Muhammad Bilal's Work | ContraWork by Muhammad Bilal
Muhammad Bilal

Muhammad Bilal

AWS Cloud Engineer helping businesses scale securely.

New to Contra

Muhammad is building their profile!

Cover image for AWS Web Application Deployment: Scalable, Secure, and Available
Designed and deployed a production-grade, highly available web application on AWS (US East - N. Virginia), following AWS best practices for security, scalability, and fault tolerance. Architecture Highlights Custom VPC (10.0.0.0/16) with public and private subnets across 2 Availability Zones Internet-facing Application Load Balancer distributing traffic across private web servers Auto Scaling Group maintaining 2 healthy EC2 instances across AZ-1 and AZ-2 Windows-based EC2 instances running IIS in private subnets Private Amazon RDS (MySQL) — no direct public access Bastion Host for secure RDP access Custom domain mapped via Route 53 SNS configured for CloudWatch alarm notifications Security Design Zero direct public exposure for web servers Multi-tier Security Groups (ALB → WebServer → RDS) RDP access restricted to Bastion Host with limited IP Challenges Solved Fixed unhealthy target group (IIS config + ALB health check path) Resolved 504 Gateway Timeout (Security Group misconfiguration) Fixed RDP password failure post-custom AMI (Sysprep initialization issue) Result Application live via custom domain, with Auto Scaling maintaining availability across multiple AZs on a fully secure architecture.
0
1
Cover image for Designed and deployed a production-grade,
Designed and deployed a production-grade, highly available web application on AWS (US East - N. Virginia), following AWS best practices for security, scalability, and fault tolerance. Architecture Highlights Custom VPC (10.0.0.0/16) with public and private subnets across 2 Availability Zones Internet-facing Application Load Balancer distributing traffic across private web servers Auto Scaling Group maintaining 2 healthy EC2 instances across AZ-1 and AZ-2 Windows-based EC2 instances running IIS in private subnets Private Amazon RDS (MySQL) — no direct public access Bastion Host for secure RDP access Custom domain mapped via Route 53 SNS configured for CloudWatch alarm notifications Security Design Zero direct public exposure for web servers Multi-tier Security Groups (ALB → WebServer → RDS) RDP access restricted to Bastion Host with limited IP Challenges Solved Fixed unhealthy target group (IIS config + ALB health check path) Resolved 504 Gateway Timeout (Security Group misconfiguration) Fixed RDP password failure post-custom AMI (Sysprep initialization issue) Result Application live via custom domain, with Auto Scaling maintaining availability across multiple AZs on a fully secure architecture
0
5