Deploy the lab base infrastructure

In this section we will build out our base lab infrastructure. This will consist of a public API gateway which connects to Lambda (application layer). The application layer will connect to RDS for MySQL (database layer) within a Virtual Private Cloud (VPC). The environment will be deployed to separate private subnets which will allow for segregation of application and network traffic across multiple Availability Zones. We will also deploy an Internet Gateway and NAT gateway along with appropriate routes from both public and private subnets.

When we successfully complete our initial stage template deployment, our deployed workload should reflect the following diagram:

Section1 Base Architecture

Note the following:

  1. The API Gateway has been provided with a role to allow access to invoke the Lambda function in the private subnet (application layer).

  2. The Lambda function has been provided with a role to allow the API Gateway to invoke the Lambda function.

  3. Secrets Manager has been configured as the master password store which the Lambda function will retrieve to provide access to RDS. This will allow Secrets Manager to be used to encrypt, store and transparently decrypt the password when required.

  4. The Security Group associated with Amazon RDS for MySQL will only allow inbound traffic on port 3306 from the specific security group associated with Lambda. This will allow sufficient access for Lambda to connect to Amazon RDS for MySQL.

Note: For simplicity, we have used North Virginia ‘us-east-1’ as the default region for this lab. Please ensure all lab interaction is completed from this region.

To deploy the template for the base infrastructure complete the following steps:

1.1. Get the Cloudformation Template.

To deploy the second CloudFormation template, you can deploy directly via the console. You can get the template here.

Click here for CloudFormation console deployment steps

1.2. Confirm Successful Application Deployment.

  1. Go to the Outputs section of the cloudformation stack you just deployed and copy APIGatewayURL to make sure if the lab base infrastruture has been successfully deployed. Section1 Access Data using API

Take a note of APIGatewayURL as we will often use this URL for testing.

  1. In Cloud9, execute the script called with the argument of your APIGatewayURL.
python 'APIGatewayURL'

Once your command runs successfully, you should be seeing Response code 200 with Response data as shown here:

Section1 Test API Cloud9