Before we start, we need to have a deployment architecture in place. The term deployment architecture here describes the manner in which a set of resources such as the web server, the application server, databases, DNS servers, load balancers, or any other specific AWS resources are configured on the network to fulfill the system requirements (and ultimately satisfy your business goals).
Let’s get familiar with the AWS-specific terms:
- Region: AWS products and services are hosted in multiple locations worldwide. The regions are connected through the public internet. The main criteria to choose a specific AWS region are:
- Location of a majority of your customers. This reduces network latency and makes for responsive web applications. For our example, since a majority of A1Electronics customers are located in the US; hence, US West (Oregon) region is selected.
- Not all AWS products and services are available across all the regions. A list of AWS services and products available by region is available at http://aws.amazon.com/about-aws/global-infrastructure/regional-product-services.
- The products and services offered by Amazon are priced differently across the regions. For example, we can choose a region with the lowest price for our development work, but for production deployment, we can do a cost benefit analysis to choose the most appropriate region. Pricing of all the AWS products and services is available at http://aws.amazon.com/products/.
- Availability Zone: An AZ within a region can be treated as a traditional data center. AZs in the same region are designed to provide infrastructure redundancy in the event of a catastrophic outage, such as earthquakes, snowstorms, Godzilla attack and so on. The number of AZs in a region is region-specific. In our example, we will select the default AZ.
- EC2 instance: It is a virtual server on which you run your applications. These come in various flavors to meet your computing demand. A high compute EC2 instance also has higher network bandwidth and memory associated with it. You cannot have a low compute EC2 instance with high memory and network bandwidth. EC2 instances have fixed CPU to memory ratios. It is best to select a micro instance for our development since it is free. More on EC2 instance types is available at http://aws.amazon.com/ec2/instance-types/.
- Amazon Relational Database Service (RDS): RDS is a fully managed SQL database service. It is nothing but an EC2 instance running a SQL engine of your choice. MySQL, PostgreSQL, Oracle, Microsoft SQL Server plus Amazon's own MySQL-compatible Amazon Aurora DB engine are supported.
- Security groups: A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. The security group can be configured by a set of rules for inbound and outbound traffic. The rules define the network protocol, port, and the source and destination IP address ranges to accept or send your data to.
- Virtual Private Cloud (VPC): Virtual Private Cloud (VPC) lets you provision a private, isolated section of the AWS cloud where you can launch AWS resources in a virtual network using custom-defined IP address ranges. It is like your own private data center. It also provides you with several options on connecting VPC with other remote networks. For our example, we have chosen a default VPC 172.31.0.0/16 CIDR block, which allows us define total 65536 subnets or total 65534 addressable resources.
-
AWS resources launched within a VPC aren’t addressable via the global internet, EC2 instances, or by resources in any other VPC. Resources can be accessed only by resources running within the same VPC.
- Subnet: Subnets are logical segments of a VPC's address range that allow you to designate to a group of your resources based on security and operational needs.
- Router: Each VPC comes with a default router in order to communicate with resources outside VPC. For example, connecting to a database server in another VPC.
- Internet gateway: Each VPC also comes with a default Internet gateway to connect to the public internet.
Let’s begin the construction.