Data durability and recovery
In this project you will create highly available solutions to common use cases. You will build a Multi-AvailabilityZone, Multi-Region database and show how to use it in multiple geographically separate AWS regions. You will also build a website hosting solution that is versioned so that any data destruction and accidents can be quickly and easily undone.
Getting Started
To get started, clone this repo. Aside from instructions, it contains a CloudFormation script to build an AWS VPC with public and private subnets. It also contains an example website that you will host in an AWS S3 bucket in your account.
Project Instructions
Cloud formation
In this project, you will use the AWS CloudFormation to create Virtual Private Clouds. CloudFormation is an AWS service that allows you to create "infrastructure as code". This allows you to define the infrastructure you'd like to create in code, just like you do with software. This has the benefits of being able to share your infrastructure in a common language, use source code control systems to version your infrastructure and allows for documenting and reviewing of infrastructure and infrastructure proposed changes.
CloudFormation allows you to use a configuration file written in a YAML file to automate the creation of AWS resources such as VPCs. In this project, you will use a pre-made CloudFormation template to get you started. This will allow you to create some of the infrastructure that you'll need without spending a lot of time learning details that are beyond the scope of this course.
You can find the YAML file in the GitHub repo: https://github.com/udacity/nd063-c2-design-for-availability-resilience-reliability-replacement-project-starter-template/blob/master/cloudformation/vpc.yaml
In order to build a VPC from the YAML file, follow the steps:
- Services -> CloudFormation
- Create stack “With new resources (standard)”
- Template is ready
- Upload a template file
- Click “Choose file” button
- Select provided YAML file
- Next
- Fill in Stack name
- Name the VPC
- Update the CIDR blocks
- Click Next
- Click Next again
- Click Create stack
- Wait for the stack to build out. Refresh until status becomes “CREATE_COMPLETE”
- Observe the “Outputs” tab for the created IDs. These will be used later.
Once the CloudFormation Stack has completed, you can look at the "Resources" tab to see all of the AWS resources that the stack has created. You can see both the type of resources that have been created, as well as the AWS identifiers for those resources so that you can locate these resources in the AWS service that they are a part of.
The "Outputs" tab shows you custom output from the CloudFormation Stack that is labeled and described for you. These descriptions are custom descriptions that were added to the CloudFormation template and make it easier for you to find specific values that have been created as a part of the CloudFormation stack. Here, you can find the VPC ID that has been created, the subnet IDs including which subnets are public and which are private, and the Security Groups that have been created and a description of each.
Part 1
Complete the following steps:
Data durability and recovery
In order to achieve the highest levels of durability and availability in AWS you must take advantage of multiple AWS regions.
- Pick two AWS regions. An active region and a standby region.
- Use CloudFormation to create one VPC in each region. Name the VPC in the active region "Primary" and name the VPC in the standby region "Secondary".
NOTE: Be sure to use different CIDR address ranges for the VPCs. SAVE screenshots of both VPCs after they are created. Name your screenshots: primary_Vpc.png, secondary_Vpc.png
Highly durable RDS Database
- Create a new RDS Subnet group in the active and standby region.
- Create a new MySQL, multi-AZ database in the active region. The database must:
- Be a “burstable” instance class.
- Have only the “UDARR-Database” security group.
- Have an initial database called “udacity.”
- Create a read replica database in the standby region. This database has the same requirements as the database in the active region.
SAVE screenshots of the configuration of the databases in the active and secondary region after they are created. SAVE screenshots of the configuration of the database subnet groups as well as route tables associated with those subnets. Name the screenshots: primaryDB_config.png, secondaryDB_config.png, primaryDB_subnetgroup.png, secondaryDB_subnetgroup.png, primaryVPC_subnets.png, secondaryVPC_subnets.png, primary_subnet_routing.png, secondary_subnet_routing.png
Estimate availability of this configuration
Write a paragraph or two describing the achievable Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for this Multi-AZ, multi-region database in terms of:
- Minimum RTO for a single AZ outage
- Minimum RTO for a single region outage
- Minimum RPO for a single AZ outage
- Minimum RPO for a single region outage
SAVE your answers in a text file named "estimates.txt"
Demonstrate normal usage
In the active region:
- Create an EC2 keypair in the region
- Launch an Amazon Linux EC2 instance in the active region. Configure the instance to use the VPC's public subnet and security group ("UDARR-Application").
- SSH to the instance and connect to the "udacity" database in the RDS instance.
- Verify that you can create a table, insert data, and read data from the database.
- You have now demonstrated that you can read and write to the primary database
SAVE the log of connecting to the database, creating the table, writing to and reading from the table in a text file called "log_primary.txt"
Monitor database
- Observe the “DB Connections” to the database and how this metric changes as you connect to the database
- Observe the “Replication” configuration with your multi-region read replica.
SAVE screenshots of the DB Connections and the database replication configuration. Name your screenshots: monitoring_connections.png, monitoring_replication.png
Part 2
Failover And Recovery
In the standby region:
- Create an EC2 keypair in the region
- Launch an Amazon Linux EC2 instance in the standby region. Configure the instance to use the VPC's public subnet and security group ("UDARR-Application").
- SSH to the instance and connect to the read replica database.
- Verify if you are not able to insert data into the database but are able to read from the database.
- You have now demonstrated that you can only read from the read replica database.
SAVE log of connecting to the database, writing to and reading from the table in a text file called "log_rr_before_promotion.txt"
SAVE screenshot of the database configuration now, before promoting the read replica database in the next step. Name your screenshot: rr_before_promotion.png
- Promote the read replica
- Verify that if you are able to insert data into and read from the read replica database.
- You have now demonstrated that you can read and write the promoted database in the standby region.
SAVE log of connecting to the database, writing to and reading from the database in a text file named "log_rr_after_promotion.txt"
SAVE screenshots of the database configuration after the database promotion. Name your screenshot: rr_after_promotion.png
Part 3
Website Resiliency
Build a resilient static web hosting solution in AWS. Create a versioned S3 bucket and configure it as a static website.
- Enter “index.html” for both Index document and Error document
- Upload the files from the GitHub repo (under
/project/s3/
) - Paste URL into a web browser to see your website.
Save the screenshot of the webpage. Name your screenshot "s3_original.png" You will now “accidentally” change the contents of the website such that it is no longer serving the correct content
You will now “accidentally” change the contents of the website such that it is no longer serving the correct content
- Change
index.html
to refer to a different “season” - Re-upload
index.html
- Refresh web page
SAVE a screenshot of the modified webpage. Name your screenshot "s3_season.png"
You will now need to “recover” the website by rolling the content back to a previous version.
- Recover the
index.html
object back to the original version - Refresh web page
SAVE a screenshot of the modified webpage. Name your screenshot "s3_season_revert.png"
You will now “accidentally” delete contents from the S3 bucket. Delete “winter.jpg”
SAVE screenshots of the modified webpage and of the existing versions of the file showing the "Deletion marker". Name your screenshots: s3_deletion.png, s3_delete_marker.png
You will now need to “recover” the object:
- Recover the deleted object
- Refresh web page
SAVE a screenshot of the modified webpage. Name your screenshot "s3_delete_revert.png"
License
Apache-2.0
Implementation Notes
- Stackset is used to setup AWS stack i.e. VPC, Active RDS, StandBy
- Stack set directory: cloudformation
- Setup/Cleanup scripts: scripts
- Python Test Application directory: python
- Screenshots/logs directory: outcomes