GithubHelp home page GithubHelp logo

aws_internal_application_server's Introduction

NAT Instance, Internal Application Server and Bastion Box

Guide on creating an Internal Application Server that could reach the internet via a NAT Instance and allowed to communicate a Bastion Box via ssh on port 22

Architecture Diagram

Below is the is the Network Architectural diagram: Fig 1

Preamble:

The design implementation is to enable us securely deployed our Application layer securely in our private cloud space in AWS, without undue exposures of the application layer to the public internet.

Resources:

  • Virtual Private Cloud (VPC) with an attached Internet GateWay (IGW)
  • One public and private Subnet
  • Two Elastic IPs
  • Three EC2 Instances (NAT Instance, Application Server, and The Bastion Box)
  • Security Groups for the NAT Instance, Application Server and Bastion Box)

Create VPC with a public and private subnet.

  • From aws console navigate to Services click Network & Content Delivery and then VPC
    On the left pane, select Your VPC then Create VPC
  • Give a suitable name to your VPC e.g. 'MY VPC' and on the IPv4 CIDR block type: 192.168.0.0/16 and then create
  • On the left pane, select Subnets and then Create Subnets
  • In the Name Tag field type: My Public Subnet, select your newly created VPC, choose an Availability Zone (AZ) and on the IPv4 CIDR block type: `92.168.0.0/24 and then create
  • Repeat the step above for the private subnet with Name Tag My private Subnet and IPv4 CIDR block in the same AZ.

Create an Internet Gateway (IGW) and attach to the VPC

  • From the left pane, select Internet Gateways
  • Click Create Internet Gateways; give a suitable name to your IGW and then create
  • Select your just created IGW and click Action and Attach to your VPC

Create Security and EC2 Instances

  • From the Left pane, select Security Groups and Create Security group
  • Create SG_NAT, SG_BB and SG_APP for the NAT Instance, Bastion Box and Application Servers respectively.
  • On the SG_BB, click on Inbound Rules and Edit and Add Rule:
    Rule: ssh; Port: 22 Source IP: <your work station public ip>
  • On the SG_NAT click on Inbound Rules and Edit and Add Rule:
    Rule: ssh; Port: 22 Source IP: SG_BB Rule: http; Port: 80 Source IP: 192.168.1.0/24 Rule: https; Port: 443 Source IP: 192.168.1.0/24
  • On the SG_APP click on Inbound Rules and Edit and Add Rule:
    Rule: ssh; Port: 22 Source IP: SG_BB
  • Navigate to Services and click EC2
    • Select Instances and click Launch Instance
    • Click on Community AMIs and search for 'ami-00a9d4a05375b2763' in the search bar
    • Select the AMI then Click Configure Instance Details
    • Choose My VPC in the Network field
    • Select My Public Subnet in the Subnet field
    • Click Add Storage and optionally add tags for ease of referencing
    • Click Configure Security Group, choose existing Security Group and select SG_NAT
    • Review and Lauch

aws_internal_application_server's People

Contributors

otayoa avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.