Cloud Infrastructure

1
Cloud Infrastructure

2
Cloud Infrastructure

3
Cloud Infrastructure

Introduction of our project

The Sustainability Social Research Organization (SSRO), a made-up non-profit organization, has
become an essential tool at a time when social science academics need access to statistics on
global development. Researchers have access to a multitude of data on the SSRO website,
including global changes in life expectancy over the last ten years. This effort, sponsored by IT
executive Shirley Gondolas, was the result of her enthusiasm for information exchange and
dissemination. This priceless information is scrupulously stored by Shirley in a MySQL
database, which is accessed via a user-friendly PHP website that she herself created. But as the
group's notoriety has grown over the past year, increased traffic has presented fresh difficulties.
An almost successful security breach and complaints about the responsiveness of the website led
Shirley to reconsider her hosting arrangement. Shirley sought help from Amazon Web Services
(AWS) to create a more reliable, easily accessible, and secure website. Our team's goal is to
make sure Shirley's vision adheres to the industry's best practices for cloud architecture as a
Cloud Solution Architect at AWS. With a focus on security, implementation, and high
availability/scalability, this assignment will examine the solution requirements and emphasize
how crucial infrastructure optimization is to SSRO's long-term success.

4
Cloud Infrastructure

1.0 Cloud Architecture Solution of our design

Figure 1: Cloud Architecture Design

The above cloud architecture was chosen as the final design option by our group debate. The red
line indicates the network architecture's secure incoming traffic. As seen in the figure above,
each security group has its own set of ports, and the Application Load Balancer is in charge of all
inbound traffic. To defend itself, each port has its own set of rules. The Primary RDS and
Replica RDS are connected to the repository application mySQL, as indicated by the Private
Subnet 1 and 2 at the bottom of the figure above. The repository app is linked to the Parameter
Store. The following screenshot also shows that the database has two distinct private subnets.

5
Cloud Infrastructure

2.0 Pricing Cost

Figure 2: Pricing Cost for Capstone Project

Based on Figure 2, the cost that the team would have to invest to continue running the data
display and gathering for their website is estimated. The team will have to pay Amazon Elastic
IP $21.90 per month and Amazon EC2 $0.75 per month. The final two options are Amazon
Aurora MySQL and Amazon VPC, all of which are free. The team pays $29.42 per month for
RDS, as seen in the bottom image.

6
Cloud Infrastructure

3.0 Cloud Environment (Capstone Project)

Figure 3: Capstone Project

Capstone is a software engineering and cloud computing firm that specializes in providing
clients with solutions. In this case, the capstone project is utilized to exhibit the project's abilities
and design. When the application is ready for use at the end of the project, the customer can
launch it using a PHP app hosted on Amazon EC2. The MySQL database is also generated using
a SQL dump file, which the PHP developer may also access. AWS provides a feature that
enables developers to protect their applications by restricting access from the backend system
and changing some of the settings in the system management parameter store.

The RDS DB setup is the first step in the entire process. This facility is created using an Amazon
VPC service and a Virtual Private Cloud (VPN). A VPC is formed with a default security group
included. Additional security groups may be created for each VPC. Resources in the VPC for
which a security group was defined are the only resources that can be connected to it. Here, DB
subnet group 2 of the Availability Zone is being used because it was chosen for the DM instance.
This gets me to the security group, which is my next subject. The Amazon VPS service creates
the security group for you. The incoming and outgoing traffic is under the monitoring of a
security team.

7
Cloud Infrastructure

For instance, when a security group is connected to an EC2 instance, it has control over the
inbound and outbound traffic of the instance. One of the most crucial components of a capstone
project is the hosting of a trustworthy MySQL database. A secure admin login page and
anonymous access are both offered in this project. This makes it incredibly safe because only an
admin can alter or modify the programme an anonymous user cannot.

8
Cloud Infrastructure

3.1 Capstone Project of our configuration

Figure 4: Capstone Project

Figure 4 shows how this project relates to the Capstone Project. This page includes information
about the type of load balancing, IP address, DNS name, Schema, status, availability zone, VPS,
and hosted zone.

