Designed and deployed a production-grade, highly available web application on AWS (US East - N. Virginia), following AWS best practices for security, scalability, and fault tolerance.
Architecture Highlights
Custom VPC (10.0.0.0/16) with public and private subnets across 2 Availability Zones
Internet-facing Application Load Balancer distributing traffic across private web servers
Auto Scaling Group maintaining 2 healthy EC2 instances across AZ-1 and AZ-2
Windows-based EC2 instances running IIS in private subnets
Private Amazon RDS (MySQL) — no direct public access
Bastion Host for secure RDP access
Custom domain mapped via Route 53
SNS configured for CloudWatch alarm notifications
Security Design
Zero direct public exposure for web servers
Multi-tier Security Groups (ALB → WebServer → RDS)
RDP access restricted to Bastion Host with limited IP
Challenges Solved
Fixed unhealthy target group (IIS config + ALB health check path)
Resolved 504 Gateway Timeout (Security Group misconfiguration)
Fixed RDP password failure post-custom AMI (Sysprep initialization issue)
Result
Application live via custom domain, with Auto Scaling maintaining availability across multiple AZs on a fully secure architecture.
0
1
Designed and deployed a production-grade, highly available web application on AWS (US East - N. Virginia), following AWS best practices for security, scalability, and fault tolerance.
Architecture Highlights
Custom VPC (10.0.0.0/16) with public and private subnets across 2 Availability Zones
Internet-facing Application Load Balancer distributing traffic across private web servers
Auto Scaling Group maintaining 2 healthy EC2 instances across AZ-1 and AZ-2
Windows-based EC2 instances running IIS in private subnets
Private Amazon RDS (MySQL) — no direct public access
Bastion Host for secure RDP access
Custom domain mapped via Route 53
SNS configured for CloudWatch alarm notifications
Security Design
Zero direct public exposure for web servers
Multi-tier Security Groups (ALB → WebServer → RDS)
RDP access restricted to Bastion Host with limited IP
Challenges Solved
Fixed unhealthy target group (IIS config + ALB health check path)
Resolved 504 Gateway Timeout (Security Group misconfiguration)
Fixed RDP password failure post-custom AMI (Sysprep initialization issue)
Result
Application live via custom domain, with Auto Scaling maintaining availability across multiple AZs on a fully secure architecture