Real World AWS for Everyone

Cloud Config

Databases from a Single Source

The next step is to set up a MySQL database as a back end for the web server on the private subnet. You can set up a new VM, install MySQL on it, and save it as a separate AMI template, from which you could then create additional DB-VMs. The other options is to use Amazon's RDS. In addition to open source-based databases such as PostgreSQL and MySQL, RDS offers commercial alternatives such as Oracle or Amazon Aurora. Aurora is a MySQL-compatible enterprise database service that, according to Amazon, only costs 10% of what you can expect for commercial database engines. However, keep in mind that the prices for Database-as-a-Service options are added on top of those of the utilized EC2 resources or Elastic Block volumes. In contrast to MySQL, Aurora supports up to 15 low-latency read replicas, an automatically scalable storage capacity of up to 64TB, and six-way replication across three AZs if required. But whether Aurora or MySQL: The advantage of setting up the database as a managed service is that it is relatively easy to configure the database across multiple AZs. A firewall rule for communication between the database instance and the web server is required in the activity zone; I will create another security group to provide this rule. The group allows incoming traffic of the MySQL/Aurora type on port 3306 with the web server security group as the source. In order to instantiate the database in two AZs, a construct of the subnet group is also required. The starting point for creating subnet groups is the RDS dashboard under Services | RDS (Figure 5). Clicking on Subnet Groups leads to the wizard called Create DB Subnet Group . You'll also need to add two subnets to the other AZ.

Figure 5: The RDS dashboard is the first port of call for an overview of the database instances.

The database is then instantiated with Launch DB Instance in the Instances area. The wizard is largely self-explanatory. MySQL is fine as an engine; Amazon Aurora is not included in the Free Tier quota. DB Engine Version gives you a free choice from 5.5.40 to 5.7.16. As a DB Instance Class , I will use db.t2.micro - 1 vCPU - 2 vCPU, 1GB RAM. However, the desired Multi-AZ Deployment option is not available in MySQL in the Free Tier. The corresponding check mark at the top of the dialog has to be removed to enable the setting. For the storage type (Elastic Block Storage), I started with General-Purpose (SSD) . If you have also specified a DB Instance identifier, as well as a master user and password, Configure Advanced Settings is all about placing the database instance in the desired VPC and the appropriate subnet group or VPC security group and enabling public access if necessary. With the Database Options and Backup settings, you can essentially accept the default settings and activate the instance by clicking on Launch DB Instance . Clicking on View your DB Instances then lists all active database instances. The initial creating status changes to modifying and, after about ten minutes, to available . The RDS dashboard offers many other interesting options, such as the management of snapshots, but for this scenario, it is initially important just to make a note of the entry underneath the instance list that is valid for the instance marked above under Endpoint (in this case, db1.c8ijnvnbecpw.us-west-2.rds. amazonaws.com:3306, which you need to interact with the web server). Armed with this information, switch back to the instance list of the EC2 dashboard, note the public IP of the web server, and call the corresponding web page in the browser. Click on the RDS menu link and insert the string for Endpoint in the input field. Then add the username and password and click on Submit to transfer the configuration. To test whether the PHP application communicates properly with the database, use the web interface to add, edit, and remove a contact.

Scaling Made Easy

You can convert the configuration into an auto-scaling setup in a few easy steps, so that additional instances will start up during peak loads. Also, with some access to the AWS shelf, you could operate several web servers behind a load balancer. Look for the AWS Elastic Load Balancer (ELB) in the EC2 dashboard under Load Balancing . Finally, various VPN solutions supported by AWS make it easy to access your own subnets from the outside or even build up a hybrid structure. For example, you could operate one or more Windows servers on premise and other Windows servers as EC2 instances – configured as read-only domain controllers. You could also provide branch offices with identity and authentication services that are available via the AWS Virtual Private Gateway. An IIS on a public subnet as the basis for your own Exchange infrastructure with Outlook Web Access would also be a conceivable scenario for SMEs. You can monitor virtually all AWS resources using Amazon Cloud Watch [9], which provides a host of base metrics free of charge. Additional costs are only incurred with special metrics or smaller sample rates up to real time.

Conclusions

The scenario in this article uses only a fraction of the services available in AWS. Each step of the configuration is possible using a GUI, although the primary strength of AWS lies in API control. With the help of AWS Cloud Formation [10], entire deployments can be created on a template basis without additional costs. Using the Cloud Formation Designer, companies can visually create complex AWS constructs such as a VPN gateway in a fraction of the time. The one question that is deceptively difficult to answer is whether the total cost incurred for all monthly IaaS, PaaS, and SaaS services is lower than the cost of installing, operating, and maintaining a comparable, on-premise infrastructure. The AWS pricing model is very complex [3], and it isn't easy to compare the cloud versus home scenarios directly. For instance, the cost for auto-scaling on-premise deployments is difficult to estimate. Detailed analysis of AWS discount and billing models is therefore just as important as the design of a coherent security plan. Nevertheless, AWS's service diversity, usability, and functionality go further than Google or Azure's current offers, and building a private cloud with OpenStack or VMware vRealize Automation is unlikely to be an option for small-to-midsized businesses.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus