AWS Solutions Architect Associate

“Capstone Project”

Implement a resilient application leveraging some of the best practices.

Follow the steps to build the architecture depicted in Figure 1

Solution Logical Diagram 2

Create a Custom Amazon VPC 3

Create an Internet Gateway for Your Custom Amazon VPC 3

Update the Main Route Table for Your Custom Amazon VPC 3

Create Public Subnets for Your Custom Amazon VPC 3

Create a NAT Gateway for Your Custom Amazon VPC 3

Create a Private Route Table for Your Custom Amazon VPC 4

Create Private Subnets for Your Custom Amazon VPC 4

Create Security Groups for Each Application Tier 4

Create a MySQL Multi-AZ Amazon RDS Instance 5

Create an Elastic Load Balancer (ELB) 6

Create a Web Server Auto Scaling Group 6

Create a Route 53 Hosted Zone 7

Create an Alias A Record 7

Test Your Configuration 8

Extras (Pro Mode): Test Auto Scaling and SNS 9

Extras 2 (Beast Mode) : Lambda function 10

Submit Project 11
Solution Logical Diagram

Figure 1
1. Create a Custom Amazon VPC
1. Log in to the AWS Management Console.
2. Navigate to the Amazon VPC console.
3. Create an Amazon VPC with a Classless Inter-Domain Routing
(CIDR) block equal to 192.168.0.0/16, a name tag of Project-VPC,
and default tenancy.

2. Create an Internet Gateway for Your Custom Amazon VPC

1. Create an Internet gateway with a name tag of Project-IGW.
2. Attach the Project-IGW Internet gateway to the Amazon VPC.

3. Update the Main Route Table for Your Custom Amazon VPC
1. Locate the main route table for the Amazon VPC .
2. Update the route table name tag to a value of Project-Main Route
Table.
3. Update the route table routes by adding a destination of 0.0.0.0/0
with a target of the Internet gateway.
4. Create Public Subnets for Your Custom Amazon VPC
1. Create a subnet with a CIDR block equal to 192.168.1.0/24 and a
name tag of Project-Public Subnet 1. Create the subnet in the
Amazon VPC, and specify an Availability Zone for the subnet (for
example, US-East-1a).
2. Create a subnet with a CIDR block equal to 192.168.3.0/24 and a
name tag of Project-Public Subnet 2. Create the subnet in the
Amazon VPC, and specify an Availability Zone for the subnet that is
different from the one previously specified (for example, US-East-1b).
5. Create a NAT Gateway for Your Custom Amazon VPC
1. Create a Network Address Translation (NAT) gateway in the Amazon
VPC within the Project-Public Subnet 1 subnet.
2. Allocate EIP to the NAT Gateway.

6. Create a Private Route Table for Your Custom Amazon VPC

 1. Create a route table for the Amazon VPC with a name tag of
Project-Private Route Table.
2. Update the route table routes by adding a destination of 0.0.0.0/0
with a target of the NAT gateway.

7. Create Private Subnets for Your Custom Amazon VPC

1. Create a subnet with a CIDR block equal to 192.168.2.0/24 and a
name tag of Project-Private Subnet 1. Create the subnet in the
Amazon VPC , and specify the same Availability Zone for the subnet
that was used for the Project-Public Subnet 1 (for example,
US-East-1a).
2. Update the route table for the created subnet to the Project-
Private Route Table. (Association)
3. Create a subnet with a CIDR block equal to 192.168.4.0/24 and a
name tag of Project-Private Subnet 2. Create the subnet in the
Amazon VPC, and specify the same Availability Zone for the subnet
that was used for the Project-Public Subnet 2 (for example,
US-East-1b).
4. Update the route table for the created subnet to the Project-
Private Route Table.
8. Create Security Groups for Each Application Tier
1. Create an Amazon VPC security group for the ELB with a name tag
and group tab of Project-ELB-SG and a description of Load
balancer security group for Project. Create the security
group in the Amazon VPC from with an inbound rule of Type HTTP, a
protocol of TCP, a port range of 80, and a source of 0.0.0.0/0.
2. Create an Amazon VPC security group for the web servers with a
name tag and group tab of Project-WebServer-SG and a
description of Web server security group for Project.
Create the security group in the Amazon VPC with an inbound rule of
Type HTTP, a protocol of TCP, a port range of 80, and a source of the
Project-ELB-SG security group. You may want to add another
inbound rule of Type SSH, a protocol of TCP, a port range of 22, and a
source of your IP address to provide secure access to manage the
servers.
3. Create an Amazon VPC security group for the Amazon RDS MySQL
database with a name tag and group tab of Project-DB-SG and a
 description of Database security group for Project. Create
the security group in the Amazon VPC with an inbound rule of Type
MYSQL/Aurora, a protocol of TCP, a port range of 3306, and a source
of the Project-WebServer-SG security group.
9. Create a MySQL Multi-AZ Amazon RDS Instance
1. Navigate to the Amazon RDS console.
2. Create a DB subnet group with a name of Project-SubnetGroup
and a description of Subnet group for Project
3. Launch a MySQL Amazon RDS instance with the following
characteristics:
○ DB Instance Class: db.t2.small
○ Multi-AZ Deployment: yes
○ Allocated Storage: no less than 5GB
○ DB Instance Identifier: Projectdb
○ Master User Name: your choice
○ Master Password: your choice
○ VPC: the Amazon VPC
○ DB Security Group: Project-SubnetGroup
○ Publicly Accessible: No
○ VPC Security Group: Project-DB-SG
○ Database Name: appdb
○ Database Port: 3306
10. Create an Elastic Load Balancer (ELB)
1. Navigate to the Amazon EC2 console.
2. Create an ELB with a load balancer name of Project-WebServer-
ELB. Create the ELB in the Amazon VPC with a listener configuration
of the following:
○ Load Balancer Protocol: HTTP
○ Load Balancer Port: 80
○ Instance Protocol: HTTP
○ Instance Port: 80
3. Add the public subnets created in .
4. Assign the existing security group of Project-ELB-SG created in .
5. Configure the health check with a ping protocol of HTTP, a ping port
of 80, and a ping path of /index.html.
6. Add a tag with a key of Name and value of Project-WebServer-
ELB.
7. Update the ELB port configuration to enable load-balancer generated
cookie stickiness with an expiration period of 30 seconds.
11. Create a Web Server Auto Scaling Group
1. Create a launch configuration for the web server Auto Scaling group
with the following characteristics:
○ AMI: latest Amazon Linux AMI
○ Instance Type: t2.small
○ Name: Project-WebServer-LC
○ User data:
#!/bin/bash
yum update –y
yum install -y php
yum install -y php-mysql
yum install -y mysql
yum install -y httpd
echo "<html><body><h1>Powered by
AWS</h1></body></html>" > /var/www/html/index.html
service httpd start