9
Cloud Infrastructure

3.2 How our group complete the project.

Our team's decision to undertake this project was driven by online considerations. Given that our
group members is currently located in semester break and located different state, physically
gathering for discussions was not feasible. Therefore, we opted to leverage an online
communication platform called WhatsApp and Microsoft teams due to its commendable video
and voice quality, making it an excellent choice for remote collaboration.

To ensure the project's success and maintain a structured approach, we adopted the use of a
workload matrix. This strategy has a long history of being employed in various projects over
centuries, primarily because it helps keep projects on track and fosters a systematic approach.
The primary purpose of a workload matrix is to efficiently distribute tasks among team members.
It accomplishes this by minimizing idle time, reducing the risk of duplicate work, and promoting
team cohesion. By maximizing the collective output of the team, this methodology aims to boost
employee morale and ensure that everyone contributes effectively to the project's success.

In essence, our choice to use WhatsApp and Microsoft teams for online discussions and
implement a workload matrix underscores our commitment to an organized and efficient
approach to project management, even in a distributed team setup. This approach should help us
overcome geographical barriers, minimize inefficiencies, and ultimately achieve our project's
objectives effectively.

10
Cloud Infrastructure

3.3 Web services deployed in AWS

Web services are applications that may be accessed through the internet. To send and receive
information between different devices and systems, they need a common messaging system.
Amazon online Services (AWS) is a cloud computing platform that provides several services for
developing, deploying, and managing online applications. AWS provides several tools and
services that make it simple to design, deploy, and manage web services. Developers can use
AWS Elastic Beanstalk to swiftly deploy and scale web projects without having to worry about
the technology underlying. The AWS Lambda service allows developers to run code without
needing to maintain servers, while the AWS API Gateway service simplifies the creation and
management of APIs for web services. One of the most appealing aspects of utilizing AWS to
establish a web service is the ease with which the service can be scaled.

AWS allows developers to rapidly add or remove resources such as processing power, storage
space, and network bandwidth based on the demands of the web application. This implies that
AWS-hosted web services can tolerate fluctuations in traffic and usage without going down or
becoming sluggish. Another advantage of AWS is that it ensures the security of online services.
AWS provides several security measures, including as encryption, identity, and access control,
that aid in the protection of online services and their data. AWS also has a robust compliance
procedure in place to ensure that web services released on the platform adhere to industry norms
and guidelines.

In the end, AWS is a strong and adaptable platform for developing web services. It is a
wonderful solution for developers who wish to build and manage web services because of its
strong security features and ability to quickly and effectively expand web services.

11
Cloud Infrastructure

3.4 Project Challenges and limitation

Lack of knowledge about cloud computing technology and best practices can pose a significant
challenge for a team embarking on a cloud infrastructure project. Cloud computing is a
specialized field with its own set of complexities, and without the requisite expertise, team
members may struggle to design and implement an efficient solution. This knowledge gap can
lead to mistakes, suboptimal configurations, and potentially compromised security, all of which
can impede the project's success.

Budget management is another critical concern for such teams. Building and maintaining a cloud
infrastructure can be cost-intensive, and without a clear understanding of the expenses involved,
it becomes challenging to control spending and adhere to the project's budget. Uncontrolled costs
can not only strain financial resources but also hinder the project's overall progress.

Furthermore, optimizing expenses while maintaining performance is a delicate balance to strike

in the cloud. While cloud computing offers scalability and flexibility, these advantages can come
at a price. Teams must constantly monitor resource consumption, identify inefficiencies, and
make necessary adjustments to ensure that the cloud infrastructure remains both cost-effective
and capable of delivering the expected performance levels.

To overcome these challenges, the team should prioritize several key actions. First and foremost,
they should invest in training and development to ensure that team members acquire the
necessary skills and knowledge for working in the cloud. Additionally, a well-defined project
plan and schedule are essential to keep the project on track. Regular progress assessments and
the flexibility to adjust the plan as needed are crucial for adapting to unforeseen challenges and
ensuring project success. By addressing these difficulties proactively, the team can maximize the
benefits of cloud computing while minimizing potential setbacks.

12
Cloud Infrastructure

4.0 Cloud Infrastructure

The term "cloud infrastructure" in the context of Amazon Web Services (AWS) is used to
describe a group of resources and services made available by AWS for the purpose of hosting
your workloads, data, and applications in a scalable and flexible way. Cloud-based applications
may be developed, deployed, and managed using the extensive set of infrastructure solutions that
AWS provides. Following are some essential elements of the AWS cloud infrastructure:

IT Services:

Virtual servers that can be quickly scaled up or down to execute your applications are available
through Amazon EC2 (Elastic Compute Cloud).
AWS Lambda is a serverless computing solution that enables you to execute code in responses to
events without setting up or maintaining servers.

Internet Services:

 A logically separated area of the AWS cloud where you may launch resources is called
an Amazon VPC (Virtual Private Cloud).
 A scalable yet highly reliable domain name system, or DNS, web service is Amazon
Route 53.
 A dedicated network link from your on-site data center to AWS is known as AWS Direct
Connect.

Storing solutions:

 Expandable object-based storage for data storage and retrieval is offered by Amazon S3
(Simple Storage Service).
 EC2 instances can use block storage volumes from Amazon EBS (Elastic Block Store).

13
Cloud Infrastructure

 Elastic File System (AFS) from Amazon: Completely controlled file storage for EC2
instances.
 Amazon Glacier: Budget-friendly backup and archival storage.
 Integrates on-premises systems with cloud storage using the AWS Storage Gateway.

Services for databases:

 Relational database management service for MySQL, PostgreSQL, Oracle, SQL Server,
and other databases is offered by Amazon RDS (Relational Database Service).
 Fully maintained NoSQL database service provided by Amazon DynamoDB.
 High-performance, fully-managed relational database engine: Amazon Aurora.

Identity services and security:

 You can securely manage access to AWS resources using IAM, a feature of AWS
Identity and Access Management.
 Data security is managed via the AWS Key Management Service (KMS).
 You may manage and control many AWS accounts from a single location using AWS
Organizations.

Services for management and observation

 AWS resources and applications are monitored via Amazon CloudWatch, which also
provides metrics and logs.
 AWS CloudTrail logs AWS API calls for compliance and auditing purposes.
 AWS Config: Offers a thorough list of AWS resources and settings updates.

14
Cloud Infrastructure

4.1 Virtual Private Cloud (VPC)

An essential networking tool offered by Amazon Web Services (AWS) called Amazon Virtual
Private Cloud (Amazon VPC) enables you to build isolated, secure network environments in the
cloud. Your own virtual network architecture, including IP address ranges, subnets, route tables,
and network gateways, may be created using VPC. This gives you the ability to manage and alter
the network configuration of your cloud infrastructure to suit your unique needs. Here are some
of the main characteristics and elements of Amazon VPC:

 Network isolation is a feature of VPCs that enables you to logically isolate various
components of your infrastructure. By preventing resources from one VPC from
immediately communicating with those in another, unless connection is specifically
configured, this separation improves security.

 Customization of IP Addresses: Your VPC's IP address range (CIDR block) is under your
control. To further divide up your resources, you may also designate several subnets—
each with a distinct CIDR block—within the VPC.

15
Cloud Infrastructure

4.2 Subnets

Subnets are parts of the Amazon Virtual Private Cloud (Amazon VPC) in Amazon Web Services
(AWS), which let you further split and arrange your VPC's IP address range into more
manageable portions. Subnets are vital for developing and protecting your AWS infrastructure
and for isolating sections of network within your VPC. Here are some essential details
concerning AWS subnets:

 Each subnet has a unique IP address range, known to be a Classless Inter-Domain

Routing (CIDR) block, that is connected to it. This segment of the IP address space
belongs to the VPC.

 Network separation: Within a VPC, subnets offer network separation. Unless routes,
security groups, and network ACLs are specifically configured to permit communication,
resources in one subnet cannot directly connect with resources in another subnet.

 AWS Availability Zones (AZ): Subnets are generally connected to a particular AZ. By
distributing resources across several data centers, placing subnets in separate AZs
guarantees continuous availability and tolerance for failure for your applications.

16
Cloud Infrastructure

 Public and Private Subnets: Within your VPC, you may build public and private subnets.
Web servers and other resources that require direct internet access normally belong to
public subnets, but databases and other resources that shouldn't be accessible to the
general public should belong to private subnets.

 Route Tables: Every subnet has a route table connected to it that manages how traffic is
routed into and out of the network. To specify how traffic is routed, you can establish
customized route tables and link them to particular subnets.

17
Cloud Infrastructure

4.3 Route Tables

Route tables are crucial elements of Amazon Virtual Private Clouds (Amazon VPCs) in Amazon
Web Services (AWS), which govern how network traffic is routed between subnets and to the
internet. Route tables relate to subnets and control the flow of traffic inside the VPC. Image
above shows the few route tables that has been created.

18
Cloud Infrastructure

4.4 Internet gateway

An Internet Gateway (IGW) in Amazon Web Services (AWS) enables interaction among
instance in your Virtual Private Cloud (VPC) and the open internet. It is a horizontally scalable,
highly available, and fully maintained component. Instance within your VPC can send or receive
traffic from and to the internet thanks to an Internet Gateway, which acts as an interface between
the internal network of your VPC and the public internet.

4.5 NAT gateway

A managed network service called NAT Gateway (Network Address Translation Gateway)
allows examples in the private network of a Virtual Private Cloud (VPC) to start outgoing traffic
to the world wide web or other AWS services while blocking unauthorized incoming traffic from
reaching those instances. NAT Gateways are frequently employed to provide internet
connectivity for private subnet resources that lack direct internet access.

19
Cloud Infrastructure

4.6 Elastic IP Address

An Amazon Web Services (AWS) resource, such as an Amazon Elastic Compute Cloud (EC2)
instance, a NAT Gateway, or a network load balancer, can be assigned an Elastic IP (EIP)
address, which is a static, public IPv4 address.

20
Cloud Infrastructure

5.0 Final Outcome

The particular criteria and goals of the project will determine the outcomes of building a website
on Amazon Web Services (AWS). On the other hand, as a general rule of thumb, a successful
deployment on AWS delivers a variety of benefits. These include increased levels of availability
and dependability, scalability to suit variable workloads, comprehensive security measures, and
cost-effectiveness. Availability and reliability are also important.

A cloud infrastructure built on AWS that is well-structured guarantees that the website will
always be available, even during periods of high traffic volume, and prevents any performance
degradation or downtime from occurring. In addition to this, it makes it easier to put in place
strong security controls and compliance measures, which protects both the website and any
sensitive data it may contain.

In addition, the pay-as-you-go pricing model that AWS utilizes enables users to pay only for the
resources that they actually use. This has the potential to drastically cut the overall operational
costs of hosting and managing the website. A successful website deployment on Amazon Web
Services (AWS) grants organizations the flexibility to create and manage their websites with

21
Cloud Infrastructure

agility and efficiency, all while taking advantage of the many advantages offered by cloud-based
hosting.

22
Cloud Infrastructure

23
Cloud Infrastructure

Section B: Individual Work (Individual

Report)
6.0 Security - (Navitha)

In an AWS (Amazon Web Services) environment, a security access group, often referred to as a
security group, serves as a crucial component acting as a virtual firewall for the EC2 (Elastic
Compute Cloud) instances. Its primary purpose is to control and regulate the flow of network
traffic both into and out of the EC2 instances, enhancing the overall security of your AWS
resources. Here, we have identified four main security groups within the scope of this project are
ALBSG, Bastion-SG, Example-DB, and Inventory-App. These security groups act as essential
components in your AWS infrastructure, helping you define and enforce access controls and
traffic rules for your EC2 instances, load balancers, bastion hosts, and database servers. By
configuring these groups effectively, you can enhance the security and manageability of your
AWS resources, ensuring that only authorized traffic is allowed, and potential security risks are
minimized.

