In this project, we are going to make an application that needs to support the high demand of a large number of users accessing it simultaneously. This application will be used in a conference for participants from all over the world to fill out their emails to be shortlisted in a raffle to win a $50 VISA gift card. To provide the requirement, we are going to use Amazon Elastic Beanstalk to deploy a web application and Amazon DynamoDB to the email list. We shall also use Amazon CloudFront to cache static and dynamic files to different Edge Locations to decrease latency when this application is accessed by users at various locations around the world.
• Name: users • Partition key | Primary key: email
-
Reviewing resources created: EC2, SG, ELB, TG, AutoScalling
-
Creating a new key pair (optional):
Network & Security | Key Pairs | Create key pair Name: Provide a security key pair Private key file format: .pem or .ppk
Creating an application
- Configure environment
Environment tier (*) Web server environment
Application information Application Name: Provide app name
Platform Platform: Python Platform version: (Recommended)
Application code Upload your code Version label: version-01 (*) Public S3 URL: https://tcb-bootcamps.s3.amazonaws.com/bootcamp-aws/en/tcb-conf-app-EN.zip (for example)
You can hit a "TAB" key to access the URL field.
Presets Configuration presets (*) High availability
Next
- Configure service access
Service access (*) Create and use new service role | 02 needed roles “service” and “ec2”
‘Service’ role name: aws-elasticbeanstalk-service-role
[ View service role permissions ]
► aws-elasticbeanstalk-service-role
Permissions:
- AWSElasticBeanstalkEnhancedHealth
- AWSElasticBeanstalkManagedUpdatesCustomerRolePolicy
Trust relationships
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "elasticbeanstalk.amazonaws.com" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "elasticbeanstalk" } } } ] }
EC2 key pair: Provide Key Pair
Now, let’s create an ‘EC2 instance profile’:
IAM | Roles | Create Role | Trusted entity type: AWS service
Common use cases: EC2
Next
Add permissions
- AWSElasticBeanstalkWebTier
- AWSElasticBeanstalkWorkerTier
- AWSElasticBeanstalkMulticontainerDocker
Next
Role name: aws-elasticbeanstalk-ec2-role Select trusted entities
Trust relationships
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sts:AssumeRole" ], "Principal": { "Service": [ "ec2.amazonaws.com" ] } } ] }
Create role Refresh…
Next
- Set up networking, database, and tags
Virtual Private Cloud (VPC): N. Virginia - Default VPC
Instance settings Public IP address [ ✔ ] Activated Instance subnets Availability Zone: us-east-1a
Select only one zone, we will change the instance size in the next step. Then, we will come back to this step to select all zones. If you select all zones, you’ll get an error because shapes are not available.
Next
- Configure instance traffic and scaling
Instances Root volume type: General Purpose (SSD) Size: 10 GB
Capacity Auto scaling group Load balanced Min: 2 Max: 4 Fleet composition: (*) On-Demand instances Instance types: t2.micro
Scaling triggers Metric: CPUUtilization Unit: Percent Min: 1 Min: 1 Upper: 50 Scale up: 1 Lower: 40 Scale down: -1
Load balancer network settings Visibility: Public Load balancer subnets [ ✔ ] check all
Previous - Let’s get back to the previous steps and select all zones
Next
Next
- Configure updates, monitoring, and logging
…scroll down… Environment properties Add environment property Name: AWS_REGION Value: us-east-1
Next
- Review
Submit Elastic Beanstalk is launching your environment. This will take a few minutes.
-
Validate the Resources Created
-
Testing the application
Tcb-conference-env | Domain: Example: http://tcb-conference-env.eba-cwmmuapk.us-east-1.elasticbeanstalk.com/
Before adding any e-mail… Let’s validate ‘DynamoDB’ and ‘Users’ table items Tables | Explore items
Try to add an e-mail: [email protected]
Internal Server Error The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.
Validating the Logs Logs | Request logs | Last 100 lines
Add the required permission into “aws-elasticbeanstalk-ec2-role” role:
IAM | Roles aws-elasticbeanstalk-ec2-role Add permissions | Attach policies AmazonDynamoDBFullAccess
Add permissions
Try again to add an e-mail: [email protected]
- CloudFront | CDN - Content Delivery Network Create a CloudFront distribution
Origin domain: select the ‘Elastic Load Balancer’ created by Elastic Beanstalk Protocol: HTTP only
Allowed HTTP methods: GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE
Cache key and origin requests (*) Cache policy and origin request policy (recommended) Cache policy: CachingOptimized
Web Application Firewall (WAF) (*) Enable security protections
Create Distribution | Last modified: Deploying… ~ 5 minutes [ pause the video… ]
- Testing CloudFront Copy 'Distribution Domain Name' and try it Have you realized that this time we have HTTPS connection? CloudFront
Let’s add a new record and validate it at DynamoDB table [email protected]
##Part 3: Stress/Overloading test
Checking EC2, LB, TG, AutoScaling, Elastic Beanstalk health/status
► Accessing and installing 'Stress' tool in the EC2:
ssh -i <key.pem> ec2-user@ip
Installing and running “Stress” tool
sudo yum install stress -y stress -c 4
Checking Elastic Beanstalk status | 'Warning'
Let’s open a new SSH connection and check the process running in the EC2 instance:
ps aux ps aux --sort=-pcpu top
Some cases that justify an increase in CPU consumption:
Black Friday | DDoS Attack | Hacker Mining Bitcoins
Let’s monitor the resources: EC2, ELB, Auto Scaling Group
- Elastic Beanstalk 'Application' | Action Delete [ wait a few minutes ~ 5 minutes ]
- The previous action will delete the ‘Elastic Beanstalk Environment’ (terminated)
- Disable and Delete the CloudFront distribution [ waiting a few minutes ~ 5 minutes ]
- Delete the DynamoDB 'users' table
“Terminated” means ‘deleted’ and it can take a while to “disappear” from the console.