In this use case, we show you how to secure highly available two-tier applications in Amazon Web Services (AWS) that are accessed by users over the internet. This setup is one specific example that uses WordPress and MySQL as the 2-tier applications. It includes a relational database service, a DNS-based global load balancing web service, Citrix NetScaler load balancers, and several VM-Series firewalls to secure north-south and east-west traffic flows to the applications in the Amazon Virtual Private Cloud (VPC). For high availability, the VPC spans two Availability Zones (AZs) in AWS. There are many other applications and architectures that Palo Alto Networks firewalls can secure; this use case is just one option.
The following table lists the elements required to deploy the solution for highly available internet-facing applications in AWS.
Solution Elements Solutions Components Description
Internet-Facing Applications Amazon Elastic Compute Cloud (EC2) Instances Web applications that are accessed by users over the internet. These applications are typically deployed in a multi-tier architecture on EC2 instances in an AWS VPC. AWS provides the infrastructure for ensuring uptime, scalability, and performance to meet your business needs.
Load Balancers Examples include: Citrix NetScaler VPX, F5 Networks BIG-IP Local Traffic Manager (LTM), and NGINX Plus The load balancer monitors the availability of servers, the database service, and the firewalls to ensure a seamless failover when an instance fails. This use case shows how to use the Citrix NetScaler VPX for deploying a highly available web application, but you can use a different load balancer.
Firewalls VM-Series Multiple instances of the VM-Series firewall are deployed to secure all your applications and database servers. The firewalls secure each subnet and restrict access in a way that matches the business and technical requirements of your multi-tier architecture. This segmentation provides multiple layers of defense to ensure that business-critical services and data are always safe.
Global Server Load Balancing (GSLB) Service Amazon Route 53 Amazon Route 53 is a DNS-based GSLB web service that provides DNS and multi-Availability Zone (AZ)/VPC redundancy. Route53 allows you to create and manage DNS records, connect user requests to an infrastructure, such as your web servers and load balancers running in AWS, and perform health checks to monitor the health of your servers and route traffic appropriately.
Database Service Amazon Relational Database Service (RDS) The Amazon RDS is tightly integrated with other Amazon Web Services. Amazon RDS offers a selection of engines for your database instances.

Related Documentation