| « PreviousNext » | |
   | Did this page help you? Yes | No | Tell us about it... |
Using AWS Elastic Beanstalk with Amazon VPC
Amazon Virtual Private Cloud (Amazon VPC) enables you to define a virtual network in your own isolated section within the Amazon Web Services (AWS) cloud, known as a virtual private cloud (VPC). Using VPC, you can deploy a new class of web applications on AWS Elastic Beanstalk, including internal web applications (such as your recruiting application), web applications that connect to an on-premise database (using a VPN connection), as well as private web service back-ends. AWS Elastic Beanstalk launches your AWS resources, such as instances, into your VPC. Your VPC closely resembles a traditional network, with the benefits of using AWS's scalable infrastructure. You have complete control over your VPC; you can select the IP address range, create subnets, and configure routes and network gateways. To protect the resources in each subnet, you can use multiple layers of security, including security groups and network access control lists. For more information about Amazon VPC, go to the Amazon Virtual Private Cloud User Guide.
You can deploy an AWS Elastic Beanstalk application inside a Amazon VPC with any of the following container types:
Node.js
PHP 5.3 and PHP 5.4
Python
Ruby 1.8.7 and 1.9.3
Apache Tomcat 6 and 7
Windows Server 2008 R2 running IIS 7.5 and Windows Server 2012 running IIS 8
AWS Elastic Beanstalk supports legacy and non-legacy containers for PHP 5.3, Windows Server 2008 R2 running IIS 7.5, Windows Server 2012 running IIS 8, and Apache Tomcat 6 or 7. If you are not sure if you are using a legacy container, check the Elastic Beanstalk console. For instructions, see To check if you are using a legacy container type.
What VPC Configuration Do I Need to Run AWS Elastic Beanstalk Applications?
In order to run AWS Elastic Beanstalk applications inside a VPC, you will need to configure at least the following:
Create two subnets: one for your EC2 instances and one for your Elastic Load Balancer.
Traffic must be able to be routed from your Elastic Load Balancer to your EC2 instances.
Your EC2 instances must be able to connect to the Internet and AWS endpoints.
The following are two examples of how you can configure your VPC to meet these requirements:
Create a NAT instance that proxies all requests from the private subnet to the Internet and AWS.
Create a VPN Gateway and NAT instance to allow traffic from the EC2 instances to the Internet and AWS.
This section walks you through creating a NAT instance and deploying your AWS Elastic Beanstalk application inside your VPC. This section walks you through three different example scenarios; however, you are not limited to these examples.
Example: Launching an AWS Elastic Beanstalk Application in a VPC – A VPC with a private and public subnet. EC2 instances are located in the private subnet, and the NAT instance and elastic load balancer are located in the public subnet.
Example: Launching an AWS Elastic Beanstalk Application in a VPC with Bastion Hosts – A VPC with a private and public subnet. EC2 instances are located in the private subnet, and the NAT instance, bastion host, and elastic load balancer are located in the public subnet. Since the EC2 instances are located in the private subnet, you will not be able to connect directly to them. You can create a bastion host in your public subnet to access your EC2 instances.
Example: Launching an AWS Elastic Beanstalk in a VPC with Amazon RDS – A VPC with a private and public subnet. EC2 and RDS DB Instances are located in the private subnet, and the NAT instance and elastic load balancer are located in the public subnet.
For instructions on creating a VPN Gateway, go to Scenario 3: VPC with Public and Private Subnets and Hardware VPN Access.
