AWS Hybrid Cloud Testing – Part 1 – 2 Tier application on EC2 instance and RDS

In this series of posts, I will discuss how to test AWS Hybrid cloud infrastructure and applications.

In this Part I article, I will focus on 2 tier application deployed on EC2 instance and RDS. By 2 tier, I mean the application has a web layer or web server and has a database (in this case it is a MySQL relational database service or RDS).

The AWS infrastructure is designed as below:

  • Create a new VPC
  • Create two subnets: one public and one private
  • Setup security groups and routing tables so that there is no http traffic to the private network; http traffic can only go to the public network
  • Create a MySQL RDS on the private subnet
  • Setup a web server on an EC2 instance on the public subnet and install a WordPress website on the web server with RDS being the database server
  • Setup another static web server on a different EC2 instance on the public subnet
  • Ensure that each web server is assigned an Elastic IP address (for demo purpose, usually it may not be required)
  • Create an Elastic Load Balancer (ELB) and register the two web servers as target groups; this will ensure that traffic from the Internet is routed by the ELB to specific web server based on the simple routing configuration
  • You can also setup health checks for the ELB routing

Note that there are different ways to design the above setup.

It is possible to include both the web servers within the private network and not to assign any Elastic IP. This way, the web servers will not be directly accessible from the Internet over port 80 (http) and traffic can only be routed through the ELB. So essentially this means you cannot RDP/SSH to the web server.

It is also possible to design the web servers such that one web server was in public subnet while the other was in the private subnet. You just need to configure the route tables and the security groups to allow traffic from ELB and across the public and private subnet. For example, if you wanted to ping the web server within the private subnet from the web server within the public subnet, then you would have to allow ICMP traffic from the public subnet to the private subnet. So the bottom line is how the above infrastructure will work, will largely depend on how it has been designed.

Please see below screenshots of the above infrastructure.

MySQL RDS hosting the WordPress web server relational database

The two web servers crated: one for WordPress web server and one hosting a static website.

The Elastic Load Balancer that routes traffic to the two web servers.

The two web server traffic is routed based on the domain name and/or alias.

WordPress traffic is routed to “WebServer1-WordPress” which is mapped to

On the other hand, static website traffic is routed to “WebServer2-StaticWebPage” server which is mapped to

Now that you have the basic understanding of the above hybrid cloud setup, lets talk about how to test this infrastructure and the 2 tier application.

Unlike traditional testing approach, in AWS hybrid cloud environment, one of your key focus has to be on fault tolerance and high availability. The Solution Architect will incorporate high availability and the fault tolerance in the architecture design by introducing Multi-AZ, auto scaling, read replica, scheduled backup etc. But as a Test Analyst, it is your responsibility to verify that the architecture holds up against your testing.

The very first tests you can kick off for infrastructure testing would include below:

  1. Stop and start a web server or reboot a web server and verify that it can be accessible through its domain name or private IPv4 address.
  2. Terminate the web server and see if the auto scaling kicks in and provisions a new EC2 instance. Verify the downtime of the web application while the web server gets terminated and a new EC2 instance is provisioned
  3. Restart RDS with fail over and verify that application is still accessible where RDS fails over to a standby availability zone
  4. Disable ELB traffic to one web server and using Wireshark verify that no traffic is flowing from ELB to that specific web server
  5. Health check should trigger a Cloudwatch alarm when health check fails
  6. Try to directly access the web server; if the web server is behind a public subnet then this should fail
  7. Try to SSH to a web server which is behind a private subnet; without a Bastion host SSH would not be possible
  8. Verify that scheduled RDS db backup happens (which is configured during RDS setup)
  9. Try to change the EC2 instance and verify that the applications still works
  10. In the event that you have read replicas, promote one of the read replicas and verify that application works
  11. Since your application is a 2 tier application, restart the web server and ensure that application still works and db connection is not lost

It is very easy to test applications when you have functional requirements defined. However AWS design will introduce complexities that need to be tested thoroughly.

It is true that the infrastructure should have been tested separately for high availability and fault tolerance.

However different applications would have different requirements. For example, you may have a mission critical application that will be deployed across 3 x availability zones with auto scaling and fail over. On the other hand, you may have a non-business critical application that is used only during business hours and hence will be deployed in a single availability zone with scheduled backup of DB only to s3 bucket. So based on how the application is deployed, you test cases will differ too.

Hence it is important to build your knowledge about the inner workings of the AWS hybrid cloud. If you can design the solution, you can then test it too. Refer to my earlier post on how to get certified as a AWS Solution Architect – Associate which will help you become a better test analyst. (


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.