aws module 15 capstone project

CPSC 4440 Final Project

This project was assigned to me as a final project for the cloud architecture course I took at Clemson University. This project was split into five parts using different AWS services: IAM, EC2 with Load Balancing, VPC, RDS, and EC2 Auto-Scaling. Click here to see the project instructions. A diagram of the final product is shown below:

For the IAM part of the project, I had to create some IAM users and groups. I assigned the groups policies and then put each user into the group they belonged in following the principle of least privilege.

For the VPC part of the project, I had to allocate an elastic IP address, create a VPC that looked identical to the diagram, create an internet gateway, create 4 subnets, create a public route table, and to create a private route table associated with the private subnets.

For the database part of the project, I was instructed to make a new RDS instance running on MYSQL. The first step was to create a DB subnet group called CU-Subnets that included the two private subnets. Then, I created the RDS database. It had a burstable db.t2.micro instance and a general purpose storage type. The database had a Multi-AZ deployment using the VPC already set up and the CU-Subnets subnet group.

EC2 Auto-Scaling

For 10 points extra credit on the project, we had the option to configure EC2 Auto Scaling behind our load balancer. I decided to do this option. Auto Scaling enables your architecture to scale up by add more instances as load increases, and then scale down by removing instances as load decreases. The launch configuration used the AMI I had created earlier. It used a target tracking policy that scaled up when CPU utilization was greater than 60% for 3 minutes.

AWS Academy: Cloud Architecting Capstone Project

The capstone project for the AWS Academy Cloud Architecting course was the last assignment you had to complete in order to obtain the badge for completing the course. It took a combination of the skills learned throughout the previous challenge labs in order to obtain a perfect score. Unfortunately, I do not have a diagram of what the final architecture looked like, but I will go into detail about what the project instructions were. For starters, here six main steps that needed to be completed: 1. Create an EC2 auto-scaling group from an existing launch configuration in the environment 2. Attach an application load balancer to the EC2 auto-scaling group 3. Create an RDS instance that the PHP application can query 4. Create a MYSQL database from a SQL dump file 5. Update application parameters in the AWS Systems Manager Parameter Store 6. Secure the application to prevent public access to backend systems

Setting up auto scaling

Setting up the auto-scaling group was fairly straight forward since the launch configuration was already defined in the environment. It was just a matter of picking the right AWS region and VPC and subnets to deploy the auto-scaling group in. The instances would be placed in 2 private subnets, each in a different availability zone. I set the minimum number of instances to 2, the desired amount to 2, and max amount to 4. It would scale up to when the CPU utilization was above 60% for 3 minutes.

Attaching an Application Load Balancer

An application load balancer spreads HTTP and HTTPS traffic across registered instances equally. After the EC2 auto-scaling group instances had passed their health checks, I created an application load balancer and then selected my auto-scaling group. Under the details tab, I selected load balancing->edit. I then clicked the check mark for application load balancer and selected the right target group. There was 1 already made in the lab environment. The application load balancer will take traffic from the public internet and then distribute the load across the EC2 instances in the private subnets. This ensures greater security.

Creating an RDS instance

Creating an RDS instance is pretty straight forward. First, I created 2 database subnet groups (the private subnet for each availability zone). Then, using the RDS wizard I made a RDS instance running MYSQL. I used a multi availability zone deployment and made sure that only the web application servers could communicate with the database instance.

Creating a MySQL database from a MYSQL dump file and Updating the Parameter Store

The pre-configured environment for the capstone project had a bastion host setup to access the EC2 instances in the private subnets. I gained access to one of the EC2 instances through the bastion host and then used it to run a mysql dump. The EC2 instance already had the mysql dump file in its home directory. The command was similar to this: mysql -h RDS_Endpoint -u username -p databasename < databasename.sql. This command setup the RDS instance with all the data the previous database contained. All that I had to to do now was make the EC2 instances read and write to the RDS instance instead of the old database. This was solved by changing the endpoint and password values in the parameter store. I then deleted the old database since it was no longer needed.

