We configured VPC, private, public routes, NAT server, Load balancers and Apache, MariaDB Galera clusters. We have made highly secured by restricted the traffic via NAT server.
1. Load balancer in public subnets for the access.
2. Incoming traffic through NAT server.
3. S3 storage for automatic backups.
4. OSSEC auditing.
5. Cloudwatch and cloudwatchlogs .
6. Automated EBS backup, cloudberry and duplicity backup.