Create a secure VPC for café admins, using a bastion host in a public subnet for remote server management. Include a NAT gateway for internet access to an EC2 instance in a private subnet, ensuring a robust and protected network for the café's web application server.
- Setting Up the Hosting Environment
- Installing the Café Web Application
- Duplicating the Café Website
- VPC Lab
- Enhancing the Security Layer
- Checked the status of the web server, database, and PHP.
- Started and set up the web server and database to run automatically.
- Created a symlink to the web server's directory.
- Adjusted ownership permissions for web server file editing.
- Created a basic test webpage (index.html) in the html directory.
- Edited inbound Rules in the instance Security Group to allow inbound HTTP traffic on TCP port 80 from anywhere.
- Downloaded and extracted web server application files.
- Moved café application files to the web server's document root.
- Configured application parameters in AWS Systems Manager Parameter Store.
- Configured MySQL database for the café application.
- Updated the PHP configuration to set the timezone to "America/New_York."
- Restarted the web server to apply the timezone configuration.
- Tested whether the café website is working and can be accessed from the internet.
- Created an AMI from the existing EC2 instance.
- Set a static internal hostname and created a new key pair.
- Verified that the new ProdCafeServer instance in the Oregon Region is running.
- Tested the café web application's functionality.
- Created a public subnet in the Lab VPC.
- Created an internet gateway and attached it to the Lab VPC.
- Updated the route table for the public subnet.
- Created an EC2 instance (Bastion Host) in the Public Subnet.
- Configured security group for the bastion host.
- Assigned an Elastic IP address to the bastion host.
- Tested the SSH connection to the bastion host.
- Created a private subnet in the Lab VPC.
- Created a NAT gateway in the public subnet.
- Created a new route table for the private subnet.
- Created an EC2 instance (Private Instance) in the Private Subnet.
- Configured security group for the private instance.