Project Overview
This project entails an overall rundown of hosting a static website in AWS. The services that would be employed in this project are VPC, EC2, Application (ALB), Route 53, SSL.
We will start by launching an Instance (EC2) in the private subnet of our network (Web Server), create an Application Load Balancer to route/distribute traffic from the internet to Webserver, create a Domain name and secure our website using SSL.
Architecture
Deployment Steps
VPC
The VPC we provisioned and configured in project 1 will serve as our network.
Deploying EC2
We will deploy two EC2 servers in our Private App Subnet for each availability zone (AZ1 and AZ2), which will host our website.
In AWS service catalog, search for EC2, and select EC2.
On the EC2 dashboard, click Launch Instance.
Select any OS system of your choice for your Instance, in this case Amazon linux.
Select the Instance Type, .eg. t2.micro, and click Next.
Under Network, select the VPC we created in the previous project, which is Ejim VPC.
We will be launching this EC2 in the private App subnet. So, under Subnet, select of the private App subnet we created in the previous project, in this case Private App Subnet AZ1.
Scroll all the way down and under User data, we will add a bash script to install a website to our Instance. Copy and paste codes. Click Next.
Select Storage size and click Next Add tag, under key: Name, Under Values: Webserver AZ1. Click Next.
We will add a Security Group to our Instance. Since we already created Security Groups in our last project, we will click select existing security group, and select the webserver Security Group.
Click review and launch.
Create a key-pair , and then click launch.
The EC2 has been launched successfully.
Repeat these steps to launch EC2 in private App Subnet AZ2.
Application Load Balancer ALB
An ALB will be deployed in the public subnet and will distribute/route traffic from the internet to the webservers in the private subnet.
On EC2 Menu list, select Load Balancing, select Load Balancers, then click create Load Balancer, and click create Application Load Balancer.
Give the ALB a name .eg. Ejim-ALB. Under Network mapping, select the VPC we created .ie. Ejim VPC.
Under the mappings click us-east 1a and us-east 1b and select the public subnet in this zone public subnet AZ1 and public subnet AZ2 respectively.
Under Security groups, select the ALB SG we created in the previous project.
Under listeners and routing. We will create an HTTP listener on port 80.
Under forward to, click create target group and select our Instances.
Give your Target group a name .eg. Ejim-TG and clickNext.
Now select the Instances we created and click include as pending below. Click create target group.
Now we need to associate the Target group to a Load Balancer.
Go back to listeners and routing, and now under forward to, select the TG we just created .ie. Ejim-TG. Click create Load Balancer.
We have successfully created the Application Load Balancer.
we need to make sure that the state of the ALB is in Active and not in provisioning. Refresh the ALB.
we can see the DNS name of the ALB (ejim-alb-2142361254.us.east-1.elb.amazonaws..), which is used to access our webserver.
Domain Name Registration
To access our website using a domain name instead of a DNS name, we will need to register a domain name and point it to our ALB.
In AWS console, search for route53, and click on Register Domain.
Write the domain name of your choice and select the domain extension eg. (.com, .net, .org).
If the chosen domain name is available .ie. Ejimz, proceed with the payment and registration.
Configuring Record set in Route 53
After we have successfully registered a domain name, we will have to point it to the ALB.
In Route 53 console, navigate to the Hosted Zones section.
Click Create record and input www in the Record name box.
Toggle on the Alias button and select Alias to Application and Classic Load Balancer.
Choose the ALB Region .ie. us-east-1, then choose the Ejim-ALB.
Click Create record.
We have successfully created a record set with the Domain name pointing to the ALB and can now reach our website using the Domain name we registered.
SSL Certificate Registration
A secure Socket Layer (SSL) is crucial ensuring the security and trustworthiness of a website by protecting user data and encrypting the data transmitted between the user's web browser and the website's server.
On AWS console, search for Certificate Manager and click Request a Certificate.
Select Request a public certificate and click Next.
Under Domain Names, enter your domain name .ie. ejimz.com. Click Add another name to this certificate and this name enter .ejimz.com*.
Click Request and click View Certificate.
Now, we need to create a record set in Route 53 to associate our domain with the SSL certificate.
Click Create records in Route 53 and the domain name we created .ie. ejimz.com and .ejimz.com* and click Create records.
Configuring HTTPS using our SSL Certificate
We will use the SSL certificate to secure all communications to our website.
Navigate to Load Balancer in EC2 dashboard, and on our Ejim-ALB, Goto Listeners tab and click Add Listener.
Set the protocol to HTTPS and ensure its on port 443. Set default action as Forward and select our Target group .ie. Ejim-TG.
Under Default SSL certificate, select the SSL Certificate we were issued and click Add.
Edit the HTTP listener. Remove the forward action and select Redirect and set the protocol as HTTPS/443 and then click Save changes.
Our website is fully secured at this point.
Acknowledgement
Special thanks to AOSNOTE for guidance and the website html file that was used in this project.