top of page
AWS consulting service Logo

AWS DevOps | Cloud Engineer

Ibrahim Fisiru

  • Linkedin

Web Hosting Application Server

  • Writer: Ibrahim F
    Ibrahim F
  • May 10
  • 2 min read

Updated: May 10

Note: This project demonstrates a Linux-based web hosting environment. The architecture, design patterns, and security configurations mirror those used in production-grade, high-availability, zero-trust deployments and adheres to the AWS Well Architected Framework




The Organizational Profile:

This project represents a small business scenario that requires a secure, scalable web hosting environment on AWS. The infrastructure features:

  • A private EC2-based web server hosted across two availability zones for redundancy

  • AWS Systems Manager for secure admin access

  • Integration with S3 for scalable object storage

  • Auto Scaling Groups for scaling based on traffic


The End Goal:

To deploy a lightweight, production-ready two-tier website server infrastructure on AWS that allows for optimal security, scalability, and operational efficiency. This includes:

  • Web server deployment in private subnets

  • Used of load Balancer used to distribute inbound public traffic

  • Tightly scoped IAM and security group strategy

  • NAT and VPC endpoint configurations for secure internet and AWS service access

  • Automated scaling and object storage


The Process Used – The 5 Phase Approach in Action:

1) Discovery & Planning -

  • Assessed the basic requirements for a secure, scalable web server. This includes determining workload needs, current hardware and software in use, determining who needs access, and network needs.

2) Service Translation & Architecture Design -

  • Select and tailor AWS services based on step 1 and design a secure, scalable AWS architecture.

  • For example, because the EC2 web server is hosted in a private subnet, we used a NAT Gateway for outbound access and Systems Manager for administration—eliminating the need for public IPs or SSH.



3) Migration & Deployment Execution –

  • Shift and configure workloads into AWS with thorough documentation. Steps included:

    • Creating the VPC, public/private subnets, NAT Gateways, and route tables

    • Security group creation for least-privilege access

    • Launching EC2 instances with aligned with the server OS and model in mind

    • Using Systems Manager Session Manager for secure access

    • Deploying a Load Balancer with targeted routing to the private EC2 instance

    • Setting up IAM roles for EC2 and S3 interaction

    • Configuring S3 to store web files, to be accessed via a VPC endpoint


4) Compliance & Optimization –

  • Prepare compliance reports, validate security, and optimize performance. This included

  • Verified that there is no public IP exposure to the server itself

  • Load testing and health checks via the ALB DNS endpoint

  • CloudWatch integration and tagging for cost visibility and management


5) Cutover & Training –

  • Run performance tests, validate rollback procedures, train staff, and provide post-migration support.





 
 
 

Comentários

bottom of page