« Previous 1 2 3
Real World AWS for Everyone
Cloud Config
Databases from a Single Source
The next step is to set up a MySQL database as a back end for the web server on the private subnet. You can set up a new VM, install MySQL on it, and save it as a separate AMI template, from which you could then create additional DB-VMs. The other options is to use Amazon's RDS. In addition to open source-based databases such as PostgreSQL and MySQL, RDS offers commercial alternatives such as Oracle or Amazon Aurora. Aurora is a MySQL-compatible enterprise database service that, according to Amazon, only costs 10% of what you can expect for commercial database engines. However, keep in mind that the prices for Database-as-a-Service options are added on top of those of the utilized EC2 resources or Elastic Block volumes. In contrast to MySQL, Aurora supports up to 15 low-latency read replicas, an automatically scalable storage capacity of up to 64TB, and six-way replication across three AZs if required. But whether Aurora or MySQL: The advantage of setting up the database as a managed service is that it is relatively easy to configure the database across multiple AZs. A firewall rule for communication between the database instance and the web server is required in the activity zone; I will create another security group to provide this rule. The group allows incoming traffic of the MySQL/Aurora type on port 3306 with the web server security group as the source. In order to instantiate the database in two AZs, a construct of the subnet group is also required. The starting point for creating subnet groups is the RDS dashboard under Services | RDS (Figure 5). Clicking on Subnet Groups leads to the wizard called Create DB Subnet Group . You'll also need to add two subnets to the other AZ.
The database is then instantiated with Launch DB Instance
in the Instances
area. The wizard is largely self-explanatory. MySQL is fine as an engine; Amazon Aurora is not included in the Free Tier quota. DB Engine Version
gives you a free choice from 5.5.40 to 5.7.16. As a DB Instance Class
, I will use db.t2.micro - 1 vCPU - 2 vCPU, 1GB RAM
. However, the desired Multi-AZ Deployment
option is not available in MySQL in the Free Tier. The corresponding check mark at the top of the dialog has to be removed to enable the setting. For the storage type (Elastic Block Storage), I started with General-Purpose (SSD)
. If you have also specified a DB Instance identifier, as well as a master user and password, Configure Advanced Settings
is all about placing the database instance in the desired VPC and the appropriate subnet group or VPC security group and enabling public access if necessary. With the Database Options
and Backup
settings, you can essentially accept the default settings and activate the instance by clicking on Launch DB Instance
. Clicking on View your DB Instances
then lists all active database instances. The initial creating
status changes to modifying
and, after about ten minutes, to available
. The RDS dashboard offers many other interesting options, such as the management of snapshots, but for this scenario, it is initially important just to make a note of the entry underneath the instance list that is valid for the instance marked above under Endpoint
(in this case, db1.c8ijnvnbecpw.us-west-2.rds. amazonaws.com:3306
, which you need to interact with the web server). Armed with this information, switch back to the instance list of the EC2 dashboard, note the public IP of the web server, and call the corresponding web page in the browser. Click on the RDS
menu link and insert the string for Endpoint
in the input field. Then add the username and password and click on Submit
to transfer the configuration. To test whether the PHP application communicates properly with the database, use the web interface to add, edit, and remove a contact.
Scaling Made Easy
You can convert the configuration into an auto-scaling setup in a few easy steps, so that additional instances will start up during peak loads. Also, with some access to the AWS shelf, you could operate several web servers behind a load balancer. Look for the AWS Elastic Load Balancer (ELB) in the EC2 dashboard under Load Balancing . Finally, various VPN solutions supported by AWS make it easy to access your own subnets from the outside or even build up a hybrid structure. For example, you could operate one or more Windows servers on premise and other Windows servers as EC2 instances – configured as read-only domain controllers. You could also provide branch offices with identity and authentication services that are available via the AWS Virtual Private Gateway. An IIS on a public subnet as the basis for your own Exchange infrastructure with Outlook Web Access would also be a conceivable scenario for SMEs. You can monitor virtually all AWS resources using Amazon Cloud Watch [9], which provides a host of base metrics free of charge. Additional costs are only incurred with special metrics or smaller sample rates up to real time.
Conclusions
The scenario in this article uses only a fraction of the services available in AWS. Each step of the configuration is possible using a GUI, although the primary strength of AWS lies in API control. With the help of AWS Cloud Formation [10], entire deployments can be created on a template basis without additional costs. Using the Cloud Formation Designer, companies can visually create complex AWS constructs such as a VPN gateway in a fraction of the time. The one question that is deceptively difficult to answer is whether the total cost incurred for all monthly IaaS, PaaS, and SaaS services is lower than the cost of installing, operating, and maintaining a comparable, on-premise infrastructure. The AWS pricing model is very complex [3], and it isn't easy to compare the cloud versus home scenarios directly. For instance, the cost for auto-scaling on-premise deployments is difficult to estimate. Detailed analysis of AWS discount and billing models is therefore just as important as the design of a coherent security plan. Nevertheless, AWS's service diversity, usability, and functionality go further than Google or Azure's current offers, and building a private cloud with OpenStack or VMware vRealize Automation is unlikely to be an option for small-to-midsized businesses.
Infos
- AWS: https://aws.amazon.com/
- AWS introductory video: https://www.youtube.com/watch?v=mZ5H8sn_2ZI
- AWS price structure: https://aws.amazon.com/pricing/services/
- AWS Free Tier: https://aws.amazon.com/free/
- AWS Management Console: https://aws.amazon.com/console/
- AWS Security Credentials: https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html
- IAM: https://aws.amazon.com/iam/
- Amazon Direct Connect: https://aws.amazon.com/directconnect/?nc1=h_ls
- Amazon Cloud Watch: https://aws.amazon.com/cloudwatch/?hp=tile&so-exp=below/
- AWS Cloud Formation: https://aws.amazon.com/cloudformation/?hp=tile&so-exp=below/
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.