CloudFront with Multiple Origins
As part of the Cloud Mastery Bootcamp projects, I will be building an Amazon CloudFront distribution with many custom sources. The lab places a strong emphasis on the use of Application Load Balancers, with Amazon EC2 instances serving as the origins and providing a solid base for distribution. The project also explores the use of CloudFront origin groups with failover turned on, demonstrating the creation of a highly available system spanning several AWS Regions. The durability of the solution will be put to the test in the real world as I will simulate a failover in one region causing a network outage and starting a cross-region failover from one load balancer to another.
The accompanying graphic provides a clear understanding of the associated components and their responsibilities in guaranteeing a dependable and scalable system. It does this by visually representing the solution architecture.
First create the S3 bucket that will hold the website code.
After creating the S3 bucket, add HTML and CSS code to it.
1. Select “Create Bucket” from the Amazon S3 Console.
2. The S3 Bucket will be created first. Give it the name “s3-website-1234,” and add a random string of digits to the end.
3. Click on “Create Bucket.”
4. Click on the bucket after it has been created. Upload the website code after that.
Open the “cloudfront-lab-files” folder from the downloaded files. Two files can be found in this folder:
Create the US Website instances
Now, we’ll build the EC2 instances for the US website. Don’t forget to make this in the us-east-1 Region.
1. Initially, we’ll establish us-east-1 as the initial US Website instance.
2. Select Launch instance from the EC2 console.
3. Name it US-Website-1.
4. Select “proceed without a key pair” by scrolling down and ignoring the other default choices.
5. Establish a security group named grants complete access through port 80. Put ‘US-Website-SG’ on it.
6. Within the us-east-1a availability zone, select a public subnet.
7. In order to enable communication between EC2 and S3, an instance profile must be created.
8. To access the IAM console, select “Create new IAM profile” under “Advanced Details.”
9. Select EC2 from the list of frequent use cases by clicking Create Role, then click Next.
10. Locate and attach the AmazonS3ReadOnlyPolicy by clicking the following link:
11. Click “Create Role” after naming the role “CloudFrontEC2S3Role.”
12. Return to the EC2 launch page and include the role in EC2.
13. After that, add the user data from the resources labeled “website user data” under advanced information as well.
16. After making the necessary adjustments, navigate back to the console, paste the user info in, and start the instance.
17. In order to start the second instance of the US Website, we must now take precisely the same actions. With the exception of renaming the instance to US-Website2, all other settings will remain the same. The availability zone should be “us-east-1b.”
18. Launch each EC2 instance’s public IP address to verify that it launched successfully.
Create the EC2 instances for the UK website.
Next, we will establish the EC2 instances for the UK website. Don’t forget to make this in the Region of Europe-West 1.
1. We should start the UK Website instances (UK-Website-1 and UK-Website-2) by following the identical procedures. They have to be launched in eu-west-1a and eu-west-1b, respectively, and use the same user data.
2. Make a second security group and name it UK-Website-SG. It should have the exact same restrictions as the first security group.
3. After launching them, you may check which instance you can reach by using its public IP
Create the US Website ALB
For the US instances, we will now construct the first Application Load Balancer.Ensure that this is created in the US-East-1 Region.
1. Open the EC2 console in the us-east-1 Region, navigate to the Launch Group section, and choose Target Group.
2. Select instances as the target type, type “USWebsiteTargetGroup” for the Target Group name, and then click the next button.
3. Select “include as pending below” after checking both US Website instances.
4. Select “Create Target Group.”
5. Next, we’ll create the load balancer by selecting the application load balancer and clicking on Load Balancers, “Create Load Balancer.”
6. Give it the name “USWebsiteLoadBalancer”
7. Choose the two Availability Zones (‘us-east-1a and us-east-1b’) that we previously chose to launch the US website instances.
8. Choose the US-Website-SG security group and remove the default Security Group.
9. Choose the “USWebsiteTargetGroup” as the port 80 listener.
10. Press the “Create Loader” button.
11. You should now be able to click on the load balancer’s DNS name to be routed to various targets and watch it alternate between us-east-1a and us-east-1b.
Make the ALB website in the UK.
For the UK-based instances, we will now construct the second Application Load Balancer. Don’t forget to make this in the Region of Eu-West-1.
1. With the exception of constructing an ALB named UKWebsiteLoadBalancer and a target group named UKWebsiteTargetGroup, we can now proceed with the same steps for the second application load balancer. The load on eu-west-1a and eu-west-1b should be balanced by the ALB. SG-UK-Website security group should be chosen.
2. Once more, you need to be able to click on the load balancer’s DNS name to be redirected to various targets and observe it alternate amongst eu-west-1a and eu-west-1b.
Setup the CloudFront Distribution
Right now, we’ll build the CloudFront Distribution.
1. Select “Create a CloudFront Distribution” from the Amazon CloudFront dashboard.
2. To link the CloudFront distribution with the US-Website-LoadBalancer, select it under “Origin domain.”
3. Turn on “caching disabled” under “cache and key origin requests”.
4. Click on “do not enable security protection” and create the distribution
Establish the origin and the origin group.
To enable failover between the two sources, we will now add the additional origin and establish the origin group.
1. Select your distribution and then select the sources.
2. Add the second origin (UK ALB) and set the protocol “HTTP ONLY”. Then click “Create origin.”
3. Click “Create origin group” after that.
4. Make sure the US Website origin is at the top by selecting both origins and using the up arrow.
5. Choose “504 Gateway timeout” and give it the name “lab-origin-group.
7. After the origin group has been established, return to the CloudFront distribution and modify the default behavior under Behaviors to redirect the origin to the origin group.
8. Choose “Save changes.”
9. After changes are done, go to your distribution and copy the domain name and past it in a new tab.
Validate the Solution
Next, we will verify whether the CloudFront distribution is operating as planned.
1. Return to the US-East-1 region’s EC2 console.
2. Locate the security group rule that permits HTTP access in the US-Website-SG security group and remove it.
3. This is done to produce a simulated failure, which would normally result in a 504 HTTP error. But we modified the CloudFront distribution’s routing behavior to cause a cross-region failover in the event of a 504 error.
4. The website should quickly failover to the other origin, and instances hosted in the UK should now be providing it.
