This project demonstrates how to create a VPC and secure applications within it in a production environment. The architecture includes:

• A VPC with public and private subnets.
• Applications deployed in the private subnet.
• A public subnet containing a load balancer and NAT Gateway.
• Users accessing the application through the Internet Gateway to the load balancer, which then routes traffic to the applications in the private subnet.

VPC with Public and Private Subnets

We will create a VPC with public and private subnets in two availability zones for redundancy.

If one availability zone goes down, the other can still serve traffic.

• Public Subnet: Deploys a NAT Gateway and a load balancer.
  • NAT Gateway: Masks the IP addresses of applications when they access the internet.
    • If an application with IP address 172.16.1.0 tries to access the internet, the NAT Gateway changes the IP address to its own public IP address, hiding the application's IP.
• Private Subnet: Launches applications using an auto scaling group.

Key Concepts

Auto Scaling Group

An auto scaling group allows you to maintain a minimum number of replicas of your application and automatically scale the number of servers based on incoming traffic.For example, if two servers can handle 100 requests but 200 requests are coming in, the auto scaling group can scale the servers to a higher number.

Load Balancer

A load balancer distributes incoming traffic across multiple servers to ensure no single server is overwhelmed.For example, with 100 requests and two servers, the load balancer can send 50 requests to each server.

Apart from load balancing, it also enables:

• Path-based routing
• Host-based routing

Bastion Host (Jump Server)

A bastion host, also known as a jump server, is used to securely connect to EC2 instances in a private subnet.Since instances in a private subnet do not have public IP addresses, you can SSH into them through a bastion host in the public subnet.