AWS Elastic Beanstalk

 

Introduction to AWS Elastic Beanstalk: AWS Elastic Beanstalk allows developers to focus more on code and less on underlying infrastructure. It is a platform-as-a-service solution that deploys and manages applications on AWS without requiring individual configuration of the supporting infrastructure. Developers can upload their code, and Elastic Beanstalk will handle infrastructure and environment configuration, supporting various languages such as Go, Java, .NET, Node.js, PHP, Python, and more.

Elastic Beanstalk's Use of CloudFormation: Elastic Beanstalk uses CloudFormation, an infrastructure-as-code solution, to build infrastructure for applications. While CloudFormation builds core infrastructure components, Elastic Beanstalk is application-focused and provisions infrastructure specific to the deployed application.

AWS Elastic Beanstalk Supported Platforms and Languages: Elastic Beanstalk supports various platforms and languages, allowing deployment for applications built in supported languages. These include Apache Tomcat for Java, Apache HTTP Server for PHP and Python, Nginx and Apache HTTP Server for Node.js, .NET for Windows, and others.

AWS Elastic Beanstalk Components If your application architecture isn't built using one of these supported platforms or runtime environments, you can always use Docker containers. With Docker containers, you can define your own runtime environment, platform, programming language, and any application dependencies. Docker containers are self-contained and include all the software your web application needs, providing extensive flexibility for the type of applications you can host using Elastic Beanstalk.

Now, there are two options when it comes to Docker. The first option is to use Docker runtime on 64-bit Amazon Linux 2. This is ideal for single Docker containers, where you deploy a single or multiple containers on EC2 instances. You can build the Docker image by supplying a Dockerfile, and Elastic Beanstalk will set up your Docker image based on that. Alternatively, you can provide access to a pre-built Docker image.

The second option is to use ECS running on 64-bit Amazon Linux 2. ECS stands for Elastic Container Service, a container orchestration management solution offered by AWS. With this option, Elastic Beanstalk performs all ECS activities, including creating ECS clusters, defining task definitions, and task execution. You can also define environmental variables in the Elastic Beanstalk console, which are then passed on to the containers.

An important point to note about this ECS option is that your Docker images must be pre-built and stored in a repository. Unlike the first option where you can supply a Dockerfile and have Elastic Beanstalk build the Docker image, here you need to have pre-built Docker images stored in a repository.

Before the introduction of ECS for hosting multi-Docker containers, there was a legacy option known as Docker Legacy. This allowed hosting multi-container Docker containers, and these can be migrated to ECS running on 64-bit Amazon Linux 2.

Next, let's take a look at a typical architecture design pattern of how the various components of Elastic Beanstalk work together.

AWS Elastic Beanstalk Components Let's take a look at the different Elastic Beanstalk components. Imagine our developer, Meno, who has built an application and wants to deploy it on AWS without dealing with the underlying infrastructure. He decides to use Elastic Beanstalk, a platform-as-a-service solution.

Meno needs to create an Elastic Beanstalk application, which, from Elastic Beanstalk's perspective, is not a traditional application but a container holding the actual application code, environments, runtime libraries, and infrastructure components. This application serves as a collection of infrastructure resources, environments, application versions, and configurations.

Once the application is created, Meno describes and configures Elastic Beanstalk environments. He uploads the application code to Elastic Beanstalk, and the service places it into a managed S3 bucket linked to the Elastic Beanstalk application. These uploaded and versioned code bundles are called application versions. Elastic Beanstalk also allows Meno to create one or more environments for deploying applications, such as a Dev environment, a test environment, and a production environment. The application code is then deployed to these environments, each with its own configuration for infrastructure components.

Meno needs to specify details about the infrastructure, such as using a default or custom VPC, Auto Scaling services, instances, Auto Scaling policies, an elastic load balancer, and a backend database. He also needs to define security rules and an instance profile for EC2 instances. These configurations are necessary for Elastic Beanstalk to set up and manage the environment. Elastic Beanstalk uses CloudFormation to provision these infrastructure components.