24
Cloud Infrastructure

6.1 Security Group

Amazon cloud servers' virtual gatekeepers are AWS Security Groups. It decide who is allowed to
visit and who is not. You can accept visitors from specific regions or through particular doors
(ports) by setting up rules that govern the types of internet traffic that are permitted. These rigors
gatekeepers protect your internet resources by only allowing traffic that you have specifically
authorised. They also move quickly; as soon as the regulations are established, they are enforced.
To put it simply, they serve as virtual bouncers who protect your online space by allowing access
to only those who are invited.

6.1.1 Inventory-App

The EC2 instances executing the Inventory Application are connected to this security group. It
manages traffic to and from these instances, making sure that only the essential network

25
Cloud Infrastructure

connections are allowed and that the application's communication is safe. In the image above, we
can see that the port range is set to 80, the type is HTTP, and the protocol is TCP.

6.1.2 Example-DBSG

The database instances in your AWS environment fall under the purview of this security group.
Only approved apps or instances are permitted to connect to and interact with the database, and it
controls the inbound and outgoing traffic for your database servers. It is essential for
safeguarding sensitive information kept in your databases. In this figure show that the Port that is
used is Port Range 3306, protocol is TCP and the database that is used are 2 different ones,
which are MySQL and Aurora.

26
Cloud Infrastructure

6.1.3 Bastion-SG

Administrators use bastion hosts, often referred to as leap hosts, as a secure access point to
private instances inside a Virtual Private Cloud (VPC). Access to these bastion hosts must be
controlled by the Bastion-SG. It makes sure that only authorised users can connect through SSH
or RDP to the bastion servers, from which they can access other instances located within the
VPC. As for this figure that the Port is 22, Protocol is TCP, type is SSH and the version is IPv4
anywhere. The source is 0.0.0.0/0 which means it can be accessed anywhere.

27
Cloud Infrastructure

6.1.4 ALBSG

Usually, this security group is connected to an AWS Application Load Balancer. It manages
communication between the EC2 instances that handle request routing and the load balancer. The
availability and security of your applications are improved by ALBSG by ensuring that only
authorized traffic is permitted to reach the instances behind the load balancer. In this figure show
ALBSG accepts packets that come from Port 80 (HTTP) anywhere from (0.0.0.0/0) and Port 443
(HTTPS) anywhere from (0.0.0.0/0).

28
Cloud Infrastructure

7.0 Deployment – (Stephen)

7.1 EC2

An essential component of Amazon Web Services (AWS) is Amazon Elastic Compute Cloud
(Amazon EC2). It offers scalability in cloud computing and is frequently referred to as "virtual
server" or "instances." You may execute your apps on EC2 in a way that is both highly scalable
and economical by launching and managing virtual machines (VMs) referred to as instances.

Here are some features that EC2 offers:

Scalability: To meet changing workloads, EC2 instances may be simply scaled up or down.
When demand rises, you can start more instances, and when demand falls, you can stop them.

Variety of Instance Classes: EC2 provides a large selection of instance types that are tailored for
various use cases, including compute-, memory-, storage-, and GPU instances. The particular
instance type that most effectively satisfies the needs of your application is your choice.

Operating System Options: EC2 instances support a wide range of operating systems, including
Windows Server and Linux distributions including Amazon Linux, Ubuntu, and CentOS.

Customization: You have complete control over how your instances are set up, including how
the CPU, RAM, storage, and network are configured. This enables you to modify instances to
meet your unique requirements.

Security: You may manage network access and security by putting EC2 instances inside Virtual
Private Clouds (VPCs). To manage incoming and outgoing traffic, you may also employ security
groups and Network Access Control Lists (NACLs).

29
Cloud Infrastructure

Elastic Load Balancing: To improve availability and fault tolerance, EC2 instances can be
utilized in addition to elastic load balancing to divide incoming traffic among many instances.

AWS's auto-scaling Your applications will be responsive and cost-effective thanks to the usage
of auto scaling, which uses predetermined policies to automatically modify the number of active
EC2 instances.

Storage options include Amazon Elastic Block Store (EBS) for storage of blocks and the
Amazon Elastic File System (EFS) for storage of files. EC2 instances can be connected to both
types of storage. Instance store volumes are another option for short-term storage.

AMIs (Amazon Machine Images) have predefined templates that provide the software, the
operating system, and other specifications for an instance. EC2 instances can be launched from
AMIs.

Global Reach: You may deploy your apps near to your users for low-latency access thanks to
EC2's availability in several AWS regions across the world.

30
Cloud Infrastructure

7.2 SSH Command

You may access Amazon EC2 (Elastic Compute Cloud) instances, which are simulated machines
operating in the AWS cloud, using the SSH (Secure Shell) command in Amazon Web Services
(AWS). SSH is a safe way to access and manage your EC2 instances from a distance.

In the image above, on the third rule of the inbound rules, SSH has been selected with a custom
source. This allows the source to freely search for any routes within the Inbound category, I have
selected Bastion-sg and has successfully connected with each other.

31
Cloud Infrastructure

7.3 RDS

In the image above for the Database, I have created a database using MySQL Connectivity with
the database name of dbexample. Other options when creating this database were merely
following the instructions that was given when creating the database. Options that was altered is
the VPC_security groups where by default it would be selected as “default”, I have removed that
and selected “Example-db”. Above is the result of the created database showing its status.

32
Cloud Infrastructure

7.4 Parameter Store

Parameters are variables or parameters that you may construct and utilize within various Amazon
Web Services (AWS) services to alter their behavior. Your AWS resources may be made more
adaptable, dynamic, and simple to administer by using parameters. For automation and
infrastructure as code (IaC) scenarios, they make it possible to update configuration settings
without changing the resources themselves.

Image above, you may save configuration information, including database connection strings or
API keys, as parameters using the AWS Systems Manager Parameter Store. These parameters
may subsequently be safely referred to in your apps, Lambda functions, or EC2 instances.
StringList, SecureString, and other parameter types are supported by the parameter store.

Successfully setting up the parameters results in successful connection to the database, by

connecting to the EC2 Instance and using the CLI command to check and affirm its status.

33
Cloud Infrastructure

8.0 High Availability/Scalability (Gerard)

8.1 Web Application

A web application is a software programme that provides interactive functionality. Some

examples of web applications include websites for social media, email, or online commerce.
Web applications run inside of a web browser. These programmes are available to users over the
internet, where they can access and use them without having to download or install them on their
own devices.

High availability in terms of a website means the amount of time that passes during which users
can view your content once it has been published. High availability is a word that is used to
describe server configurations that do away with any potential single points of failure by
providing redundancy, monitoring, and failover. Because of this, even if one component of your
web stack fails, the content will still be accessible to users.

Now scalability means how much data traffic your website can handle without any sort of loss in
terms of user performance, for example the speed at which a page loads when a user clicks it. A
website that has good scalability should have the ability to add or remove unwanted resources
that are wasting power or bandwidth. In return by having a website that is scalable it will make
sure that a user is able to always use the website without any sort of lag/disruption

Figure 24 Example of a home page of a running website

34
Cloud Infrastructure

The image as seen above shows

35
Cloud Infrastructure

8.2 High Availability

8.2.1 Elastic Load balancer

What are AWS Elastic Load balancers?AWS Elastic load balancers are responsible for accepting
application traffic from clients and distributing it among a variety of registered targets, such as
EC2 instances located in a number of different availability zones. Developers are granted the
ability to route and configure incoming traffic in the AWS public cloud between end users and
apps by utilizing the AWS application load balancer functionality.

The AWS elastic load balancer acts as a single point of contact for customers, only routing
traffic to healthy instances, and identifying any unhealthy instances that may exist. After the
target has been brought back online, the Amazon Web Services load balancer algorithm will start
sending traffic to it again.In cloud infrastructures consisting of several web services, load
balancing is an absolute necessity.

The AWS load balancer makes apps more accessible by giving clients a single point of contact.
As needs change over time, users can add and remove instances from the AWS load balancer
without stopping the flow of requests to the service. In this way, AWS elastic load balancing
grows or shrinks as application traffic changes. To put it in simpler terms it has high availability
at all times

36
Cloud Infrastructure

Figure 27

8.2.2 Target Group

AWS Target Group is a core component of Amazon Web Services (AWS) that serves as a
fundamental element for efficiently managing and directing incoming network traffic. It is a vital
component of Amazon Web Services (AWS). Load balancers can be either Application Load
Balancers (ALBs), Network Load Balancers (NLBs), or Gateway Load Balancers (GWLBs), and
Target Groups are organized sets of resources that are registered with load balancers. Target
Groups serve as organized groups of resources that get registered with load balancers. The fault
tolerance, scalability, and availability of applications hosted on Amazon Web Services can all be
significantly improved because of the contributions made by these resource collections.

One of the most important jobs of a Target Group is to direct requests that are received in the
right direction, which are the resources that have been registered. These resources include a wide
range of AWS assets, including Amazon EC2 instances, microservices, containers, and other
components that are functionally analogous to them. It ensures that network traffic is dispersed
evenly across these registered resources by establishing an association between a Target Group
and a load balancer. This prevents any one resource from becoming swamped with traffic by
preventing any single resource from becoming overwhelmed with traffic. This distribution
technique is of the utmost importance in order to maintain a consistent level of application
performance and accessibility, especially in circumstances in which there are abrupt spikes in the
amount of traffic that is being received.

37
Cloud Infrastructure

8.2.3 Auto Scaling Group

The performance of applications is monitored by AWS Auto Scaling, which also automatically
adjusts the resource capacity of AWS services. Applications that rely on many scalable AWS
services are the best candidates for the AWS Auto Scaling service. Multiple AWS services'
scaling policies can be combined into a single set of guidelines. AWS Auto Scaling allows for
the combination and incorporation of the Amazon EC2 Auto Scaling and Application Auto
Scaling service sets.If you look at the picture above, you'll see that updating the AMI ID to a
more recent version is one way to guarantee that the instances in the auto scaling group are

38
Cloud Infrastructure

utilizing the most recent version of the AMI. This might grant access to new features as well as
changes to the security system.

9.0 Data Migration (Chan Chun Yew TP057374)

9.1 RDS

The data migration is accomplished by creating a new subnet group named "dbsubnetgroup," as
indicated in the image above. Based on the subnets in the preceding figure, there are two private
subnets in the Private Subnet Availability Area: 10.0.2.0/23 and 10.0.4.0/23. The two private
subnets are 10.0.4.0/23 since only the owner has access to the database. The database is built and
imported in RDS. The database is built and imported in RDS. RDS must be used to visualize the
data movement.

39
Cloud Infrastructure

The database we generated is depicted in the graphic above. We're utilizing the MySQL engine,
as you can see from the image. Because the VPC has already been setup for us, it is displayed as
Example VPC. The dbsubnetgroup generated in RDS is the subnet group we're utilizing. As you
can see, the database has two private subnets, the first of which is the primary RDS and the
second of which is the replica RDS.

In the image above, you can see that dbexample's security group has an inbound security group
and a decentralized outbound security group 0.0.0.0/0. This security group is preconfigured by
AWS, so it doesn't have any impact on us.

40
Cloud Infrastructure

9.2 MYSQL

As you can see from the image above, I am using SSH with putty to configure mySQL server on
that IP. First of all, we have to login to the Bastion-SG IP to respond, and then import the SSH
key provided by Capstone Project to get to the IP of the Web Application. from this step, we can
see that we need to import the mySQL data into the database, as shown in the picture above, we
have successfully imported the data, and the data is not imported by the Web Application. As
shown in the above figure, we have successfully imported the data into the database, and you can
select from the countrydata_final command to see that the database lists all the data.

