Article Image
Article Image
View All Posts
read
Want to keep up to date with the latest posts and videos? Subscribe to the newsletter
HELP SUPPORT MY WORK: If you're feeling flush then please stop by Patreon Or you can make a one off donation via ko-fi
#AMAZON AWS #ELASTIC BEANSTALK #RAILS #VIRTUAL PRIVATE CLOUD

This is the first in a series of blog posts that describe how to deploy a Rails application to Elastic Beanstalk in a Virtual Private Cloud (VPC) on Amazon AWS.

In this post we will setup a new VPC to host our Elastic Beanstalk application and Database servers.

This involves the creating the following objects:

  • A new VPC
  • Public and Private subnets in each availability zone
  • An Internet Gateway and routing table entries for the public subnets
  • A NAT gateway and routing table entries for the private subnets
  • Security groups for a Bastion server, Web servers and Database servers

At the end of this we will have something that looks like the diagram below:

VPC Setup With Public and Private Subnets

You can download this image for your own use as a PDF, SVG, PNG, Sketch.

The video embedded below walks you through this process:

VPC setup

To configure a VPC you need to select a range of private IP addresses. Valid ranges for these are:

Start End
10.0.0.0 10.255.255.255
172.16.0.0 172.31.255.255
192.168.0.0 192.168.255.255

When you setup a VPC you configure the address space using CIDR format. The minimum number of mask bits that you can use is 16. This gives you a maximum number of ip addresses in a VPC of 65534. We’ll divide this address space up among the subnets that we will create in our VPC.

For the example in this blog post and associated video I’ve used 10.0.0.0/16. You can use this handy CIDR calculator for working out address ranges.

Create VPC

For the tennancy make sure this is set to default. If you change this to dedicated then every instance you launch in your VPC will use dedicated hosting (even if you specify a different setting when you create the instance).

Subnet Setup

To support failover between availability zones you need to have a subnet in each availability zone. As we are creating a public and private set of subnets we will need 2 subnets in each zone.

To make distinguishing public and private subnets easier I use the convention of starting my public subnets at 10.0.0.0 and my private subnets at 10.0.100.0.

Zone Subnet CIDR Subnet Name
A 10.0.0.0/24 Public Subnet A
B 10.0.0.0/24 Public Subnet B
C 10.0.0.0/24 Public Subnet C
A 10.0.0.0/24 Private Subnet A
B 10.0.0.0/24 Private Subnet B
C 10.0.0.0/24 Private Subnet C

Create a subnet

Depending on the AWS region you are creating, you may have more availability zones. You should create additional subnets to cover all the zones in your region.

Public and Private subnets in each availability zone

Internet Gateway

To comminicate from our public subnet to the internet and for the internet to be able to see machines running inside our public subnet we need to add an internet gateway. We also need to add routing tables so that our VPC router knows how to route traffic to our internet gateway.

We create an internet gateway:

Create an internet gateway

Attach it to our VPC:

Attach Internet Gateway to our VPC

To setup the routing for out inernet gateway we create a new routing table in our VPC:

This new routing table is associated with our Public Subnets:

And we add a new route with a destination of 0.0.0.0/0 with a target of our internet gateway.

This means that instances in our public subnet can communicate to the internet and that the internet can now see instances in our public subnet.

NAT Gateway

For our private subnets we don’t want our instances to be visible from the internet, but we do want the instances to be able to access the internet. For this we will create a NAT gateway.

Associate it with our Private Subnets and create a route with a destination of 0.0.0.0/0 and target of our new NAT gateway.

Security Groups

We will need the following security groups configured for our VPC:

  • Bastion Servers
  • Web Servers
  • Database Servers

For our bastion server we want a much security as possible. Ideally we should only open port 22 for ssh and only allow connections from our own IP address.

For added security you should add 2 factor authentication to your bastion server and only have it running when you need to use it. The rest of the time you should turn off the instance that is running your bastion server.