Once the environment is configured, Elastic Beanstalk deploys the application versions to the specified environments and provisions the application within EC2 instances. Meno can also configure additional services like exporting log files to CloudWatch for monitoring or setting up email notifications for administrators. Despite Meno needing to be aware of core infrastructure components, Elastic Beanstalk handles the heavy lifting by configuring and setting up the infrastructure using CloudFormation.

Next, let's look at the different environment tiers offered by Elastic Beanstalk.

AWS Elastic Beanstalk Environment Tiers When considering using Elastic Beanstalk to host your application on AWS, it's crucial to take into account the complexity and architecture design patterns of your application. If your application has both a front-end and a back-end element, as most production enterprise-grade applications do, Elastic Beanstalk provides environmental tiers to cater to this design.

The front end refers to the presentation layer of your application, using technologies like HTML, JavaScript, and CSS to create the user experience on web pages. The back end focuses on server-side development, handling operations such as retrieving data and processing requests.

To support both front-end and back-end components effectively, Elastic Beanstalk offers environmental tiers known as web and worker tiers. The web tier is designed for front-end elements, handling user interface components, while the worker tier is suitable for back-end operations, managing tasks that may take longer and need to handle incoming requests from the front end.

By utilizing these environmental tiers, you can separate front-end requests from back-end processes and implement a queuing system to manage pending requests. This ensures effective support for both components of your application within Elastic Beanstalk.

 AWS Elastic Beanstalk Architectural Setup

1. VPC Setup:

   • Purpose: Create an isolated network to deploy the Elastic Beanstalk application.
   • Details:
     • Use two availability zones for high availability.
     • Configure six subnets (two public for load balancers, two private for the application, and two private for the database).
     • Deploy an Internet Gateway for internet access.
     • Implement a NAT Gateway for private subnet instances to access the internet.

2. Security Groups Configuration:

   • Purpose: Control inbound and outbound traffic to resources in the VPC.
   • Details:
     • Configure a security group for the database to allow inbound traffic on Port 3306.
     • Create an "app SG" security group for instances, allowing database access only to instances associated with this group.

3. RDS Database Deployment:

   • Purpose: Host the application's database separately from the Elastic Beanstalk environment.
   • Details:
     • Deploy a MySQL database in the VPC.
     • Consider multi-AZ configuration for high availability.

4. AWS Secrets Manager Configuration:

   • Purpose: Store and manage database credentials securely.
   • Details:
     • Set up secrets for the database in AWS Secrets Manager.
     • Optionally enable database rotation for enhanced security.

5. IAM Role and EC2 Instance Profile:

   • Purpose: Define permissions for EC2 instances to interact with AWS services.
   • Details:
     • Configure an IAM role with necessary permissions.
     • Create an EC2 instance profile using the IAM role.

6. Elastic Beanstalk Application Setup:

   • Purpose: Deploy and manage the application using Elastic Beanstalk.
   • Details:
     • Configure Elastic Beanstalk application settings.
     • Upload application code to Elastic Beanstalk, involving S3 bucket setup.
     • Instruct Elastic Beanstalk to configure an application load balancer.
     • Design the environment for high availability.
     • Set up auto-scaling policies.
     • Configure environment properties for database connectivity.

7. Elastic Beanstalk Deployment Execution:

   • Purpose: Provision resources and deploy the application using Elastic Beanstalk.
   • Details:
     • Elastic Beanstalk provisions security groups for the load balancer and instances.
     • Deploys EC2 instances based on auto-scaling policies.
     • Retrieves data from environment properties, including database and Secrets Manager details.
     • Successfully deploys the application and provides a DNS name for access.

8. Custom Domain Name (Optional):

   • Purpose: Associate a custom domain name with the Elastic Beanstalk URL.
   • Details:
     • Optionally associate a custom domain name within Route 53 with the Elastic Beanstalk URL.