○ Security Group: Project-WebServer-SG

 ○ Key Pair: existing or new key pair for your account
2. Create an Auto Scaling group for the web servers from the launch
configuration Project-WebServer-LC with a group name of
Project-WebServer-AG. Create the Auto Scaling group in the
Amazon VPC with the public subnets created in and a group size of 2.
3. Set up the scaling policy to run on 2 instances in normal times and to
maximize to 4 instances when CPU usage is above 75%.
4. Associate the load balancer Project-WebServer-ELB created to
the Auto Scaling group.
5. Add a name tag with a key of Name and value of Project-
WebServer-AG to the Auto Scaling group.
12. Create a Route 53 Hosted Zone
https://www.freenom.com/en/index.html?lang=en

1. Navigate to the Amazon Route 53 console and create a hosted zone.

2. Enter your domain name and create your new zone file.
3. In the new zone file, you will see the Start of Authority (SOA) record
and name servers. You will need to log in to your domain registrar’s
website and update the name servers with your AWS name servers.
4. After you update your name servers with your domain registrars,
Amazon Route 53 will be configured to serve DNS requests for your
domain.
13. Create an Alias A Record
1. Select your Route 53 hosted zone created in 2. Create a record set
with a name of www and a type of A—IPv4 Address.
2. Create an alias with an alias target of the ELB Project-
WebServer-ELB created in 0 and leave your routing policy as
simple.
14. Test Your Configuration
1. Navigate to the Amazon EC2 console.
2. Verify that the ELB created has 2 of 2 instances in service.
3. In a web browser, navigate to the web farm (www.example.com)
using the Hosted Zone A record created. You should see “Powered
by AWS” on the web page.
15. Extras (Pro Mode): Test Auto Scaling and SNS
Set up an email notification service to alert you when CPU usage is higher
that 20% and Autoscaling spins up new EC2 instances to cope with the
increased load
1. Setup SNS notification to send an email message to you when the
autoscaling group scales out.
2. Login to your EC2 instances and run the following command as root
to max out the CPU usage on each machine to 100%
○ # yes > /dev/null &
3. Navigate to the EC2 console and notice more instances are being
created in the Auto scaling group.
4. Navigate to your mailbox and notice the notifications being sent
5. Note: to stop the CPU load run the following command as root:
○ # killall yes
16. Extras 2 (Beast Mode) : Lambda function
Using the previous notification topic, use a Lambda function to send an
alert to your team’s slack channel when autoscaling adds an instance.

1. Set up an incoming webhook on your Slack team. Note the webhook url.
2. Create a new Lambda on AWS. Select "Node.js" as the runtime with a basic
execution role. Copy the code below, replacing "YOUR_SLACK_PATH_HERE"
with your webhook url.
3. Add your SNS topic as an event source.
var url = require('url');
var https = require('https');
var util = require('util');

var POST_OPTIONS = {
hostname: 'hooks.slack.com',
path: 'YOUR_SLACK_PATH_HERE',
method: 'POST',
};

exports.handler = (event, context, callback) => {

const message = {
channel: event.Records[0].Sns.Subject ||
'YOUR_DEFAULT_CHANNEL_HERE',
text: event.Records[0].Sns.Message
};
console.log('From SNS:', message);
var r = https.request(POST_OPTIONS, function(res) {
res.setEncoding('utf8');
res.on('data', function (data) {
context.succeed("Message Sent: " + data);
});
}).on("error", function(e) {context.fail("Failed: " + e);} );
r.write(util.format("%j", message));
r.end();
};
17. Submit Project
Submit the project on Simplilearn Assessment tab under project 1:
Configure and Connect a MySQL Database Instance with a Web Server

Take screenshots of the following resources and upload them for review:
1. Main Route Table for Your Custom Amazon VPC
2. Public Subnets for Your Custom Amazon VPC
3. Private Route Table for Your Custom Amazon VPC
4. Private Subnets for Your Custom Amazon VPC
5. Security Groups for Each Application Tier
6. MySQL Multi-AZ Amazon RDS Instance
7. Elastic Load Balancer (ELB)
8. Web Server Auto Scaling Group
9. Route 53 Hosted Zone