Deploying to Amazon Web Services

Ready for production? Let's deploy to Amazon Web Services.

Architecture overview

Here is a diagram showing the different parts of the system we will put in place in Amazon Web Services.

Setup Virtual Private Cloud (VPC)

The first part is to create a VPC. To do that, go in your AWS console and open the VPC service, then go to Your VPCs. Click on Create VPC. Enter the required information.

Amazon VPC

Then, go to Subnets where we will create 2 public subnets and 2 private subnets. Click on Create Subnet and enter the required information. You should put 1 public subnet and 1 private subnet in the same availability zone.

Amazon VPC Subnets

Then, go to Internet Gateways. Click on Create Internet Gateway. Give it a name and click on Yes, Create. Finally, click on Attach to VPC and select your newly created VPC.

Then, go to NAT Gateways and click on Create NAT Gateway. We will create one for each public subnet. For this step, you will need to click on Create New EIP for assigning an elastic IP to each NAT gateway.

Amazon VPC NAT Gateway

Then, go to Route Tables and click on Create Route Table. We will create 1 route table for both public subnets and 1 route table for each private subnet. For each route table, give it a name and select the newly created VPC.

Click on the new public route table, then go to Routes tab. Click on Edit then on Add another route. For the destination enter 0.0.0.0/0 and for the target select your internet gateway. Then click on Subnet associations, click on Edit and select your 2 public subnets.

For each of the private route table, go to Routes tab. Click on Edit then on Add another route. For the destination enter 0.0.0.0/0 and for the target select the NAT gateway that is in the same availability zone. Then click on Subnet associations, click on Edit and select the private subnet that is in the same availability zone.

Then, go to Network ACLs and click on Create Network ACL, give it a name and select the newly created VPC. Go to Inbound tab and click on Edit. For the rule # enter 100, for the type select ALL Traffic and for the source enter 0.0.0.0/0. Then go to Outbound tab and repeat the previous steps. Finally, go to Subnet Associations, click Edit and select all the subnets.

The last step will be to create the security groups needed for the different systems in the stack. Follow the configurations below in the same order.

ELB Security Group

Inbound:
  HTTP (80)                TCP (6)     80      0.0.0.0/0
  HTTPS (443)              TCP (6)     443     0.0.0.0/0
Outbound:
  ALL Traffic              ALL         ALL     0.0.0.0/0
		

EC2 Security Group

Inbound:
  HTTP (80)                TCP (6)     80      {Select the ELB Security Group}
Outbound:
  ALL Traffic              ALL         ALL     0.0.0.0/0
  		

RDS Security Group

Inbound:
  MySQL/Aurora (3306)      TCP (6)     3306    {Select the EC2 Security Group}
Outbound:
  ALL Traffic              ALL         ALL     0.0.0.0/0
  		

ElastiCache Security Group

Inbound:
  Custom TCP Rule          TCP (6)     6379    {Select the EC2 Security Group}
Outbound:
  ALL Traffic              ALL         ALL     0.0.0.0/0
  		

Setup Relational Database (RDS)

Open the RDS service, then go to Subnet Groups and click on Create DB Subnet Group and enter the required information making sure to add your 2 private subnets.

Amazon RDS Subnet Group

Go back to the RDS dashboard and click on Launch a DB Instance. Select MySQL and choose the production MySQL. Enter the database details. Finally, select the VPC, the subnet group and the RDS security group.

Amazon RDS

Setup ElastiCache

Open the ElastiCache service, then go to Cache Subnet Groups and click on Create Cache Subnet Group. Enter the required information making sure to add your 2 private subnets.

Amazon ElastiCache Subnet Group

Go back to the ElastiCache dashboard and click on Launch Cache Cluster. Select Redis and enter the cluster details.

Amazon ElastiCache

Setup Elastic Compute Cloud (EC2)

Open the EC2 service, then go to Key Pairs and click on Create Key Pair. Give it a name and download the newly created key pair. Keep it securely as this is what allows you to connect to your EC2 instances.

Then go to Load Balancers and click on Create Load Balancer. In step 1, add a listener from HTTPS (443) to HTTP (80) and select your 2 public subnets.

Amazon Elastic Load Balancer

Select your ELB security group. Upload your SSL certificate for your HTTPS listener. Configure the health check for your instance by selecting TCP as the Ping Protocol. Go through the next steps and create the load balancer.

Setup Opsworks

Open the Opsworks service, then click on Add stack. Select Chef 11 stack and enter the details.

Amazon Opsworks

Amazon Opsworks Advanced Settings

Go to Layers and click on Add layer. Select PHP App Server for the Layer type, select the EC2 security group and select your load balancer.

Click on the newly created layer, go to Network tab and make sure Public IP address is set to Yes.

Go to Apps tab and click on Add app. Give it a name, in the Document root box enter public/. For the Application Source, choose the option you prefer. Remember that all the files (including vendors) will need to be in that source for the API to work.

After you have done that, go to Instances and start adding instances to have a working API.