🚀 Deploying a Highly Available Web Application on AWS using ALB & Auto Scaling (Beginner-Friendly)
Source: Dev.to
Introduction
In this hands‑on project, a production‑ready AWS architecture is built using core services such as VPC, Application Load Balancer (ALB), Auto Scaling Group (ASG), EC2, and NAT Gateway.
The setup follows AWS best practices:
- Secure networking
- High availability
- Automatic scaling
- No public access to EC2 instances
The guide is beginner‑friendly yet interview‑ready.
What You Will Learn
- How to design a secure AWS VPC
- Public vs. private subnets (real use‑case)
- Application Load Balancer (ALB)
- Auto Scaling Group (ASG)
- NAT Gateway for outbound internet
- Real‑world architecture used in companies
Architecture Overview
Internet
|
▼
Application Load Balancer (Public Subnets)
|
▼
Target Group
|
▼
Auto Scaling Group
(EC2 Instances in Private Subnets)
|
▼
NAT Gateway → Internet (Outbound Only)- EC2 instances have no public IPs.
- Only the ALB is exposed to the internet.
Services Used
- Amazon VPC
- EC2 (Ubuntu)
- Application Load Balancer
- Auto Scaling Group
- Target Groups
- NAT Gateway
- Elastic IP
- Security Groups
Step‑by‑Step Implementation
1️⃣ Create a Custom VPC
- CIDR:
10.0.0.0/16 - Enable DNS Hostnames and DNS Resolution
2️⃣ Create Subnets
Create four subnets:
| Subnet Type | Name | Purpose |
|---|---|---|
| Public | Public‑Subnet‑1 | ALB |
| Public | Public‑Subnet‑2 | NAT Gateway |
| Private | Private‑Subnet‑1 | EC2 |
| Private | Private‑Subnet‑2 | EC2 |
Enable Auto‑assign Public IP = Yes only for the public subnets.
3️⃣ Internet Gateway
- Create and attach an Internet Gateway to the VPC.
- Required for ALB and NAT Gateway.
4️⃣ NAT Gateway (Critical)
- Create a NAT Gateway in a public subnet.
- Attach an Elastic IP.
- Allows private EC2 instances to access the internet securely.
5️⃣ Route Tables
- Public Route Table:
0.0.0.0/0 → Internet Gateway - Private Route Table:
0.0.0.0/0 → NAT Gateway
Associate each route table with the appropriate subnets.
6️⃣ Security Groups
-
ALB Security Group:
- Inbound: HTTP (80) from
0.0.0.0/0
- Inbound: HTTP (80) from
-
EC2 Security Group:
- Inbound: HTTP (80) from ALB Security Group
- Inbound (optional): SSH (22) from your IP
EC2 instances are reachable only via the ALB.
7️⃣ Launch Template (EC2)
- AMI: Ubuntu 22.04
- Instance Type:
t2.micro
User Data Script
#!/bin/bash
apt update -y
apt install apache2 -y
systemctl start apache2
systemctl enable apache2
cat /var/www/html/index.html
## Welcome from ALB + Auto Scaling
## Hostname: $(hostname)
EOF8️⃣ Target Group
- Target Type: Instance
- Protocol: HTTP
- Port: 80
- Health Check Path:
/
9️⃣ Application Load Balancer
- Type: Internet‑facing
- Subnets: Public subnets
- Listener: HTTP 80 → forward to Target Group
🔟 Auto Scaling Group
- Use the launch template created above.
- Subnets: Private subnets
- Desired Capacity: 2
- Minimum: 1
- Maximum: 3
- Attach to the ALB target group.
Optional: Add a CPU‑based scaling policy.
Final Verification
- Copy the ALB DNS name.
- Paste it into a browser and refresh several times.
You should see different hostnames, confirming load balancing, auto scaling, and high availability.
GitHub Repository
Project source code & documentation:
https://github.com/IrfanPasha05/aws-alb-autoscaling-project
The repository includes:
- Folder structure
- User‑data scripts
- Setup steps
- Troubleshooting guide
Why This Project Matters
The architecture mirrors real production environments and is commonly used in:
- Enterprise applications
- DevOps & Cloud Engineer roles
It’s perfect for:
- Resumes
- Interviews
- Portfolio (LinkedIn, DEV, etc.)
Future Enhancements
- HTTPS with ACM
- Custom domain via Route 53
- CloudFront CDN
- Monitoring with CloudWatch
Final Thoughts
Building this project deepens understanding of AWS networking, security, and scalability. If you’re learning AWS or preparing for cloud roles, implement it once—you’ll remember it forever.
Happy Clouding! ☁️🚀