Securing the application

The last step was ensuring that the VPCs, security groups, and route tables were setup correctly. All internet traffic was to be go through the elastic load balancer, which would then distribute the traffic evenly between the EC2 instances. HTTP and HTTPS traffic from any source would be allowed. The bastion host would only accept SSH traffic from my IP address and have outbound rules to the EC2 instances. The EC2 instances would accept inbound traffic from the elastic load balancer and from the RDS instance. The RDS instance would only accept traffic from the EC2 instances and would only send information to the EC2 instances. The architecture was secure.

AWS Academy Cloud Architecting 2.x – Capstone Project

by XX · Published September 22, 2022 · Updated September 24, 2022

Environment Overview

Environment navigation, access the aws management console.

Using the terminal in the browser

Project Overview

Introducing the Example Social Research Organization

Solution requirements, project deliverables, assets for completing the project.

This environment is long-lived. When the session timer runs to 0:00, the session will end, but any data and resources that you created in the AWS account will be retained. Any running resources (such as an EC2 instance) will be stopped. If you later launch a new session (for example, the next day), you will find that your work is still in the lab environment. However, you will need to manually start any stopped resources. You can continue to develop your solution as you progress through the course materials.

 IMPORTANT: Monitor your lab budget in the lab interface above. Whenever you have an active lab session, the remaining budget will display at the top of this screen. For this Capstone Project environment, the limit is $40. If you exceed your lab budget your lab account will be disabled and all progress and resources will be lost . Therefore, it is important for you to manage your spending. Suggestions to avoid overspending : Launch only the number of instances you need, sized to your requirements. Stop EC2 and RDS instances when not in use. Delete no longer needed resources and data.

Use the  Readme link above to return to these instructions at any time.

Use the  AWS Details link above to access information about your environment.

After you start the lab, the AWS Details panel will display and you will need to choose Readme to return to these instructions.

 Tip: you can resize this panel at anytime by dragging the bar to the left of these instructions to make it wider or narrower.

Use the  Reset link above if you ever want to reset your AWS account back to the way it was in the beginning, before you ever ran sessions of this lab environment.  CAUTION : if you choose reset and then choose Yes to confirm that you do want to reset, you will permanently delete everything that you have created or stored in the AWS account.

The terminal window to the left of these instructions can be used to run AWS CLI commands or code such as AWS SDK for Python code (details provided below).

• The lab session is started and session information is displayed.
• A timer above shows the time remaining in the session. Tip: You can refresh the session length at any time by choosing Start Lab again before the timer reaches 0:00.
• Choose the  Readme link to return to these instructions.
• You should be connected to the AWS Management Console. Tip: If a new browser tab does not open, a banner or icon is usually at the top of your browser with the message that your browser is preventing the site from opening pop-up windows. Choose the banner or icon, and then choose Allow pop-ups. Tip: if you are interested in interacting with the AWS account programmatically, read the Configuring and using the terminal in the browser section below for details.

Using the Terminal in the browser

A terminal window displays to the left of these instructions. The terminal provides access to a Linux shell on a server that exists outside of the AWS account that you use when your lab is running. Credentials are configured on the server that provide the same level of AWS service access via the terminal that you also have via the AWS Management Console.

Project overview

This project provides you with an opportunity to demonstrate the solution design skills that you develop throughout this course. Your assignment is to design and deploy a solution for the following case.

By the end of this project, you should be able to apply the architectural design principles that you learned in this course to:

• Deploy a PHP application that runs on an Amazon Elastic Compute Cloud (Amazon EC2) instance
• Create a database instance that the PHP application can query
• Create a MySQL database from a structured query language (SQL) dump file
• Update application parameters in an AWS Systems Manager Parameter Store
• Secure the application to prevent public access to backend systems

Example Social Research Organization is a (fictitious) nonprofit organization that provides a website for social science researchers to obtain global development statistics. For example, visitors to the site can look up various data, such as the life expectancy for any country in the world over the past 10 years.

