Use AWS CloudFormation to create a highly available cluster

Nick Hardiman shows you the step-by-step procedure to creating a high-availability cluster for a SaaS app using the AWS CloudFormation template.

In my quest to get my SaaS trouble ticket app up and running, I've already outlined some of the preliminary business plan and design decisions and decided on the IaaS platform that I'm going to use - Amazon Web Services. In the last post, I introduced the CloudFormation templates that AWS offers. Now it's time to create my cluster.

First of all, be careful with your cash. The monthly cost of running a high availability cluster like this is over $100 for the EC2 machines and over $100 for the RDS database. If you are just giving the service a test run, don't leave it running when you have finished. In this post, I'll show you how to build a cluster and then destroy it after you've given it a demo.

Create your new cluster

  1. Open the AWS console. A list of Amazon Web Services appears.
  2. Navigate to the CloudFormation page. Amazon Web Services | Deployment and Management | CloudFormation. The CloudFormation Stacks page appears and the URL changes to
  3. Click the Create Stacks button in the navigation bar or the Create New Stack button in the middle. They both lead to the same place. A modal Create Stack window opens.
  4. Type a stack name. I chose SupportTicket (this will be converted to lower case).
  5. Pick a sample template. Find Drupal Content Management System in the Highly Available, Multi-AZ Samples section (Drupal is also mentioned in Single Instance Samples and Samples using Amazon RDS - don't choose one of them).
  6. Press the Continue button. The Specify Parameters page appears.
  7. Fill in the parameters form. Stick to alphanumeric characters.
    • SiteName supportTicket
    • WebServerCapacity 2
    • DBUsername stdbadmin
    • MultiAZDatabase true
    • DBClass db.m1.small
    • SiteEMail
    • DBAllocatedStorage 5
    • InstanceType m1.small
    • DBPassword IL0veD4ta
    • SiteAdmin stsiadmin
    • SitePassword Saa5MeansCash
    • DBName stdrupaldb
    • KeyName im-aws-keypair-01
  8. Read the I acknowledge that this template may create IAM resources security warning and tick the box.
  9. Add tags (don't bother for now, we're going to destroy this in a few minutes).
  10. Review. Read the You will be billed for AWS resources used cost warning. You are about to start paying real money to AWS.
  11. Click the Cost link to find out how much. The AWS simple monthly calculator appears in another browser tab or window.
  12. Click the Continue button.
  13. Wait a minute or two. A confirmation message appears.
  14. Click the Close button. The modal window closes, showing the CloudFormation Stacks page. The status is CREATE_IN_PROGRESS.
  15. Wait a few more minutes. Status changes to CREATE_COMPLETE.

Log into your new web site

  1. Click the Outputs tab in the lower Stack pane. The WebsiteURL key appears. The URL looks something like
  2. Click the URL. The site appears in a new browser tab. The default Welcome to supportTicket front page appears.
  3. Type in your SiteAdmin and SitePassword values. The default Welcome to supportTicket front page now has the black admin toolbar at the top.
  4. Log out of the Drupal site.

It works!

Check your database

  1. Use the AWS console.
  2. Navigate to the Amazon RDS Console Dashboard page.
  3. Find out what you are paying for:
    • 1 new DB Instance (a MySQL 5.5 database)
    • 1 DB Snapshot
    • 2 DB Security Group (for Frontend Access)
    • 1 DB Parameter Group (MySQL configuration)

Find the configuration of your new machines

You will need the Public DNS name and RSA key fingerprints to access the CLI. You can also check the machines have been created in different availability zones.

  1. Stay with the AWS console.
  2. Open the EC2 Dashboard page.
  3. Count your new resources. The Resources list shows more things.
    • 2 more Running Instances (the two small virtual machines)
    • 2 Volumes (the 8GB disks attached to your new VMs)
    • 1 new Load Balancer
    • 1 Security Group (a new port 80 access group in addition to the default)
  4. Click Instances.
  5. Click the checkbox at the start of the row. A lot of information appears in the pane below the table.
  6. Find the Public DNS name. It is something like
  7. Open the system log. Actions | Get System Log. A modal window displaying 500 lines of crazy typing opens.
  8. Find the new RSA key warning fingerprints. They are towards the bottom and look like this:
cloud-init:  sshec2:
ec2: #############################################################
ec2: 2048 c4:af:98:2e:2b:16:6d:ad:ff:75:10:c3:32:f1:b0:37 /etc/ssh/ (RSA)
ec2: 1024 0c:0b:88:19:1b:95:71:26:b6:ef:24:dd:5e:b2:0b:59 /etc/ssh/ (DSA)
ec2: #############################################################
[  OK  ]

Log in to an EC2 machine

  1. Use an SSH client. Use the Public DNS name.
  2. If your OS is Linux or FreeBSD (that includes Mac OS X) enter an OpenSSH command like this at a CLI. ssh -i ./aws-privkey-for-planetlarg.pem
  3. Read the RSA key warning.
  4. Check the fingerprint against the ones in the system log.
  5. Click Yes to store the fingerprint permanently. The motd (Message of the Day) and prompt appear:
       __|  __|_  )
       _|  (     /   Amazon Linux AMI
There are 17 security update(s) out of 120 total update(s) available
Run "sudo yum update" to apply all updates.
Amazon Linux version 2012.09 is available.
[ec2-user@ip-10-2-3-4 ~]$

Look around the CLI

  1. Change to the directory where the Drupal code is, in /var/www/html.
  2. Look at the top of the file CHANGELOG.txt. The first line says Drupal 7.8, 2011-08-31. Oh dear! This version is very old!
  3. Check the Drupal web site for the current version. Many releases have happened since then.
  4. Change to the directory where the drush code is, in /home/ec2-user/drush.
  5. Look at the file owner. Oh no! Everything is owned by root!
  6. Don't log out of the CLI. We can use it to check resources are being destroyed.

Destroy your new cluster

  1. Use the AWS console.
  2. Find the CloudFormation Stacks page.
  3. Tick your firststack line.
  4. Click the Delete stack and Yes, delete buttons. The status changes to DELETE_IN_PROGRESS.
  5. A message appears in the CLI about impending doom, then the connection closes:

    Broadcast message from root@ip-10-248-29-231         (unknown) at 1:50 ...

    The system is going down for power off NOW!
  6. Wait a few minutes. The original
  7. Check the EC2 and RDS dashboard pages. Make sure the resource counts have gone down again.
  8. Close the console.
  9. Check your new Drupal site. The web browser is unable to find it.

Complete, with issues

This website is running on a highly available cluster of machines. This is a pretty sophisticated configuration and it was created, complete with working Drupal service and separate data store, in minutes. That is amazing.

This is a demo site, and it shows. Drupal is woefully out of date, drush is broken and who knows what else is wrong. To fix this means spending time with the CloudFormation template, understanding the code and changing it to meet our needs. Next time, we'll get into editing the template to better fit our needs.

By Nick Hardiman

Nick Hardiman builds and maintains the infrastructure required to run Internet services. Nick deals with the lower layers of the Internet - the machines, networks, operating systems, and applications. Nick's job stops there, and he hands over to the ...