10.9 C
Karachi
Monday, January 30, 2023

Deploying a Web Application on AWS with Multi-Region Infrastructure using Load Balancer and Route 53

We will learn how to create an infrastructure for deploying Multi-AZ and Multi-region web applications on AWS using Elastic Load Balancer and Route 53.

Working on N. Virginia Region (us-east-1)

We will choose N. Virginia (us-east-1) region and create three EC2 instances on three different availability zones.

Create Common Security Group

Create a security group named website-sg that allows SSH, HTTP and HTTPS traffic to the underlying EC2 Instances.

Create EC2 Instance on Difference AZs

Create three EC2 instances in three different availability zones. Below is the configuration of each EC2 Instance.

Instance#1Instance#2Instance#3
Namewebserver-awebserver-bwebserver-c
AMIUbuntu Server 22.04 Ubuntu Server 22.04 Ubuntu Server 22.04
Instance Typet2.micro (Free-tier) t2.micro (Free-tier) t2.micro (Free-tier)
Subnet
(Availability Zone)
us-east-1a us-east-1b us-east-1c
Security Groupwebsite-sg website-sg website-sg
User Data<below> <below> <below>

User Data Script for Each EC2 Instance

This bash script below does the following:

  1. Install the NGINX Server.
  2. Start and enable the NGINX Service.
  3. Download a free theme from Free CSS.
  4. Extract the content of the downloaded website.
  5. Move the extracted content to the Linux base directory for the website (/var/www/html).
  6. Replace the content of the title tag of index.html with the Availability Zone’s name.

Note: Replace the place holder <AZ Name> with the corresponding Availability Zone Name where you are launching EC2 like us-east-1a, us-east-1b, us-east-1c…

#!/bin/bash
apt update -y
apt upgrade -y

#Replace the variable value for different AZs like us-east-1a, us-east-1b ...
AZ=<AZ Name>

apt install nginx -y
systemctl start nginx
systemctl enable nginx

wget https://www.free-css.com/assets/files/free-css-templates/download/page278/faster.zip
apt install unzip -y
unzip $PWD/faster.zip
rm /var/www/html/*
mv $PWD/logistics-company-website-template/* /var/www/html

sed -i "s/FASTER - Logistics Company Website Template/$AZ/g" /var/www/html/index.html

We will end up launching three EC2 instances in difference three availability zones (us-east-1a, us-east-1b, us-east-1c).

We can verify on the browser from the public IP that the website is up and running on NGINX Server. Also, note that the EC2 user data script has also changed the title of the index page of the website on each server.

Create a Target Group of EC2

Go to EC2 > Target Groups and click Create Target Group button.

Later we will use a load balancer that routes requests to the targets in a target group and performs health checks on the targets. Choose Instances as a target for the load balancer.

Provide target group name, choose the protocol and default VPC.

The load balancer checks the status of underlying targets to test whether the EC2 instances are working (healthy) or not (unhealthy).

Click the Next button to register running EC2 Instances as Targets.

Select all running EC2 Instances in three AZs and click Include as pending below button.

Now click Create target group button to register EC2 instances to target group.

Create Load Balancer

Create the Security Group for Load Balancer

Create the security group for Load Balancer that allows HTTP and HTTPS traffic.

Create and Configure Application Load Balancer

Go to EC2 > Load balancer and click Create Load Balancer button. Select Application Load Balancer and click Create button to continue. Apply the following configuration to the Application Load Balancer.

Load Balancer Namewebserver-lb
SchemeInternet-facing
IP address typeIPv4
VPCDefault VPC
Availability Zones Mappingus-east-1a
us-east-1b
us-east-1c
Security Groupswebserver-alb-sg
(Remove Default Security Group)
Listener (HTTP:80) – Target Groupwebserver-tg
Listener (HTTPS:443) – Target Group – optional
(Skip if you do not have a domain)
webserver-tg
Default SSL/TLS certificate – optional
(Skip if you do not have a domain)
<Choose your SSL/TLS Certificate>

Note: You can refer to this article to see how to request an SSL/TLS certificate on AWS if you have your own domain.

Verify the applied configurations in the Summary section and click Create load balancer button to continue.

Once the load balancer is created and provisioned, you can browse the URL associated with the load balancer. On each refresh, you will see a different title of the page from (us-east-1a, us-east-1b and us-east-1c) which means the load balancer is equally distributing the load to underlying EC2 instances.

Allow Access to EC2 only from Load Balancer

Currently, you can open the website from the DNS of Load Balancer and also from the Public IP Addresses of each EC2 instance. We need to configure the security group of EC2 Instances such that it allows traffic from the load balancer.

Go to EC2 > Security Groups and click on the website-sg that we create earlier.

The current Inbound rules are as follows that need to be changed. Click Edit inbound rules to continue.

Remove the existing HTTP and HTTPS rules. Add new rules for HTTP and HTTP and provide the source of both as the Security Group of Application Load Balancer named webserver-alb-sg. Click the Save rules button to continue.

Finally, you will notice that your website has only one point of access and that is Application Load Balancer’s DNS while the public IP addresses of EC2 have blocked the direct access.

Use Custom Domain to Access Website

You can only continue with this step if you have your own custom domain on AWS Route 53 and SSL/TLS certificate issued on AWS Certificate Manager.

We need to create three records on Route 53

  1. A record type of CNAME, the details of which is provided by AWS Certificate Manager.
  2. A Record type of A to route traffic to the Application Load Balancer.
  3. A record type of CNAME to route traffic to the apex domain (gulraeez.com), when traffic is received on the sub-domain (www.gulraeez.com).

CNAME Record by ACM

If you have SSL/TLS certificate issued on AWS Certificate Manager, you should have a CNAME record as shown below.

By using the details of the CNAME record provided by ACM, we will create a new CNAME record in Route 53 using the CNAME name as Record Name and CNAME value as Value. Click Create records button to continue.

Record type of A (Alias to Load Balancer)

We will create Record Type A which routes traffic to IP addresses or other AWS resources. We need to route traffic to load balancer which is an AWS resource, so we choose an Alias option that allows you to choose amongst the different AWS Resources.

Choose the Resource type as Application Load Balancer, provide Region where the load balancer is provisioned, and choose the load balancer name.

CNAME Record to route traffic from Sub-Domain to APEX

When the request is received on the sub-domain (www.gulraeez.com), we want it to route to the APEX domain (gulraeez.com). To achieve this, we need to create a CNAME record with values shown below.

After adding all three records on Route 53, you can browse your domain to verify that your website is accessible through your custom domain.

Working on Frankfurt Region (eu-central-1)

Now choose a different region and create the same region-specific resources that were created in N. Virginia.

Create the Same Resources as created in N. Virginia Region

We need to create exactly the same resources as were created in N. Virgina Region. The Security groups, EC2 Instances, Target Group, Elastic Load Balancer, and SSL/TLS Certificates will be created with the same configuration.

Three EC2 Instances have been created in three different availability zones (eu-central-1a, eu-central-1b, and eu-central-1c).

A target group has been created to register the EC2 instance as a target that will be associated with the Application Load Balancer.

Application Load Balancer has also been created in Frankfurt Region to spread traffic amongst downstream servers provisioned in different availability zones.

Modify Route 53 records for Inter-Region Load Balancing

We used Elastic Load Balancer to spread traffic amongst different Availability Zones. To spread the traffic regionally, we need to use Route 53 Routing Policy.

Go to Route 53 and you should see the following records. Delete the yellow highlighted record that was created earlier.

Create a new record of type A, and associate it to Application Load Balancer provisioned in N. Virginia Region. Choose the Routing Policy to Weighted, and give weight a value of 50 which means the 50% traffic will be routed to N. Virgina. Click

Create Record button to continue.

Create another record of type A, and associate the Elastic Load Balancer provisioned in Frankfurt Region. Choose Weighted Policy with a weight value equal to 50 which means the other 50% of traffic will be routed to the Frankfurt Region.

Finally, the Routing Records look like below.

Finally, multi-region infrastructure is successfully hosting the website and traffic is being evenly distributed to both regions.

Gulraeez Gulshan
Gulraeez Gulshan
I am an engineer, programmer, tech-savvy professional, and very passionate about the latest technologies for the modern web, mobile, cloud-native, machine learning, and network automation. I have a bachelor's degree in Electronics Engineering and a Master's degree in Computer Science and Information Technology from a renowned university in Pakistan. I have not limited myself to a certain set of skills in this era where technology is in a state of flux; I have experience working with an extensive range of technologies and learning daily to update my skills and adapt to the latest technologies

Related Articles

2 COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles