💻Deploying a Micro-Blog App on AWS EC2 Using VPC & Subnets via CloudFormation (Part -1)

#cloud #awschallenge #aws #webdev

🎯 Objective

Build a secure, production-like environment on AWS using a VPC with Public and Private subnets. Deploy a PHP-based Micro-Blog app with a MariaDB backend using EC2 instances. This part covers VPC, EC2 instance setup using CloudFormation, and GitHub repo creation.

📁 Step 1: Create GitHub Repository

Create a new GitHub repo: micro-blog-aws
Folder structure:

micro-blog-aws/
├── cloudformation/
│   └── vpc-ec2-setup.yaml
├── backend/           # MariaDB connection
│   └── setup.sql
├── frontend/
│   ├── index.php
│   ├── post.php
│   └── db.php
└── README.md

Add all files, commit, and push to GitHub.
Github repo link

🧱 Step 2: Write CloudFormation Template

In our Vpc-ec2-setup.yaml file paste the below code.
This file contains all the setup config as a Code(Infrastructure as a Code)
Setup the file and push it via Git sync option or download the file and upload via upload .yaml or .json template file.

Infra Code:

AWSTemplateFormatVersion: '2010-09-09'
Description: VPC Setup for Micro-Blog App (Public:Frontend, Private:MySQL)

Resources:

  MicroBlogVPC:
    Type: AWS::EC2::VPC
    Properties:
      CidrBlock: 10.0.0.0/16
      Tags:
        - Key: Name
          Value: MicroBlogVPC

  InternetGateway:
    Type: AWS::EC2::InternetGateway

  AttachGateway:
    Type: AWS::EC2::VPCGatewayAttachment
    Properties:
      VpcId: !Ref MicroBlogVPC
      InternetGatewayId: !Ref InternetGateway

  PublicSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MicroBlogVPC
      CidrBlock: 10.0.1.0/24
      AvailabilityZone: !Select [ 0, !GetAZs '' ]
      MapPublicIpOnLaunch: true
      Tags:
        - Key: Name
          Value: PublicSubnet

  PrivateSubnet:
    Type: AWS::EC2::Subnet
    Properties:
      VpcId: !Ref MicroBlogVPC
      CidrBlock: 10.0.2.0/24
      AvailabilityZone: !Select [ 1, !GetAZs '' ]
      Tags:
        - Key: Name
          Value: PrivateSubnet

  PublicRouteTable:
    Type: AWS::EC2::RouteTable
    Properties:
      VpcId: !Ref MicroBlogVPC

  PublicRoute:
    Type: AWS::EC2::Route
    DependsOn: AttachGateway
    Properties:
      RouteTableId: !Ref PublicRouteTable
      DestinationCidrBlock: 0.0.0.0/0
      GatewayId: !Ref InternetGateway

  PublicSubnetRouteTableAssociation:
    Type: AWS::EC2::SubnetRouteTableAssociation
    Properties:
      SubnetId: !Ref PublicSubnet
      RouteTableId: !Ref PublicRouteTable

  PublicSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow HTTP and SSH
      VpcId: !Ref MicroBlogVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0

  PrivateSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow MySQL and SSH from Public EC2
      VpcId: !Ref MicroBlogVPC
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 3306
          ToPort: 3306
          SourceSecurityGroupId: !Ref PublicSecurityGroup
        - IpProtocol: tcp
          FromPort: 22
          ToPort: 22
          SourceSecurityGroupId: !Ref PublicSecurityGroup

  PublicEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      KeyName: microblog-keypair  # Replace this with your actual key pair name
      ImageId: ami-0c02fb55956c7d316 # Amazon Linux 2 (update to match your region)
      SubnetId: !Ref PublicSubnet
      SecurityGroupIds:
        - !Ref PublicSecurityGroup
      Tags:
        - Key: Name
          Value: PublicEC2

  PrivateEC2Instance:
    Type: AWS::EC2::Instance
    Properties:
      InstanceType: t2.micro
      KeyName: microblog-keypair  # Same key used to SSH from public EC2
      ImageId: ami-0c02fb55956c7d316 # Amazon Linux 2
      SubnetId: !Ref PrivateSubnet
      SecurityGroupIds:
        - !Ref PrivateSecurityGroup
      Tags:
        - Key: Name
          Value: PrivateEC2

Outputs:
  VPCID:
    Description: VPC ID
    Value: !Ref MicroBlogVPC

  PublicSubnetID:
    Value: !Ref PublicSubnet

  PrivateSubnetID:
    Value: !Ref PrivateSubnet

  PublicSGID:
    Value: !Ref PublicSecurityGroup

  PrivateSGID:
    Value: !Ref PrivateSecurityGroup

  PublicInstanceID:
    Value: !Ref PublicEC2Instance

  PrivateInstanceID:
    Value: !Ref PrivateEC2Instance

☁️ Step 3: Deploy CloudFormation Stack

Go to AWS CloudFormation
Upload vpc-ec2-setup.yaml
Provide Stack name: micro-blog-stack
Parameters: key pair, instance types, etc.
Launch and wait until status is CREATE_COMPLETE
check the below image for clarification

🔐 Step 4: Generate SSH Key Pair

In AWS EC2 Console → Key Pairs → Create Key Pair → Download .pem
Secure the .pem to authenticate the user of EC2 using this keypair .pem file.
chmod 400 micro-blog-key.pem
Login to the Created EC2 Public(frontend-EC2) using SSH via Git-bash
ssh -i micro-blog-key.pem ec2-user@<Public_IP>
We need to access Private EC2(Database) from Public EC2(Frontend) via SSH and Key-pair.pem

Step 5:Once Done, we'll Get:

A working VPC with:

Public subnet (frontend EC2 lives here)
Private subnet (MySQL EC2 lives here)

Two security groups:

One allows HTTP + SSH
One allows MySQL only from frontend server

We can access private EC2 from Public EC2 with same Key-pair using Git-bash SSH.

The below image describes the Private EC2 which we connected through Public EC2 via SSH.
Note:(Check the IP so that we can make it confirm which EC2 we are in.)