These steps collectively aim to create a robust, secure, and scalable architecture for deploying an application using AWS Elastic Beanstalk.

 

LAB - Step 1 - Create a VPC for Elastic Beanstalk

For you so that it's easy to follow, let's go into the AWS Management Console and create that VPC.

Here we are in my AWS account, and the first thing we're going to work with is the VPC. We're going to build out a Virtual Private Cloud, which will be our isolated network hosting our application. This VPC will comprise six subnets across two availability zones, an Internet Gateway, and the two security groups mentioned earlier. Let's create our VPC.

Go to the VPC Management Console, open it in another tab, and navigate to "Your VPCs." Click "Create VPC." I'll name it "dev-VPC," and the IPv4 CIDR block will be 10.0.0.0/16. Click "Create VPC."

Now that we've created the basic VPC, 

Step 2 -The next step is to create an Internet Gateway

Click "Internet Gateways," then "Create Internet Gateway." Name it "Dev igw" and click "Create Internet Gateway." Remember to attach it to the VPC by selecting your VPC and clicking "Attach Internet Gateway."

Now, our VPC has an Internet Gateway, 

Step 3 - And we can move on to creating six subnets. 

We'll have 

• two public subnets for Edge services like the load balancer, 
• and four private subnets for the application and database layers. 

Navigate to "Subnets" and click "Create Subnet."

• Start with the first public subnet, naming it "Dev-public-subnet01" in Availability Zone 1A with the IP block 10.0.1.0/24. 
• Create another public subnet, naming it "Dev-public-subnet02" in Availability Zone 1B with the IP block 10.0.2.0/24.

Now, create two private subnets. 

• The first, "Dev-app-subnet01," goes in Availability Zone 1A with the IP block 10.0.10.0/24. 
• The second, "Dev-app-subnet02," goes in Availability Zone 1B with the IP block 10.0.11.0/24. Finally, create two database subnets: 

• "Dev-data-subnet01" in Zone 1A with the IP block 10.0.20.0/24 
• and "Dev-data-subnet02" in Zone 1B with the IP block 10.0.21.0/24.

Step 4 -Now, set up route tables. 

Click "Route Tables." The main route table is automatically created. Create a public route table named "Dev-public-RT" and add a route to the Internet via the Internet Gateway. Associate the public subnets with this route table.

Step 5 - NAT Gateway

For private instances, we'll use a NAT Gateway. Create a NAT Gateway named "Dev-NatGW" in public subnet 1. Remember to allocate an Elastic IP for it. After it becomes available, go back to the main route table, add a route to the Internet via the NAT Gateway, and associate private subnets with the main route table.

Step 6 - Security groups

Finally, create two security groups: "Dev-app-SG" for application instances with an inbound rule for HTTP traffic on port 80, and "Dev-database-SG" for the database instances with an inbound rule for MySQL traffic (port 3306) from instances associated with "Dev-app-SG."

That completes the setup of our VPC, including subnets, route tables, NAT Gateway, and security groups. In the next step, we'll launch an RDS database in our VPC.

LAB - Step 7 - Launch an external RDS database for Elastic Beanstalk

Okay, back into my AWS Management Console. We're going to move into RDS, so I'm just going to search for the RDS service here and open that up in another tab. That will bring up our RDS console.

When you're setting up an RDS database, you're going to launch it in your VPC. If you remember, we had set aside two subnets: data subnet one and data subnet two, which will be used to host our database.

Prior to actually launching a database, you need to create something called a subnet group. A subnet group is essentially telling RDS which subnets are going to be used to launch our database, and you need a minimum of two subnets, ideally across two availability zones, that you need to define for your subnet group. So, on the left-hand side, I'm going to click on subnet groups and then click create a DB subnet group. We're going to give it a name, so I'll call this Dev DB subnet group.

