🎯 Objective
Build a secure, production-like environment on AWS using a VPC with Public and Private subnets. Deploy a PHP-based Micro-Blog app with a MariaDB backend using EC2 instances. This part covers VPC, EC2 instance setup using CloudFormation, and GitHub repo creation.
📁 Step 1: Create GitHub Repository
- Create a new GitHub repo: micro-blog-aws
- Folder structure:
micro-blog-aws/ ├── cloudformation/ │ └── vpc-ec2-setup.yaml ├── backend/ # MariaDB connection │ └── setup.sql ├── frontend/ │ ├── index.php │ ├── post.php │ └── db.php └── README.md
- Add all files, commit, and push to GitHub.
- Github repo link
🧱 Step 2: Write CloudFormation Template
- In our
Vpc-ec2-setup.yaml
file paste the below code. - This file contains all the setup config as a Code(Infrastructure as a Code)
- Setup the file and push it via Git sync option or download the file and upload via upload
.yaml
or.json
template file.
Infra Code:
AWSTemplateFormatVersion: '2010-09-09' Description: VPC Setup for Micro-Blog App (Public:Frontend, Private:MySQL) Resources: MicroBlogVPC: Type: AWS::EC2::VPC Properties: CidrBlock: 10.0.0.0/16 Tags: - Key: Name Value: MicroBlogVPC InternetGateway: Type: AWS::EC2::InternetGateway AttachGateway: Type: AWS::EC2::VPCGatewayAttachment Properties: VpcId: !Ref MicroBlogVPC InternetGatewayId: !Ref InternetGateway PublicSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MicroBlogVPC CidrBlock: 10.0.1.0/24 AvailabilityZone: !Select [ 0, !GetAZs '' ] MapPublicIpOnLaunch: true Tags: - Key: Name Value: PublicSubnet PrivateSubnet: Type: AWS::EC2::Subnet Properties: VpcId: !Ref MicroBlogVPC CidrBlock: 10.0.2.0/24 AvailabilityZone: !Select [ 1, !GetAZs '' ] Tags: - Key: Name Value: PrivateSubnet PublicRouteTable: Type: AWS::EC2::RouteTable Properties: VpcId: !Ref MicroBlogVPC PublicRoute: Type: AWS::EC2::Route DependsOn: AttachGateway Properties: RouteTableId: !Ref PublicRouteTable DestinationCidrBlock: 0.0.0.0/0 GatewayId: !Ref InternetGateway PublicSubnetRouteTableAssociation: Type: AWS::EC2::SubnetRouteTableAssociation Properties: SubnetId: !Ref PublicSubnet RouteTableId: !Ref PublicRouteTable PublicSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow HTTP and SSH VpcId: !Ref MicroBlogVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 22 ToPort: 22 CidrIp: 0.0.0.0/0 - IpProtocol: tcp FromPort: 80 ToPort: 80 CidrIp: 0.0.0.0/0 PrivateSecurityGroup: Type: AWS::EC2::SecurityGroup Properties: GroupDescription: Allow MySQL and SSH from Public EC2 VpcId: !Ref MicroBlogVPC SecurityGroupIngress: - IpProtocol: tcp FromPort: 3306 ToPort: 3306 SourceSecurityGroupId: !Ref PublicSecurityGroup - IpProtocol: tcp FromPort: 22 ToPort: 22 SourceSecurityGroupId: !Ref PublicSecurityGroup PublicEC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: t2.micro KeyName: microblog-keypair # Replace this with your actual key pair name ImageId: ami-0c02fb55956c7d316 # Amazon Linux 2 (update to match your region) SubnetId: !Ref PublicSubnet SecurityGroupIds: - !Ref PublicSecurityGroup Tags: - Key: Name Value: PublicEC2 PrivateEC2Instance: Type: AWS::EC2::Instance Properties: InstanceType: t2.micro KeyName: microblog-keypair # Same key used to SSH from public EC2 ImageId: ami-0c02fb55956c7d316 # Amazon Linux 2 SubnetId: !Ref PrivateSubnet SecurityGroupIds: - !Ref PrivateSecurityGroup Tags: - Key: Name Value: PrivateEC2 Outputs: VPCID: Description: VPC ID Value: !Ref MicroBlogVPC PublicSubnetID: Value: !Ref PublicSubnet PrivateSubnetID: Value: !Ref PrivateSubnet PublicSGID: Value: !Ref PublicSecurityGroup PrivateSGID: Value: !Ref PrivateSecurityGroup PublicInstanceID: Value: !Ref PublicEC2Instance PrivateInstanceID: Value: !Ref PrivateEC2Instance
☁️ Step 3: Deploy CloudFormation Stack
- Go to AWS CloudFormation
- Upload
vpc-ec2-setup.yaml
- Provide Stack name: micro-blog-stack
- Parameters: key pair, instance types, etc.
- Launch and wait until status is
CREATE_COMPLETE
- check the below image for clarification
🔐 Step 4: Generate SSH Key Pair
- In AWS EC2 Console → Key Pairs → Create Key Pair → Download
.pem
- Secure the
.pem
to authenticate the user of EC2 using this keypair .pem file. chmod 400 micro-blog-key.pem
- Login to the Created EC2 Public(frontend-EC2) using SSH via Git-bash
ssh -i micro-blog-key.pem ec2-user@<Public_IP>
We need to access Private EC2(Database) from Public EC2(Frontend) via SSH and Key-pair.pem
Step 5:Once Done, we'll Get:
A working VPC with:
- Public subnet (frontend EC2 lives here)
- Private subnet (MySQL EC2 lives here)
Two security groups:
- One allows HTTP + SSH
- One allows MySQL only from frontend server
We can access private EC2 from Public EC2 with same Key-pair using Git-bash SSH.
- The below image describes the Private EC2 which we connected through Public EC2 via SSH.
- Note:(Check the IP so that we can make it confirm which EC2 we are in.)
✅ Done! our VPC and EC2 infrastructure is ready.
In Part 2 we’ll:
- Install Apache, PHP, MariaDB
- Configure database
- Connect backend and frontend
Stay tuned and Complete the project..!
Top comments (2)
@akashabish , Part #1 is good. Keep going
Sure sir ! ✨