In an AWS environment with requirements for high availability and network segmentation, I designed and deployed from scratch an infrastructure to securely host a publicly accessible web server, following Infrastructure as Code best practices.
Problem to solve:
The goal was to create a cloud architecture that:
- Isolated resources into public and private subnets.
- Allowed public access only to the web server.
- Ensured private instances could securely reach the internet.
- Was fully reproducible and scalable over time.
Solution implemented:
- Custom VPC (/16) with 2 public and 2 private subnets distributed across us-east-1a/b.
- Internet Gateway for inbound traffic to the public layer and NAT Gateway with Elastic IP for controlled outbound access from the private layer.
- Dedicated route tables (public→IGW, private→NAT) to properly segment traffic.
- HTTP Security Group with port 80 open for inbound web traffic.
- t2.micro EC2 instance (Amazon Linux 2023) in a public subnet, automatically configured with Apache, PHP, and a demo application via user_data.
Results:
- Fully automated infrastructure deployment with Terraform and controlled teardown using terraform destroy.
- Web server running and publicly accessible, while private subnets maintain secure outbound access.
- Comprehensive documentation including deployment steps, architecture diagram, and proof of operation.
Technologies and skills applied:
AWS Networking (VPC, Subnets, IGW, NAT, Route Tables) • Security Groups • Terraform (IaC) • user_data automation • Technical documentation and reproducible deployment best practices.