Building a Highly Available Web Architecture on AWS

Introduction

In this project, I built a highly available and secure web infrastructure on Amazon Web Services using a custom Amazon Virtual Private Cloud.

The goal was to simulate a production-style cloud architecture where web servers run in private subnets and receive traffic through an Application Load Balancer, while maintaining high availability across multiple Availability Zones.

This setup improves security, scalability, and fault tolerance, which are key principles in real-world cloud deployments.

---

Architecture Overview

The architecture consists of:

• A custom Amazon Virtual Private Cloud

• Public and private subnets across two Availability Zones

• Web servers running on Amazon EC2 instances

• Elastic Load Balancing distributing traffic

• Amazon EC2 Auto Scaling for automatic scaling and resilience

• AWS NAT Gateway to enable internet access from private subnets

• A Bastion Host for secure SSH access to private instances

Key Benefits

• High availability across multiple Availability Zones

• Secure architecture with private subnets

• Automatic scaling and load distribution

• Controlled access to internal servers

---

Architecture Diagram (Concept)

Internet
   │
Application Load Balancer
   │
Target Group
   │
Auto Scaling Group
   │
Private Subnet EC2 Instances
   │
NAT Gateway
   │
Internet Gateway

---

Project Implementation Steps

Step 1 – Create the VPC

I created a VPC using the “VPC and More” option which automatically configured:

• 2 Public Subnets

• 2 Private Subnets

• Internet Gateway

• Route Tables

• NAT Gateway in each Availability Zone

This setup ensures high availability and network isolation.

---

Step 2 – Create Target Group

Next, I created a Target Group for the web servers.

Configuration included:

• Target Type: Instances

• Protocol: HTTP

• Port: 80

Then I registered the EC2 instances that would serve the web application.

---

Step 3 – Create Auto Scaling Group

After creating the Target Group, the next step was to configure an Amazon EC2 Auto Scaling group to automatically launch and manage the EC2 instances.

Auto Scaling ensures that the application remains highly available and fault tolerant by automatically replacing unhealthy instances and maintaining the desired number of servers.

Configuration Details

The Auto Scaling Group was configured with the following settings:

• Launch Template: EC2 configuration used to launch instances

• VPC: Selected the custom VPC created earlier

• Subnets: Private subnets across two Availability Zones

• Desired Capacity: 2 instances

• Minimum Capacity: 2 instances

• Maximum Capacity: 4 instances

The Auto Scaling Group was then attached to the previously created Target Group, allowing the Elastic Load Balancing service to distribute incoming traffic across the EC2 instances.

Benefits of Using Auto Scaling

• Automatically maintains the required number of instances

• Replaces unhealthy instances automatically

• Ensures application availability during failures

• Allows scaling based on traffic demand

By integrating Auto Scaling with the load balancer, the system can handle traffic efficiently while maintaining high availability across multiple Availability Zones.

Step 4 – Access Private EC2 using Bastion Host

Since the web servers were placed in private subnets, direct internet access was restricted.

To manage them securely, I used a Bastion Host in the public subnet.

The workflow was:

Local Machine → Bastion Host → Private EC2

This method ensures secure administrative access without exposing private instances to the internet.

---

Step 5 – Host Webpage on EC2 Instances

On both EC2 instances, I installed a web server and deployed a simple webpage.

Steps performed:

1. Installed Apache web server

2. Started the service

3. Added a custom index.html file in /var/www/html

Example:

/var/www/html/index.html

Each server hosted the webpage successfully.

---

Step 6 – Configure Application Load Balancer

To distribute traffic across the servers, I configured an Application Load Balancer.

Configuration included:

• Listener: HTTP (Port 80)

• Forward traffic to the target group

• Registered both EC2 instances

The load balancer ensures that incoming requests are distributed evenly between the servers.

---

Final Result

After completing the setup, I accessed the Load Balancer DNS URL, and the request was successfully routed to the backend EC2 servers.

When refreshing the page, traffic was automatically balanced between the two instances, demonstrating high availability and load distribution.

---

Key Learnings

Through this project, I gained hands-on experience with:

• Designing secure AWS network architecture

• Deploying servers in private subnets

• Configuring Application Load Balancer

• Implementing Auto Scaling groups

• Managing access through a Bastion Host

This project replicates a real-world production cloud architecture used in modern applications.

---

Conclusion

Building this architecture helped me understand how cloud infrastructure is designed for scalability, availability, and security.

Using services like Amazon EC2, Elastic Load Balancing, and Amazon EC2 Auto Scaling, we can create resilient systems capable of handling real production workloads.

---

✅ Project Highlights

• Multi-AZ architecture

• Private subnet web servers

• Bastion host for secure access

• Load balanced web traffic

• Scalable infrastructure