Question

Introduction to the Problem

Design an Amazon Virtual Private Cloud (VPC):

"Scenario: You have a small business with a website that is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance. You have customer data that is stored on a backend database that you want to keep private. You want to use Amazon VPC to set up a VPC that meets the following requirements:

•          Your web server and database server must be in separate subnets.

•          The first address of your network must be 10.0.0.0. Each subnet must have 256 total IPv4 addresses.

•          Your customers must always be able to access your web server.

•          Your database server must be able to access the internet to make patch updates.

•          Your architecture must be highly available and use at least one custom firewall layer."

For the Program Level Assessment, short summary report using the following criteria:

Define the Problem

re-state the problem you are asked to solve and detail all relevant findings and recommendations.

Identify Strategies

Explain how your VPC design meets requirements in scenario.

Propose Solutions

How you can improve or change your design using additional services learned in class.

Evaluate Outcomes

Briefly explain how your design and propose solutions meets at least two of the pillars of AWS Well-Architected Framework.

Submit a Word Document

Using the section headers above, provide responses for each and summary report.

Answer 1

· Define the Problem :

o You have a small business with a website that is hosted on an Amazon Elastic Compute Cloud (Amazon EC2) instance. You have customer data that is stored on a backend database that you want to keep private. You want to use Amazon VPC to set up a VPC that meets the following requirements:

§ Your web server and database server must be in separate subnets.

§ The first address of your network must be 10.0.0.0. Each subnet must have 256 total IPv4 addresses.

§ Your customers must always be able to access your web server.

§ Your database server must be able to access the internet to make patch updates.

§ Your architecture must be highly available and use at least one custom firewall layer.

· Identify Strategies

o Create a VPC with public and private subnets using AWS VPC wizard.

o Enabled Nat Gateway for private VPC to allow connectivity to internet for DB patches.

o Create EC2 and DB2 instances in multiple AZs to ensure HA.

· Propose Solutions

o Create 1 VPC as below

o Keep the default IPv4 settings. This will allow the IP range to start from 10.0.0.0.

o Selecting this CIDR block is must, 10.0.0.0/20 else Private VPN will not begin from 10.0.0.0.

o Create a VPC endpoint, a service provided by AWS as an interface to allow connectivity to AWS services.

o Choose VPC Dashboard, choose Security Groups, and then choose Create security group.

o On the Create security group page, set these values:

o Security group name: tutorial-db-securitygroup

o Description: Tutorial DB Instance Security Group

o VPC: Choose the VPC that you created earlier, for example: vpc-identifier (tutorial-vpc)

o Add inbound rules to the security group.

o In the Inbound rules section, choose Add rule.

o Set the following values for your new inbound rule to allow DB traffic on port 3306 from your EC2 instance. If you do this, you can connect from your web server to your DB instance to store and retrieve data from your web application to your database.

o To create the security group, choose Create security group.

o Create an AWS Firewall Manager policy for AWS WAF.

o In the navigation pane, choose Security policies.

o Choose Create policy.

o For Policy type, choose AWS WAF.

o For Region, choose an AWS Region. To protect Amazon CloudFront distributions, choose Global.

· Evaluate Outcomes

o Please fill in the details according to the details shared.