Amazon Machine Image (AMI)
- This AMI captures:
- OS configuration
- Installed packages (Apache HTTP Server)
- Application setup
- The AMI will be used by the Auto Scaling Group to launch identical instances
The Launch Template defines how new EC2 instances will be created.
Configuration:
- AMI: Custom Amazon Linux AMI
- Instance Type:
t3.micro - Key Pair: Configured SSH key pair
- Security Group:
- Allow HTTP (Port 80)
- User Data Script:
- Installs and configures Apache HTTP Server
The Target Group is used by the Load Balancer to route traffic.
Configuration:
- Type: Instances
- Protocol: HTTP
- Port: 80
- Path:
/ - Ensures only healthy instances receive traffic
- Unhealthy instances are automatically removed from routing
- Type: Internet-facing Load Balancer
- Listener: HTTP (Port 80)
public-subnet-1public-subnet-2
- Connect ALB to the Target Group
The ASG ensures high availability and elasticity.
Configuration:
- Launch Template: Previously created template
- Subnets:
private-subnet-1private-subnet-2- Attach Target Group
- Minimum Instances: 2
- Desired Instances: 2
- Maximum Instances: 4
- If CPU utilization > 70%
- ➜ Add more EC2 instances automatically
- If CPU utilization < 30%
- ➜ Remove excess EC2 instances
To verify the setup:
- Copy the ALB DNS name
- Paste it into a browser
- Refresh multiple times
- Different EC2 hostnames appear on each refresh
- Traffic is distributed across multiple instances
- Load Balancing is working correctly
A fully scalable, fault-tolerant web application infrastructure capable of automatically handling traffic changes while maintaining high availability.
• EC2 instances deployed in private subnets • No direct public access to backend servers • Controlled traffic via ALB only • Security groups enforcing least privilege access