Building a Secure Infrastructure on AWS: A Step-by-Step Guide

This project is an improvement from my previous project. I am using a private RDS(MSSQL) in this project. I am not using AWS Cloudfront as I have already tested how to configure that with the ALB.

The objective was to ensure robust security while maintaining efficient access to resources. Below is a step-by-step overview of how I approached the project.

Step 1: Provisioning EC2 Instance and Bastion Host

I began by provisioning an EC2 instance to host my application. Since this instance needed to be in a private subnet for security reasons, I also set up a Bastion Host.

The Bastion Host acts as a secure entry point for SSH access to the EC2 instance. Access to this host was restricted to specific IP addresses, ensuring that only authorized users could connect to it.

Step 2: Configuring NAT Gateway for Internet Access

To enable private internet access for the EC2 instance, I attached a NAT Gateway to the private subnet.

This configuration allows the EC2 instance to access external resources (such as software updates) while remaining isolated from direct internet exposure, providing enhanced security.

Step 3: Setting Up AWS RDS for MSSQL Database

Next, I deployed an AWS RDS instance running MSSQL Server and placed it within a private subnet for optimal security.

I ensured that only the EC2 instance was allowed to access the RDS database over port 1433, which is the standard SQL Server port. This minimized the risk of unauthorized access while maintaining the necessary functionality for the application.

Step 4: Testing Database Connectivity

To verify the configuration, I used the sqlcmd tool from the EC2 instance to test the connectivity to the RDS database. I connected with Bastion host and from Bastion I connected to private IP of the EC2.

This step confirmed that the EC2 instance could successfully communicate with the RDS database, ensuring that the application could interact with the database as intended.

Step 5: Implementing Application Load Balancer (ALB)

To efficiently manage incoming traffic to the application, I implemented an Application Load Balancer (ALB).

The ALB distributes traffic across the available EC2 instances, providing scalability and high availability. This setup ensures that the application can handle varying levels of traffic without compromising performance.

Step 6: Creating a Target Group for ALB

I created a Target Group and associated it with the EC2 instance.

The Target Group allows the ALB to route traffic to the EC2 instance on the appropriate ports, ensuring smooth application functionality and efficient load balancing.

Step 7: Testing the Application

I ran the application in EC2 on port 5000

Next step was to check the Public URL of ALB which was working as expected

By following these steps, I was able to build a secure, scalable infrastructure on AWS that ensures the application is highly available and protected from external threats. This architecture leverages key AWS services such as EC2, RDS, ALB, and NAT Gateway, enabling a robust and secure deployment.

If you're interested in learning more about this setup or have any questions about similar AWS implementations, feel free to reach out.