We can use the same name for the description. Make sure you select the right VPC, so that's the devvpc. The availability zones that we've defined in our VPC are for availability zones 1A and 1B in the US East 1 region. Within those two availability zones, we're going to be deploying our database in the database subnet 1 and database subnet 2. Now, it's a little bit difficult to see it here because it just shows it to you in the form of an IP address and the subnet IDs, but if I quickly go back to my VPC console and click on subnets, then I know for a fact that database subnet 1 was 10.0.20.0/24, and database subnet 2 was 10.0.21.0/24. So, those are the two subnets that I want to select. So, from this drop-down list, I'll select subnet 21 and 20, those two. Okay, so those are going to be my database subnets, and I'll click create. That creates my DB subnet group within which I will launch my database. Fantastic.

Now that we've got the subnets, click on databases. We'll create a new database, and we're going to set up a standard create database. You want to select MySQL for this exercise. We'll leave all of the defaults in terms of the edition and the engine version and select free tier because we want to make sure that you don't get charged. That will turn off some options, unfortunately, but that's fine. We're not going to use it for the lab anyway, specifically around things like multi-AZ.

Now we have to give our database instance a name, so I'll call this one devdb. For the credentials, I'm going to leave the master username as admin. I'm going to give it a password, and I'm choosing a very simple password. In the real world, you want to choose a really complex one. We're not going into managing master credentials in Secrets Manager because I want to do Secrets Manager as a separate exercise. I want to show you how it all works. For now, just set a master username and a password of your choice. Make sure you remember the password; otherwise, you will not be able to access the database. So, make a note of it somewhere safe.

We'll scroll down and select the default option of db.t3.micro instance type for our database. It's going to use a general-purpose SSD with an allocated storage space of 20 gigs. I'm going to disable the enabled storage auto-scaling because we don't need it for the purposes of this exercise, so I'll just deselect that.

In terms of connectivity, you need to make sure that you select the right VPC, so that is the dev VPC. Leave the setting to "Do not connect to an EC2 compute resource" because we will be getting Elastic Beanstalk to provision the instances to talk to our database. Because I've selected the right VPC, it's picked up the fact that I've got a single subnet group in there—the database subnet group—so it selected that for me already. Ensure that it's set to "No" under Public Access because this database is sitting in the backend, right in the private subnet. It doesn't need public access—no public IPs. Then, you need to select the security group for the database.

We've already created a database security group when we did the VPC section of this exercise, so untick "default" and from the drop-down list, select "database SG." Okay, availability zone, we'll select 1A as our preference where we want to place our database. Expand additional configuration. Just make sure that the default port is set to 3306, which is exactly what we want. A little bit further, we'll leave the database authentication to password authentication, and then you want to expand additional configuration.

Here, you need to provide a database name, so I'll use the same name, devdb. We'll set the backups to enabled. We'll set the retention period to one day. Okay, and we can leave the encryption enabled as well. With encryption, it's going to use the default KMS key for RDS. If you're interested in learning more about encryption and KMS.

 

LAB - Step 8 - Create an Elastic Beanstalk Application

Right, you've done all of the prerequisites. You've built a VPC, deployed an RDS database in that VPC, configured Secrets Manager, and set up the necessary IAM roles with all the permissions that you need.

Next, we're going to move on and work with Elastic Beanstalk to deploy the application into Elastic Beanstalk. Before you do that, though, you need to download the application source code bundle from our GitHub repository. Let me show you where that is first, and then we'll jump back into the AWS Management Console and deploy this application.

So, you have access to the application source code bundle that we're using for this project. It's available in our GitHub repository, the link of which is available to you in the resources section of this video or down in the description box below. You'll need to download the EBS RDS to-do app code version 2's zip file and place it on your desktop or in a location that's easily accessible. You will actually be uploading the ZIP code bundle as it is, as a zip file, to the Elastic Beanstalk application when you configure Elastic Beanstalk. But I wanted to extract the contents of the zip file and just show you what it contains. So, let me do that first.