Dashboard →
Introduction to Cloud Bow Valley College · 2026
AWSVPCEC2RDSS3CloudFrontCloudFormationIAM

AWS Cloud Architecture

Designed and deployed a production-grade multi-tier cloud architecture on AWS — from a custom VPC to a CloudFront-backed CDN, with least-privilege IAM and a reproducible CloudFormation template.

Project Overview

A project for Introduction to Cloud at Bow Valley College. The brief was to design and deploy a multi-tier, highly available web architecture on AWS that follows cloud security and reliability best practices. The result is a complete AWS deployment: a web tier on EC2 behind an Application Load Balancer, a database tier on RDS inside a private subnet, and static assets served via CloudFront.

Architecture

Edge Layer

CloudFront + S3

Static assets stored in S3 and delivered via CloudFront CDN. Cached at edge, HTTPS enforced.

Web Tier

ALB + EC2

Application Load Balancer distributes traffic across EC2 instances in the public subnet. Security group allows 80/443 from the ALB only.

Database Tier

RDS (Private Subnet)

RDS MySQL in a private subnet — no internet gateway route. Reachable only from the EC2 security group on port 3306.

Identity

IAM Roles

EC2 has an instance role with S3 read access scoped to the specific bucket. No hardcoded credentials anywhere in the stack.

Features

  • Custom VPC with public and private subnets across two availability zones
  • EC2 instances in the public subnet running a Node.js web server behind an ALB
  • RDS MySQL (free tier) in a private subnet — no direct internet access
  • S3 bucket for static assets with a CloudFront distribution for CDN delivery
  • IAM roles and policies following the least-privilege principle
  • Security groups: ALB → EC2 (80/443), EC2 → RDS (3306), no direct public RDS access
  • CloudFormation template to provision the full stack reproducibly

What I Learned

This project made the shared responsibility model concrete. Configuring VPC routing tables, NACLs, and security groups manually — before writing the CloudFormation template — gave me the mental model to understand exactly what the IaC was provisioning and why. Least-privilege IAM is not optional; it is the first layer of real cloud security.

Links

GitHub →
← School projects