Shirley Rodriguez, a researcher at the organization, developed the website. She thought it would be valuable to share the data that she had gathered with other researchers. Shirley stores the data in a MySQL database, and the data is available through a PHP website that she built. She initially published the site through a commercial hosting company that provides limited support for technical issues and security.

Over the past year, Shirley’s website has grown in popularity. As a result of increased traffic, she started receiving complaints that the site is not as responsive as it used to be. She also experienced an attempted ransomware security breach. The security breach was unsuccessful, but her supervisor, Mateo Jackson, suggested that Shirley investigate new ways to host the website.

Shirley heard about Amazon Web Services (AWS), and initially moved her website and database to an EC2 instance that runs in a public subnet. She also runs an instance of MySQL on the same EC2 instance.

Shirley approached your team to make sure that her current design follows best practices. She wants to make sure that she has a robust and secure website. One of your colleagues started the process of migrating the site to a more secure implementation, but they were reassigned to another project. Your tasks are to complete the implementation, make sure that the website is secure, and confirm that the website returns data from the query page.

The following summary lists the solution requirements, and provides a diagram of the current environment.

• Provide secure hosting of the MySQL database
• Provide secure access for an administrative user
• Provide anonymous access to web users
• Run the website on a t2.small EC2 instance, and provide Secure Shell (SSH) access to administrators
• Provide high availability to the website through a load balancer
• Store database connection information in the AWS Systems Manager Parameter Store
• Provide automatic scaling that uses a launch template

The following parameters are used by the PHP application to connect to the database:

• /example/endpoint
• /example/username
• /example/password
• /example/database

 These parameter values are case sensitive.

To complete this assignment, you must:

• Deploy a PHP application that meets the system requirements outlined above
• Submit a diagram that illustrates your solution
• Submit a written summary of the design decisions that you made to achieve the result

You can use the following assets for this project:

• A SQL dump file that contains sample data
• A .zip file that contains the PHP and image files for the Example Social Research Organization website

Tags: AWS awscloud awstraining cloud cloudcomputing

You may also like...

Module 13 – Guided Lab 1: Breaking a Monolithic Node

August 17, 2022

 by XX · Published August 17, 2022

Module 3 Challenge Lab Creating a Static Website for the Cafe

May 13, 2022

 by XX · Published May 13, 2022 · Last modified June 28, 2023

Module 10 – Guided Lab: Automating Infrastructure Deployment with AWS CloudFormation

June 17, 2022

 by XX · Published June 17, 2022

4 Responses

• Pingbacks 0

I watched all your videos related to aws and all of them helped me a lot ??. But I’m unable to complete the caspton 2.x project ????. Please help me . Connect with me through Instagram or Facebook ??. Message me ur Instagram or FB id or Whatsapp number.

Hi did you check the you check the youtube video? Exactly which part you can’t accomplish?

What can I do if my parameter store is Restricted? is there another approach to finish the capstone without configuring the parameter store? Your video helped me a lot, but I can’t do that part.

Hello I am stuck at the Putty console step when trying to ping google.com. Nothing happens and when exited the ping fails.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Sharing is caring

Buy me a coffee so I can stay up longer and create better content!

You're signed out

Sign in to ask questions, follow content, and engage with the Community

• Canvas Question Forum
• Module 15 Capstone does not come out of this error...
• Subscribe to RSS Feed
• Mark Topic as New
• Mark Topic as Read
• Float this Topic for Current User
• Printer Friendly Page

Module 15 Capstone does not come out of this error: CREATE_FAILED, close the lab and wait for it to

• Mark as New
• Report Inappropriate Content

Solved! Go to Solution.

View solution in original post

• All forum topics
• Previous Topic

Best way to hide a student's assignment upload aft...

Canvas assignments /quiz links in a google slides, tallahassee community college turnitin account isn..., students used to be able to delete videos they upl..., use api and python to search for courses with quiz..., accordion html not working in instructions in new ..., api and python script to list quizzes that have s..., community help, view our top guides and resources:.