The web server security group can be setup with no incoming ports. We should not need to ssh onto our web servers as any configuration should be taken care of by our Elastic Beanstalk environment. Access to HTTP(S) ports is added automatically by the Elastic Load Balancer.

For our Database Servers, we need to open a port for our database (for Postgresql this is 5432) and allow access from our Web Server security group and also from our Bastion Server security group. You may only want to add access from the Bastion Server group on an as needed basis.

All done!

That concludes configuring our VPC. We’ve setup public and private subnets in our availability zones, create Internet and NAT gateways along with the necessary routing tables, and we’ve created a set of security groups for controlling access to the instances we deploy to our VPC.

In the next post we’ll deploy an Elastic Beanstalk application in our VPC.

#AMAZON AWS #ELASTIC BEANSTALK #RAILS #VIRTUAL PRIVATE CLOUD

Related Posts

Step 4: Deploy Rails App To Elastic Beanstalk from Command Line - Create and deploy a new Rails application to AWS Elastic Beanstalk, scaffold a model, connect to an Amazon RDS database, and modify environment variables for production deployment.
Step 2 - Setup Elastic Beanstalk: Deploying a Rails Application to Elastic Beanstalk - Follow this step-by-step guide to easily set up an Elastic Beanstalk application and deploy it within your VPC. Learn how to customise settings and enhance security for your Rails application on Amazon AWS.
Step 6: Add a Custom Domain and SSL to Elastic Beanstalk - Efficiently configure a custom domain with SSL using Elastic Beanstalk for a secure and easy Rails application deployment.
Step 7: Action Cable on Elastic Beanstalk - Step-by-step guide on deploying a Rails 5 chat app with Action Cable on AWS Elastic Beanstalk, enabling real-time communication using WebSockets and configuring the nginx server.
Step 5: Use CircleCI to Deploy To Elastic Beanstalk - Follow this simple tutorial to set up CircleCI for automatic deployment of a Rails application to Elastic Beanstalk when code is pushed to GitHub, and observe how CircleCI picks up changes and deploys straight out to your development and production environment.

Related Videos

The Hacker News Effect - The Website Didn't Catch Fire - Let's look at the traffic - Experience the Hacker News effect firsthand with a blog that soared to 45,000 requests in a day, managing the load seamlessly with Amazon AWS, Cloudfront, and Jekyll static site generation.
TensorFlow Lite With Platform.io and the ESP32 - Master the process of training a TensorFlow Lite model and deploying it on the ESP32 using PlatformIO with this comprehensive tutorial, complete with clear instructions and an informative video.
Forget SSH and vim, Use VSCode to Remote Develop on the Raspberry Pi - Improve your Raspberry Pi development experience with VSCode's Remote Development extension enabling you to write, test, and debug code from your desktop computer without VNC or a desktop environment for the Pi.
Voice Controlled Robot using the ESP32 and TensorFlow Lite - Master the process of building a voice-controlled robot with ESP32 and TensorFlow Lite, including creating neural networks, generating training data, and implementing firmware codes for a seamlessly programmed robot.
Browser-Based Augmented Reality Sudoku Solver using TensorFlow and Image Processing - Learn how to build a Sudoku app using browser APIs and modern techniques, including image processing pipeline, TensorFlow-powered neural networks, and OCR to efficiently identify, extract, and solve Sudoku puzzles.
HELP SUPPORT MY WORK: If you're feeling flush then please stop by Patreon Or you can make a one off donation via ko-fi
Want to keep up to date with the latest posts and videos? Subscribe to the newsletter
Blog Logo

Chris Greening


Published

> Image

atomic14

A collection of slightly mad projects, instructive/educational videos, and generally interesting stuff. Building projects around the Arduino and ESP32 platforms - we'll be exploring AI, Computer Vision, Audio, 3D Printing - it may get a bit eclectic...

View All Posts