The final project I undertook as part of the AWS Cloud Architecting course was the capstone project in Module 15.

This was my brief:
Introducing the Example Social Research Organization
Example Social Research Organization is a (fictitious) nonprofit organization that provides a website for social science researchers to obtain global development statistics. For example, visitors to the site can look up various data, such as the life expectancy for any country in the world over the past 10 years.

Shirley Rodriguez, a researcher at the organization, developed the website. She thought it would be valuable to share the data that she had gathered with other researchers. Shirley stores the data in a MySQL database, and the data is available through a PHP website that she built. She initially published the site through a commercial hosting company that provides limited support for technical issues and security.

Over the past year, Shirley’s website has grown in popularity. As a result of increased traffic, she started receiving complaints that the site is not as responsive as it used to be. She also experienced an attempted ransomware security breach. The security breach was unsuccessful, but her supervisor, Mateo Jackson, suggested that Shirley investigate new ways to host the website.

Shirley heard about Amazon Web Services (AWS), and initially moved her website and database to an EC2 instance that runs in a public subnet. She also runs an instance of MySQL on the same EC2 instance.

Shirley approached your team to make sure that her current design follows best practices. She wants to make sure that she has a robust and secure website. One of your colleagues started the process of migrating the site to a more secure implementation, but they were reassigned to another project. Your tasks are to complete the implementation, make sure that the website is secure, and confirm that the website returns data from the query page.

The following summary lists the solution requirements, and provides a diagram of the current environment.

Solution requirements

• Provide secure hosting of the MySQL database
• Provide secure access for an administrative user
• Provide anonymous access to web users
• Run the website on a t2.micro EC2 instance, and provide Secure Shell (SSH) access to administrators
• Provide high availability to the website through a load balancer
• Store database connection information in the AWS Systems Manager Parameter Store
• Provide automatic scaling that uses a launch template

My Solution

• 1. I first inspected my current environment. As is shown in the picture above, I had a VPC with four subnets, two public and two private with a route table each, and four security groups. I also had a Bastion Host EC2 instance, an internet gateway attached to the VPC and already configured launch configuration. VPC: Example 10.0.0.0/16

Pub SN1= 10.0.0.0/24
Priv SN1= 10.0.2.0/23
Pub SN2= 10.0.1.0/24
Priv SN2= 10.0.4.0/23

Security Groups:
ALBSG
Bastion-SG
Example-DB
Inventory-App

• 2. First, I decided to create a load balancer for my server. I chose an application load that was internet facing for my public subnets. I selected the ALB security group that was already created for the environment and then created a target group with the Bastion Host as the target for the load balancer listener.

• 3. Whilst waiting for the load balancer to become active, I created an auto scaling group with the preconfigured launch template and attached auto scaling group to the load balancer target group.
• 
• 4. I copied the load balancer URL to see if the site was operational. Whilst the landing page looked fine, I was unable to query as there was no database. To rectify this, I first created a subnet group to attach to the VPC. I then created a MySQL Multi-AZ database instance in a burstable t3.micro class with the existing security group.
• 5. I then used Systems Manager Parameter store to set up the four required parameters for my database:
• /example/endpoint
• /example/username
• /example/password
• /example/database
• 6. I downloaded the key file for SSH from the AWS Details section of the instructions for the capstone project. I connected to the Bastion Host, then created a file for the private key. I then copied the private IPV4 address and connected via SSH after modifying the security groups for the new instance to allow for SSH. This allowed me to view the database assets on this instance which included the Countrydatadump.sql files. Using mysql as an admin, I imported the Countrydatadump.sql into the database using its endpoint. The validation test showed that all the files were imported.
• 
• 7. I then went back to the website to check if I was successful. The landing page looked the same but I was now able to successfully run queries thanks to the database.
• 
• 
• I was pleased with the end result as I managed to successfully deploy a working architecture and meet the solution requirements outlined above. Looking back on how I could improve my architecture, I now realise that other resources such as Cloud9 could have been utilised. This would have allowed for a more secure and centrally managed resource for all my applications.