41
Cloud Infrastructure

9.3 SSH Command

Since we are configuring CapstoneProject via SSH from putty, we need to do the following.
Security groups in Amazon VPC to add SSH option for Inbound rules for Inventory-App. In the
SSH option, select the Source as Bastion-SG to make the connection. With this configuration,
the Web Application can be linked via SSH.

42
Cloud Infrastructure

9.4 Amazon S3 Bucket

43
Cloud Infrastructure

For security reasons, we have also prepared a secure website to back up the files to avoid attacks
or loss of files due to human error. Amazon S3 bucket provides the function of backing up files,
Amazon S3 bucket can provide up to 100 buckets of storage for each account, and if the limited
quota is reached, users can buy more storage space from Amazon, which is very flexible. The
image above shows how to import files into an Amazon S3 bucket. Once the content is uploaded
to the S3 bucket, it can be backed up fail-safe. In the event of an attack or loss of files, they will
be able to get their site up and running again by backing up the files stored in the Amazon S3
bucket. This feature is very convenient and easy to operate, just follow the picture above to
upload files to the Amazon S3 bucket.

44
Cloud Infrastructure

Appendix
Work Breakdown Structure

45
Cloud Infrastructure

References
What is AWS NAT Gateway? (n.d.). Retrieved from
https://www.knowledgehut.com/tutorials/aws/aws-nat-gateway

46
Cloud Infrastructure

Team, D. (2017). AWS EC2 Tutorial For Beginners. Retrieved from

https://www.datacamp.com/tutorial/aws-ec2-beginner-tutorial

Amazon - RDS. (n.d.). Retrieved from https://www.tutorialspoint.com/amazonrds/index.htm

Shani, J. H. (2021). AWS Security Groups Basics. dzone.com. Retrieved from

https://dzone.com/articles/aws-security-groups-basics

Quanit, M. (2022). Secure AWS VPC using Public and Private Subnets. DEV Community.
Retrieved from https://dev.to/aws-builders/secure-aws-vpc-using-public-and-private-subnets-
4nih

Arun, R. (2023). What is AWS S3: Overview, Features and Storage Classes Explained.
Simplilearn.com. Retrieved from https://www.simplilearn.com/tutorials/aws-tutorial/aws-s3

Guy, D. (2023). How to connect to an EC2 instance using SSH. ClickIT. Retrieved from
https://www.clickittech.com/aws/connect-ec2-instance-using-ssh/

Gupta, R. (2021, December 15). How to setup mysql database on AWS RDS ( Relational
Database Service ). Medium. Retrieved from https://medium.com

RDS Desired Instance Type. (2022, November 8). Retrieved from

https://www.trendmicro.com/cloudoneconformity-staging/knowledge-base/aws/RDS/desired-db-
instance-type.htm

Arun, R. (2023a). What is AWS EC2 and Why It is Important? Simplilearn.com. Retrieved from
https://www.simplilearn.com/tutorials/aws-tutorial/aws-ec2

Sumo Logic, Inc. (2023, August 14). AWS EC2 - definition & overview. Retrieved from
https://www.sumologic.com/glossary/aws-ec2/

47
Cloud Infrastructure

Galarnyk, M. (2019, November 12). AWS EC2: Connect to Linux Instance using SSH - Michael
Galarnyk - Medium. Medium. Retrieved from https://medium.com

Charlie. (2019). How to SSH to EC2 instance on AWS (for beginners). 99 Robots. Retrieved
from https://99robots.com/how-to-ssh-to-ec2-instance-on-aws/

NAKIVO. (2023, June 1). How to connect to AWS EC2 instances via SSH. Retrieved from
https://www.nakivo.com/blog/creating-an-ssh-connection-with-amazon-ec2-instance-connect/

48