To participate in the Instructurer Community, you need to sign up or log in:

DEV Community

Posted on Jun 26, 2023

Capstone Project - Cloud Architecture

The Capstone project is quite a formidable task, making even quite experienced users work hard on how to overcome this scenario. We find ourselves working at a Social Research organisation that has a website that allows users to look up various data. Over the past few years, the website has grown in popularity and begun experiencing traffic issues as well as complaints about how slow it is. Additionally, there have been attempted ransomware attacks and security breaches. This is where we come in. We are here to design an infrastructure for the company's website that follows best practises and improves upon the existing architecture.

This blog is a record of how I overcame the Capstone project.

What we started with At the start, we were given a diagram of the current environment and how the company's website was laid out:

This current architecture shows us how the bastion host has been set up as well as its additional security groups placed in multiple subnets. This current architecture does not follow best practises as it is not highly available or does not scale automatically.

The solution

The solution I came up with not only solves the initial problem of being unable to scale automatically but also makes it more secure and highly available. By storing data within a MySQL RDS Multi-AZ database in a private subnet across multiple availability zones (AZ), it allows for more users around the world to access the website without experiencing traffic delays. Additionally, this meant that this solution had failover, allowing the secondary database to take over if the primary one were to fail or become unavailable.

The Application Load Balancer (ALB) is placed in front of the autoscaling group, which is linked to both applications in each AZ, allowing for a smoother runtime. Admin users would be able to access the applications by using SSH through the bastion host and access or store data.

We start off by downloading a SQL dump file provided by AWS that gives us the necessary tools in order for our applications as well as our databases to run. We create an internet-facing Application Load Balancer and attach it to two public subnets, as well as attaching the respective security groups. As we were setting up the autoscaling group, which would be behind the ALB, it gave us the option to attach it to both availability zones as well as both subnets (public and private). This would allow the infrastructure to be highly available.

Once the two had been created, it allowed the application to also be created within the process. After configuring the security groups, I was finally able to access the website. However, not only did it not look like a proper website, it was not functioning like one either.

The website would list what users may want to find information about, but it would not be able to list any of the necessary information. The website would return a connection error.

The next step was to create a multi-RDS database. This would allow for a secure and highly available way to store and access data that users could access without experiencing traffic.

note   (I had used a burstable class for this instance as it would allow for performance to exceed regular use if there was a need for it as we were already experiencing traffic issues.)

While the database was being created, I used this time to go into Systems Manager and create the parameters needed in the parameter store:

  Once the database was created, it was time to connect to it through the application we created earlier. This was done through the Bastion host and accessing it through the Access Key and Secret Access Key provided by AWS. Upon entering, I was able to import the SQL dump file, which allowed the database to have the data it needed. This was done by listing within the file to ensure that Countrydatadump.sql was inside of it. After the commands mysql -u username -p database_name < file.sql and entering the required password that I had set earlier when creating the RDS database, it was successfully able to ingest all the data it needed.

Upon successfully launching the application, the last thing to do was to check the website one last time and see if users could access the data they were looking for. After all my hard work, it was finally a success.

The Capstone project really pushed me to think outside the box and utilise all the skills I acquired during my journey as a trainee cloud engineer. This was something I had never experienced before, and I look forward to working on more projects like this in the future. I plan to update my blog throughout my career to not only allow readers to see my work but also to use it as a portfolio to show myself and others how I have evolved over the coming years with each project.

I appreciate you taking the time to read this!

Top comments (0)

Templates let you quickly answer FAQs or store snippets for re-use.

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink .

Hide child comments as well

For further actions, you may consider blocking this person and/or reporting abuse

How to create Custom Events in JavaScript?

Madhu Saini - Apr 9

Beyond Static: Embracing Dynamic Variable Creation in Python

chintanonweb - Apr 8

Switch Vs. If else

Amrita-padhy - Mar 12

Most Commonly Asked React Interview Questions 2024 - Part 2

Sayuj Sehgal - Mar 15

We're a place where coders share, stay up-to-date and grow their careers.

Search code, repositories, users, issues, pull requests...

Provide feedback.

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly.

To see all available qualifiers, see our documentation .

• Notifications