LAMP Server Deployment on AWS

This project contains Terraform code to deploy a simple LAMP (Linux, Apache, MySQL, PHP) server on AWS.

Prerequisites

• Terraform installed on your local machine
• AWS account with appropriate permissions
• AWS CLI configured with your credentials

Deployment Steps

1. Clone and Navigate to the iac folder:

   git clone https://github.com/dansarpong/lamp-lab.git
   cd lamp-lab

2. Set the DB credentials:

   aws secretsmanager create-secret \
   --profile <profile_name> \
   --name db-creds-v1 \
   --description "Credentials for my LAMP stack DB" \
   --secret-string '{"username": "user", "password": "pass"}' \
   --tags Key=Lab,Value=LAMP

3. Initialize Terraform:

   terraform init

4. Set the AWS credentials as environment variables if not already set in default profile:

   export AWS_PROFILE=<profile_name>

5. Plan the deployment:

   terraform plan

6. Apply the deployment:

   terraform apply

7. Confirm the deployment:

   • Type yes when prompted to confirm the deployment.

Outputs

After the deployment is complete, Terraform will output the public IP address of the LAMP server. You can use this IP address to access the server via a web browser after a few minutes.

Cleanup

To destroy the resources created by Terraform, run:

terraform destroy

Then run the following command to delete the secret:

aws secretsmanager delete-secret \
    --profile <profile_name> \
    --secret-id db-creds-v1 \
    --recovery-window-in-days 7

Requirements for Scalability, Security, and Availability

• Scalability
  1. Autoscaling Group (ASG) scales from 1 to 4 t3.micro instances based on CPU utilization (scale up at >70%, down at <30%)
  2. Application Load Balancer distributes traffic across instances in multiple Availability Zones
• Security
  1. RDS is in private subnets, not publicly accessible, and encrypted at rest
  2. EC2 instances are in public subnets but restricted via security groups (SSH limited to EC2 Instance Connect, HTTP limited to ALB).
  3. Database credentials are stored in AWS Secrets Manager
• Availability
  1. RDS uses Multi-AZ for automatic failover
  2. EC2 instances and ALB span two Availability Zones for availability
  3. RDS automated backups retained for 5 days with a daily backup window
  4. ALB performs HTTP health checks on instances to ensure they are healthy

Expected Traffic Loads, Performance Needs and Security Levels

• Traffic Loads
  1. Designed for light to moderate traffic (e.g., hundreds of users)
  2. Autoscaling Group can handle increased traffic by adding more instances
• Performance Needs
  1. 'db.t3.micro' instances are suitable for light workloads
  2. ALB optimizes request routing to healthy instances
• Security Levels
  1. RDS is encrypted at rest and not publicly accessible
  2. EC2 instances are secured via security groups and SSH access is restricted
  3. Database credentials are stored in AWS Secrets Manager