1. AWS INFRASTRUCTURE FOR LAMP
THREE-TIRE ARCHITECTURE
VPC Created in mumbai Region
Subnet 4
Public Subnet - SUBNET-A SUBNET-B
Private Subnet- SUBNET-C SUBNET-D
CREATED 2 ROUTE TABLES
Internet Gateway attached with public subnet
NAT Gateway attached with private subnet
SECURITY GROUP -
Create Different-2 Security Group
WEB SECURITY GROUP
APP SECURITY GROUP
DATABASE SECURITY GROUP
Always Open required port never open or allow unnecessary ports
CLOUD TRAIL - Configured cloud tril so we can get each alert get notified by emails
NOTE- Allow only port 80, 443 FROM outside the VPC (ONLY FOR PUBLIC SUBNET)
Create IAM user and Permission According to requirnment
NOTE- Never add the extra permissions
MONITORING--
Monitoring is very very import part of any infrastructure due to monitoring we can know about
the status of instances and infrastructure related services.
CloudWath- We can monitor our infrastructure through Cloudwath
SERVERS--
LOAD BALANCER INTERNET FACING For WEB SERVERS attached with
AUTOSCALING GROUP
Servers placed in both Availability Zone (Availability Zone-ap-south-1A) AND
(Availability Zone-ap-south-1B)
INTERNAL LOAD BALANCER (Application Load Balancer ) For Application servers
Attached with AUTOSCALING GROUP
Servers placed in both Availability Zone (Availability Zone-ap-south-1A) AND
(Availability Zone-ap-south-1B)
2. DATABASE -
1 RDS MASTER DATABASE (Availability Zone-ap-south-1A)
1 RDS SLAVE DATABASE (Availability Zone-ap-south-1B)
ELASTIC-CACHE --
CREATED ELASTIC CACHE--
CDN-
We created Cloud front source from S3 bucket and serve static content from there, so user
can easily and fast access the resource.
NOTE- We can configure cloud front for only that Specific Geolocation or ALL location
You can use geo restriction, also known as geoblocking, to prevent users in specific
geographic locations from accessing content that you're distributing through a CloudFront
web distribution. To use geo restriction, you have two options:
AWS-WAF-WEB APPLICATION FIREWALL
We deployed WAF and attached with INTERNET FACING Application Load Balancer
(A WAF proactively protects websites and applications against fraud or data theft, blocking
any suspicious activity. Inspecting web request for cross-site scripting, SQL injection etc )
AWS-CERTIFICATE-MANAGER-SSL
We can import ssl Certificate IN Aws-Certificate-Manager and can be used by the difference-
2 Services where ssl Required.
DATABSE-MIGRATION--
For Database Mirgation we can use DMS (DATABASE MIGRATION SERVICE)
IMPORTANT POINTS------
MANAGEABLE- Having a three-tier architecture is to modularize our application such that
Every part can be managed independently of each other
SCALABLE- Architecture can scale horizontally . This can easily be done by adding more
EC2 instances, accourding to need.
SECURE - Infrastructure is highly secured and protected, Users can only reach the frontend
through the application load balancer. The backend and the database tier will also be in the
private subnet because we do not want to expose them over the internet. NAT gateway for
our private subnets to access the internet
EFFICIENT - The Performance Efficiency pillar includes the ability to use computing
resources efficiently to meet system requirements, and to maintain that efficiency as demand.
HIGH AVAILABILITY- Becausae we placed our servers and related service in Different
Avability Zone so if one of Avability Zone zone goes down or if there is some down etc our
applicatin will not effeted.
FAULT-TOLERANCE - Our Applications can be expand horizontally automatic if some
sudden traffic comes because we are using auto scalling.