Deploy a Basic Web Server

Architecture Overview

This deployment creates the simplest useful web server on AWS. A single EC2 instance runs nginx behind a security group that permits HTTP traffic, and the instance receives a public IP address so you can access it from anywhere. It is intentionally minimal to focus on the foundational concepts that underpin more complex architectures.

Every cloud deployment involves the same core building blocks this prompt demonstrates. A compute instance runs your workload. A security group controls what network traffic can reach it. A user data script automates server setup so the machine is ready without manual intervention. Understanding how these pieces connect prepares you to build more sophisticated deployments, because every web-facing architecture on AWS uses the same underlying primitives.

Nginx is a widely-used web server that handles static content serving, reverse proxying, and load balancing. In this deployment, it serves a simple welcome page, but the same pattern extends to hosting full static sites, proxying to application servers, or terminating TLS. The user data script installs nginx at boot and starts it automatically, so the server is accessible within minutes of the instance launching.

EC2 Instance

The t2.micro instance provides 1 vCPU and 1 GB of memory, which is sufficient for serving static content or running lightweight applications. It is included in the AWS Free Tier, making it cost-free for experimentation. Amazon Linux 2023 comes with package management, security updates, and the AWS CLI pre-installed.

Security Group

The security group acts as a virtual firewall for the instance. The inbound rule allows TCP traffic on port 80 (HTTP) from any IP address, which is the minimum configuration needed for a public web server. All outbound traffic is permitted by default, allowing the instance to download packages and reach external services. In production, you would add HTTPS on port 443 and restrict SSH access.

User Data Script

The user data script is a shell script that runs once when the instance first boots. It installs nginx, creates or modifies the default page, and ensures the service starts automatically. This automation eliminates the need to SSH into the instance after deployment. If you need to change the server configuration, update the user data and replace the instance rather than modifying it in place.

Common Customizations

• Add HTTPS: Install an SSL certificate and configure nginx to listen on port 443, adding port 443 to the security group. For public sites, use Let’s Encrypt with certbot for free certificates.
• Serve a real application: Replace the welcome page with your actual website files, or configure nginx as a reverse proxy to forward requests to an application server running Node.js, Python, or another runtime.
• Add SSH access: Include port 22 in the security group and associate an SSH key pair with the instance for remote troubleshooting and manual administration.
• Attach a domain name: Create a Route53 hosted zone and A record pointing your domain to the instance’s public IP address for a clean URL.